US State Supplemental Privacy Notice
Effective Date: June 3, 2024
This Supplemental Privacy Notice applies to you only if you are a natural person and live in California, Colorado, Connecticut, Montana, Oregon, Texas, Utah, or Virginia. This Supplemental Privacy Notice is incorporated into and forms part of the Finmark Privacy Notice.
This Supplemental Privacy Notice describes how we collect, process, and disclose your personal information. It also describes the rights you may have, depending on the state of your residence, with regard to your personal information, which apply when new or updated laws take effect in these states. This Supplemental Privacy Notice does not apply to any employees, owners, directors, officers, or contractors of BILL or its affiliates.
Categories of Personal Information We Collect, and How We Use that Information
During the past twelve (12) months, we have collected, used, and disclosed the following categories of personal information:
| Category of Personal Information | Category of Source | Business or commercial purpose(s) for collection and processing | Business or commercial purpose(s) for disclosure | Categories of third parties to whom we disclose |
|---|---|---|---|---|
| Personal identifiers | Directly from You or Your agents
From Your Organization From Your Vendors or Customers From other third parties You choose to interact with From Our service providers From public source |
To provide Services to You
To communicate with You To verify Your identity To protect Your account To prevent fraud or illegal activity Marketing activities |
To provide Services to You
To communicate with You To verify Your identity To protect Your account To prevent fraud or illegal activity Marketing activities |
Our service providers
Your authorized service providers Other third parties that You authorize Our business and marketing partners Third parties as required by law |
| Financial information, including bank account number, credit card number | Directly from You or Your agents
From Your Organization From Your Vendors or Customers From other third parties You choose to interact with From Our service providers |
To provide Services to You
To verify Your identity To protect Your account To prevent fraud or illegal activity |
To provide Services to You
To verify Your identity To protect Your account To prevent fraud or illegal activity |
|
| Commercial information, including products/services purchased | Directly from You or Your agents
From Your Vendors or Customers |
Provide Services to You
Prevent fraud or illegal activity |
Provide Services to You
Prevent fraud or illegal activity |
|
| Internet or other electronic network activity information | Directly from You From our service providers |
Provide Services to You
Protect Your account Prevent fraud or illegal activity Debug or repair the Services Maintain reliability, quality or safety of the Services Improve the Services Marketing activities |
Provide Services to You
Protect Your account Prevent fraud or illegal activity Debug or repair the Services Maintain reliability, quality or safety of the Services Improve the Services Marketing activities |
|
| Geolocation data | Directly from You
From Your mobile provider or ISP |
Provide the Services to You
Protect Your account Prevent fraud or illegal activity Debug or repair the Services Maintain reliability, quality or safety of the Services |
Provide the Services to You
Protect Your account Prevent fraud or illegal activity Debug or repair the Services Maintain reliability, quality or safety of the Services |
|
| Audio, electronic, visual, or similar information | Directly from You
From Your Organization From Your Vendors or Customers |
Provide the Services to You
Prevent fraud or illegal activity Marketing activities |
Provide the Services to You
Prevent fraud or illegal activity Marketing activities |
|
| Professional or employment-related information | Directly from You
From Your Organization From Your Vendors or Customers
|
Provide the Services to You
Prevent fraud or illegal activity Marketing activities |
Provide the Services to You Prevent fraud or illegal activityMarketing activities |
|
| Inferences drawn to create a profile about a consumer | BILL | Provide the Services to You
Prevent fraud or illegal activity Maintain reliability, quality or safety of the Services Marketing activities |
Provide the Services to You
Prevent fraud or illegal activity Maintain reliability, quality or safety of the Services Marketing activities |
We do not knowingly collect or use personal information of anyone under the age of 18.
Sensitive Personal Information
When we collect government identification (such as Your driver’s license number or Social Security number) or financial details (such asYour bank account or credit card numbers), we are deemed to be collecting data that is “sensitive” under state privacy laws. Where legally required, We will obtain Your consent for collecting this information. For Our California Users, We do not use or disclose sensitive personal information for any purpose that requires an opt out and use it only for purposes such as to provide the Services to You, to detect security incidents, and protect against malicious or fraudulent actions. We do not use or disclose such information to build a profile about You.
Retention
We retain your personal information as long as it is necessary to provide you our Services and to comply with our data retention requirements, including to comply with legal and regulatory obligations. Even after you stop using the Services, we may be required to keep your information for as long as necessary to comply with legal and regulatory obligations, to make or defend legal claims, and to protect against fraudulent activity of others.
Sales/Sharing
In the last 12 months, we have allowed third party ad providers to collect personal information from our website visitors in order to provide targeted advertising and analytics. This practice may constitute a sale of personal information under certain state laws and, in California, may also constitute “sharing” (which is a term used to address the sharing of information for advertising purposes) of personal information. To the extent that our practice constitutes a sale or sharing of your personal information, you have the right to opt-out of the same or sharing of your personal information with third parties for purposes of targeted advertising by filling out this Opt-Out Form and by enabling Global Privacy Control on your browser or opting-out of cookies by clicking here:
Global Privacy Control (“GPC”) is a setting you can enable in your web browser to communicate your privacy preference for not having certain information about your webpage visits collected across websites. For all the details, including how to turn on GPC, visit https://globalprivacycontrol.org/. Our websites that link to this privacy policy recognize and respond to GPC signals.
Consistent with our practice of not collecting data on anyone under 18 years old, we do not have actual knowledge that we shared information on such minors with the companies we work with on targeted advertising.
Understanding Your Rights
Subject to certain limitations and depending on your state of residence, you have the following rights with respect to the personal information that we collect about you:
- Right to Know. You can ask us to give you information about our collection and use of your personal information. Specifically, you can request that we provide you one or more of the following:
- The categories of personal information we collected about you.
- The categories of sources from which we collected your personal information.
- Our business and commercial purposes for collecting, selling, or sharing your personal information.
- The categories of third parties to whom we disclose your personal information.
- The specific pieces of personal information we collected about you.
- Right to Delete. Subject to certain limitations, you can ask us to delete your personal information.
- Right to Correct. You can ask us to correct inaccurate personal information that we have about you.
- Right to Opt Out of Targeted Advertising or Sale. You can ask us to stop using your personal information for targeted advertising. Please see the discussion on Sales/Sharing above.
- Right Against Discrimination. We will not discriminate against you for exercising your rights.
You can request to exercise your right to know, delete, or correct your personal information by emailing privacy@hq.bill.com or by initiating a chat with our Support Team here. If you do not receive a confirmation of our receipt of your request within 10 days, we may not have received your request and you should re-submit it. Once we receive your request, we will attempt to verify your identity. We may ask you for additional information to help us verify your identity, including by asking you to confirm other personal information you have provided to us. We may deny your request for reasons permitted by law, including our inability to verify your identity. If we deny your request, we will tell you why we did so.
Subject to certain restrictions, you can have an agent exercise your rights for you. If you have an agent exercising your rights, that person must provide to us your written authorization allowing them to make such a request on your behalf. We reserve the right to deny the agent’s request if we are not reasonably able to confirm proper authorization and/or verify your identity as the requestor.
Appeals
Residents of Colorado, Connecticut, Montana, Oregon, Texas, Utah or Virginia can appeal a refusal to take action on a request by contacting us by email at privacy@hq.bill.com
Contact
If you have any questions or concerns about this Supplemental Privacy Notice, you can email us at privacy@hq.bill.com or you can contact BILL Customer Support through our Customer Support Portal.