Privacy Policy

Updated December 2020

Introduction

Privacy and online safety are important to Corpay One, Inc. (hereby known as “Corpay One”). We offer a software platform and services for bill management and payment. We collect data about individuals and businesses, when they use the platform, services and our websites (collectively known as "Services"). This privacy policy describes how we collect, use and share data. This privacy policy is separate to our Terms of Services and other important information available on our Services, and does not replace them.


  1. Definitions


In this privacy policy, the following terms shall have the following meanings:


"You" means a visitor to one of our websites or a user of one or more of our Services ("User"). 


“User” means a user of our Services.


“Personal Data” means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. 


"Other Data" means other data besides Personal Data.



  1. What does this policy cover?


This policy does not apply to third-party websites, products, or services even if they link to our Services. We are not responsible for third parties’ content or information practices. You are strongly encouraged to consider the privacy practices of those third-parties carefully. 


If You disagree with the practices described in this policy, You should (a) take the necessary steps to remove cookies from your computer after leaving our website, and (b) discontinue your use of our Services. 


We have a Cookie Policy that describes in detail how we use cookies and similar technologies. Please see below regarding our usage of cookies. 



  1. Name and address of data controller


Corpay One ApS is the data controller of your personal information collected and processed through our Services. 


Corpay One ApS

Sølvgade 38F, 1. sal

1307 København K


E-mail: support@corpayone.com

Telephone: +45 71 99 31 94


CVR no.: 37231525


You are welcome to contact us via mail or by telephone, in the event that You have any questions regarding the treatment of your data. 



  1. Types of Data We Collect


The collection and use of data from a variety of sources is essential to our ability to provide our Services – and to help keep the Services safe. Data is critical in helping us to increase the safety of your online payments, and reduce the risk of fraud, money laundering and other harmful activity.


The Data we collect depends on how our Services are used. 

  • Personal Data - Private individual

We collect the following information:

  • Name
  • Address
  • Telephone number
  • E-mail


  • Personal Data - Company

We collect the following information:

  • Company’s contact name
  • Name
  • Address
  • Telephone number
  • E-mail 
  • CVR-number


Personal Data does not include Data that has been aggregated or made anonymous such that it can no longer be reasonably associated with a specific person. 


We do not collect nor store personal data in the form of credit or debit card numbers. This information is collected through our partner Stripe. When using our Dwolla integration to connect your bank account to Corpay One and route ACH payments, Corpay One may store and transmit routing and account information.


b. Other Data

Other Data is collected through a variety of sources such as:

  • Cookies and other technologies that record usage of our websites, websites that implement our Services, and the use of our Services. 
  • Browser and device data, such as IP address, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons and the version of the Services You are using;
  • Transaction data, such as bills paid, bill amount, date of bill payment, and payment method;
  • Cookie and tracking technology data, such as time spent on the Services, pages visited, language preferences, and other anonymous traffic data; and
  • Company data, such as a company's legal structure, product and service offerings, jurisdiction, company records, and information submitted securely through the data collection form in the Corpay One Business product.
  • Bill data. We collect and process data from the invoices/bills You upload through the Corpay One platform, or from bills You give 3rd party creditors the right to upload through your Scan & Send address. We use this data to process the bill payment.


  1. How We Use Data


a. Personal Data

We and our service providers use Personal Data to: (i) provide the Services; (ii) detect and prevent fraud; (iii) mitigate financial loss or other harm to Users, Customers, and Corpay One; and (iv) promote, analyze and improve our products, systems, and tools. Examples of how we may use Personal Data include:

  • Verify an identity for compliance purposes;
  • Evaluate an application to use our Services;
  • Conduct manual or systematic monitoring for fraud and other harmful activity;
  • Respond to inquiries, send service notices and provide customer support;
  • Process a bill payment, communicate regarding a payment, and provide related customer service;
  • For audits, regulatory purposes, and compliance with industry standards;
  • Develop new products;
  • Send marketing communications;
  • Improve or modify our Services; and
  • Conduct aggregate analysis and develop business intelligence that enables us to operate, protect, make informed decisions, and report on the performance of our business.


b. Other Data

We may use Other Data for a range of different purposes, provided we comply with applicable law and our contractual commitments. In some countries (e.g., European Economic Area countries), local legal regimes may require us to treat some or all of Other Data as "personal data" under applicable data protection laws. Where this is the case, we will process Other Data only for the same purposes as Personal Data under this privacy policy.



  1. How We Disclose Data


Corpay One does not sell or rent Personal Data to marketers or unaffiliated third parties. We share your Personal Data with trusted third parties, including:

a. Corpay One Affiliates. We share Data with entities worldwide that we control, are controlled by us, or are under our common control, to provide our Services. Corpay One, Inc. is the party responsible for overall management and use of the Data by these affiliated parties.

b. Corpay One Service Providers and Payment Service Providers. We share Data with service providers and payment service providers who help us provide the Services. Service providers help with things like payment processing (i.e., banks, credit bureaus, payment method providers), website hosting, data analysis, information technology and related infrastructure, customer service, email delivery, and auditing.

c. Authorized Third Parties. We may share data with parties directly authorized by a User to receive Data, such as when a User authorizes a third party application provider to access the User's Corpay One account using Corpay One Integrations. The primary example is integrations to Accounting Systems or ERP products, where the User grants authorization to a 3rd party application to access the User's Corpay One data. The use of Data by an authorized third party is subject to the third party's privacy policy.

d. Third Parties. We may share Data with third parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).

e. Safety, Legal Purposes and Law Enforcement. We use and disclose Data as we believe necessary: (i) under applicable law, or payment method rules; (ii) to enforce our terms and conditions; (iii) to protect our rights, privacy, safety or property, and/or that of our affiliates, You or others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.


  1. Security


We use reasonable organizational, technical and administrative measures to protect Personal Data within our organization (including education and training of relevant personnel). 


When You log onto our services, all transactions and communications via our Services are encrypted using Secure Socket Layer (“SSL”) technology. If You are using a public computer accessible by others besides yourself, please ensure that You log out of our Services and close the session completely. 


If You have reason to believe that your interaction with us is no longer secure (e.g., if You feel that the security of your account has been compromised), please contact us immediately.



  1. Choice


You have choices regarding our use and disclosure of your Personal Data. You may opt out of receiving electronic communications from us and no longer want to receive marketing-related emails from us on a going-forward basis. You may opt-out via the unsubscribe link included in such emails. We will try to comply with your request(s) as soon as reasonably practicable. Please note that even if You opt-out from receiving marketing-related emails from us, we may still send You important administrative messages that are required to provide You with our Services.



  1. your Data Protection Rights


You have the right to ask us at any time to:

  • Confirm whether we hold any of your Personal Data;
  • Send You a copy of any Personal Data that we hold about You;
  • Correct any inaccuracies and add relevant details where the Personal Data we hold is incomplete;
  • Delete (to the extent possible) any of your Personal Data, where we are required by law to do so;
  • Stop processing your Personal Data, where we are required by law to do so;
  • Provide You a portable copy of your Personal Data we hold about You, where we are required by law to do so;
  • Stop processing any of your Personal Data that we process on the basis of our legitimate interests; and
  • Stop sending You marketing material. However, we may continue to send you service related, i.e. non-marketing communications, such as e-mail updates. 


  • required before implementing changes. We endeavour to comply with your request as soon as reasonably practicable. 


You are not required to pay any charge for exercising any of these rights, unless your request is unfounded or excessive. If You wish to exercise any of these rights, please contact us. We endeavour to respond to requests as soon as reasonably practicable. If your request is particularly complex, it may take us longer to respond. In this case, we will notify and keep You informed. You may not have a right to information if we have responded to a request, and You have made a repeat request without a reasonable period of time passing between the requests. 


When contacting us by email, kindly specify clearly what Personal Data is to be amended. We may need to request specific information from You to help us confirm your identity and ensure your right to access your Personal Data, or to exercise any of your other rights. This is a security measure to ensure that your Personal Data is not disclosed to any one who has no right to receive it. We may also contact You for further information in relation to your request to speed up our response. We endeavour to comply with your request as soon as reasonably practicable. 


With regards to deletion of your Personal Data held by us, we will try to comply with your request as soon as possible with commercially reasonable efforts. Please note that we may be required to keep such information and not delete it (or to keep it until such time we have fulfilled such requirements). Further explanations of data retention can be found below under XX. Retention Period. 



  1.  Retention Period


We will retain Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Please note that we have a variety of obligations to retain the Data that You provide to us, including to ensure that transactions can be appropriately processed, settled, refunded or charged-back, to help identify fraud and to comply with anti-money laundering and other laws and rules that apply to us and to our financial service providers. Accordingly, even if You close your Corpay One Account, we will retain certain Data to meet our obligations. There may also be residual Data that will remain within our databases and other records, which will not be removed.


We will retain your Personal Data for a maximum of five (5) years from the date of termination of your contractual relationship with Corpay One, as per Danish Bogføringsloven, Chapter 5, §10. 



  1. Use of Services by Minors


Our Services are not directed to individuals under the age of eighteen (18). We request that they not provide Personal Data through the Services. We do not knowingly collect nor solicit personal information from individuals under the age of eighteen. If we are notified (by contacting us at support@corpayone.com) or if we learn that such personal information was collected, we will delete such information as soon as possible.



  1. International Transfer


Our Services are global. Data (including Personal Data) may be collected, processed and stored in any country where we have operations or where we engage service providers. Where we may transfer Data to countries outside the European Economic Area (“EEA”), we will ensure that it is protected and transferred in a manner consistent and comply with applicable data protection laws and that your Data remains protected to the standards described in this privacy policy. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Data.


In situations where your Personal Data may be transferred out of the EEA, we will endeavor to ensure that it is given a similar degree of protection as when it is transferred inside the EEA, by ensuring at least one of the following safeguards is implemented:

  • Transfer of Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission, or
  • We use, or ensure our data processors use, specific contracts approved by the European Commission, which give Personal Data the same protection it has in the EEA with our service providers. 



  1. Updates to this Privacy Policy and Notifications.


We may change this Privacy Policy from time to time. This may be necessary, e.g. if the law changes or if the business changes in a way that affects personal data protection. The "Last updated" legend at the top of this Privacy Policy, indicates when was the last revision. Any changes are effective when we post the revised Privacy Policy on the Services.


We may provide You with disclosures and alerts regarding the Privacy Policy or Personal Data collected by posting them on our website and, if You are a User, by contacting You through your Corpay One Dashboard, email address and/or the physical address listed in your Corpay One account. You agree that electronic disclosures and notices have the same meaning and effect, as if we had provided hard copy disclosures to You. Disclosures and notices in relation to this Privacy Policy or Personal Data shall be considered to be received by You within 24 hours of the time they are posted to our website or, in the case of Users, sent to through one of means listed in this paragraph. Furthermore, your continued usage of this after any changes in the Privacy Policy will constitute your acceptance of changes. 



  1. Usage of cookies


Cookies play an important role in helping us provide personal, effective and safe Services. We use Cookies to facilitate and improve your experience, and to provide and improve our products and/or services. Furthermore, we use analytics services, which use Cookies to collect and analyse usage statistics, enabling us to better understand how people use our Services. For more details, please refer to our Cookie policy.  



  1. Transparency and complaints


You have the right to gain access to the Data processed about You. You have the right to object to your Personal Data being used at any time. You can also retract your permission to use your Personal Data at any time. If the retained Data is incorrect, you have a right to request a correction or deletion. You can request this via support@corpayone.com.


Furthermore, if you have any complaints about Corpay One’s processing of your Data, you may contact the Danish Data Protection Agency at 


Datatilsynet

Carl Jacobsens Vej 35

2500 Valby

dt@datatilsynet.dk

 


  1. Contact Us


If You have any questions about this Privacy Policy, please contact us at support@corpayone.com or at:


Corpay One ApS 

Sølvgade 38

1103 København K.