Types of Personal Information Collected. The types of Personal Information which may be collected when you visit the Esker Websites include but are not limited to the following: (a) your first and last name; (b) your title, department, and your company's name; (c) your home, work, or other physical address (including street name, name of a city or town, state/province); (d) your e-mail address; (e) your telephone number; (f) your fax number; (g) internet protocol address or any other identifier/connection data that permits Esker to make physical or online contact with you; and (h) any information that Esker collects online from you and maintains in association with your account, such as your Esker username and password.
How Personal Information is used. Esker will use Personal Information only in ways that are compatible with and relevant for the purposes for which it was collected. Esker will retain the Personal Information for no longer than is necessary for the purposes for which the Personal Information was collected. Esker may be required to release an individual’s Personal Information in response to lawful requests by public authorities including to meet national security and law enforcement requirements. Esker will not share, sell, rent, or trade with third parties for their marketing purposes any of your data or your customer’s data collected by us, unless you direct us to do so and have the appropriate authorization to do so. Examples of how Esker may use the Personal Information you provide include, but are not limited to the following: (a) create and maintain your accounts; (b) process, fulfill, and follow-up on your orders and special requests; (c) register your products; (d) answer your questions; (e) register you in programs (per your request); (f) send you marketing surveys, newsletters, event invitations, and product information (g) customize and facilitate your navigation on the Esker Websites; (h) process your employment application; (i) provide you with information related to your account and the products and/or services you purchase from Esker; (j) better understand your needs and interests; (k) improve and develop Esker’s products and services internally at Esker and Esker, S.A. and its affiliates ; (l) personalize communications; (m) prevent and detect fraud and abuse in order to protect your security and the security of Esker’s customers; and (n) comply with legal obligations. Any other information transferred by you in connection with its visit to the Esker Websites-that is information that cannot be used to identify you-may be included in databases owned and maintained by Esker or its agents. Esker retains all rights to these databases and the information contained in them. Esker also posts your testimonials/comments/reviews on the Esker Websites which may contain Personal Information. Esker obtains your consent via email prior to posting the testimonial to post your name along with your testimonial. Esker Websites offer publicly accessible blogs or community forums such as blog.esker.com. You should be aware that any Personal Information you provide in these areas may be read, collected, and used by others who access them. Esker shall not be responsible or liable for the Personal Information you choose to submit in these forums.
Pursuant to the Data Privacy Frameworks, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain Personal Information relating to you in the United States. Upon request, we will provide you with access to the Personal Information that we hold about you. You may also correct, amend, or delete the Personal Information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the Data Privacy Frameworks, should direct their query to email@example.com. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your Personal Information, please submit a written request to
Esker’s accountability for personal data that it receives in the United States under the Data Privacy Frameworks and subsequently transfers to a third party is described in the Data Privacy Frameworks. In particular, Esker remains responsible and liable under the Data Privacy Frameworks if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Esker proves that it is not responsible for the event giving rise to the damage.
Security. Esker takes reasonable and appropriate physical, technical, and organizational precautions to protect your Personal Information in its possession from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Specifically, with regard to the Esker Websites, Esker hosts the Esker Websites in a secure server environment that uses firewalls, intrusion detection systems, and other advanced technology to prevent interference or access from outside intruders. Furthermore, Esker uses Secure Socket Layer technology on the Esker Websites to encrypt Personal Information when Personal Information is sent on the Esker Websites. Additionally, Esker annually trains its employees on this Policy. Even with these safeguards in place, no method of transmission over the internet is 100% secure and Esker does not guarantee the security of Personal Information transmitted via the Internet.
With respect to personal data received or transferred pursuant to the Data Privacy Frameworks, Esker is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. In certain situations, Esker may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. In compliance with the Data Privacy Framework Principles, Esker commits to resolve complaints about your privacy and our collection or use of your Personal Information transferred to the United States pursuant to the DPF Principles. EU, UK and Swiss individuals with DPF inquiries or complaints should first contact Esker here at firstname.lastname@example.org. Esker has further committed to refer unresolved privacy complaints under the Data Privacy Framework Principles to an independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you. If your Data Privacy Frameworks complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See DPF Annex 1 at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf
Your Rights under the General Data Protection Regulation (“GDPR”). EU Individuals may lodge privacy complaints or enforce their GDPR rights with a supervisory authority listed at: https://ec.europa.eu/justice/article-29/structure/data-protection-author.... The Global Data Protection Officer for Esker can be contacted at email@example.com and the Chief Compliance Officer in the United States can be contacted at firstname.lastname@example.org.
Notice to Residents of Québec – Law 25. Regarding An Act to Modernize Legislative Provisions regarding the Protection of Personal Information, known as Law 25, the personal data that we collect or receive about you may be transferred to and processed by recipients who are located in a jurisdiction where the level of data protection may not be equivalent to the level of protection applicable at your location. Where local laws require, Esker will take steps to ensure that any transfer of personal data outside of the originating jurisdiction is carefully managed to protect your privacy rights and ensure that adequate safeguards are in place. Transfers of Personal Information from the UK or EEA to third countries will be made pursuant to Standard Contractual Clauses or other legally acceptable mechanisms approved by the relevant supervisory authority with jurisdiction over Esker, Inc. Esker, Inc. has also established an intra-group data transfer agreement to regulate cross-border transfers of Personal Information within other subsidiaries of Esker, Inc’s. parent company, Esker, S.A.
Notice to Residents of California. Rights under the California Consumer Privacy Act (CCPA) of 2018 as expanded by the California Privacy Rights Act of 2020 (“CPRA”). If you are a California resident, Esker processes your Personal Information in accordance with the applicable sections of the CPRA and the CCPA regulations as set by the California Privacy Protection Agency (CPPA Regulations). Except as what is specified under the applicable laws, EU Individuals are not entitled to CPRA rights and California residents are not entitled to GDPR rights. Esker does not share, sell, rent, trade, or lease your Personal Information, nor does it retain, use, or disclose Personal Information for any purpose, including commercial purposes, unless expressly permitted by the CPRA or CPPA Regulations. Thus, Esker does not offer an opt-out to the sale of Personal Information. In the preceding twelve months, Esker has not sold Personal Information. Esker will not discriminate against you for exercising any of your CPRA rights. Under the CPRA, you have the right to request that Esker disclose certain information to you about its collection and use of your Personal Information over the past twelve months. Once Esker receives and confirms your verifiable consumer request, Esker will disclose to you: (1) the categories of Personal Information collected about you, (2) the categories of sources for the Personal Information collected about you, (3) Esker’s business or commercial purposes for collecting or selling the Personal Information, (4) the specific pieces of Personal Information collected about you, and (5) if your Personal Information was sold or disclosed for a business purpose, Esker will identify the Personal Information sold, who it was sold to, and for what business purpose. Under the CPRA, you have the right to request that Esker delete your Personal Information and limit the use or disclosure of any sensitive Personal Information (if applicable). Once Esker receives and confirms your verifiable consumer request, Esker and any of its applicable agents will delete your Personal Information from its records, unless an exception under the CPRA or CPPA Regulations applies.
To exercise any of the above-referenced rights, please submit a verifiable consumer request to Esker at email@example.com. Only you, or a person registered with the California Secretary of State that you authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may only make a verifiable consumer request twice within a twelve-month period. Additional information may be requested by Esker to verify your identity before honoring the request. Esker will use reasonable commercial efforts to respond to a verifiable consumer request within forty-five days of its receipt. If Esker requires up to ninety days to respond, written notification will be sent to you advising of the reason for the delay. In the event Esker determines in good faith that a verifiable consumer request is excessive, repetitive, or unfounded, a fee may be charged. In such a case, Esker shall notify you in writing and provide you with reasons for the fee and a cost estimate before completing your request.
Other California Privacy Rights. California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your Personal Information by us to third parties for the third parties’ direct marketing purposes. California Business and Professions Code Section 22581 permits registered users who are minors to request and obtain deletion of certain posted content. California Business and Professions Code Section 22575 requires an operator of a commercial website that collects Personally Identifiable information about California residents to disclose how it responds to web browser "do not track" signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about online activities over time. Because there is currently no industry standard on responding to such signals or mechanisms, Esker does not respond to them at this time.
Children’s Privacy. Children are restricted from customer registration and buying products/services on the Esker Websites. Furthermore, Esker does not knowingly collect or solicit any Personal Information from anyone under the age of thirteen through the Esker Websites. If Esker learns that it has Personal Information on a child under the age of thirteen it will immediately be deleted from Esker’s systems.
Esker’s Contact Information. To ask questions regarding this Policy, contact Esker at:
Attn: General Counsel/Chief Compliance Officer
1850 Deming Way, Ste. 150
Middleton, WI 53562
EU Individuals may lodge privacy complaints or enforce their GDPR rights with a supervisory authority listed at: http://ec.europa.eu/justice/article-29/structure/data-protection-authori... en.htm. The Global Data Protection Officer for Esker can be contacted at firstname.lastname@example.org.
Changes to this Policy. Esker may amend this Policy from time to time. When Esker does update this Policy, it will also revise the “Last Updated” date at the bottom of this Policy. Any material changes to this Policy will also be posted at https://www.esker.com/privacy-policy/
Last Updated: December 20, 2023