US State Supplemental Privacy Notice

Effective Date: June 3, 2024

This Supplemental Privacy Notice applies to you only if you are a natural person and live in California, Colorado, Connecticut, Montana, Oregon, Texas, Utah, or Virginia. This Supplemental Privacy Notice is incorporated into and forms part of the Finmark Privacy Notice

This Supplemental Privacy Notice describes how we collect, process, and disclose your personal information. It also describes the rights you may have, depending on the state of your residence, with regard to your personal information, which apply when new or updated laws take effect in these states. This Supplemental Privacy Notice does not apply to any employees, owners, directors, officers, or contractors of BILL or its affiliates.

Categories of Personal Information We Collect, and How We Use that Information

During the past twelve (12) months, we have collected, used, and disclosed the following categories of personal information:

Category of Personal Information Category of Source Business or commercial purpose(s) for collection and processing Business or commercial purpose(s) for disclosure Categories of third parties to whom we disclose      
Personal identifiers Directly from You or Your agents

From Your Organization

From Your Vendors or Customers

From other third parties You choose to interact with

From Our service providers

From public source

To provide Services to You

To communicate with You

To verify Your identity

To protect Your account

To prevent fraud or illegal activity

Marketing activities

To provide Services to You

To communicate with You

To verify Your identity

To protect Your account

To prevent fraud or illegal activity

Marketing activities

Our service providers

Your authorized service providers

Other third parties that You authorize

Our business and marketing partners

Third parties as required by law

Financial information, including bank account number, credit card number Directly from You or Your agents

From Your Organization

From Your Vendors or Customers

From other third parties You choose to interact with

From Our service providers

To provide Services to You

To verify Your identity

To protect Your account

To prevent fraud or illegal activity

To provide Services to You

To verify Your identity

To protect Your account

To prevent fraud or illegal activity

Commercial information, including products/services purchased Directly from You or Your agents

From Your Vendors or Customers

Provide Services to You

Prevent fraud or illegal activity

Provide Services to You

Prevent fraud or illegal activity

Internet or other electronic network activity information Directly from You

From our service providers
Provide Services to You

Protect Your account

Prevent fraud or illegal activity

Debug or repair the Services

Maintain reliability, quality or safety of the Services

Improve the Services

Marketing activities

Provide Services to You

Protect Your account

Prevent fraud or illegal activity

Debug or repair the Services

Maintain reliability, quality or safety of the Services

Improve the Services

Marketing activities

Geolocation data Directly from You

From Your mobile provider or ISP

Provide the Services to You

Protect Your account

Prevent fraud or illegal activity

Debug or repair the Services

Maintain reliability, quality or safety of the Services

Provide the Services to You

Protect Your account

Prevent fraud or illegal activity

Debug or repair the Services

Maintain reliability, quality or safety of the Services

Audio, electronic, visual, or similar information Directly from You

From Your Organization

From Your Vendors or Customers

Provide the Services to You

Prevent fraud or illegal activity

Marketing activities

Provide the Services to You

Prevent fraud or illegal activity

Marketing activities

Professional or employment-related information Directly from You

From Your Organization

From Your Vendors or Customers

 

Provide the Services to You

Prevent fraud or illegal activity

Marketing activities

Provide the Services to You
Prevent fraud or illegal activityMarketing activities
Inferences drawn to create a profile about a consumer BILL Provide the Services to You

Prevent fraud or illegal activity

Maintain reliability, quality or safety of the Services

Marketing activities

Provide the Services to You

Prevent fraud or illegal activity

Maintain reliability, quality or safety of the Services

Marketing activities

We do not knowingly collect or use personal information of anyone under the age of 18. 

Sensitive Personal Information

When we collect government identification (such as Your driver’s license number or Social Security number) or financial details (such asYour bank account or credit card numbers), we are deemed to be collecting data that is “sensitive” under state privacy laws. Where legally required, We will obtain Your consent for collecting this information. For Our California Users, We do not use or disclose sensitive personal information for any purpose that requires an opt out and use it only for purposes such as to provide the Services to You, to detect security incidents, and protect against malicious or fraudulent actions. We do not use or disclose such information to build a profile about You.

Retention

We retain your personal information as long as it is necessary to provide you our Services and to comply with our data retention requirements, including to comply with legal and regulatory obligations.  Even after you stop using the  Services, we may be required to keep your information for as long as necessary to comply with   legal and regulatory obligations, to make or defend legal claims, and to protect against fraudulent activity of others.

Sales/Sharing  

In the last 12 months, we have allowed third party ad providers to collect personal information from our website visitors in order to provide targeted advertising and analytics. This practice may constitute a sale of personal information under certain state laws and, in California, may also constitute “sharing” (which is a term used to address the sharing of information for advertising purposes) of personal information. To the extent that our practice constitutes a sale or sharing of your personal information, you have the right to opt-out of the same or sharing of your personal information with third parties for purposes of targeted advertising by filling out this Opt-Out Form and by enabling Global Privacy Control on your browser or opting-out of cookies by clicking here:

Global Privacy Control (“GPC”) is a setting you can enable in your web browser to communicate your privacy preference for not having certain information about your webpage visits collected across websites. For all the details, including how to turn on GPC, visit https://globalprivacycontrol.org/. Our websites that link to this privacy policy recognize and respond to GPC signals.

Consistent with our practice of not collecting data on anyone under 18 years old, we do not have actual knowledge that we shared information on such minors with the companies we work with on targeted advertising.  

Understanding Your Rights

Subject to certain limitations and depending on your state of residence, you have the following rights with respect to the personal information that we collect about you:

  1. Right to Know. You can ask us to give you information about our collection and use of your personal information. Specifically, you can request that we provide you one or more of the following:
  • The categories of personal information we collected about you.
  • The categories of sources from which we collected your personal information.
  • Our business and commercial purposes for collecting, selling, or sharing your personal information.
  • The categories of third parties to whom we disclose your personal information.
  • The specific pieces of personal information we collected about you.  
  1. Right to Delete. Subject to certain limitations, you can ask us to delete your personal information.
  2. Right to Correct. You can ask us to correct inaccurate personal information that we have about you.
  3. Right to Opt Out of Targeted Advertising or Sale. You can ask us to stop using your personal information for targeted advertising. Please see the discussion on Sales/Sharing above.
  4. Right Against Discrimination. We will not discriminate against you for exercising your rights. 

You can request to exercise your right to know, delete, or correct your personal information by emailing privacy@hq.bill.com  or by initiating a chat with our Support Team here. If you do not receive a confirmation of our receipt of your request within 10 days, we may not have received your request and you should re-submit it. Once we receive your request, we will attempt to verify your identity. We may ask you for additional information to help us verify your identity, including by asking you to confirm other personal information you have provided to us. We may deny your request for reasons permitted by law, including our inability to verify your identity. If we deny your request, we will tell you why we did so. 

Subject to certain restrictions, you can have an agent exercise your rights for you. If you have an agent exercising your rights, that person must provide to us your written authorization allowing them to make such a request on your behalf. We reserve the right to deny the agent’s request if we are not reasonably able to confirm proper authorization and/or verify your identity as the requestor.

Appeals

Residents of Colorado, Connecticut, Montana, Oregon, Texas, Utah or Virginia can appeal a refusal to take action on a request by contacting us by email at privacy@hq.bill.com 

Contact

If you have any questions or concerns about this Supplemental Privacy Notice, you can email us at privacy@hq.bill.com   or you can contact BILL  Customer Support through our Customer Support Portal.