Effective: May 2020
Itemize is committed to building excellent relationships with its user community. Toward that end, Itemize maintains the confidentiality and security of the information about its users and their organizations that they provide to Itemize or that Itemize may learn as result of their use of Itemize services.
When users establish an Itemize account, they provide certain personally identifiable information (“PII”) to Itemize. When users access and use their account, Itemize automatically gathers and stores additional information about how and when Itemize services are being used. This information is not tied to a user’s PII and cannot be accessed to retrieve personally identifiable information about any user.
All PII and other information Itemize obtains about a user is and remains the user’s property. Itemize does not acquire any ownership interest in any of the information.
When users establish an Itemize account, and when they access the account, they will be requested to provide an e-mail address, and may be requested to provide certain additional information such as their name and the country where they reside or work. In addition, when a user becomes a paid subscriber, it will be required to provide payment account information to Itemize’s third party payment processor. Itemize does not have any access to and does not store the credit card or other payment account number a user provides to the payment processor.
Itemize may also receive a user’s PII from third persons with which Itemize has a joint marketing, co-branding or other partnership arrangement, from companies that offer their products and/or services through Itemize services and from companies that provide services in connection with Itemize services, such as expense management and payment processing services, accounting software providers, credit card processing companies and commercial banking and other financial institutions. These third persons are referred to as “Partner Companies.”
At the request of Itemize, a user may provide non-personally identifiable personal information, such as demographic information, including postal code, gender and education, and information about preferences, attitudes and behavior. Itemize does not request any information from its users unless it is relevant to the services provided by Itemize.
Itemize will not sell, rent or license a user’s PII. Itemize will not use a user’s name or company’s name in its marketing materials without the user’s prior consent.
By establishing an Itemize account, users authorize Itemize to gather and retain information relating to the users’ online and offline purchases, and to organize, arrange, sort and parse this information. This information should not include a user’s payment account details, such as the user’s uniquely identifying credit or debit card number, pin or access code. Such data is prohibited to be displayed in a receipt by applicable law in the United States and elsewhere. If a merchant issues a receipt or other purchase document that contains this information, or if a user scans or otherwise uploads to its account an image of a credit card, check, bank or credit card account statement or other document that displays such information, Itemize will attempt to delete the information when it processes the purchase document, but Itemize cannot assure users that any such attempt will be successful.
Users may elect to connect their e-mail or other accounts with Itemize. By establishing this connection, users automatically authorize Itemize to act on their behalf to search their e-mail or other accounts to extract and store documents that the Itemize system recognizes as purchase documents, such as receipts, bills, invoices, purchase orders, shipping notices and reservations, and to extract certain transaction data and other information contained in these documents. Information that Itemize extracts from a user’s e-mail or other accounts is only used in order to perform the Itemize service for which the user has subscribed. In performing its services, Itemize does transfer certain limited fields of extracted data to Partner Companies; it does not generally transfer the raw data it extracts from e-mail accounts. Itemize’s use of the information received, and its transfer of such information to any other app, from Google APIs will adhere to Google’s Limited Use Requirements.
Some of the documents extracted may in fact not be purchase documents. Itemize will attempt to delete and not store any document that is not a purchase document but Itemize cannot assure users that any such attempt will be successful.
By subscribing to certain Itemize services, users authorize Itemize to transfer information it obtains from a user to Partner Companies with which the user also maintains an account. For example, a user may elect to connect its Itemize account to its account with a provider of accounting software services. A user thereby authorizes Itemize to transfer to its accounting records data contained in payment documents that the user uploads to its Itemize account and to extract data from the user’s accounting records.
A user may also elect to connect its Itemize account to its credit card and bank account for the purpose of matching purchase transactions evidenced by payment documents that the user uploads to its Itemize account to transactions indicated on the user’s credit card or bank statement. As a result, Itemize will have access to data included in the user’s credit card or bank statement. Itemize only has access to such data through third parties on an anonymized basis and should not be able to connect the data to any identifiable user. This data should not include the user’s credit card or bank account number or other PII.
Any PII that a user provides to Itemize or that Itemize obtains about a user from Partner Companies will be stored and managed with appropriate care. Itemize has entered into a contract with a nationally recognized third party provider of cloud-based storage services and forwards the information that a user uploads to his or her account for storage under this contract. Itemize subcontracts with other service providers to assist Itemize in providing its services. Itemize may furnish PII of users to these service providers to enable them to provide their services to Itemize. The arrangements with these service providers include appropriate confidentiality provisions with respect to users’ PII.
Itemize may have liability pursuant to the EU-US Privacy Shield with respect to the onward transfer to third parties of data it receives from users in the European Union. Itemize will provide European Union users an opt-out or opt-in choice before sharing their data with third parties, other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized.
Itemize automatically collects and stores certain information about users’ visits to their Itemize accounts through the use of ccokies and web beacons
Use of Information
Itemize will use the information it obtains from a user to render reports requested by the user and to provide other services requested by the user, such as transferring payment document data to accounting records or matching payment transactions between payment documents and credit card or bank statements.
Itemize uses the information to ensure that users are complying with the Itemize Terms of Service and if it is necessary to correct a problem with Itemize’s system. In addition, Itemize will use the information to take appropriate action with respect to suspected fraud or illegal activities or if disclosure is required by applicable law, including in response to a subpoena or other court process. Lastly, Itemize may be required to disclose information obtained from a user, including personal information, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Certain services provided by Itemize involve the transfer of users’ information to other accounts of the user. Itemize may also use the information to market to its users Itemize services and products or services offered by third persons. The information may also be anonymized and/or aggregated with like information of other users to compile statistical and other information, including information about the preference of users of Itemize services. This anonymized or aggregated statistical and other information may be provided to Partner Companies and other third persons which may be interested in evaluating market trends or in marketing their own products or services.
With respect to users in Australia, Itemize is unlikely to disclose personal or sensitive information to a recipient outside of Australia. However, Itemize is likely to process information uploaded to users’ accounts in the United States and may provide anonymized and aggregated data that includes information with respect to Australian users to its Partner Companies and other third persons, which are likely to be in the United States, Canada, the United Kingdom and countries that are members of the European Union. Any information Itemize provides to a third person will be provided under appropriate confidentiality and security arrangements.
Link to 3rd Party Websites
Itemize acknowledges that users have the right to access the personal information that Itemize maintains about them. A user who seeks access, or who seeks to correct or amend inaccurate PII or other data or information, should log on to its account and follow the appropriate prompts provided.
If a user determines that a purchase document that has been uploaded contains full credit or debit card or bank statement information, or other sensitive information that the user does not want Itemize to have access to or to store, the user may suppress the display of the information by logging on to its Itemize account and following the appropriate prompts provided. The user may also request that the information be deleted by contacting Itemize at firstname.lastname@example.org. Itemize will comply with any such request as soon as reasonably practicable.
If a user does not want to receive electronic or other mailings from Itemize with respect to marketing or other matters, the user should contact Itemize at email@example.com and provide its exact name and postal or e-mail address. Itemize will then remove the user’s name from its mailing list, except for communications regarding security breaches and other administrative matters. However, even if a user has opted not to receive notices from Itemize, certain notices may affect or govern the use of Itemize services and the user will be bound by these notices in connection with its use of the affected Itemize services.
Upon termination of service, a user may request that any information, document or image stored in its Itemize account be deleted irretrievably by contacting Itemize at: firstname.lastname@example.org. Itemize will comply with any such request as soon as reasonably practicable.
With respect to users in Australia, if Itemize is satisfied, having regard for the purpose for which the information is held, that the information is inaccurate, out of date, incomplete or misleading, Itemize will take such steps, if any, that are reasonable in the circumstances to correct such information so that, having regard for the purposes for which the information is held, it is accurate, up-to-date, complete, relevant and not misleading. If Itemize corrects personal information about an individual that previously has been disclosed to another entity, Itemize will take such steps, if any, that are reasonable in the circumstances to notify the other entity of such correction.
Itemize follows generally accepted industry practices and standards to protect PII and other information submitted to Itemize by users. These practices include the encryption of the transmission of information using secure socket layer (“SSL”) technology. Nevertheless, no method of transmission over the Internet or method of electronic storage of information is completely secure, and Itemize cannot guarantee the security of the information users provide to Itemize.
In addition, there are many events and circumstances beyond Itemize’s control that could interfere with access to or the use of Itemize services. Among others, these events and circumstances could include electrical and other interruptions, human error, loss or corruption of data, a breach of security or other unauthorized intrusion. Itemize is not responsible for any of these events or circumstances.
If Itemize becomes aware of a material security breach or other unauthorized intrusion affecting its system, Itemize will use reasonable commercial efforts to notify users electronically, either by email or by posting an appropriate notice on its website. In addition, Itemize will provide users with any notice required by applicable law in the form and manner required by law in the event of any security breach. Users consent to any such notice, as well as to communications to them regarding privacy and administrative issues.
Itemize is hosted primarily in the United States. Information hosted in the United States is subject to the laws, rules and regulations as to privacy, data protection and other matters of the United States and its various states. Itemize is also subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. Users who are resident in California may request and obtain once a year, free of charge, certain information about any PII Itemize disclosed to its Partner Companies or other third persons in the prior calendar year. Any user resident in California who wants such information should send such request to Itemize at email@example.com.
The Itemize Terms of Service contains certain additional information about certain laws and regulations applicable to Itemize services.
Certain Provisions Applicable to Users in the European Economic Area
The EU General Data Protection Regulation (“GDPR”) governs the collection and use of personal information from “data subjects” located in the European Union and grants certain rights to such data subjects to consent to the use and transfer of such information and to require the correction and/or deletion of the information. Itemize has implemented rules and procedures to enable it to comply with GDPR and is continuing to monitor and implement these rules and procedures in order to maintain compliance with GDPR.
If Itemize utilizes data processors to perform tasks on behalf of or under the instruction of Itemize, Itemize will require these data processors to enter into a written agreement that requires them to provide an appropriate level of protection for the personal and sensitive information that Itemize itself provides.
If a user is located in the European Union, Australia or another country, the laws in those jurisdictions governing data collection and use may differ from the laws of the United States. In order to comply with laws of the European Union or its member states, or the laws of other jurisdictions, Itemize may transfer a user’s information to a hosting location operated or maintained by Itemize or one of its affiliates, or by a third person on its behalf, in a location that complies with the laws of such jurisdiction. By using Itemize services, a user consents to any of these transfers.
Limitation of Liability
Itemize’s Terms of Service contains exclusions and limitations on its responsibility and liability with respect to a number of matters, including the loss, unauthorized use, corruption or lack of accuracy, completeness or correctness of any information in a user’s Itemize account or of any information that is provided to a user by Itemize based on information in the user’s account or that is transferred to Itemize from, or by Itemize to, another account of the user.
Resolution of Disputes
Itemize has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If a user does not receive timely acknowledgment of its complaint, or if the complaint is not satisfactorily addressed, the user may visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. If a user’s complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
Merger or Sale of Itemize