Revised November 28, 2017
If you use our websites, you hereby consent to our collection and use of your information, as described in this policy.
Credit2B provides services that allows businesses to access and share business credit information, payment data and related business information contributed by its users, by Credit2B or its other information sources including other credit bureaus. The Credit2B services includes analytic and collaboration tools and workflow designed to streamline and improve business-to-business credit management.
We collect detailed and summary “Non-Personal Information” and “Personal Information” on institutions and businesses and their principals from third parties, creditors, and trade suppliers, and from public government records, registrations and filings.
As we are a business to business credit bureau, information collected to provide our services may include business histories, principals’ biographical and business experience, business operational, employment and financial characteristics, government compliance data, creditor exposure and payment experiences, industry opinions, and related contact information. Customer Data of users of Credit2B systems will also include Contact information, such as full name and email address, Demographic information; username and password; work title, department information, and other information related to your work or organization; all content that you create, share or post in audio, video, text, images, data files that you provide on or through the Services, or that are provided on your behalf; information other people provide about you when using the Services, including when they send a message to you or upload information about you; all communications with other users of the Services; user communications, feedback, suggestions, and ideas sent to us; billing information; and information you provide us when you or your organization contact or engage us for support regarding the Services.
Non-Personal Information, which we can use without limitation, includes information that does not personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and number of clicks.
Personal Information may include your name and email address which you submit when you become a prospective customer or customer, register at a website, receive content or sign up for an event, or if we suspect our websites are being misused. Subscribers to specific Services will be required to have personal logon IDs and passwords.
If you participate in our blogs or social media applications, the information that you post, including identifying information, will be collected and, depending on the application, may be publically viewable.
We also collect Potentially Personally-Identifying Information from visitors like Internet Protocol (IP) addresses for users accessing our sites which, when combined with other information, can be used by us for targeting the marketing our products and services, or used to protect our Sites from suspected misuse. While using our Site, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you.
Within the scope of our authorization to do so, and in accordance with our commitments under the EU-US and Swiss-US Privacy Shield Frameworks (see below), we will work to provide individuals access to personal data about them that Credit2B holds. We will also will take reasonable steps to enable individuals, to correct, amend, or delete personal data that is demonstrated to be inaccurate.
The personally identifiable information that we collect is used to complete requested transactions, provide our services, update our databases, and provide support, and you agree we may contact you for these purposes, as well as to personalize your and your Organization’s experiences as part of our provision of the Services; develop new tools, products, or; conduct data and system analytics, including research to improve the Services, for service updates, newsletters, marketing or promotional materials and other information that relate to our business interests. If you do not wish to receive these communications, we encourage you to opt out of any further receipt by following the opt-out provisions provided in each such communication.
We may also use the information we collect in order to operate, maintain, and improve the systems and infrastructure that provide the Services. You and your Organization authorize us to do so and acknowledge that this may also result in improvements to the Services, since centralized systems and infrastructure support the Services. For example, we may use crash logs from your use of the Services to identify and fix bugs that may also be present in the Services
Like many website operators, we may collect information that your browser sends whenever you visit our Sites (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages and other statistics. In addition, we may use third party services such as Google Analytics that collect, monitor and analyze this information
We may disclose or transfer the information that we collect in the following circumstances:
The security of your information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. The measures we undertake include multiple levels of physical, technical, software, and other security measures including systems monitoring, including third-party monitoring.
However, while we strive to use commercially reasonable means to protect information, we cannot ensure its absolute security. These measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of such firewalls and secure server software. Information, regardless of where collected, is stored on computer servers located in the United States of America. By using our Sites, you acknowledge that you understand and agree to assume these risks.
We reserve the right to change this privacy statement at any time, so visitors should refer to it on our website frequently. This privacy statement and the policies outlined herein are not intended to and do not create any contractual or other legal rights in or on behalf of any other
person or entity.
Our services and websites are for business purposes only and are not intended for use by children, and any access by and content concerning children is prohibited.
If you wish to terminate your account with us, your personal information will be retained as long as required to service your account and comply with our legal obligations, handle disputes, and enforce our agreements.
If we are contacted by a business owner or principal to correct an inaccuracy or information error, we will promptly investigate the situation and upon confirmation of the error and make the necessary correction.
The United States Department of Commerce and the European Commission have agreed on a set of data protection principles and frequently asked questions (the “EU-U.S. Privacy Shield Framework”) to enable U.S. companies to satisfy the requirement under European Union law that adequate protection be given to personal information transferred from the EU to the United States.
The United States Department of Commerce and the Swiss Federal Data Protection and Information Commissioner have agreed on a set of data protection principles and frequently asked questions (the “Swiss-U.S. Privacy Shield Framework”) to enable U.S. companies to satisfy the requirement under Swiss law that adequate protection be given to personal information transferred from Switzerland to the United States.
We self-certify compliance with: EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield.
Credit2B recognizes that the European Community and Switzerland have established a data protection regime which applies to the European Economic Area including Norway, Liechtenstein and Iceland (“EEA”) and to Switzerland and restricts companies in the EEA and Switzerland in transferring personal data about individuals in the EEA and Switzerland to the United States, unless there is “adequate protection” for such personal data when it is received in the United States. To create such “adequate protection,” Credit2B Corp adheres to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework published by US Department of Commerce (“EU-U.S. Privacy Shield Framework” “Swiss-U.S. Privacy Shield Framework”) with respect to personal data about individuals in the EEA and Switzerland that we receive from our customers and other business partners. Credit2B’s EU-U.S. Privacy Shield Certification and Swiss-U.S. Privacy Shield Certification also extends to data that we receive directly through Credit2B’s publicly accessible websites via secure form submission. More information on EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Framework and Credit2B’s scope of participation in the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework is available at www.privacyshield.gov/welcome.
Client Personal Data processed or stored by Credit2B may be subject to contractual agreements with our clients that require more stringent privacy and security safeguards than the requirements in the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Policy. At a minimum, however, Credit2B handles Client Personal Data in accordance with our EU-U.S. and Swiss-US Privacy Shield Frameworks, which is based upon the principles identified in the EU-U.S. Privacy Shield Framework and the Swiss-US Privacy Shield Policy Framework.
This Notice addresses data subjects residing in the EU (“EU Persons”) or in Switzerland whose data we may receive from one of our customers, suppliers or other business partners in the EU and in Switzerland, e.g., referral partners, integration partners, etc. When Credit2B receives Client Personal Data for processing pursuant to instructions of clients or their partners, we are acting as an agent for our client and do not provide notice to individuals regarding the collection and use of their personal data. Our clients remain responsible for providing notice, if and to the extent they believe such notice is necessary under applicable EU law.
Credit2B sells and maintains integrated web-based business credit management monitoring, workflow, and information solutions largely to midsize and enterprise businesses. In connection with this, we may receive business-related information from the EU, and Switzerland, including contact information of individual representatives of the businesses with whom we or our customers are dealing, including, without limitation, names, addresses, work phone numbers, work email addresses, etc. of EU Persons (“EU Data”) and Swiss persons. In connection with some services, our customers use our hosted technology platform to augment our data with their data at their own discretion. As EU and Swiss Data covered by this Notice is by definition sent to us by another company in the EU or Switzerland (e.g., a customer of Credit2B), the categories of data sent and the purposes of processing often depend on such other company and in some cases we do not control the data and we may need to provide you to the supplier of controller of that data to address any concerns or issues., with whom the EU or Swiss Person typically has a closer employment or business relationship (and which, therefore, can provide additional information on categories of data shared with us). Credit2B will not use Client Personal Data for any other purposes than for the purposes that Credit2B clients provide such information.
Credit2B collects and uses EU and Swiss Data for purposes of providing products and services to our customers and conducting related tasks for legitimate business purposes.
Credit2B recognizes potential liability in cases of onward transfer to third parties, and will not transfer any personal information to a third-party without first ensuring that the third-party adheres to the Privacy Shield principles via contractual arrangement. Credit2B does not transfer Client Personal Data to unrelated third parties, unless lawfully directed by a client, or in certain limited or exceptional circumstances in accordance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework. For example, such circumstances would include disclosures of Client Personal Data required by law or legal process. If our information practice should change in the future we will update this policy and provide opt-out choice to individuals where appropriate.
Should Credit2B learn that an unrelated third party to which Personal Data has been transferred by Credit2B is using or disclosing Personal Data in a manner contrary to this Policy, Credit2B will take reasonable steps to prevent or stop the use or disclosure.
Note that Credit2B may be required to share EU and Swiss individual’s personal data in response to lawful requests by public authorities including to meet national security and law enforcement requirements. Contact information and Client Personal Data is accessible only by those Credit2B employees and consultants who have a reasonable need to access such information in order for us to fulfill contractual, legal and professional obligations. All of our employees and consultants have entered into strict confidentiality agreements, and/or have been subjected to thorough criminal background checks requiring that they maintain the confidentiality of Client Personal Data.
We acknowledge the right of all individuals to access their personal data. If you are an EU or Swiss Person about whom we hold Personal Data, you may request access to, and the opportunity to update, correct or delete, such Data. To submit such requests or raise any other questions, please contact ComplianceDept@billtrust.com. We reserve the right to take appropriate steps to authenticate an applicant’s identity, to charge an adequate fee before providing access and to deny requests, except as required by the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.
Credit2B assures compliance with this EU-U.S. and Swiss-U.S. Privacy Shield Frameworks by utilizing the self-assessment approach as specified by the U.S. Department of Commerce. The assessment is conducted on an annual basis to ensure that all of Credit2B’s relevant privacy practices are being followed in conformance with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. Any employee that Credit2B determines is in violation of these policies will be subject to discipline, up to and including termination of employment and/or criminal prosecution.
If you have a complaint or concern regarding our compliance with the EU – US and/or Swiss-US Privacy Shield Frameworks, please contact the Credit2B Privacy Officer, by e-mail at ComplianceDept@billtrust.com, or you may call us at: +1 212-279-3300. Alternatively you may write us at:
100 American Metro Blvd. Suite 150
Hamilton, NJ 08619
We will promptly investigate and attempt to resolve complaints and disputes in a manner that complies with the principles described in this Policy.
If you are not satisfied with our response, or if contacting us does not resolve your complaint, you can contact The Council of Better Business Bureaus Privacy Shield at https://www.bbb.org/EU-privacy-shield/for-eu-consumers, an independent dispute resolution mechanism, pursuant to the EU-U.S. and Swiss-U.S. Privacy Shield Framework.
Finally as a last resort and under limited circumstances, EU and Swiss individuals with residual complaints may invoke a binding arbitration option before the Privacy Shield Panel.
This EU-U.S. and/or Swiss-U.S. Privacy Shield Policies may occasionally be updated. When material updates are made, the date of the last revision will be reflected at the end of the page. This page may be bookmarked to facilitate periodic review of EU-U.S. and Swiss-U.S. Privacy Shield Policy and to note recent updates. Neither the EU-U.S. Privacy Shield Policy or Swiss-U.S. Privacy Shield Policy nor updates to it will affect or modify any contracts we have with our clients.