PRIVACY NOTICE

At iPipeline, protecting your privacy is important. We are required and committed to comply with all applicable privacy legislation in the jurisdictions in which we conduct our business such as GDPR in Europe and HIPAA and state privacy laws, such as in California, Virginia, Colorado, Nevada, Utah, or Connecticut in the United States.

This Privacy Notice aims to inform you about how we collect, use, disclose and store information about you when you interact or use our websites, including downloading materials from our resources page or make inquiries; you register and/or attend any of our events, webinars, or conferences we contact you regarding one of our products or services; and you apply for a position at iPipeline. Country specific applicant privacy notices may apply and are available when applying on our careers site.

This Privacy Notice describes the type of information we collect, how we use and disclose it and how we protect that information.

Other Information that iPipeline Processes

This Privacy Notice does not apply when we process Personal Data on behalf of our customers in the role of processor or other service provider, such as when we allow customers to create their own websites/applications to offer their own products and services, to send electronic communications to others; or otherwise use, collect, share, or process Personal Data via our online products and services. Our customers’ privacy policies may be different from ours, and we are not responsible for those practices. For information about the privacy practices of our customers who use our products and services as a controller, please contact that customer directly.

We will only process your personal information where we have a lawful basis for doing so. In general, the basis is that we are fulfilling a contract with our customers, who provide services to you with your consent, or we have a legitimate interest to process your personal information that does not prejudice your own rights, freedoms and interests.

We may collect information when you visit our web site (https://www.ipipeline.com/) or our subsidiary sites that we have provided links to.

For iPipeline and subsidiary sites we are the controller for such information. This includes:

Information You Provide

While using our website, we may ask you to supply us with personal information. Generally, this information is collected when you request a service or information from us, such as when you request a fact sheet or information about our products and services or apply for a position. This information will be used to allow us to contact or identify you. The information may include but is not limited to:

• Email Address
• First name and last name
• Phone number
• Address
• Your job title and company details
• Your education and work experience in applications we receive from you
• Your date of birth

Although we generally only collect information that has been provided directly by you, there are times that we may collect information from third parties (e.g., a company that provides services to us or an information service provider). When we do so we will provide a separate privacy notice if required.

Information We Collect Automatically

We automatically collect and store information about your use of this website and our services. To do so, we may use cookie technology and other online identifiers to track your IP address, web browser, geolocation, or your activity on this site.

In some cases, the collection and processing of Personal Data is required for you to receive certain products or services. Personal Data does not include information that is anonymized or aggregated such that you cannot be identified from it.

If you provide us or our service providers with any Personal Data relating to other individuals, you represent that you have the authority to do so and have obtained any necessary consent for the information to be used in accordance with this Privacy Notice. If you believe that your Personal Data has been provided to us improperly or want to exercise your rights relating to your Personal Data, please contact us by using the information in Contact Us section below.

Third Parties

We may also obtain your contact information from third parties to whom you have given consent to share your details with iPipeline or category within which our business activities fall. Where we do obtain your information from a third party, we will inform you of their details when we first contact you.

Where required by law, we obtain your consent to use and process your Personal Data for these purposes. Otherwise, we rely on other legal bases (legitimate interest, contract) to collect and process your Personal Data. We process your Personal Data for the following purposes:

• Providing our services and website access: We process your Personal Data relating to your access of our services/website (e.g., IP address, internet activity, account information, etc.) to ensure both you and we meet our obligations under the applicable contract, terms of use, or service agreement and to project future demand as well as improve our websites and services; absent a contractual relationship, we process your Personal Data to further our legitimate interest in operating and improving our websites and services.

• Securing our websites and services: We process your Personal Data (e.g., name, IP address, account information, internet activity) as part of our efforts to maintain, monitor and secure our website and services. This may include aggregating data, verifying accounts, investigating suspicious activity, and enforcing our terms and policies to the extent necessary to further our legitimate interest in maintaining a safe and secure website, products and services and in protecting our rights and the rights of others.

• User Account Management: If you have registered for an account with us, we process your Personal Data (e.g., name, IP address, account information, payment information) to manage your user account for the purpose of meeting our obligations to you according to the applicable contract or terms of service.

• Responding to contact requests: If you contact us electronically or by phone, we process your Personal Data (e.g., name, account information, government identifiers) to perform our contract with you, or, if no contract applies, to the extent it is necessary for our legitimate interest in responding to your inquiry and communicating with you. We may record and process communications for training, quality assurance, and administration purposes. If required under applicable law, we will obtain your prior consent or give you the option to object to a call being recorded.

• Managing payments: We may process your financial information and other Personal Data (e.g., name, account information, financial history) to verify financial information and to collect or make payments to the extent that doing so is required to fulfil our contract with you.

• Tracking office visitors: If you visit our facilities, we may process your Personal Data (e.g., name, government identifiers) for security, health, or safety reasons (including any NDAs our visitors may be required to sign) to the extent such processing is necessary to further our legitimate interest in protecting our offices and our confidential information against unauthorized access.

• Marketing and Advertising: We may process your Personal Data (e.g., name, account information, purchase history, internet activity) to advertise to you, conduct market research, and to provide other personalized content based upon your Personal Data to the extent it is necessary for our legitimate interest in advertising our websites, services, or products. Where legally required, we will obtain your consent before engaging in any marketing or advertising.

• Complying with legal and safety obligations: We process your Personal Data (e.g., name, account information, payment history, internet history) when cooperating with public and government authorities, protecting our legal rights, conducting audits, and protecting against abuse of our services and products. Any such processing is based on our legitimate interest in protecting our legal rights or, when applicable, complying with a legal obligation to which we are subject.

In some cases, we may provide specific services or offerings subject to separate or supplemental privacy policies. In those cases, we will prominently inform you of those policies and provide those policies in an easily accessible format. As per the new FCA Guideline, iPipeline will ensure that all third-party sources used in our UK risk report analysis will be properly referenced.

The website may contain links to other third-party sites. When you click on one of these links you are visiting a website operated by someone other than us and the operator of that website may have a different privacy policy. We are not responsible for their individual privacy practices, so we encourage you to investigate the privacy policies of such third-party operators.

We take appropriate steps and maintain electronic, physical, procedural and organizational safeguards using industry standard techniques and controls to protect the information we hold (including your personal information) from misuse, loss, unauthorized access, modification or disclosure. Where you use passwords, ID numbers, or other special access features on this site, it is your responsibility to safeguard them and to log out of any accounts you access after your sessions.

We may ask you to consent to being contacted by us for promotional and marketing purposes. However, you may opt-out of receiving promotional or marketing emails at any time by notifying us as a reply to any unwanted e-mail, by using the unsubscribe function in our newsletter, contacting us at dpo@ipipeline.com, or by writing to us at iPipeline Headquarters (USA), 222 Valley Creek Boulevard, Suite 330, Exton, PA 19341. Requests to unsubscribe from iPipeline e-mails may take 5 business days to process.

We will retain your personal information for the period necessary to provide you with the services that you have requested, to fulfil our contractual and regulatory obligations or otherwise deliver or enhance our services. Some of the services that we offer our customers require us to retain information indefinitely.

Our corporate web site and our services are not directed to children. We do not knowingly solicit or collect personal information from children. If you are under 16, do not access, use, or provide any information on the website or on or through any of its features. If we learn we have collected or received Personal Data from a child under 16 without parental consent, we will delete that information.

We recognize your rights regarding your personal information as stipulated under privacy laws that apply to you, based on your place of residence.

For information that iPipeline directly collects in the EU and UK and for which we are a data controller, the GDPR gives EU citizens the following rights:

• a right to access your personal information held by us;
• a right to receive certain personal information in machine-readable format;
• where we have specifically requested your consent to process your personal information and have no other lawful conditions to rely on you have the right to withdraw this consent;
• a right to have certain personal information erased where it is no longer necessary for us to process it, where you have withdrawn your consent pursuant to the paragraph above, where you have objected pursuant to paragraph below, where your personal information has been unlawfully processed, or where erasing your personal information is required in accordance with a legal obligation;
• a right to object to processing where lawful basis is that it is in our legitimate interests, but please note that we may still process your personal information where there are other relevant lawful bases or where we have compelling grounds to continue processing your personal information in our interests which are not overridden by your rights, interests or freedoms;
• a right to have inaccurate personal information rectified;
• a right to request an explanation of the logic involved where we make decisions about you solely through automated means; and
• a right to complain to the Information Commissioner’s Office in the UK. https://ico.org.uk/

Please contact us using our iPipeline Data Protection Request Form or our email at dpo@ipipeline.com to submit a data subject request.

Provisions in the California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VDCPA), Colorado Privacy Act (CPA), Utah Consumer Privacy Act (UCPA), Nevada Senate Bill 220, and Connecticut Data Privacy Act (CTDPA) require some or all of the following disclosures.

Categories of personal information collected.

The personal information that iPipeline collects, or has collected from consumers in the twelve months prior to the effective date of this Disclosure, fall into the following categories established by the California Consumer Privacy Act:

• identifiers (e.g., name, address, phone number, IP address);
• protected classifications (e.g., age, gender, gender identity);
• financial and commercial information (e.g., credit card numbers, purchase history);
• internet or other online activity information;
• biometric information;
• geolocation data (e.g., computer/device location);
• audio or visual information;
• professional/educational information; and
• sensitive personal information (including government-issued identifiers, account log-in, and precise geolocation”) and
• inferences drawn from any of the above.

Categories of personal information disclosed for a business purpose.

In the 12 months prior to the effective date of this Disclosure, iPipeline has disclosed to the third parties identified in the “Disclosing Personal Information to Third Parties” section of the Privacy Notice above personal information that falls into the following categories established by the California Consumer Privacy Act:

• identifiers;
• protected classifications;
• financial and commercial information;
• internet or other online activity information;
• geolocation data;
• audio or visual information; and
• professional/educational information.

Sources from which we collect your Personal Data.

We collect the categories of Personal Data listed above from the following types of sources: consumers, data analytics companies, ad networks, social networks, internet service providers, service providers that help us to run our business, and data resellers such as data management platforms. We also collect Personal Data automatically via cookies, web beacons, and other tracking technologies when you use our websites, online services, or mobile apps.

Purposes for which we use your Personal Data:

We use your Personal Data for the purposes listed in the “Information That iPipeline Collects About You” section.

California Privacy Rights Act Sensitive Personal Information Disclosure.

The categories of data that iPipeline collects about you, to receive and discloses for a copy of your business purpose include “sensitive personal information,” as defined under the California Privacy Rights Act. iPipeline does not use or disclose sensitive personal information for any purpose not expressly permitted by the California Privacy Rights Act.

Right to Access, Delete, or Restrict the Use of Personal Data:

Residents of California, Virginia, Colorado Connecticut, Nevada and Utah may have the right to exercise some or all of the rights described below. Depending on your data choices and where you reside, certain rights may be limited or unavailable.

No sale of Personal Data

iPipeline has not sold or shared any personal information Personal Data of consumers, as those terms are defined under the California Consumer Privacy Act, in the 12 months prior to the effective date of this Disclosure.

No Discrimination

iPipeline will not discriminate against any consumer for exercising their rights under the applicable state laws.

Please be aware that while we will try to accommodate your request regarding your rights under privacy laws, these are not absolute rights. This means that we may have to refuse your request or may only be able to comply with it in part. We will require proof of identification when you make a request in respect of your rights. We may also ask that you clarify your request. If we receive repeated requests or have reason to believe requests are being made unreasonably, we may not be required to respond.

Your Individual Rights

You may have certain rights relating to your Personal Data based on applicable local data protection laws, including from individual US state privacy laws (e.g., California, Virginia), Canadian privacy laws, and the EU/UK General Data Protection Regulation. Depending on the applicable laws these rights may include the right to:

• Request and receive copies of your Personal Data that we hold;
• Request additional information about how we process your Personal Data;
• Correct inaccurate or incomplete Personal Data (taking into account our use of it);
• Request deletion of your Personal Data;
• Restrict or object to our processing of your Personal Data, including restricting the sale or sharing of your data or its use for cross-context behavioural marketing. Where we process Personal Data for direct marketing purposes (either by us or third parties) or for cross-context behavioural marketing, you may not have to provide a specific reason for such objection;
• Require us (if possible) to transfer your Personal Data to another controller (i.e., data portability);
• Limit the use or disclosure of your sensitive Personal Data;
• Restrict certain disclosures of your Personal Data to third parties;
• Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects; and
• Withdraw your consent to the processing of your Personal Data (to the extent we base processing on consent and not on another lawful basis).

We will not discriminate against you, in any manner prohibited by applicable law, for exercising these rights. You may exercise these rights by sending us an email at dpo@ipipeline.com, writing to us at iPipeline Headquarters (USA), 222 Valley Creek Boulevard, Suite 330, Exton, PA 19341, using our iPipeline Data Protection Request Form or by calling (844) 526-7473. We will respond to any such requests within 30 days of receipt.

While we work hard to reduce the risk of data breaches, we have implemented dedicated controls and procedures in place for when such situations arise, along with the procedures that are required to make notifications to you and to the relevant Supervisory Authority as appropriate.

Below provides information on cookies, their use and how you can control them. Please read our cookie notice for all cookies used and how iPipeline have made it easier for you to control them when visiting our websites.

About cookies

A cookie is a small data file that a website places in your web browser to remember information about you. We use some cookies and tracking technologies for purposes which are necessary for your use of our website, products, or services. These may include technologies which remember your preferences and settings; information that you may enter online; or to keep you logged in to our offerings. With your consent, we may also use cookies and tracking technologies for other purposes.

If you would like to find out more about cookies and their use on the Internet. You may find the link at the bottom of this section useful: Additional Cookie Information.

Other Technology

Unless you have previously opted out of marketing communications from iPipeline, tracking technology may be used in any of the emails sent to you.

Some of our third-party suppliers may send you emails, which may include a web beacon to allow us to determine the number of people who open these emails. These web beacons are electronic images provided by authorized third parties known as single-pixel GIFs, which are invisible graphical images.

When you click on a link in an email, we may record this individual response to allow us to customize our offerings to you. Web beacons collect only limited information, such as the time and date of an email being opened and a URL where the web beacon resides, which will identify the email that was opened.

Web beacons can be refused when delivered via email. If you do not wish to receive web beacons via email, you will need to disable HTML images or refuse HTML (select Text only) emails via your email software.

Back to top

iPipeline will conduct regular reviews of this privacy notice and update it as necessary. This privacy notice became effective from: April 2023.