iPipeline Privacy Notice
Last Updated: April 2024
Your privacy is important to us. Please read this Privacy Notice carefully to learn how we collect, use, share, and otherwise process information relating to individuals (“Personal Data”), and to learn about your rights and choices regarding your Personal Data. For information about state-specific privacy rights, including the rights of residents of California, Virginia, Colorado, Nevada, Utah, or Connecticut, please click here.
iPipeline is the controller of your Personal Data as described in this Privacy Notice, unless specified otherwise. This Privacy Notice applies to the collection and processing of Personal Data collected by us when you visit our branded websites that link to this Privacy Notice; use our online products and services as an authorized user where we act as a controller of your Personal Data; visit our branded social media pages; visit our facilities; communicate with us (including emails, phone calls, texts or fax); or register for, attend or take part in our events, webinars, trade shows or contests.
Collection of Personal Data
We collect three types of Personal Data from you:
- Information You Provide: We collect and record any information that you provide to us directly, including any personal identifiers, professional or employment-related information that you provide to us through this website or other medium.
- Information We Collect Automatically: We automatically collect and store information about your use of this website and our services. To do so, we may use cookie technology and other online identifiers to track your IP address, web browser, geolocation, or your activity on this site. For more information about cookies and other tracking technologies, please see our Cookie Policy.
- Other Information We Collect: We may combine data from other sources with Personal Data we receive from you. These other sources may be from third parties or from publicly available sources. This may include information related to your employment, education, commercial interactions, and internet activity.
In some cases, the collection and processing (see Section 2 below) of Personal Data is required for you to receive certain products or services. Personal Data does not include information that is anonymized or aggregated such that you cannot be identified from it.
If you provide us or our service providers with any Personal Data relating to other individuals, you represent that you have the authority to do so and have obtained any necessary consent for the information to be used in accordance with this Privacy Notice. If you believe that your Personal Data has been provided to us improperly or want to exercise your rights relating to your Personal Data, please contact us by using the information in Contact Us section (Section 16) below.
Types of Personal Data We Collect
We may collect the following types of Personal Data about you.
- identifiers (g., name, address, phone number, IP address);
- records about you (e.g., signatures, physical characters or descriptions of you, content, timing, and method of communications you have with us, an information you share or upload to our website, services, or other digital properties)
- geolocation data (e.g., computer/device location);
- professional or employment related information.
- Processing your Personal Data. Where required by law, we obtain your consent to use and process your Personal Data for these purposes. Otherwise, we rely on other legal bases to collect and process your Personal Data. We process your Personal Data for the following purposes:
- Providing our services, products, and website access: We process your Personal Data relating to your access of our services, products, website, and other digital properties (g., account information, etc.) to ensure both you and we meet our obligations under the applicable contract, terms of use, or service agreement and to project future demand as well as improve our websites and services; absent a contractual relationship, we process your Personal Data to further our legitimate interest in operating and improving our websites and services.
- Internal business purposes: We process your Personal Data to operate, maintain, and improve our services, products, and website, including customizing the content; maintaining internal business records, such as accounting, managing user accounts, document management and similar activities; enforcing our policies and rules; monitoring service usage, management reporting; auditing; and IT security and administration to meet our obligations to you to perform our contract with you, or, if no contract applies, to the extent it is necessary for our legitimate interest in operating our business in a secure and efficient manner.
- Securing our facilities, websites and services: We process your Personal Data (g., name, IP address, account information, internet activity) as part of our efforts to maintain, monitor and secure our websites and services. This may include aggregating data, verifying accounts, investigating suspicious activity, and enforcing our terms and policies to the extent necessary to further our legitimate interest in maintaining a safe and secure website, products and services and in protecting our rights and the rights of others.
- Responding to contact requests: If you contact us electronically or by phone, we process your Personal Data (g., name, account information, government identifiers) to perform our contract with you, or, if no contract applies, to the extent it is necessary for our legitimate interest in responding to your inquiry and communicating with you. We may record and process communications for training, quality assurance, and administration purposes. If required under applicable law, we will obtain your prior consent or give you the option to object to a call being recorded.
- Marketing and advertising: We may process your Personal Data (g., name, account information) to advertise to you, based upon your Personal Data to the extent it is necessary for our legitimate interest in advertising our websites, services or products. Where legally required, we will obtain your consent before engaging in any marketing or advertising.
- Complying with legal and safety obligations: We process your Personal Data (g., name, account information) when cooperating with public and government authorities, protecting our legal rights, and protecting against abuse of our services and products. Any such processing is based on our legitimate interest in protecting our legal rights or, when applicable, complying with a legal obligation to which we are subject.
- In connection with a corporate transaction: We may process your information if we sell or transfer all or a portion of our business or assets including through a sale in connection with bankruptcy and other forms of corporate change in furtherance of our legitimate interest in operating and transacting the business of the company.
In some cases, we may provide specific services or offerings subject to separate or supplemental privacy policies. In those cases, we will prominently inform you of those policies and provide those policies in an easily accessible format.
Exclusions
This Privacy Policy does not apply to Personal Data that:
- we process on behalf of our customers in the role of processor or other service provider, such as when we allow customers to create their own websites/applications to offer their own products and services, to send electronic communications to others; or otherwise use, collect, share or process Personal Data via our online products and services. Our customers’ privacy policies may be different from ours, and we are not responsible for those practices.
- we process about current or former employees, job applicants, and other individuals who interact with us for employment-related purposes.
Protecting Personal Data
Depending on our relationship with you and where you may reside, you may have certain rights relating to your Personal Data based on applicable local data protection laws, including from individual US state privacy laws (e.g., California, Virginia, Colorado, and other states), Canadian privacy laws, and the EU/UK General Data Protection Regulation. Depending on the applicable laws these rights may include the right to:
- Request information about the categories of Personal Data we have collected about you, the categories of sources from which we collected the Personal Data, the purposes for collecting, sell or sharing the Personal Data, and to whom we have disclosed your Personal Data.
- Request and receive copies of your Personal Data that we hold;
- Request additional information about how we process your Personal Data;
- Correct inaccurate or incomplete Personal Data (taking into account our use of it);
- Request deletion of your Personal Data;
- Restrict or object to our processing of your Personal Data, including restricting the sale or sharing of your data or its use for cross-context behavioral marketing. Where we process Personal Data for direct marketing purposes (either by us or third parties) or for cross-context behavioral marketing, you may not have to provide a specific reason for such objection;
- Require us (if possible) to transfer your Personal Data to another controller (e., data portability);
- Limit the use or disclosure of your sensitive Personal Data;
- Restrict certain disclosures of your Personal Data to third parties;
- Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects; and
- Withdraw your consent to the processing of your Personal Data (to the extent we base processing on consent and not on another lawful basis).
We will not discriminate against you, in any manner prohibited by applicable law, for exercising these rights. You may exercise these rights, to the extent applicable, by making the request via our website using our iPipeline Data Protection Request Form, by sending us an email at DPO@ipipeline.com, or writing to us at iPipeline Headquarters (USA), 222 Valley Creek Boulevard, Suite 330, Exton, PA 19341. We will respond to any such requests within 30 days of receipt.
If you are not happy with how iPipeline handles your Personal Data and we cannot provide you with a satisfactory resolution to your request, you also have the right to lodge a complaint with a supervisory body for data protection in your jurisdiction. If you wish to pursue any of these rights, please contact us using the details set out at the end of this Notice below.
Disclosing Personal Data to Third Parties
We do not “sell” or “share” Personal Data about you as those terms are defined by the California Consumer Privacy Act. We may provide your Personal Data to the categories of recipients described below:
- iPipeline’s divisions, holding companies, subsidiaries, and affiliates.
- Third party service providers or other entities that perform services on our behalf, help us provide you with our products and services, and that otherwise support our relationship with you (such as shipping or direct mailing organizations). These third-party service providers have access to personal information needed to perform their functions but may not use it for other purposes. Further, they must process the Personal Data in accordance with this Privacy Notice and as permitted by applicable data protection laws. Please click here for a list of the third party service providers we use.
- Vendors necessary to complete transactions you request, such as shipping companies and logistics providers.
- Law enforcement, government agencies, or other regulators to comply with law or legal requirements, to enforce our agreements, and to protect our rights and the property or safety of iPipeline, our users, or third parties.
- Transactional parties if we, or some, or all of our assets, acquire or are acquired by another entity, including through a sale or in connection with a bankruptcy.
- Entities to which you have consented to the disclosure.
Disclosure of Personal Data. Although we have not “sold” Personal Data for money in the past 12 months, we engage in routine practices with our services products, and websites involving third parties that could be considered a “sale” or “sharing” as defined under California law. We do not knowingly sell or share any Personal Data of minors under the age of 16.
Here please find a chart detailing the categories of Personal Data we collected and with whom it was sold, shared, or disclosed for a business purpose in the past 12 months.
Promotional and Marketing Policy
We may ask you to consent to being contacted by us for promotional and marketing purposes. However, you may opt-out of receiving promotional or marketing emails at any time by notifying us as a reply to any unwanted e-mail, by using the unsubscribe function in our newsletter, contacting us at DPO@ipipeline.com, or by writing to us at iPipeline Headquarters (USA), 222 Valley Creek Boulevard, Suite 330, Exton, PA 19341. Requests to unsubscribe from iPipeline e-mails may take 5 business days to process.
Cookies and Tracking Technologies
Please see our Cookies and Tracking Technologies Notification below.
About cookies
A cookie is a small data file that a website places in your web browser to remember information about you. We use some cookies and tracking technologies for purposes which are necessary for your use of our website, products, or services. These may include technologies which remember your preferences and settings; information that you may enter online; or to keep you logged in to our offerings. With your consent, we may also use cookies and tracking technologies for other purposes.
If you would like to find out more about cookies and their use on the Internet. You may find the link at the bottom of this section useful: Additional Cookie Information.
Cookie List
A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:
Strictly Necessary Cookies
Some cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
Targeting Cookies
Some cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Social Media Cookies
Some cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.
Additional Cookies Information
Third-party Websites
The website may contain links to other third-party sites. When you click on one of these links you are visiting a website operated by someone other than us and the operator of that website may have a different privacy policy. We are not responsible for their individual privacy practices, so we encourage you to investigate the privacy policies of such third-party operators.
Children
Our website is not intended for children under 16 years of age. No one under age 16 may provide any information to us through this website. We do not knowingly collect Personal Data from children under 16. If you are under 16, do not access, use, or provide any information on the website or on or through any of its features. If we learn we have collected or received Personal Data from a child under 16 without parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us by sending us an email at DPO@ipipeline.com or writing to us iPipeline Headquarters (USA), 222 Valley Creek Boulevard, Suite 330, Exton, PA 19341.
Data Security
Although we maintain reasonable security safeguards, no security measures or communications over the Internet can be 100% secure, and we cannot guarantee the security of your information. While we work hard to protect data incidents, we have dedicated controls and procedures in place for when such situations, along with the procedures that are required to make notifications to you and to the relevant Supervisory Authority as appropriate.
Data Retention
Your Personal Data will be retained as long as necessary to fulfill the purposes we have outlined above unless we are required to do otherwise by applicable law. This includes retaining your Personal Data to provide you with the products or services you have requested and interact with you; maintain our business relationship with you; improve our business over time; ensure the ongoing legality, safety and security of our services and relationships; or otherwise in accordance with our internal retention procedures. Once you have terminated your relationship with us, we may retain your Personal Data in our systems and records in order to ensure adequate fulfillment of surviving provisions in terminated contracts or for other legitimate business purposes, such as to enable easier future user onboarding, demonstrate our business practices and contractual obligations, or provide you with information about our products and services in case of interest. If you would like to know more about the retention periods applicable to your Personal Data, you can contact us at DPO@ipipeline.com.
International Transfers of Personal Data
Your data may be used and disclosed by the Company and its divisions, holding companies, subsidiaries and affiliates, or other entities outside of your country, including in countries that have a different standard of data protection than in your own country.
For individuals whose data is subject to the General Data Protection Regulation (GDPR) in either the EEA or the UK, we have taken steps to protect your privacy and fundamental rights when your Personal Data is transferred to the other countries, including the United States. For transfers to entities outside the EEA or UK, we make use of the European Commission’s Standard Contractual Clauses. For transfers to third parties, we make sure that the recipient is subject to a jurisdiction for which there is an adequacy decision of the European Commission or UK, as applicable, or that there are adequate safeguards such as Standard Contractual Clauses or Binding Corporate Rules in place.
Changes to this Privacy Policy
We may update this Privacy Policy at our discretion to reflect changes we deem necessary or to satisfy legal requirements. We will post a prominent notice of material changes on our websites.
Contact Us
We welcome comments and questions regarding this Privacy Policy. Any such questions should be directed via e-mail to DPO@ipipeline.com. Additionally, you may make your request in writing to iPipeline Headquarters (USA), 222 Valley Creek Boulevard, Suite 330, Exton, PA 19341.
ADDITIONAL STATE-SPECIFIC PRIVACY RIGHTS
Provisions in the California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VDCPA), Colorado Privacy Act (CPA), Utah Consumer Privacy Act (UCPA), Nevada Senate Bill 220, and Connecticut Data Privacy Act (CTDPA) and other state statutes require some or all of the following disclosures. These disclosures supplement the Privacy Notice above and areas effective as of April 11 2024.
Categories of personal information collected. The personal information that iPipeline collects or has collected from consumers in the twelve months prior to the effective date of this Disclosure, fall into the following categories established by the California Consumer Privacy Act and listed in Section 2 above.
Sources from which we collect your Personal Data. We collect the categories of Personal Data listed above directly from consumers.
Purposes for which we use your Personal Data: We use your Personal Data for the purposes listed in Section 3 of the main privacy notice above.
No selling or sharing of Personal Data. iPipeline has not sold or shared any Personal Data of consumers, as those terms are defined under the California Consumer Privacy Act, in the 12 months prior to the effective date of this Disclosure.
California Shine the Light: If you are a California resident, you may opt out of sharing your Personal Data subject to California Civil Code §1798.83 (the “Shine the Light law”) with third parties for those third parties’ direct marketing purposes by using our iPipeline Data Protection Request Form.
California Eraser Law: Any California residents under the age of eighteen (18) who have posted content or information on our Digital Properties can request removal by contacting us at DPO@ipipeline.com, detailing where the content or information is posted, and attesting that you posted it. We will make reasonable, good faith efforts to remove the post from prospective public view or anonymize it so the minor cannot be individually identified to the extent required by applicable law. This removal process cannot ensure complete or comprehensive removal. For instance, third parties may have republished or archived content that we do not control.
No Discrimination. iPipeline will not discriminate against any consumer for exercising their rights under the applicable state laws.
Virginia Consumer Data Protection Act Deidentified Data Disclosure. We may use deidentified data in some instances. To the extent we use deidentified data, we will either maintain this data without attempting to re-identify it or we will treat it as Personal Data subject to applicable law.
Quebec Data Protection Contact. Pursuant to the requirements of Bill 64 of the National Assembly of Quebec, you may contact our Director of Data Protection at DPO@ipipeline.com.
Inquiries regarding this privacy notice may be
made via the following methods:
Phone
222 Valley Creek Blvd.
Suite 330
Exton, PA 19341
Second Floor, The Quadrangle Building
Imperial Promenade
Cheltenham
GL50 1PZ