Gorilla Expense Privacy Policy
Last Updated: September 27, 2018
1. Introduction
Reefin, LLC d/b/a Gorilla Expense (“Gorilla Expense”, “we,” “us” or “our”) respects your privacy and is committed to protecting it through our compliance with this Privacy Policy. Please read this Privacy Policy carefully to understand our policies and practices regarding your personal information and how we collect, store, process, transfer, share and use your personal information. “Personal information” means any information that identifies or can be associated with you.
By downloading, registering with, or using our websites (the “Sites”), or our services and applications for which your company, institution or other providing entity (“Company”) has subscribed (such services and applications, the “Platform”, and, together with the Sites, the “Services”), you agree to this Privacy Policy. This Privacy Policy applies to all personal information we collect through our Services, even if you have not signed up for a Gorilla Expense account. If you do not agree with our policies and practices, do not download, register with, or use the Services. Terms that are not defined in this Privacy Policy have the meaning given to them in our Terms and Conditions. This Privacy Policy is incorporated into and forms a part of the Terms and Conditions.
Please note that this Privacy Policy does not apply to the use of personal information collected outside of the Services, including personal information:
- We collect offline;
- Collected on any third party apps, services or websites, including websites you may access through the Services; or
- You provide to, or that is collected by, any third party data controller.
Those third parties may have their own privacy policies, which we encourage you to read before providing information to or through them. We do not accept any responsibility or liability for their privacy policies or any information you provide to or through them.
Please note that if you choose not to provide us with your information, we may not be able to provide some or all of the Services or respond to your other requests.
2. DATA CONTROLLER
A “data controller” is a person or organization who alone (or jointly) determines the purposes for which, and the way that, any personal information is, or is likely to be, processed. Your Company is the data controller of your personal information that we process through the Platform at your Company’s direction. Gorilla Expense is the data controller of your personal information collected through or otherwise provided to the Sites.
3. Information We Collect and How We Collect It
3.1. Categories of Information
When you use the Services, the categories of personal information about you that we collect may include:
- your contact information (such as your name, work email address and telephone number)
- your business information (such as the name, size and location of your Company)
- your employment information (such as your employee identification number and cost center)
- other personal profile information (such as your travel preferences)
- travel and expense-related information (such as copies of receipts and itineraries)
- your corporate card information
- your mobile device and (when enabled) your location information
- other information provided by third parties (including travel management companies and your Company)
- any information you may choose to provide when you engage the chat feature available through the Services or fill out a “free text” box on forms available through the Services (for example, your comments and opinions that you express when you comment on a blog post or other content posted through the Services, or when you contact us by email, mail or phone).
We may collect your personal information when you provide it to us directly or when your Company provides it to us on your behalf.
The table in Attachment 1 further sets forth the categories of information we collect about you when you use the Services and how (for which purpose) we use that information. The table also lists the legal basis which we rely on to process the information.
3.2. Information You Provide to Us
When you download, register with, access or use the Services, or when you otherwise contact us, we may ask you to provide, or you may voluntarily provide, information, including personal information, to provide you with Services or the support you request.
- Account information: A Gorilla Expense account is required for certain features of the Services. If you register for a Gorilla Expense account, we may require certain information, such as your first and last name, email address, and password.
- Payment information: When you use our Services to make, accept, request, or record payments, we may require you to provide certain billing details, contact information (e.g., your name, business name, address, email address, and phone number), financial information corresponding to the selected Services (e.g., a credit card number and expiration date or a bank account number), and in some instances identification information (e.g., date of birth, social security number, or tax identification number).
- Additional Profile Information: You may choose to provide us certain additional information as part of your Gorilla Expense account profile.
- Other Information You Provide: You may choose to voluntarily provide additional information to us (for example, by filling out and submitting online and other forms for events, webinars, or whitepapers; responding to surveys; participating in contests, promotions or other marketing activities; providing suggestions or improvements; posting content via our sites or applications; or which you otherwise choose to submit through the Services).
3.3. Information Automatically Collected and Tracked
When you download, access, or use the Services, they may use technology to automatically collect information, including personal information, about the Services and how you use them.
- Usage Details. When you access and use the Services, we may automatically collect certain details of your access to and use of the Services, including traffic data, location data, logs, and other communication data and the resources that you access and use on or through the Services.
- Device Information. We may collect information about your device (mobile, computer or otherwise) and internet connection, including the device’s unique device identifier, IP address, operating system, browser type, mobile network information, and the device’s telephone number.
- Stored Information and Files. The Services also may access metadata and other information associated with other files stored on your device.
- Location Information. The Services may collect information about the location of your device.
- Behavioral Information. We also may use technologies to collect information about your activities over time and across third-party websites, apps, or other online services (i.e., behavioral or interest-based tracking).
- Transaction Information. When you use our Services to make, accept, request, or record payments, we collect information about when and where the transactions occur, the names of the transacting parties, a description of the transactions, the payment or transfer amounts, billing and shipping information, the devices and payment methods used to complete the transactions, and other related transaction details.
The technologies we use for automatic information collection may include:
- A cookie is a small file placed on your device or hard drive. It may be possible to refuse to accept cookies by activating the appropriate setting on your smartphone or internet browser. However, if you select this setting you may be unable to access certain parts of our Services. For more information on cookies and similar technologies, please see our Cookie Policy.
- Web Beacons. Certain pages or sites in the Services and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related app statistics (for example, recording the popularity of certain app content and verifying system and server integrity).
- Flash Local Shared Objects (LSOs). When we post videos or other media on the Services, third parties may use local shared objections (LSOs), also known as Flash cookies, to store your choices for things like volume control or to further personalize certain features. Cookie management tools provided by your browser will not delete Flash cookies. To learn how to manage privacy and storage setting for Flash cookies, visit macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html#117118.
We use the information collected automatically to present the Services to you on your device; to determine news, alerts and other products and services that may be of interest to you for marketing purposes; to monitor, support and improve the Services and our business; and to help us develop new products and services. The table in Attachment 2 further sets forth the categories of information we collect about you automatically when you use the Services and how (for which purpose) we use that information. The table also lists the legal basis which we rely on to process the information.
3.4. Information We Collect from Third Parties
We may collect information, including personal information, that others provide about you when they use the Services, or obtain information from other sources (including social media networks) and combine that with information we collect through the Services. Any information request regarding the disclosure of your personal information to us should be directed to such third parties.
- Third Party Services. When you use the Services or any content made available through the Services, certain third parties may use automatic information collection and tracking technologies to collect information about you or your device. These third parties may include advertisers, ad networks, and ad servers; analytics companies; your mobile device manufacturer; your mobile service provider; and other third parties. We do not control third parties’ collection or use of your information to serve interest-based advertising. This information varies and is controlled by those third party services or as authorized by you via your privacy settings with those services.
- Marketing Service Providers/Business Partners. We may also receive information collected by our marketing service providers on our behalf, including marketing lead generation service providers, marketing opt-in lists or other data aggregators, as well as information shared with us through referrals by our business partners, such as travel management companies.
- Other Sources. To the extent permitted by applicable law, we may receive additional information about you, such as demographic data, identity or account verification information, or fraud detection information, from third party service providers and/or partners, and combine it with information we have about you.
4. How We Use Your Information
4.1. Generally
We generally rely on the following three main bases to process your personal information:
- to perform the contract we are about to enter into or have entered into with you, including the Terms and Conditions, this Privacy Policy, and other agreements and policies;
- for our legitimate interests or those of a third party, where your rights and interests do not override those interests; or
- to comply with a legal or regulatory obligation.
Sometimes, we may rely on other legal bases to process your information, such as where you have given us consent to use your personal information in certain ways or to protect a user’s vital interest. We also may process your personal information relying on more than one legal basis, depending on the specific purpose for which we are using your personal information.
As noted above, the table in Attachment 1 provides further details on the categories of information we collect about you when you use the Services, how (for which purpose) we use that information, and the legal basis we rely on to process that information. You can also contact us at [email protected] if you need details about the specific legal ground we are relying on to process your personal information where more than one ground has been set forth below.
4.2. Provide Our Services
We use your personal information to provide or facilitate:
- Access to, and use and support of, the Services
- Payment processing and account management
- Order fulfillment
- Customer service and support
- Updates, security alerts, and account notifications
- Other services requested by you as described when we collect the information.
We process your personal information where it is necessary for the adequate performance of the contract with you. We also process this information given our legitimate interest in providing the Services in an effective manner.
4.3. Understand and Improve Our Services
We use your personal information to analyze, operate, protect, improve, and customize the Services and user experience, such as by performing data analytics and studying how the Services are used. We process this information given our legitimate interest in improving the Services, understanding how our Services are being used, and developing and growing our business.
4.4. Administer and Protect the Services
We use your personal information to:
- Prevent, detect, investigate, and mitigate fraud, security incidents, abuse, or other potentially harmful or illegal activities.
- Maintain the network and information security to protect information against loss, damage, theft or unauthorized access.
- Perform troubleshooting, testing, and system maintenance.
- Conduct security investigations and risk assessments.
- Verify your identity.
- Conduct checks against databases and other information sources, to the extent permitted by applicable laws and with your consent where required.
We process your personal information where it is necessary to comply with applicable laws and regulations. We also process this information given our legitimate interest in the providing administration and information technology services, ensuring network and information security, and complying with applicable laws and regulations.
4.5. Legal and Safety
We use your personal information to:
- Prevent, detect, investigate, and mitigate fraud, security incidents, abuse, or other potentially harmful or illegal activities.
- Comply with our legal obligations, including managing legal and regulatory requests and requirements.
- Enforce or defend our rights under our Terms and Conditions, Privacy Policy, and other agreements and policies.
- Resolve any dispute