BILL Supplemental Privacy Notice for International Users

Effective Date: August 1, 2025

This Notice supplements Our Privacy Notice and applies to Our Websites and Services in countries outside the U.S.   This Supplemental Privacy Notice (“Supplement”) outlines the legal basis on which We rely to process Your personal information and provides other information.
‍

Legal Basis for Processing Your Information

BILL will only process Your information where we have a legal basis to do so. The legal basis will depend on the reason(s) BILL collected and needs to use Your personal information.  We describe these legal basis and some accompanying examples in more detail below.
‍

Consent

BILL processes certain personal information based on Your consent, which You may revoke at any time. For example:

• We may send You promotional, marketing, and advertising messages and other information that may be of interest to You based on your preferences, where consent is necessary based on applicable law;
• If You ask to link or integrate third party accounts to BILL, We may process information from those accounts, partners, and integrations;
• If You decide to use location services in the context of BILL, We may collect and process such location information; and
• We and our partners use cookies and similar technologies, as described in more detail in section I.B.3 of our Privacy Notice.
  ‍

Contractual necessity

BILL processes Your personal information as is necessary for the adequate performance of the contract with You. For example:

• We process Your information to create and manage Your account, process and receive payments, provide customer service, and send You messages, updates, security alerts, and account notifications;
• We process Your information to verify Your identity so that We may provide the Services to You;
• We transfer Your information outside of Your country of residence in order to provide the Services.
  ‍

Legitimate interests

BILL processes Your personal information where it is necessary for Our or a third party’s legitimate interests. For example:

• We process Your information to keep the Services safe and secure, such as to implement and enhance security measures and protections, protect against a breach of the law or fraud, enforce or defend legal rights, claims, or obligations, and enforce our Terms of Service;
• We process Your information to undertake marketing activities and provide You with advertisements both on and off BILL Website, measure and analyze the effectiveness of Our ads, and offer You products or services that may be of interest to You, in accordance with applicable law;
• We process Your information to provide and improve the Services and Your experience with the Services, and to understand and improve Our business; and
• We share Your information across the BILL Companies to provide You with cohesive and seamless Services.  For example, where the Services require the engagement of other BILL Companies, We share your information with such affiliates to provide and improve the Services.
  ‍

Legal obligation

BILL processes Your personal information to comply with Our legal obligations. For example:

• We may process, retain, and share Your information if it is necessary to respond, based on applicable law, to a valid legal request;
• We may process and retain Your information for tax, legal reporting and auditing obligations; and
• We may process, retain and share Your information as is necessary to comply with the legal requirement to which We are subject, for example, anti-money laundering regulations.
  ‍

Transfers of Personal Information

To facilitate Our global operations, BILL may transfer, store, and process Your information within our corporate family, partners, and service providers.  Laws in these countries may differ from the laws applicable to Your country of residence.  In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in these other countries may be entitled to access Your personal information.

Where Your information is transferred outside Your country of residence, We will take all steps reasonably necessary to ensure that Your data is subject to appropriate safeguards, such as relying on a recognized legal adequacy mechanism, and that it is treated securely and in accordance with this Supplement and our Privacy Notice.
‍

How long we keep Your personal information

The period for which We retain Your information varies according to the use of that information. In some cases, there are legal requirements to keep certain data for a minimum period of time. Unless specific legal requirements dictate otherwise, We will retain Your information as long as is necessary to perform the Services, comply with our legal obligations, and as permitted by law.
‍

Your rights

Depending on Your country of residence You may have some of the following rights under applicable law.  While some of these rights apply generally, certain rights apply only in certain limited cases. Please note that We may ask You to verify Your identity and request before taking further action on Your request.
 

Data access and portability

If You are unable to obtain the desired information by logging into Your account, or if You are not currently a customer, You can request certain copies of Your personal information held by us.  In certain instances, You also have the right to request copies of personal information that You have provided to us in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider (where technically feasible).
‍

Deletion

If You are unable to delete the desired information by logging into Your account, or if You are not currently a customer, You can request that We delete Your personal information, subject to certain limitations and restrictions.  Please note that if You request the erasure of Your personal information:

• We may retain and use Your personal information as necessary for our legitimate business interests, such as prevention of money laundering, fraud detection and prevention, and enhancing safety;
• We may retain and use Your personal information to the extent necessary to comply with our legal obligations.
• To the extent another party has received Your personal information in the course of Bill.com providing Services to You, the other party may continue to retain Your information; and
• Copies of Your personal information may not be removed from our backup systems for a period of time.
  ‍

Rectification

If You are unable to correct the desired information by logging into Your account, You can request that We correct inaccurate or incomplete personal information about You.
‍

Restriction of processing

You can ask Us to limit the ways in which We use Your personal information.
‍

Revoke consent

Where the processing of Your personal Information by us is based on consent, You have the right to withdraw that consent without detriment at any time.  If You withdraw Your consent to the use of Your information for the purposes set out in this Supplement and the Privacy Notice, You may not have access to all (or any) of our Services and We might not be able to provide You all (or any) of the Services under this Supplement, Privacy Notice, and our Terms of Service. In certain cases, We may continue to process Your information after You have withdrawn consent if We have a legal basis to do so.  

If You would like to change Your cookie settings, You may do so at any time by clicking here:

Lodging complaints

If Your request or concern is not satisfactorily resolved by Us, You may lodge a complaint with Your local data protection authority.
‍

How to Contact Us 

If You have any questions or concerns about Our Privacy Notice or about how We  collect, use, or otherwise process Your information, You can contact Our Customer Support by clicking on Help once You have logged in (if You are unable to log in, please click on the chat modal here to connect with Us) or Our Privacy Team by email at privacy@hq.bill.com or by mail at:

Attn: Privacy Officer
BILL
6220 America Center Drive, Suite 100
San Jose, CA 95002
U.S.A
‍

Country-Specific Information:

Residents of Canada

You may be able to take advantage of the tool developed by the Digital Advertising Alliance of Canada to opt out of third party advertising. Where available, this tool provides a list of parties that may target advertisements based on Your online web-browsing activities and the ability to opt out of their use of Your information for that purpose. To access the tool, visit https://youradchoices.ca/.
‍

Residents of the EU or UK:

Identity of Controller and Representative:

BILL Operations, LLC is the data controller. Our representative in the UK is:  

Bird & Bird GDPR Representative Services UK
12 New Fetter Lane
London
EC4A 1JP
United Kingdom
UKrepresentative.BillDotCom@twobirds.com
‍

Our representative in the EU is:

Bird & Bird GDPR Representative Services Ireland
Deloitte House
29 Earlsfort Terrace
Dublin 2
D02 AY28
EUrepresentative.BillDotCom@twobirds.com
‍

For questions or complaints, residents of the EU or UK may contact the respective representatives listed above.
‍

Residents of India

Individuals may lodge a complaint with the Data Protection Board of India.
‍

Residents of Mexico 

En la medida en que lo dispongan las leyes de privacidad aplicables, titulares de datos en México tienen los siguientes derechos con respecto a su información personal: acceso, rectificación, cancelación, objeción. Puede ejercer sus derechos utilizando los medios descritos en la sección titulada “Your Rights” (“Sus Derechos”).

En su solicitud, indique con claridad la información personal con la que se relaciona su solicitud. Para su protección, podemos verificar su identidad y residencia geográfica antes de cumplir con su solicitud. Cumpliremos con su solicitud lo antes posible dentro de lo razonable.

Podemos actualizar nuestra política de privacidad cuando lo consideremos oportuno en respuesta a circunstancias legales, técnicas o comerciales cambiantes. La versión más actual siempre está disponible a través de nuestra página web.
‍

Residents of Philippines 

Individuals may lodge a complaint with the National Privacy Commission.
‍

Residents of the Republic of Korea

대한민국 개인정보 보호법 제31조의2에 따라, 국내 정보주체의 개인정보 관련 고충 처리 등을 위하여 다음과 같이 국내 대리인을 지정하였습니다.

한국에 계신 정보주체께서는 개인정보와 관련된 문의 또는 고충 처리 등이 필요한 경우 아래 국내 대리인에게 연락해 주시기 바랍니다.

• 명칭: 법무법인(유) 광장 (담당자: 김상곤)
• 주소: 대한민국 서울특별시 중구 남대문로 63, 한진빌딩 18층
• 전화번호: 02-6386-7297
• 이메일: privacy_bill@leeko.com