Privacy Policy
ITEMIZE PRIVACY POLICY
Effective: November 2023
Itemize is committed to building excellent relationships with its user community. Toward that end, Itemize maintains the confidentiality and security of the information about its users and their organizations that they provide to Itemize or that Itemize may learn as result of their use of Itemize services.
This Privacy Policy describes the types of information Itemize may obtain when a user establishes or uses an Itemize account, whether by way of the Itemize website, through the Itemize mobile apps or pursuant to a services agreement or purchase order a user enters into with Itemize, and how Itemize may use this information.
When users establish an Itemize account, they provide certain personally identifiable information (“PII”) to Itemize. When users access and use their account, Itemize automatically gathers and stores additional information about how and when Itemize services are being used. This information is not tied to a user’s PII and cannot be accessed to retrieve personally identifiable information about any user.
Many of Itemize’s customers use or incorporate Itemize services in the products and services they offer to their clients and customers. These customers include providers of expense management, VAT reclaim and invoice management and payment processing services; accounting software providers; business process outsource providers; credit card processing companies; and commercial banking and other financial institutions. In connection with providing its services to these customers, Itemize indirectly obtains information, which may include PII, relating to their clients and customers (“end users”). Itemize does not have any contractual arrangement with or any other obligation to end users and this Privacy Policy is not applicable to them. The rights and obligations of end users with respect to the information, including PII, they provide to Itemize customers is governed by their arrangements with these customers and the privacy policy of the customers. However, this Privacy Policy is applicable to Itemize customers and to the information, including PII, a customer provides to Itemize pursuant Itemize pursuant to its services agreement with Itemize, including information relating to end users.
Itemize may also receive a user’s PII from third persons with which Itemize has a joint marketing, co-branding or other partnership arrangement.
Itemize does not acquire any ownership or other interest in any of the PII or other information Itemize obtains about a user or an end user or that Itemize receives from a Partner Company.
If any user has any question about this Privacy Policy or the manner in which Itemize administers it, or believes that Itemize has violated this Privacy Policy, please contact: support@itemizecorp.com. Itemize will respond to such questions as promptly as reasonably practicable.
This Privacy Policy is incorporated into and is a part of the Itemize Terms of Service. By establishing an account with Itemize or by using Itemize services, users automatically agree to the provisions of the Terms of Service and this Privacy Policy, including the provisions that permit Itemize to process, use and disclose user information in accordance with this Privacy Policy and the Itemize Terms of Service and the provisions that limit Itemize’s liability under certain circumstances and for certain matters.
Itemize offers its services primarily to users in the United States. Itemize also offers its services in the European Union, the United Kingdom and other locations outside of the United States. This Privacy Policy applies to all users of Itemize services. For additional information about Itemize’s privacy policies specifically applicable to users in the European Union and the United Kingdom, please refer to “Certain Provisions Applicable to Users in the European Union and the United Kingdom.”
Information Collected
When users establish an Itemize account, and when they access the account, they will be requested to provide an e-mail address, and may be requested to provide certain additional information such as their name and the country where they reside or work. In addition, when a user becomes a paid subscriber, it may be required to provide payment account information to Itemize’s third party payment processor. Itemize does not have any access to and does not store the credit card or other payment account number a user provides to the payment processor.
At the request of Itemize, a user may provide non-personally identifiable personal information, such as demographic information, including postal code, gender and education, and information about preferences, attitudes and behavior. Itemize does not request any information from its users unless it is relevant to the services provided by Itemize.
Itemize will not sell, rent or license a user’s PII to a third party. Itemize will not use a user’s name or company’s name in its marketing materials without the user’s prior consent but Itemize may include a company’s name in a general list of its customers that Itemize publishes on its website or provides to prospective customers, investors, lenders and others with which Itemize has a business relationship.
By establishing an Itemize account, users authorize Itemize to gather and retain information relating to the users’ online and offline financial and other transactions , and to organize, arrange, sort and parse this information. This information should not include a user’s payment account details, such as the user’s uniquely identifying credit or debit card number, pin or access code unless the user’s service agreement with Itemize contemplates the processing of such information. If a supplier of goods or services issues a receipt, invoice, hotel folio or other document that contains this information, or if a user scans or otherwise uploads to its account an image of document that displays such information, if Itemize identifies the information when it processes the document it will delete the information unless the user’s service agreement with Itemize contemplates the processing of the information. Itemize is not responsible if it fails to delete the information for any reason.
Some of the documents that a user submits to Itemize for processing may not be the type of document that is covered by the user’s service agreement with Itemize. Itemize will attempt to delete and not store any of these documents but Itemize cannot assure users that any such attempt will be successful.
A user may also elect to connect its Itemize account to its credit card and bank account for the purpose of matching purchase transactions evidenced by payment documents that the user uploads to its Itemize account to transactions indicated on the user’s credit card or bank statement. As a result, Itemize will have access to data included in the user’s credit card or bank statement. Itemize only has access to such data through third parties on an anonymized basis and should not be able to connect the data to any identifiable user. This data should not include the user’s credit card or bank account number or other PII.
Any PII that a user provides to Itemize, that itemize obtains about an end user from an Itemize customer or that Itemize obtains about a user from Partner Companies will be stored and managed with appropriate care. Itemize has entered into a contract with a nationally recognized third party provider of cloud-based storage services and forwards the information that a user uploads to his or her account for storage under this contract. Itemize subcontracts with other service providers to assist Itemize in providing its services, including companies that provide manual processing services in support of Itemize services. Itemize may furnish PII of users and end users to these service providers to enable them to provide their services to Itemize. The arrangements with these service providers include appropriate confidentiality, privacy and data security and protection provisions with respect to users’ and end users’ PII.
The Itemize website may from time to time offer publicly accessible blogs or community forums. Users may comment on our blogs and submit information to these forums, including, if they choose, PII and other sensitive information. In addition, the Itemize website may display reviews of its services and products that users have posted on third party sites. Users should be aware that this information, including the reviews of Itemize services and products, can be read, collected and used by others, including users of Itemize services. Itemize is not responsible for the information users choose to include in any comment on our blogs or our community forums or in a review that a user posts on a third party site, and this Privacy Policy does not apply to any such information.
Use of Cookies
Itemize automatically collects and stores certain information about users’ visits to their Itemize accounts using cookies and web beacons.
For more information about the use of cookies and or collection practices on this website please visit the Itemize cookie policy at: https://www.itemize.com/cookie-policy/.
Use of Information
Itemize will use the information it obtains from a user to provide the processing and other services requested by the user and to render reports requested by the user.
Itemize uses the information to ensure that users are complying with the Itemize Terms of Service and their services agreements with Itemize and, if it is necessary, to correct a problem with Itemize’s system. In addition, Itemize will use the information to take appropriate action with respect to suspected fraud or illegal activities or if disclosure is required by applicable law, including in response to a subpoena or other court process. Lastly, Itemize will disclose information obtained from a user, including personal information, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Itemize may also use the information to market to its users Itemize services and products or services offered by third persons. For example, Itemize may refer a user to a Partner Company that provides accounts payable payment solutions and provide to the Partner Company business contact information of the user. Itemize will not make any such referral without first obtaining the consent of the user. If the user enters into a payment solution service agreement with the Partner Company, Itemize will provide information about the user’s accounts payable transactions to the Partner Company. The user’s agreement with the Partner Company and the privacy policy of the Partner Company will govern the rights of the user and obligations of the Partner Company with respect to such information. This Privacy Policy will not be applicable once the information is transferred to the Partner Company.
By subscribing to certain Itemize services, a user may authorize Itemize to transfer information it obtains from the user to Partner Companies with which the user also maintains an account. For example, a user may elect to connect its Itemize account to its account with a provider of accounting software services. A user thereby authorizes Itemize to transfer to its accounting records financial data contained in the documents that the user uploads to its Itemize account and to extract data from the user’s accounting records.
The information Itemize collects may also be anonymized and/or aggregated with like information of other users to compile statistical and other information, including information about the preference of users of Itemize services. This anonymized or aggregated statistical and other information may be provided to Partner Companies and other third persons which may be interested in evaluating market trends or in marketing their own products or services.
Itemize does not disclose personally identifiable or sensitive information about a user to any third person without the user’s prior consent, except for the purposes described above in the second paragraph of this section. Itemize may also share some or all of a user’s PII with subsidiaries and other affiliates of Itemize. Any information that is provided to a subsidiary or other affiliate will be subject to this Privacy Policy.
With respect to users in Australia, Itemize is unlikely to disclose personal or sensitive information to a recipient outside of Australia. However, Itemize is likely to process information uploaded to users’ accounts in the United States and may provide anonymized and aggregated data that includes information with respect to Australian users to its Partner Companies and other third persons, which are likely to be in the United States, Canada, the United Kingdom and countries that are members of the European Union. Any information Itemize provides to a third person will be provided under appropriate confidentiality and security arrangements.
Link to 3rd Party Websites
The Itemize website may provide links to other websites as a convenience to Itemize users. In addition, Itemize may refer a user to a Partner Company that may offer accounts payable payment solutions or other services. If requested and authorized by the user, Itemize will transfer information in the user’s Itemize account to other accounts of the user, such as a credit card or bank account, an account with a provider of accounting software services or an account with a provider of accounts payable payment solutions. Itemize does not review and has no control over these linked sites or accounts. This Privacy Policy does not apply to information Itemize users furnish after they enter a linked site or to information after Itemize transfers it to a linked account. Itemize is not responsible for the privacy or use of any information users furnish to the linked site or that is stored in the linked account after it is transferred by Itemize. Before users access any link provided by Itemize or request Itemize to transfer information to another account of the user, users should carefully read the privacy and other policies posted on the linked website or applicable to the linked account. Itemize does not provide a warning to its users about any of the foregoing matters before they enter a linked site or information is transferred to a linked account.
Each user that subscribes to Itemize transaction matching services expressly authorizes and grants Plaid Technology, Inc. (“Plaid”) the right, power and authority, acting on behalf of such user, to access and transmit the user’s bank account data to Itemize in accordance with Plaid’s privacy policy, which is available at https://plaid.com/legal/. By subscribing to or using Itemize transaction matching services, the user agrees to Plaid’s privacy policy.
User Rights
Itemize acknowledges that users have the right to access the personal information that Itemize maintains about them. A user who seeks access, or who seeks to correct or amend inaccurate PII or other data or information, should log on to its account and follow the appropriate prompts provided. An end user who seeks access to or correct or amend inaccurate PII or other data or information should contact the Itemize customer from which Itemize received the information and comply with the instructions of the customer to gain such access or make a correction or an amendment.
If a user determines that a document that has been uploaded to its account contains full credit or debit card or bank statement information, or other sensitive information that the user does not want Itemize to have access to or to store, the user may suppress the display of the information by logging on to its Itemize account and following the appropriate prompts provided. The user may also request that the information be deleted by contacting Itemize at support@itemizecorp.com. Itemize will comply with any such request as soon as reasonably practicable. An end user seeking an action described in this paragraph should contact the Itemize customer from which Itemize received the document or sensitive information and comply with the instructions of the customer relating to the requested action.
If a user does not want to receive electronic or other mailings from Itemize with respect to marketing or other matters, the user should contact Itemize at support@itemizecorp.com and provide its exact name and postal or e-mail address. Itemize will then remove the user’s name from its mailing list, except for communications regarding security breaches and other administrative matters. However, even if a user has opted not to receive notices from Itemize, certain notices may affect or govern the use of Itemize services and the user will be bound by these notices in connection with its use of the affected Itemize services.
Upon termination of service, a user may request that any information, document or image stored in its Itemize account be deleted irretrievably by contacting Itemize at: support@itemizecorp.com. Itemize will comply with any such request as soon as reasonably practicable.
With respect to users in Australia, if Itemize is satisfied, having regard for the purpose for which the information is held, that the information is inaccurate, out of date, incomplete or misleading, Itemize will take such steps, if any, that are reasonable in the circumstances to correct such information so that, having regard for the purposes for which the information is held, it is accurate, up-to-date, complete, relevant and not misleading. If Itemize corrects personal information about an individual that previously has been disclosed to another entity, Itemize will take such steps, if any, that are reasonable in the circumstances to notify the other entity of such correction.
Security
The personal and sensitive information that users upload to and is stored in their account is protected by the users’ unique e-mail address and password login. Itemize takes reasonable steps that are appropriate to secure the information stored in users’ accounts. Only Itemize employees and agents who need access to users’ PII will have access to this information. These employees and agents are made aware of and periodically reminded about this Privacy Policy and Itemize’s security practices.
Itemize follows generally accepted industry practices and standards to protect PII and other information submitted to Itemize by users. These practices include the encryption of the transmission of information using secure socket layer (“SSL”) technology. Nevertheless, no method of transmission over the Internet or method of electronic storage of information is completely secure and Itemize cannot guarantee the security of the information users provide to Itemize.
In addition, there are many events and circumstances beyond Itemize’s control that could interfere with access to or the use of Itemize services. Among others, these events and circumstances could include electrical and other interruptions, human error, loss or corruption of data, a breach of security or other unauthorized intrusion. Itemize is not responsible for any of these events or circumstances.
If Itemize becomes aware of a material security breach or other unauthorized intrusion affecting its system, Itemize will use reasonable commercial efforts to notify users electronically, either by email or by posting an appropriate notice on its website. In addition, Itemize will provide users with any notice required by applicable law in the form and manner required by law in the event of any security breach. Users consent to any such notice, as well as to communications to them regarding privacy and administrative issues.
Government Regulation
Itemize is hosted primarily in the United States and is also hosted in Ireland. Information hosted in the United States is subject to the laws, rules and regulations as to privacy, data protection and other matters of the United States and its various states. Itemize is also subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. Users who are resident in California may request and obtain once a year, free of charge, certain information about any PII Itemize disclosed to its Partner Companies or other third persons in the prior calendar year. Any user resident in California who wants such information should send such request to Itemize at support@itemizecorp.com.
The Itemize Terms of Service contains certain additional information about certain laws and regulations applicable to Itemize services.
Certain Provisions Applicable to Users in the European Union and the United Kingdom
The EU General Data Protection Regulation (“GDPR”) governs the collection, storage and use of personal information from “data subjects” located in the European Union and grants certain rights to such data subjects to consent to the use and transfer of such information and to require the correction and/or deletion of the information. Itemize has implemented rules and procedures to enable it to comply with GDPR and monitors these rules and procedures to continue to maintain compliance with GDPR.
Itemize complies with the EU-U.S. Data Privacy Framework Principles (the ”EU-U.S. DPF”) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. Itemize has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the provisions of this Privacy Policy and the EU-U.S. DPF , the EU-U.S. DPF shall govern. To learn more about the about the EU-U.S. Data Privacy Framework Program, and to view the Itemize certification under the Program, please visit htps://www.dataprivacy framework.gov/.
If Itemize utilizes data processors to perform tasks on behalf of or under the instruction of Itemize, Itemize requires these data processors to enter into a written agreement that requires them to provide an appropriate level of protection for the personal and sensitive information that Itemize itself provides.
Itemize is also hosted in Ireland and generally hosts and processes documents and information received from data subjects located in the European Union there. Itemize may have liability pursuant to the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF with respect to the onward transfer to third parties of data it receives from users in the European Union.
Itemize will provide European Union users an opt-out or opt-in choice before sharing their data with third parties, other than Itemize agents, or before Itemize uses it for a purpose other than which it was originally collected or subsequently authorized. A user may at any time request that any information (including personal information), document or image stored in its Itemize account be deleted irretrievably by contacting Itemize. Users located in the European Union may contact Itemize at: https://itemizecorp.gdprlocal.com/eu. Users located in the United Kingdom may contact Itemize at: https://itemizecorp.gdprlocal.com/uk. Itemize will comply with any such request as and to the extent required by GDPR.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Itemize commits to resolve complaints concerning Itemize’s handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to BBB EU Data Privacy Framework operated by BBB National Programs, an alternative dispute resolution provider based in the United States. Citizens of the European Union or the United Kingdom with inquiries or complaints regarding this Privacy Policy should first contact Itemize’s general counsel at legal@itemizecorp.com. If a user does not receive timely acknowledgment of its EU-U.S. DPF-related complaint from Itemize, or if Itemize has not addressed the complaint to a user’s satisfaction, please visit https://bbbprograms.org/dpf-complaints for more information or to file a complaint. The services of BBB National Programs are provided at no cost to users. Under certain circumstances, users may invoke binding arbitration for complaints regarding Itemize’s compliance with the EU-U.S. DPF when other dispute resolution procedures have been exhausted.
If a user is located in the European Union, the United Kingdom, Australia or another country, the laws in those jurisdictions governing data collection and use may differ from the laws of the United States. In order to comply with laws of the European Union or its member states, the United Kingdom or the laws of other jurisdictions, Itemize may transfer a user’s information to a hosting location operated or maintained by Itemize or one of its affiliates, or by a third person on its behalf, in a location that complies with the laws of such jurisdiction. By using Itemize services, a user consents to any of these transfers.
Limitation of Liability
Itemize’s Terms of Service contains exclusions and limitations on its responsibility and liability with respect to a number of matters, including the loss, unauthorized use, corruption or lack of accuracy, completeness or correctness of any information in a user’s Itemize account or of any information that is provided to a user by Itemize based on information in the user’s account or that is transferred to Itemize from, or by Itemize to, another account of the user.
Resolution of Disputes
The Itemize Terms of Service require that any dispute in the United States relating to the Terms of Service, including a dispute relating to this Privacy Policy, be resolved in a court located in the City, County and State of New York. The resolution of disputes brought users under the EU-U.S. DPF or the UK Extension to the EU-U.S. DPF is described above in the next to last paragraph of “Certain Provisions Applicable to Users in the European Union and the United Kingdom.”
Merger or Sale of Itemize
In the event of a merger, consolidation, business combination or other sale of Itemize or a sale or other transfer of its business and assets, the information Itemize has collected from users, including PII, will be transferred to the person or entity to which Itemize is sold or the business and assets are transferred. After the transfer, such information will be subject to the applicability of this Privacy Policy or the privacy policy of the entity that acquires Itemize or its business and assets.
Amendments to this Privacy Policy; Copies
Itemize reserves the right to change this Privacy Policy in whole or in part at any time and from time to time. Changes will be posted on the Itemize website and will be effective upon posting.
If Itemize makes any material change to this Privacy Policy, it will make a reasonable commercial effort to notify users a reasonable time prior to the effectiveness of the change either by email or by posting the notification on its website. Use of Itemize services following any such change constitutes a user’s acceptance of the change.
A user in Australia may request a copy of this Privacy Policy in a particular form by contacting Itemize at support@itemizecorp.com. Itemize will take reasonable steps to provide the user with a copy in the form requested.