What Data We Collect
Our customers provide us with data, including data that identifies, or can reasonably be used to identify, you or your household, either directly or indirectly (“Personal Data”), when our products and services (together, the “Products and Services”) and our websites or portals (either, “Websites” or “Portals”) are purchased, used or accessed. Through the use of our Products and Services, our customers may provide us with their end users’ data, including end users’ Personal Data, including but not limited to:
Types of Data
- Name, company name, address, email, telephone number, EIN, username and password
- Financial, banking or other payment information
- Paymode-X payer and payee information
- Information necessary to process and analyze invoices (including without limitation, legal and medical invoices), enable payment transactions, create healthcare-related forms, open bank accounts, or other information necessary to deliver our Products and Services
- Technical information as a result of configuring the Products and Services, including IP addresses, browser-type, device-type, internet service provider, referring or exiting pages, operating system, date and time stamp or clickstream data
- Any other information shared with us directly or indirectly through use of the Products and Services, Websites or Portals
Customer’s End User Data
Why We Use Data
Bottomline uses data, including Personal Data, for a variety of purposes, such as:
- Delivery of our Products and Services
- Optimizing our customers’ experience with our Products and Services
- Providing support for our Products and Services
- To market our Products and Services or other offers to you
- For security and analytics purposes
- To display advertisements based on individual preferences
- With your consent
- Where necessary to perform or enforce a contract or comply with law
- Our legitimate business interests. Bottomline’s legitimate interests include mandated record-keeping, administrative purposes and to operate, maintain and improve the Websites or Portals, maintain, improve and develop new Products and Services
To the extent permitted by applicable law, Bottomline may use, process, transfer, and share your data in an anonymous (or pseudonymous), automated, and aggregated manner. We may combine such data with other information collected, including information from third-party sources. By using the Products and Services, you agree that we are permitted to collect, use, share and store anonymized (or pseudonymized) and aggregated data for benchmarking, analytics, metrics, research, reporting, machine learning and other legitimate business purposes.
When you visit our Website, we may collect standard information that your browser sends to every website you visit, such as originating IP address, browser type and language, access times and referring websites. This data may be used, among other reasons, to improve the operation and security of our Website by assisting in authenticating your identity. We may receive technical data about the device used to access the Website including device ID, device model, operating system version, application types and versions, browser type, language, plug-ins, originating IP address, time zone and geolocation (collectively, “Device Data”). Device Data may be used as part of our security controls to uniquely identify the device and authenticate the user when accessing the Website. Device Data may be shared, along with information about any fraudulent transactions using the device, with our Service Providers (as defined below) who compare and add the Device Data, and any fraud-related data, to a database in order to identify and block access to the Website by devices associated with questionable or fraudulent activity.
Cookies. Cookies are small text files placed on a computer by a web server when browsing online and are used to store user preference data so a web server doesn’t have to repeatedly request this information. We use session cookies that are only used while you are on the Website and certain persistent cookies that remain on your hard drive and are read by our server when you return to the Website. Bottomline shall request your permission prior to installing a cookie on your device that is directly owned or developed by Bottomline. You can block cookies by activating the settings on the browser that blocks all or some cookies. However, if you block all cookies, you may not be able to access all or parts of our Products and Service, Websites or Portals. You may encounter Bottomline’s cookies or pixel tags on third party websites that we do not control. Bottomline’s practice is not to accept cookies from third parties unless Bottomline is jointly offering a product or service with that third party. Bottomline will not put sensitive information in the cookies we use.
Do Not Track. Bottomline does not change its practices in response to Do Not Track signals from web browsers.
Interactive Features. Bottomline’s Website may offer you opportunities to access, view and upload content, for example, blogs, comment sections, discussion forums and other similar interactive features (“Interactive Features”). If you have any questions specifically regarding the Interactive Features, please contact Bottomline at info@Bottomline.com. You are responsible for your use of, and any content submitted to, these Interactive Features.
Global Data Management
By using the Products and Services, Websites or Portals or by providing Personal Data to us, you acknowledge and agree that Personal Data may be sent to and processed in countries outside your country of residence. For individuals residing in the European Economic Area (“EEA”), and for Personal Data subject to European data protection laws, this includes transfers outside of the EEA. Some of these countries may not have data protection laws that provide an equivalent level of data protection as the laws in your country of residence, however we take steps to ensure Personal Data is handled in accordance with all applicable laws. Bottomline transfers data from the EEA pursuant to Standard Contractual Clauses, as approved by the European Commission (Art. 46 GDPR). If you are located in the EEA and would like to execute Standard Contractual Clauses with Bottomline, please contact us at DataProtectionOfficer@Bottomline.com.
When & Why We Share Your Personal Data
Bottomline may share data or categories of data about you for the reasons set forth herein. For the purposes of the California Consumer Protection Act, the categories of data Bottomline may share include, identifiers, customer records information, commercial information, internet or other network or device activity, and geolocation data.
Third-Party Service Providers. Bottomline may share data, including Personal Data, with our contracted third-party service providers (“Service Providers”) in order to deliver our Products and Services, Websites or Portals. These Service Providers include business partners, payment and delivery services, advertising networks, analytics providers, credit reference agencies, social media companies, email distributors, marketing automation partners, customer survey companies, data storage and hosting partners, IT specialists and product developers. Service Providers with whom we share Personal Data are contractually bound to use and disclose such Personal Data only for the permitted purposes and to use reasonable security measures to protect Personal Data from unauthorized access and use. Permitted purposes may include printing and mailing of a check payment, providing payment processing, settlement and clearing for electronic payments including virtual card payments and distribution of notifications, transferring messages, verifying and authenticating identity, sanction screening, credit review and reporting, document scanning, processing, and storage. Service Providers may be located outside of the jurisdiction in which you reside and are subject to that jurisdiction’s applicable laws. By using our Service Providers, you acknowledge and agree to those Service Providers’ privacy policies.
Legal Purposes. Bottomline may share data, including Personal Data, as necessary to comply with applicable law, court orders, or governmental agencies, to protect the security or integrity of our customers and Bottomline’s databases, Products and Services, Websites or Portals, or to take precautions against legal liability. Bottomline may share Personal Data with law enforcement in the event criminal activity is suspected.
Sale. In the event of a merger, consolidation, or acquisition of all, substantially all or a portion of Bottomline’s business or assets, you acknowledge and agree that data may be securely shared, disclosed and transferred to such successor or assignee.
You can opt-out of receiving marketing and promotional communications from Bottomline by emailing DataProtectionOfficer@Bottomline.com or mailing Bottomline Technologies, Inc., 325 Corporate Drive, Portsmouth, New Hampshire 03801 Attn: Legal. We will continue to process Personal Data for the purpose of delivering operational and service-related communications relating to our Products and Services or policies, and other purposes as permitted by law.
Customers and users have certain rights, as set forth below, with respect to Bottomline’s handling of Personal Data depending on your geolocation.
- Access. You have the right to access your Personal Data held by us. Consumers who reside in California may also request the categories of Personal Data we collect or disclose, the categories of sources of such Personal Data, the business or commercial purpose for collecting that Personal Data, and the categories of third parties with whom we share that Personal Data.
- Rectification.You have the right to request correction of your Personal Data that is incomplete, incorrect, unnecessary or outdated.
- Right to be Forgotten. You have the right to request erasure of all your Personal Data that is incomplete, incorrect, unnecessary or outdated within a reasonable period of time. We will do everything possible to erase your Personal Data if you so request. However, we cannot erase all your Personal Data if it is technically impossible due to limitations of existing technology or for legal reasons, such as legal mandates to retain Personal Data.
- Restriction of Processing. You have the right to request restriction of processing your Personal Data for certain reasons, provided we do not have an overriding, legitimate interest to continue processing.
- Data Portability. If requested, we will provide your Personal Data in a structured, secure, commonly used and machine-readable format.
- Right to Withdraw Consent. If your Personal Data is processed solely based on consent, and not based on any other legal basis, you can withdraw consent at any time.
- Contact Data Protection Regulators. You have the right to contact data protection regulator(s) regarding our handling of Personal Data.
To exercise any of the above listed rights, please contact your Customer Success Representative, email Bottomline at CISO@bottomline.com, or mail Bottomline Technologies, Inc., 325 Corporate Drive, Portsmouth, New Hampshire 03801 Attn: Legal. We will take reasonable steps to verify your identity when you exercise any of the above rights. Please ensure that you keep your contact information up to date and accurate so that we may process your requests in accordance with applicable law and within a reasonable period of time.
California law provides California consumer residents with the right to not be discriminated against (as provided for in applicable law) for exercising the above rights. Further, under California’s “Shine the Light” law California consumer residents have the right, twice in a calendar year, to request and obtain from Bottomline information about Personal Data Bottomline has shared, if any, with other businesses for their own direct marketing uses. This information, if applicable, would include the categories of Personal Data and the names and addresses of those businesses with which Bottomline shared Personal Data for the immediately prior calendar year (e.g., requests made in 2018 will receive information regarding 2017 sharing activities). To request this information, you may email Bottomline at CISO@bottomline.com, or through mail addressed to Bottomline Technologies, Inc., 325 Corporate Drive, Portsmouth, New Hampshire 03801 Attn: Legal.
Bottomline maintains administrative, physical, and technical safeguards and security measures designed to ensure the security of Personal Data including (i) access controls to information systems and physical locations where data is stored, (ii) fraud prevention controls, (iii) encryption technology, (iv) segregation of duties, (v) appropriate employee background checks, and (vi) incident response policies and procedures for suspected or actual unauthorized access to Personal Data or systems, including appropriate reporting to regulatory and law enforcement agencies. Bottomline also takes reasonable steps to ensure that Personal Data is reliable for its intended use. We cannot, and we do not believe that anyone can, genuinely guarantee or warrant absolute security of Personal Data disclosed or transmitted via the Internet to us or a third-party. Absent Bottomline’s gross negligence, you agree to not hold Bottomline responsible for the theft, destruction, loss, damage or inadvertent disclosure of Personal Data or other data provided to Bottomline.
Third-Party Linking & Content
The Product and Services, Websites and Portals may contain links to third-party websites that Bottomline does not control or maintain. Bottomline is not responsible for the privacy practices employed by these third-party websites. Bottomline encourages you to read the privacy statements of such other websites before submitting any Personal Data. Our Website may contain third-party content which may include statements, opinions, advice, criticisms, offers or other information (collectively, “Third-Party Content”). Any Third-Party Content solely reflects the opinion and belief of the respective third party and not that of Bottomline. Bottomline makes no endorsement, guarantee or other statement, express or implied, about Third-Party Content. You must independently evaluate any Third-Party Content if you intend to rely on it in any way.
Bottomline does not knowingly collect or distribute any Personal Data from children under 13 years old. If a child under 13 has provided Bottomline with Personal Data, the parent or guardian of that child should contact Bottomline immediately at CISO@bottomline.com to delete this Personal Data.
Privacy Shield Framework
In compliance with the Privacy Shield Principles, Bottomline Technologies commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Bottomline Technologies at: CISO@Bottomline.com
Bottomline Technologies has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the DPAs or FDPIC to file a complaint. The services of the DPAs and FDPIC are provided at no cost to you. Under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms reference Annex I for additional information: https://www.privacyshield.gov/article?id=ANNEX-I-introduction
Personal Information originating in the EU or Switzerland is not shared with third parties. Provisions regarding liability for actions of agent processors do not apply because Personal Information will not transfer to third parties. Individuals can contact CISO@bottomline.com with questions regarding limiting use or disclosure of their Personal Information.
The Federal Trade Commission has jurisdiction over Bottomline Technologies’ compliance with the Privacy Shield.
Bottomline fully respects copyright interests and all rights under the Digital Millennium Copyright Act. Bottomline has no obligation to, and does not, scan Third-Party Content uploaded, posted or otherwise used in connection with our Website for illegal, infringing, improper, unauthorized or impermissible content. However, as a matter of policy, Bottomline does not allow Third Party Content we know is infringing a third-party’s rights to remain on our Website. Any notice of copyright claims or other intellectual property infringement can be addressed to Legal_IP@bottomline.com.
Last Updated: May, 2021