Last Updated and Effective As Of January 1, 2020
This Policy applies to data collected both offline and through any use of the Site. It does not apply to information collected by third party websites, applications, or content that may link to or be accessible from our Site.
“Personal Information” means information that alone or when in combination with other information may identify, relate to, describe, be reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household, such as: name, address, email address, financial account number, social security number, IP address, or phone number.
Personal Information does not include information that has been anonymized or de-identified so that it does not identify a specific individual, which we may use for any legal purpose.
1. THE SITE AND SERVICES
Ocrolus operates the Site that provides tools for aggregating, parsing, and displaying data, including personal or financial data users collect from third parties in an efficient and easily reviewable format for users to validate (the “Services”).
The purpose of the Services is to review financial account data (including, but not limited to, account numbers and account holder information, account transactions, account statements, account position and balance information) and information such as paystubs, W-2s, IDs, and invoices (together, “Records”) from a variety of users, groups, advisors, clients, and other parties, retrieved from third party financial institutions, such as brokerages and banks, and parsed and summarized in a way that is searchable, verifiable and provides benefits to users.
Records may include Personal Information from your customers, employees, or other individuals; namely, along with directions from you on how to process such Records, we may receive from you Personal Information in the following documents: bank statements, credit card statements, paystubs, W-2s, IDs and invoices. To the extent Ocrolus processes data from you in the role of a processor on your behalf, you will be responsible for obtaining the necessary permissions and authorizations for and maintaining the privacy and security of such data (including Records and Personal Information) you share with Ocrolus. You are responsible for complying with all applicable privacy-related requirements and laws for such data, including the Gramm-Leach-Bliley Act (“GLBA”), if applicable. You should not share with or disclose to us Personal Information and Records that are not needed for the processing activities we will perform on your behalf and pursuant to your directions. The Records you disclose to us for processing will be processed pursuant to the agreement between you and Ocrolus.
2. INFORMATION WE COLLECT
We collect and store Personal Information directly from you when you submit or disclose it to us through the Site, by phone, by email, or by other means.
Categories of Personal Information that we collect about you from your own submissions/disclosures may include the following:
- Information about yourself, such as your name, company name (including type of organization), and contact information (email or physical address and phone number).
- Information like username and password, which you may need to provide when you register. You must register to use our Services.
- Records will not be disclosed, except as required and permitted by law or under a separate agreement between you and Ocrolus.
- Information you share with us in connection with contests and promotions.
Through automated means when you access the Site, we may collect the following:
- Your usage information about how you use the Site, including your access times, location, and browser types.
- Device-specific information, including your hardware model, operating system and version, unique device identifiers, mobile network information, and information about the device’s interaction with our Site.
If you apply to a job through our Site, you may submit Personal Information such as your full name, contact information, work experience, links to your social media accounts, resume, and any other documents or information that you choose to upload and submit. As part of the recruitment process, we may consider information from these sources.
In our role as a processor on your behalf, we may also collect information such as Records from third parties at your request as part of those agreements or contracts, including but not limited to third-party verification sites, credit bureaus, mailing list providers, and publicly available sources. This information may include additional Personal Information.
3. HOW OCROLUS USES INFORMATION
Ocrolus uses and maintains the Personal Information described in the above categories for internal and Services-related purposes, and to help improve our Services in the future. Ocrolus processes information you provide us for various purposes, including displaying the information to you, delivering related content, performing analysis on Records and other purposes relating to Ocrolus’ Services or under the terms of a separate agreement between you and Ocrolus.
The Records we receive from you in our role as a processor will be processed pursuant to the applicable agreement between you and Ocrolus. If you share Personal Information to Ocrolus within Records to the extent Ocrolus processes such data on your behalf, you are responsible for ensuring it is shared in accordance with applicable law. Ocrolus does not have control over, and shall not be responsible for, how Personal Information contained in Records is used or shared prior to it being provided to Ocrolus for the Services or by you after the Services are delivered.
We may send you information related to your account or our Services. We may send emails to the email address you provide to us, push notifications to your mobile device if you have downloaded our app and enabled notifications, and text messages to any cellphone number you provided to us, to verify your account and for informational and operational purposes, such as account management, customer service, system maintenance, and other Site-related purposes. If you decide at any time that you no longer wish to receive such communications from us, please follow the “unsubscribe” instructions provided in the communications.
We may also use the Personal Information described above (i) to track and analyze trends and usage in connection with our Site; (ii) to process and deliver contest and promotion entries and rewards; (iii) to protect our rights or property; (iv) to compare information for accuracy; (v) to verify your identity as noted above; (vi) to investigate and prevent fraud or other illegal activities; and (vii) for any other purpose disclosed to you in connection with our Site.
Additionally, we use Personal Information:
- To provide you with information or Services that you request from us.
- To fulfill any other purpose for which you provide it.
- To provide you with notices about your account/subscription, including expiration and renewal notices.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
- To notify you about changes to our Site.
- In any other way we may describe when you provide the information.
- For any other purpose with your consent.
We may also use usage information, for example, to determine how many users have visited certain pages or opened messages or newsletters. We may link this data to your profile. Our third-party partners, such as advertising networks, social media widgets, and analytics providers like Google Analytics also may collect and combine information collected on our Site and emails with other information about your online activities over time, on other devices, and on other websites or apps, if those websites and apps also use the same partners. Targeting and personalization platforms such as may link to our Google Analytics account to collect and store IP addresses to track ad-clicking activity.
We may use Personal Information for marketing purposes, such as providing online advertising on the Site and sending you information we think may be useful or relevant to you. We use various marketing and targeting platforms to maintain Personal Information (contact information) for such marketing purposes, including email marketing, or to target advertising.
We may use third-party service providers to process and store Personal Information (including Personal Information in Records) in the United States and other countries.
4. INFORMATION SHARING AND ONWARD TRANSFER
We may share the categories of Personal Information described above (including Personal Information in Records) to assist us in various business functions. However, we do not rent, sell, or share Personal Information that we collect on the Site with other people or unaffiliated companies for their direct marketing purposes.
We may share the Personal Information described above with the following service providers and third parties:
- To our subsidiaries and affiliates in order to provide the Services.
- To marketing partners in order to send you promotional communications.
- To promotional vendors we use to administer contests and promotions.
- To IT service providers, such as our data hosting provider.
- To other contractors, service providers and other third parties we use to support our business and who are bound by contractual obligations to keep Personal Information confidential and use it only for the purposes for which we disclose it to them.
- To a buyer or other successor in the event of a proposed or completed merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of Ocrolus’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which Personal Information held by Ocrolus about our users is among the assets transferred.
We may also share Personal Information as follows:
- To comply with any court order, law or legal process, including to respond to any government or regulatory request.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Ocrolus, our customers or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
- To fulfill the purpose for which you provide it.
- With your consent or direction.
Our Site includes links/widgets to third parties, including social media. If you click on these links, you are leaving our website, and the collection, use, and disclosure of your Personal Information will be subject to these third parties’ privacy practices, terms, and policies.
We may share non-personally identifiable information (anonymized, aggregated, or otherwise) with third parties for any reason.
5. INFORMATION SECURITY
We take reasonable measures to safeguard the security of Personal Information (including Personal Information in Records) with industry-standard physical, electronic, and managerial procedures. The safety and security of Personal Information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We restrict access to Personal Information to certain employees who require that information in order to maintain and operate Ocrolus’ systems and to provide the Services.
Where you have given Personal Information in Records to us so that we can process it on your behalf as part of providing Services, you are responsible for ensuring the privacy and security of that Personal Information and obtaining the necessary authorizations and consent or otherwise having the appropriate legal authority for it to be shared with us for the Services.
Transmission of information via the Internet is not secure with absolute certainty. Although we do our best to protect Personal Information and provide transmission security in line with commercially-approved methods, we cannot guarantee the security of Personal Information transmitted to or through our Site from theft, loss, alteration, misuse, or unauthorized access. We do not make any representation as to the reasonableness, efficacy, or appropriateness of the measures we use to safeguard your Personal Information. Any transmission of Personal Information is at your own risk. We are not responsible for any attempt to circumvent or any circumvention of privacy settings or security measures contained on or within the Site.
6. DATA RETENTION
We store the Personal Information we collect for as long as is necessary for the purpose(s) for which we originally collected it. We may retain certain information for legitimate business purposes, as required by our legal obligations, or as necessary to resolve disputes, defend our legal rights, and enforce our agreements.
7. TRANSFER OF INFORMATION TO THE U.S. AND OTHER COUNTRIES
Ocrolus is based in the United States and we process and store information in the U.S. and other countries. As such, we and our service providers may transfer information (including Personal Information) to, or store or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your Personal Information and the Personal Information in Records receives an adequate level of protection in the jurisdictions in which we process it. If you are using the Site or Services, you agree to the transfer of your Personal Information and the Personal Information in the Records you provide to us to the United States and processing globally. By providing your Personal Information and the Personal Information in Records for processing, you consent to any transfer and processing in accordance with this Policy.
8. YOUR CHOICES AS A USER
You may delete your Ocrolus account under the terms of an applicable agreement between you and Ocrolus. We will endeavor to act on deletion requests as soon as reasonably practicable. Deletions take effect when we act on them, and we will delete your Ocrolus account according to the technical mechanisms available to us. However, residual information related to your account may remain for some time on our servers due to technical limitations. Some areas of the Site and some of the Services will not be available to you unless you choose to share certain Personal Information and Records.
You may delete or change the Personal Information that you have previously provided by contacting us at email@example.com or the contact information listed below in Section 16. We will need to verify your identity before processing most requests, which may require us to obtain additional Personal Information from you. We will only use the information received in a request for the purposes of responding to the request.
As described above, we will endeavor to act on these requests as soon as reasonably practicable, and residual information may remain on our servers due to technical limitations. However, we may deny your deletion request if retaining the information is necessary for us, in accordance with applicable laws or our contractual commitments.
9. THE EUROPEAN ECONOMIC AREA RIGHTS
If you are located in the European Economic Area (“EEA”), you have certain rights and protections under the law regarding the processing of your Personal Information under the General Data Protection Regulation (“GDPR”).
As noted above, we may process Records concerning your customers that we receive from you in the role of a processor on your behalf. Such Records may include Personal Information from your customers located in the EEA. In those instances, we will process those Records and assist you with the fulfillment of your obligations under the GDPR pursuant to the applicable contract between you and Ocrolus.
Legal Basis for Processing
If you are located in the EEA, when we process your Personal Information we will only do so in the following situations:
- We need to use your Personal Information to perform our responsibilities under our contract with you (e.g., providing the Services you have requested).
- We have a legitimate interest in processing your Personal Information. For example, we may process your Personal Information to send you marketing communications, to communicate with you about changes to our services, and to provide, secure, and improve our Services.
- You have given your consent to the processing of your Personal Information for one or more specific purposes.
Data Subject Requests
If you are located in the EEA, you have the right to access Personal Information we hold about you and to ask that your Personal Information be corrected, erased, or transferred. You may also have the right to object to, or request that we restrict, certain processing. If you would like to exercise any of these rights, you may contact us at firstname.lastname@example.org.
Questions or Complaints
If you are located in the EEA and have a concern about our processing of Personal Information that we are not able to resolve, you have the right to lodge a complaint with the data privacy authority where you reside. For contact details of your local Data Protection Authority, please see: https://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.
10. CALIFORNIA PRIVACY NOTICE AND RIGHTS
Under the California Consumer Privacy Act of 2018 (“CCPA”), California consumers have the right to request:
- Deletion of Personal Information we have about them.
- Additional information about whether and how we have collected, used, disclosed, and sold Personal Information about them.
- Specific pieces of Personal Information we have about them.
- Opt out of the sale of their Personal Information, if the Personal Information is being sold by the business.We are not currently selling your Personal Information and have not sold your Personal Information since January 1, 2020. For all other requests, contact us at email@example.com or the contact information listed below. Such requests will be verified as described in Section 8 (Your Choices as a User) above.
We note that certain Records provided by you for processing may be subject to the privacy rules of the GLBA. For Personal Information in the Records that is collected and disclosed pursuant to the GLBA requirements, we will consider whether such Personal Information is exempt from the requests. To the extent the Records provided by you for processing includes Personal Information from your customers subject to the CCPA, we will process those Records and assist you with the fulfillment of your obligations under the CCPA pursuant to the applicable contract between you and Ocrolus.
California consumers also have the right not to receive discriminatory treatment if they exercise the rights listed above.
California law permits California consumers to use an authorized agent to make privacy rights requests. We require the authorized agent to provide us with proof of the California consumer’s written permission (for example, a power of attorney) that shows the authorized agent has the authority to submit a request for the California consumer.
11. NEVADA PRIVACY RIGHTS
Nevada residents have the right to submit a verified request directing us not to sell their Personal Information. As noted above, we do not sell Personal Information. If you are a Nevada resident and have questions, please contact us at firstname.lastname@example.org or the contact information listed below.
- To improve your experience when navigating our website;
- To remember some of your preferences, or save some of your credentials for your next visit;
- To perform analytics and understand the pages and advertisements that you like, how you ended up on our website, and from what type of devices;
- To do re-targeting and ensure that you are presented with relevant ads about our Services.
When you browse our website, different types of cookies are set on your hard disk or your device’s storage space. Cookies can be installed by us or can be installed by third parties.
- First-party cookies are those that are issued by our website domain, and they can only be set or retrieved by us. They are used for purposes specific to us, such as to personalize the website.
- Third-party cookies are usually placed on the website via scripts or tags added to a web page. Sometimes, these scripts will also bring additional functionality to the site.
We use different categories of cookies, which we classified using the standard from the International Chamber of Commerce:
- Strictly Necessary: These cookies are essential to enable you to navigate our website and use its features.
- Performance Cookies: These cookies collect information about how visitors use a website, such as the pages that visitors go most often, and whether they get an error messages from our web pages. These cookies do not collect information that allow us to specifically identify you; it only provides aggregated information about our visitors. Most performance cookies are persistent.
- Functionality Cookies: These cookies are used to allow certain functionality. For instance, these cookies allow our website to make remember the choices you made and provide enhanced or more personalized features.
- Targeting Cookies: These cookies are used to deliver advertising more relevant to you and your interests, including by social media. They are also used to limit the number of times you see an advertisement as well as to help measure the effectiveness of a campaign. These cookies can remember that you visited a website and share this information with third parties for re-targeting purposes.
The above-described cookies can be session cookies or persistent cookies:
- Session Cookies: These are cookies set temporarily on your device and deleted once you close your browser. They are not stored nor transmitted to third parties. We use this type of cookies to ensure you have a user-friendly experience.
- Persistent Cookies: These cookies remain active on your device for some time, which may vary from a few days to two years after your visit on our website.
Our third-party partners, such as advertising networks, social media widgets, and analytics providers (Google Analytics), collect certain information by automated means, such as cookies.
By using the Site, you consent to the placement of cookies, beacons, and other similar technology in your browser and on emails in accordance with this Policy. You may be able to change browser settings to block and delete cookies when you access the Site through a web browser. Depending on the browser that you are using, different instructions and adjustments are applicable. However, if you block cookies, the Site may not work properly and you may not be able to access all functionalities on the Site. The Site does not respond to browser do-not-track signals.
13. THIRD PARTY LINKS
The Site may contain links to other sites, some of which are not owned by Ocrolus. Ocrolus is not responsible for the security or privacy practices of non-Ocrolus sites, the products or services offered by such sites, or the content appearing at such sites. Likewise, Ocrolus does not endorse any of the products or services marketed at non-Ocrolus sites. Ocrolus prohibits the framing of any materials available through the Site and unauthorized hypertext links to the Site. Ocrolus reserves the right to disconnect or otherwise disable any unauthorized frames or hypertext links.
14. CHILDREN’S PRIVACY
Users under the age of 18 are not permitted to use the Services. In any event, we do not knowingly collect, maintain, store, or use Personal Information from children under 13 years of age, and no part of the Site is directed to children under the age of 13 years. We also do not sell Personal Information, as previously described within this Policy. As such, we do not knowingly sell Personal Information of minors under 16 years of age without affirmative authorization.
If you learn that your child has provided us with Personal Information without your consent, you may alert us using the contact information in Section 16. If we learn that we have collected any Personal Information from children under 13 years old without parental consent, we will promptly take steps to delete such information.
15. CHANGES TO THIS POLICY
We may make changes to this Policy from time to time. The revised version will be effective when it is posted to our Site, and the date when the most recent revisions will appear above. We reserve the right to change this Policy at any time at our sole discretion. If we make any material changes, we will let you know through the Site or other communication. We encourage you to read this Policy periodically to stay up-to-date about our privacy practices. If you do not agree to any changes made to this Policy, you should end your use of the Site or Services.
16. CONTACT INFORMATION
If you have questions or comments about this Policy, please contact us at:
40 Exchange Place
New York, NY
Tel: (646) 850-9090