Effective: November 2023
Itemize is committed to building excellent relationships with its user community. Toward that end, Itemize maintains the confidentiality and security of the information about its users and their organizations that they provide to Itemize or that Itemize may learn as result of their use of Itemize services.
When users establish an Itemize account, they provide certain personally identifiable information (“PII”) to Itemize. When users access and use their account, Itemize automatically gathers and stores additional information about how and when Itemize services are being used. This information is not tied to a user’s PII and cannot be accessed to retrieve personally identifiable information about any user.
Itemize may also receive a user’s PII from third persons with which Itemize has a joint marketing, co-branding or other partnership arrangement.
Itemize does not acquire any ownership or other interest in any of the PII or other information Itemize obtains about a user or an end user or that Itemize receives from a Partner Company.
When users establish an Itemize account, and when they access the account, they will be requested to provide an e-mail address, and may be requested to provide certain additional information such as their name and the country where they reside or work. In addition, when a user becomes a paid subscriber, it may be required to provide payment account information to Itemize’s third party payment processor. Itemize does not have any access to and does not store the credit card or other payment account number a user provides to the payment processor.
At the request of Itemize, a user may provide non-personally identifiable personal information, such as demographic information, including postal code, gender and education, and information about preferences, attitudes and behavior. Itemize does not request any information from its users unless it is relevant to the services provided by Itemize.
Itemize will not sell, rent or license a user’s PII to a third party. Itemize will not use a user’s name or company’s name in its marketing materials without the user’s prior consent but Itemize may include a company’s name in a general list of its customers that Itemize publishes on its website or provides to prospective customers, investors, lenders and others with which Itemize has a business relationship.
By establishing an Itemize account, users authorize Itemize to gather and retain information relating to the users’ online and offline financial and other transactions , and to organize, arrange, sort and parse this information. This information should not include a user’s payment account details, such as the user’s uniquely identifying credit or debit card number, pin or access code unless the user’s service agreement with Itemize contemplates the processing of such information. If a supplier of goods or services issues a receipt, invoice, hotel folio or other document that contains this information, or if a user scans or otherwise uploads to its account an image of document that displays such information, if Itemize identifies the information when it processes the document it will delete the information unless the user’s service agreement with Itemize contemplates the processing of the information. Itemize is not responsible if it fails to delete the information for any reason.
Some of the documents that a user submits to Itemize for processing may not be the type of document that is covered by the user’s service agreement with Itemize. Itemize will attempt to delete and not store any of these documents but Itemize cannot assure users that any such attempt will be successful.
A user may also elect to connect its Itemize account to its credit card and bank account for the purpose of matching purchase transactions evidenced by payment documents that the user uploads to its Itemize account to transactions indicated on the user’s credit card or bank statement. As a result, Itemize will have access to data included in the user’s credit card or bank statement. Itemize only has access to such data through third parties on an anonymized basis and should not be able to connect the data to any identifiable user. This data should not include the user’s credit card or bank account number or other PII.
Any PII that a user provides to Itemize, that itemize obtains about an end user from an Itemize customer or that Itemize obtains about a user from Partner Companies will be stored and managed with appropriate care. Itemize has entered into a contract with a nationally recognized third party provider of cloud-based storage services and forwards the information that a user uploads to his or her account for storage under this contract. Itemize subcontracts with other service providers to assist Itemize in providing its services, including companies that provide manual processing services in support of Itemize services. Itemize may furnish PII of users and end users to these service providers to enable them to provide their services to Itemize. The arrangements with these service providers include appropriate confidentiality, privacy and data security and protection provisions with respect to users’ and end users’ PII.
Itemize automatically collects and stores certain information about users’ visits to their Itemize accounts using cookies and web beacons.
Use of Information
Itemize will use the information it obtains from a user to provide the processing and other services requested by the user and to render reports requested by the user.
Itemize uses the information to ensure that users are complying with the Itemize Terms of Service and their services agreements with Itemize and, if it is necessary, to correct a problem with Itemize’s system. In addition, Itemize will use the information to take appropriate action with respect to suspected fraud or illegal activities or if disclosure is required by applicable law, including in response to a subpoena or other court process. Lastly, Itemize will disclose information obtained from a user, including personal information, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
By subscribing to certain Itemize services, a user may authorize Itemize to transfer information it obtains from the user to Partner Companies with which the user also maintains an account. For example, a user may elect to connect its Itemize account to its account with a provider of accounting software services. A user thereby authorizes Itemize to transfer to its accounting records financial data contained in the documents that the user uploads to its Itemize account and to extract data from the user’s accounting records.
The information Itemize collects may also be anonymized and/or aggregated with like information of other users to compile statistical and other information, including information about the preference of users of Itemize services. This anonymized or aggregated statistical and other information may be provided to Partner Companies and other third persons which may be interested in evaluating market trends or in marketing their own products or services.
With respect to users in Australia, Itemize is unlikely to disclose personal or sensitive information to a recipient outside of Australia. However, Itemize is likely to process information uploaded to users’ accounts in the United States and may provide anonymized and aggregated data that includes information with respect to Australian users to its Partner Companies and other third persons, which are likely to be in the United States, Canada, the United Kingdom and countries that are members of the European Union. Any information Itemize provides to a third person will be provided under appropriate confidentiality and security arrangements.
Link to 3rd Party Websites
Itemize acknowledges that users have the right to access the personal information that Itemize maintains about them. A user who seeks access, or who seeks to correct or amend inaccurate PII or other data or information, should log on to its account and follow the appropriate prompts provided. An end user who seeks access to or correct or amend inaccurate PII or other data or information should contact the Itemize customer from which Itemize received the information and comply with the instructions of the customer to gain such access or make a correction or an amendment.
If a user determines that a document that has been uploaded to its account contains full credit or debit card or bank statement information, or other sensitive information that the user does not want Itemize to have access to or to store, the user may suppress the display of the information by logging on to its Itemize account and following the appropriate prompts provided. The user may also request that the information be deleted by contacting Itemize at firstname.lastname@example.org. Itemize will comply with any such request as soon as reasonably practicable. An end user seeking an action described in this paragraph should contact the Itemize customer from which Itemize received the document or sensitive information and comply with the instructions of the customer relating to the requested action.
If a user does not want to receive electronic or other mailings from Itemize with respect to marketing or other matters, the user should contact Itemize at email@example.com and provide its exact name and postal or e-mail address. Itemize will then remove the user’s name from its mailing list, except for communications regarding security breaches and other administrative matters. However, even if a user has opted not to receive notices from Itemize, certain notices may affect or govern the use of Itemize services and the user will be bound by these notices in connection with its use of the affected Itemize services.
Upon termination of service, a user may request that any information, document or image stored in its Itemize account be deleted irretrievably by contacting Itemize at: firstname.lastname@example.org. Itemize will comply with any such request as soon as reasonably practicable.
With respect to users in Australia, if Itemize is satisfied, having regard for the purpose for which the information is held, that the information is inaccurate, out of date, incomplete or misleading, Itemize will take such steps, if any, that are reasonable in the circumstances to correct such information so that, having regard for the purposes for which the information is held, it is accurate, up-to-date, complete, relevant and not misleading. If Itemize corrects personal information about an individual that previously has been disclosed to another entity, Itemize will take such steps, if any, that are reasonable in the circumstances to notify the other entity of such correction.
Itemize follows generally accepted industry practices and standards to protect PII and other information submitted to Itemize by users. These practices include the encryption of the transmission of information using secure socket layer (“SSL”) technology. Nevertheless, no method of transmission over the Internet or method of electronic storage of information is completely secure and Itemize cannot guarantee the security of the information users provide to Itemize.
In addition, there are many events and circumstances beyond Itemize’s control that could interfere with access to or the use of Itemize services. Among others, these events and circumstances could include electrical and other interruptions, human error, loss or corruption of data, a breach of security or other unauthorized intrusion. Itemize is not responsible for any of these events or circumstances.
If Itemize becomes aware of a material security breach or other unauthorized intrusion affecting its system, Itemize will use reasonable commercial efforts to notify users electronically, either by email or by posting an appropriate notice on its website. In addition, Itemize will provide users with any notice required by applicable law in the form and manner required by law in the event of any security breach. Users consent to any such notice, as well as to communications to them regarding privacy and administrative issues.
Itemize is hosted primarily in the United States and is also hosted in Ireland. Information hosted in the United States is subject to the laws, rules and regulations as to privacy, data protection and other matters of the United States and its various states. Itemize is also subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. Users who are resident in California may request and obtain once a year, free of charge, certain information about any PII Itemize disclosed to its Partner Companies or other third persons in the prior calendar year. Any user resident in California who wants such information should send such request to Itemize at email@example.com.
The Itemize Terms of Service contains certain additional information about certain laws and regulations applicable to Itemize services.
Certain Provisions Applicable to Users in the European Union and the United Kingdom
The EU General Data Protection Regulation (“GDPR”) governs the collection, storage and use of personal information from “data subjects” located in the European Union and grants certain rights to such data subjects to consent to the use and transfer of such information and to require the correction and/or deletion of the information. Itemize has implemented rules and procedures to enable it to comply with GDPR and monitors these rules and procedures to continue to maintain compliance with GDPR.
If Itemize utilizes data processors to perform tasks on behalf of or under the instruction of Itemize, Itemize requires these data processors to enter into a written agreement that requires them to provide an appropriate level of protection for the personal and sensitive information that Itemize itself provides.
Itemize is also hosted in Ireland and generally hosts and processes documents and information received from data subjects located in the European Union there. Itemize may have liability pursuant to the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF with respect to the onward transfer to third parties of data it receives from users in the European Union.
Itemize will provide European Union users an opt-out or opt-in choice before sharing their data with third parties, other than Itemize agents, or before Itemize uses it for a purpose other than which it was originally collected or subsequently authorized. A user may at any time request that any information (including personal information), document or image stored in its Itemize account be deleted irretrievably by contacting Itemize. Users located in the European Union may contact Itemize at: https://itemizecorp.gdprlocal.com/eu. Users located in the United Kingdom may contact Itemize at: https://itemizecorp.gdprlocal.com/uk. Itemize will comply with any such request as and to the extent required by GDPR.
If a user is located in the European Union, the United Kingdom, Australia or another country, the laws in those jurisdictions governing data collection and use may differ from the laws of the United States. In order to comply with laws of the European Union or its member states, the United Kingdom or the laws of other jurisdictions, Itemize may transfer a user’s information to a hosting location operated or maintained by Itemize or one of its affiliates, or by a third person on its behalf, in a location that complies with the laws of such jurisdiction. By using Itemize services, a user consents to any of these transfers.
Limitation of Liability
Itemize’s Terms of Service contains exclusions and limitations on its responsibility and liability with respect to a number of matters, including the loss, unauthorized use, corruption or lack of accuracy, completeness or correctness of any information in a user’s Itemize account or of any information that is provided to a user by Itemize based on information in the user’s account or that is transferred to Itemize from, or by Itemize to, another account of the user.
Resolution of Disputes
Merger or Sale of Itemize