- Nimbello clients or client employees and agents (“Clients”) who visit or interact with the Nimbello website and use Nimbello SaaS services, and,
- Payees whose business information may be indicated on AP invoices and materials ingested and processed by Nimbello Clients and housed in Nimbello SaaS. Together Clients and payees are “Client Users”.
Personal information we collect
Possible Personal Information that Client Users may provide to Nimbello includes:
- Business and personal contact information of Client Users, such as Client employee first and last name, title, email and mailing addresses, work phone number or personal cell phone number associated with the company name and work location. In addition, Payee invoices may indicate name, title, work address, phone number, email and other identifying information.
- Feedback or correspondence, such as information you provide when you contact us with questions, feedback, or otherwise correspond with us online.
- Usage information, such as information about how you use the website or services and interact with us, including information associated with any content you upload to the websites or otherwise submit to us, and information you provide when you use any interactive features of the website or services.
- Marketing information, such as your preferences for receiving communications about our products, and details about how you engage with our communications.
Information we obtain from other third parties. We may receive personal information about Client Users from third-party sources. For example, we may receive your contact and mailing information from a business partner who may share your contact information with us if you have expressed interest the services we offer or if you are a contact person for your company and we are marketing our services to you. We may obtain your personal information from other third parties, such as marketing partners, publicly-available sources and data providers.
- Device data, such as your computer or mobile device operating system type and system details, browser type, IP address, and your general location information such as city, state or geographic area; and
- Online activity data, such as the website you visited before browsing to our website, and information about your use of and actions on the website, including pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access, and
- Communications response data, such as whether you open emails we send you, and the links and other actions you take in response to the emails.
Use of personal information
We use Client User’s personal information for the following purposes:
To operate the website and services, including:
- To provide, operate, maintain, secure and improve the website and services
- Provide information about Nimbello’s website and services
- Communicate with you about Nimbello’s website and services, including by sending you announcements, updates, security alerts, and support and administrative messages
- Communicate with you about events in which you may participate
- Understand your needs and interests, and personalize your experience with Nimbello‘s website and services
- Respond to your requests, questions and feedback
For research and development. To analyze and improve the website and services and to develop new products and services, including by studying your use of Nimbello’s website and services.
For marketing and promotions. To engage in marketing activities, such as sending marketing communications or facilitating the advertising of Nimbello‘s products and services on social media platforms or other websites or online services. You will have the ability to opt-out of Nimbello’s use of your personal information for marketing and promotional purposes.
To comply with law. As we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
For compliance, fraud prevention, and safety. To: (a) protect Nimbello’s, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern Nimbello’s website and services; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity;
With your consent. In some cases we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.
To create anonymous data. Nimbello may create anonymous data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for Nimbello’s lawful business purposes, including to analyze and improve Nimbello’s website and services and promote Nimbello’s business.
How Client User personal information is shared.
- Service providers. We may share your personal information with third party companies and individuals that provide services on our behalf or help us operate Nimbello’s website and services (such as customer support, hosting, analytics, email delivery, marketing, and database management services).
- Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
- For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described above.
Your rights and choices
In this section, we describe the rights and choices available to all users. Users who are located in California or the European Economic Area, Switzerland or the United Kingdom (collectively, “Europe”) can find additional information about their rights below.
Access or update your information. If you have registered as a user with us, you may review and update certain personal information in your account profile by logging into the account.
Opt-out of marketing communications. You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email. You may continue to receive service-related and other non-marketing emails.
Targeted online advertising. Some of the business partners that collect information about users’ activities on or through Nimbello’s website and services may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior or mobile application usage for purposes of targeted advertising. Users may opt out of receiving targeted advertising on websites through members of the Network Advertising Initiative or the Digital Advertising Alliance. European users may opt out of receiving targeted advertising on websites through members of the European Interactive Digital Advertising Alliance, selecting the user’s country, and then clicking “Choices”. Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms that we linked above.
In addition, your mobile device settings may provide functionality to limit our, or our partners’, ability to engage in ad tracking or targeted advertising. For example, you can investigate the Google Advertising ID or Apple ID for Advertising that is associated with your mobile device.
If you choose to opt-out of targeted advertisements, you will still see advertisements online but they may not be relevant to you. Even if you do choose to opt out, not all companies that serve online behavioral advertising are included in this list, so you may still receive some cookies and tailored advertisements from companies that are not listed.
Other sites, mobile applications and services
Nimbello’s website may contain links to other websites, non-Nimbello provided mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, Nimbello’s content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites and mobile applications and online services you use.
We use reasonable organizational, technical and administrative measures designed to protect against unauthorized access, misuse, loss, disclosure, alteration and destruction of personal information we maintain. Unfortunately, data transmission over the Internet cannot be guaranteed as completely secure. Therefore, while we strive to protect your personal information, we cannot guarantee the security of personal information. In the event that we are required to notify you about a situation involving your data, we may do so by email or telephone using account profile information (if available) to the extent permitted by law.
International data transfers
We are headquartered in the United States, and your personal information may be transferred to the United States or other locations outside of your state, province, or country where privacy laws may not be as protective as those in your state, province, or country. European users should read the important information provided below about transfer of personal information outside of Europe.
How to Contact Us
Please direct any questions or comments about this Policy or privacy practices to firstname.lastname@example.org.
Additional information for Client Users located in California
California privacy rights. The CCPA and CPRA grant individuals whose information is governed by these laws the following rights:
- Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.
- Modify/Correct. You can ask us to modify or correct the Personal Information that we have collected from you.
- Deletion. You can ask us to delete the Personal Information that we have collected from you.
- Opt-out of sales. If we sell your Personal Information, you can opt-out. In addition, if you direct us not to sell your Personal Information, we will consider it a request pursuant to California’s “Shine the Light” law to stop sharing your personal information covered by that law with third parties for their direct marketing purposes.
You are entitled to exercise the rights described above free from discrimination. Please note that CCPA and CPRA limit these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. If we deny your request, we will communicate Nimbello’s decision to you.
Access, delete or correct your data
To exercise the access, data portability and deletion rights described above, please submit a verifiable consumer request to us by sending an email to email@example.com.
Online Tracking Opt-Out Guide
Like many companies online, we may use services provided by Google and other companies that use tracking technology. These services rely on tracking technologies – such as cookies and web beacons – to collect directly from your device information about your browsing activities, your interactions with websites, and the device you are using to connect to the Internet. There are a number of ways to opt out of having your online activity and device data collected through these services, which we have summarized below:
- Blocking cookies in your browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.
- Blocking advertising ID use in your mobile settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
- Using privacy plug-ins or browsers. You can block Nimbello’s website from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery or uBlock Origin, and configuring them to block third party cookies/trackers.
- Platform opt-outs . The following advertising partners offer opt out features that let you opt out of use of your information for interest-based advertising:
- Google: https://adssettings.google.com
- Twitter: https://twitter.com/settings/account/personalization?lang=en
- LinkedIn: https://www.linkedin.com/psettings/guest-controls
- Advertising industry opt-out tools. You can also use these opt-out options to limit use of your information for interest-based advertising by participating companies:
Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt-out on every browser and device that you use.
Notice to European users – The following terms apply to persons living in and/or working in the EU, the UK or Switzerland
Definitions and Business Purposes:
Processing Purpose #1: To operate Nimbello’s website and services where invoice data is collected and may include personal information of Client client or Client’s client’s suppliers.
Legal basis: Processing is necessary under Nimbello’s Terms of Service to perform the contract governing provision of Nimbello’s website and services or to take steps that you request prior to signing up for the services. We also process your personal information based on Nimbello’s legitimate interest in providing the services you access and request.
Processing Purpose #2: For research and development; For marketing and promotions; For compliance, fraud prevention and safety; To create anonymous data
Legal basis: These activities constitute Nimbello legitimate interests. We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Processing Purpose #3: To comply with law
Legal basis: Processing is necessary to comply with Nimbello’s legal obligations.
Processing Purpose #4: With your consent
Legal basis: Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the services.
Client Users rights in the EU:
Retention practices. We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. When we no longer require the personal information we have collected about you, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. If we anonymize your personal information (so that it can no longer be associated with you), we may use this information indefinitely without further notice to you.
Cross-border data transfer. If we transfer your personal information out of Europe to a country not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be performed (i) pursuant to the recipient’s compliance with GDPR standard contractual clauses, or, (ii) as otherwise permitted by applicable European requirements.
Your Rights: how to take action. European data protection laws give you certain rights regarding your personal information. If you are located in Europe, you may ask us to take the following actions in relation to your personal information that we hold:
- Access. Provide you with information about Nimbello’s processing of your personal information and give you access to your personal information.
- Correct. Update or correct inaccuracies in your personal information.
- Delete. Delete your personal information.
- Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
- Restrict. Restrict the processing of your personal information.
- Object. Object to Nimbello’s legitimate interests as the basis of Nimbello’s processing of your personal information that impacts your rights.
You may submit these requests by sending an email to firstname.lastname@example.org. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about Nimbello’s use of your personal information or Nimbello’s response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction.