Supplemental Privacy Notice for California Consumers

 Last updated: January 1, 2020

 

This Supplemental Privacy Notice applies to you only if you are a natural person and a California resident (as defined under California law). This Supplemental Privacy Notice is incorporated into and forms part of the Bill.com Privacy Notice.

Effective January 1, 2020, the California Consumer Privacy Act of 2018 (CCPA), as amended, requires Bill.com to describe how we collect, process, and share your personal information. This Supplemental Privacy Notice is designed to help you understand the categories of personal information that we collect about you, where we get that personal information, who we share it with, and the rights you have to know and control your personal information.

This Supplemental Privacy Notice does not apply to any employees, owners, directors, officers, or contractors of Bill.com or its affiliates.

 

Categories of Personal Information We Collect, and How We Use and Share that Information

BILL.COM DOES NOT SELL YOUR PERSONAL INFORMATION.

During the past twelve (12) months, we have collected, used, and shared the following categories of personal information:

Category of Personal Information

Category of Source

Business or commercial purpose(s) for collection

Categories of third parties with whom we share

Personal identifiers

Directly from you or your agents

From your Organization

From your Vendors or Customers

From other third parties you choose to interact with

From our service providers

From public sources

To provide our Service to you

To communicate with you

To verify your identity

To protect your account

To prevent fraud or illegal activity

Our marketing activities

Our service providers

Your authorized service providers

Other third parties that you authorize

Our business and marketing partners

Third parties as required by law

Financial information, including bank account number, credit card number

Directly from you or your agents

From your Organization

From your Vendors or Customers

From other third parties you choose to interact with

From our service providers

From public sources

To provide our Service to you

To verify your identity

To protect your account

To prevent fraud or illegal activity

Commercial information, including products/services purchased

Directly from you or your agents

From your Vendors or Customers

Provide our Service to you

Prevent fraud or illegal activity

Internet or other electronic network activity information

Directly from you

From our service providers

Provide our Service to you

Protect your account

Prevent fraud or illegal activity

Debug or repair our Service

Maintain reliability, quality or safety of our Service

Improve our Service

Our marketing activities

Geolocation data

Directly from you

From your mobile provider or ISP

Provide our Service to you

Protect your account

Prevent fraud or illegal activity

Debug or repair our Service

Maintain reliability, quality or safety of our Service

Audio, electronic, visual, or similar information Directly from you

Provide our Service to you

Prevent fraud or illegal activity

Maintain reliability, quality or safety of our Service

Professional or employment-related information

Directly from you

From your Organization

From your Vendors or Customers

Provide our Service to you

Prevent fraud or illegal activity

Our marketing activities

Inferences drawn to create a profile about a consumer Bill.com

Provide our Service to you

Prevent fraud or illegal activity

Maintain reliability, quality or safety of our Service

Our marketing activities

 

Understanding Your Rights

General Information. To understand all of the rights granted to covered California consumers under the CCPA, please review the California State Attorney General’s CCPA Fact Sheet, available at https://oag.ca.gov/privacy/ccpa.

Exercising Your Rights. Subject to the exceptions and limitations described below, you have the following rights under the CCPA with respect to the personal information that Bill.com collects about you:

  1. Right to Know. You have the right to request that we give you information about our collection, use, and sharing of your personal information over the prior 12 months. If you want to exercise this Right to Know, you can submit a Request to Know by email to ccparequest@hq.bill.com or you can submit your request on the Privacy Form available here. We will confirm receipt of your Request to Know within 10 days. If you do not receive a confirmation of receipt within 10 days, we may not have received your Request to Know and you should re-submit it. We may take up to 90 days to respond to your Request to Know.

Once we receive your Request to Know and verify your identity, we will disclose to you the following information for the 12 months prior to the date on which we received your Request: 

  • The categories of personal information we collected about you.
  • The categories of sources from which we collected your personal information.
  • Our business and commercial purpose(s) for collecting your personal information.
  • The categories of service providers or third parties with whom we share your personal information.
  • The specific pieces of personal information we collected about you, to the extent permitted by law. We can never share, even with you, your Social Security number, government-issued identification number(s), health or medical information, financial account number(s), password, or security questions and answers.

We reserve the right to deny your Request to Know, in whole or in part, if we cannot verify your identity or if responding to your Request would create a substantial security risk. If we deny your Request to Know, we will inform you and will provide the basis of the denial.    

  1. Right to Delete. Subject to the exceptions described below, you have the right to tell us to delete the personal information that we have collected from you.  If you want to exercise this Right to Delete, you can submit a Request to Delete by email to ccparequest@hq.bill.com or you can submit your request on the Privacy Form available here. We will confirm receipt of your Request to Delete within 10 days. If you do not receive a confirmation of receipt within 10 days, we may not have received your Request to Delete and you should re-submit it. We may take up to 90 days to respond to your Request to Delete.

Please note that, under the CCPA, we will not delete personal information that we have collected from you if we need to maintain that personal information in order to: 

  • Complete a transaction that you requested, or provide our Service to you; 
  • Reasonably maintain our ongoing relationship with you; 
  • Perform a contract between Bill.com and you; 
  • Detect security incidents; 
  • Protect you, Bill.com or others against malicious, deceptive, fraudulent or illegal activity, or prosecute those responsible for that activity; 
  • Debug to identify and repair errors that impair the functioning of our Service or internal systems; 
  • Perform internal uses or operations that are reasonably aligned with your expectations based on our business relationship; 
  • Comply with a legal obligation; or
  • Otherwise perform internal uses or operations in a lawful manner compatible with the context in which we collected your personal information, including as needed to protect our legal rights.

Once we receive your Request to Delete and verify your identity, we will delete your personal information from our records, unless one of the exceptions listed above applies. In that case, we will notify you that your Request to Delete is denied, in whole or in part, and we will identify the applicable exception(s). 

We may delete your personal information by any of the following means: 

  • Permanently and completely erasing the personal information from our systems; 
  • De-identifying the personal information so that it cannot reasonably be linked or identified to you; and/or
  • Aggregating the personal information such that individual consumer identities have been removed.

We will specify the means used to delete your personal information in our response to you. Please note that if your personal information is stored on an archived or backup system, we are not required to delete your personal information from that system until the next time we use or access the system.

We reserve the right to deny, in whole or in part, your Request to Delete if we cannot verify your identity. If we deny your Request to Delete, we will inform you and will provide the basis of the denial.

  1. Right to Opt out of Sale of Your Personal Information. If a business sells consumer personal information, the CCPA grants consumers a right to tell a business not to sell (i.e., opt out of the sale of) their personal information. Bill.com does not sell your personal information. For clarity, Bill.com does not permit persons under the age of 18 years old to use our Service, and we do not collect personal information from any person under the age of 16 years.
  1. Right Against Discrimination. We will not discriminate against you for exercising your rights under the CCPA.  We will not:
  • Deny you goods or services for exercising your rights;
  • Charge you a different price or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, because you exercised your rights;
  • Provide you a different level or quality of goods or services because you exercised your rights; or
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services as a result of exercising your rights.
  1. Verifying Your Identity. When you submit a Request to Know or a Request to Delete, we must verify your identity. If you are a Bill.com account holder, we will ask you to verify your identity by logging in to your account. To verify identity, we may ask you for additional information, including by asking you to confirm other personal information you have provided to us. We reserve the right to deny your Request to Know or a Request to Delete if we cannot reasonably verify your identity. 
  1. Requests from Authorized Agents. If you have authorized another person to make a Request to Know or a Request to Delete on your behalf, that person must provide to us your written authorization allowing them to make such a request on your behalf.  We reserve the right to deny a Request to Know or a Request to Delete by an authorized agent if we are not reasonably able to confirm proper authorization and/or verify your identity as the requestor.
  1. Contact. If you have any questions or concerns about this Supplemental Privacy Notice, you can email us at ccparequest@hq.bill.com or you can contact Bill.com Customer Support through our customer support portal.