Last Updated and Effective: June 1, 2021
This Policy applies to data collected both offline and through any use of the Site. It does not apply to information collected by third party websites, applications, or content that may link to or be accessible from our Site.
“Personal Information” means information that alone or when in combination with other information may identify, relate to, describe, be reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household, such as name, address, email address, financial account number, social security number, IP address, or phone number.
Personal Information does not include information that has been anonymized or de-identified so that it does not identify a specific individual, which we may use for any legal purpose.
Jump to section:
1. THE SITE AND SERVICES
2. INFORMATION WE COLLECT
3. HOW OCROLUS USES INFORMATION
4. INFORMATION SHARING AND ONWARD TRANSFER
5. INFORMATION SECURITY
6. DATA RETENTION
7. TRANSFER OF INFORMATION TO THE U.S. AND OTHER COUNTRIES
8. YOUR CHOICES AS A USER
10. THIRD-PARTY LINKS
11. CHILDREN’S PRIVACY
12. CHANGES TO THIS POLICY
13. CONTACT INFORMATION
14. ADDITIONAL INFORMATION FOR EUROPEAN ECONOMIC AREA AND CANADIAN USERS
15. CALIFORNIA PRIVACY NOTICE AND RIGHTS
16. NEVADA PRIVACY RIGHTS
THE SITE AND SERVICES
Ocrolus operates the Site that provides tools for aggregating, parsing, and displaying data, including personal or financial data users collect from third parties in an efficient and easily reviewable format for users to validate (the “Services”).
The purpose of the Services is to review financial account data (including, but not limited to: account numbers and account holder information, account transactions, account statements, account position and balance information) and information such as paystubs, W-2s, T4s and other tax-related forms, IDs, and invoices (together, “Records”) from a variety of users, groups, advisors, clients, and other parties, retrieved from third party financial institutions, such as brokerages and banks, and parsed and summarized in a way that is searchable, verifiable and provides benefits to users.
Records may include Personal Information from you, your customers, employees, or other individuals; namely, along with directions from you on how to process such Records, we may receive from you Personal Information in the following documents: bank statements, credit card statements, paystubs, W-2s, IDs and invoices. To the extent Ocrolus processes data from you in the role of a processor on your behalf, you will be responsible for obtaining the necessary permissions and authorizations for and maintaining the privacy and security of such data (including Records and Personal Information) you share with Ocrolus. Ocrolus employs security safeguards to protect all information it processes, which is discussed in further detail below; however in relation to the collection and transmission of any personal information to Ocrolus and choosing to use the Services for processing, you are responsible for complying with all applicable privacy-related requirements and laws for such data, including the Gramm-Leach-Bliley Act (“GLBA”) and Personal Information Protection and Electronic Documents Act (“PIPEDA”, Canada) if and to the extent applicable. You should not share with or disclose to us Personal Information and Records that are not needed for the processing activities we will perform on your behalf and pursuant to your directions. The Records you disclose to us for processing will be processed pursuant to the agreement between you and Ocrolus.
- INFORMATION WE COLLECT
We collect and store Personal Information directly from you when you submit or disclose it to us through the Site, by phone, by email, or by other means.
Categories of Personal Information that we collect about you from your own submissions/disclosures may include the following:
- Information about yourself, such as your name, company name (including type of organization), and contact information (email or physical address and phone number).
- Information like username and password, which you may need to provide when you register. You must register to use our Services.
- Records will not be disclosed, except as required and permitted by law or under a separate agreement between you and Ocrolus.
- Information you share with us in connection with contests and promotions.
Through automated means when you access the Site, we may collect the following:
- Your usage information about how you use the Site, including your access times, geographical location, and browser types.
- Device-specific information, including your hardware model, operating system and version, unique device identifiers, mobile network information, and information about the device’s interaction with our Site.
If you apply to a job through our Site, you may submit Personal Information such as your full name, contact information, work experience, links to your social media accounts (optional), resume, and any other documents or information that you choose to upload and submit. As part of the recruitment process, except to the extent limited at law, we may consider information from these sources.
In our role as a processor on your behalf, we may also collect information such as Records from third parties at your request as part of those agreements or contracts, including but not limited to third-party verification sites, credit bureaus, mailing list providers, and publicly available sources. This information may include additional Personal Information.
- HOW OCROLUS USES INFORMATION
Ocrolus uses and maintains the Personal Information described in the above categories for internal and Services-related purposes, and to help improve our Services in the future. Ocrolus processes information you provide us for various purposes, including displaying the information to you, delivering related content, performing analysis on Records and other purposes relating to Ocrolus’ Services or under the terms of a separate agreement between you and Ocrolus.
The Records we receive from you in our role as a processor will be processed pursuant to the applicable agreement between you and Ocrolus. If you share Personal Information to Ocrolus within Records to the extent Ocrolus processes such data on your behalf, you are responsible for ensuring it is shared in accordance with applicable law. Ocrolus does not have control over, and shall not be responsible for, how Personal Information contained in Records is used or shared prior to it being provided to Ocrolus for the Services or by you after the Services are delivered.
We may send you information related to your account or our Services. We may send emails to the email address you provide to us, push notifications to your mobile device if you have downloaded our app and enabled notifications, and text messages to any cellphone number you provided to us, to verify your account and for informational and operational purposes, such as account management, customer service, system maintenance, and other Site-related purposes. If you decide at any time that you no longer wish to receive such communications from us, please follow the “unsubscribe” instructions provided in the communications.
We may also use the Personal Information described above (i) to track and analyze trends and usage in connection with our Site; (ii) to process and deliver contest and promotion entries and rewards; (iii) to protect our rights or property; (iv) to compare information for accuracy; (v) to verify your identity as noted above; (vi) to investigate and prevent fraud or other illegal activities; and (vii) for any other purpose disclosed to you in connection with our Site.
Additionally, we use Personal Information:
- To provide you with information or Services that you request from us.
- To fulfill any other purpose for which you provide it.
- To provide you with notices about your account/subscription, including expiration and renewal notices.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
- To comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
- To notify you about changes to our Site.
- In any other way we may describe when you provide the information.
- For any other purpose with your consent.
- For compliance, fraud prevention, and safety.
We may also use usage information, for example, to determine how many users have visited certain pages or opened messages or newsletters. We may link this data to your profile. Our third-party partners, such as advertising networks, social media widgets, and analytics providers like Google Analytics also may collect and combine information collected on our Site and emails with other information about your online activities over time, on other devices, and on other websites or apps, if those websites and apps also use the same partners. Targeting and personalization platforms may link to our Google Analytics account to collect and store IP addresses to track ad-clicking activity.
We may use Personal Information for marketing purposes, such as providing online advertising on the Site and sending you information we think may be useful or relevant to you. We use various marketing and targeting platforms to maintain Personal Information (contact information) for such marketing purposes, including email marketing, or to target advertising.
We may use third-party service providers to process and store Personal Information (including Personal Information in Records) in the United States and other countries. Please see Section 7 for further information in this regard.
- INFORMATION SHARING AND ONWARD TRANSFER
We may share the categories of Personal Information described above (including Personal Information in Records) to assist us in various business functions. However, we do not sell (as defined under the CCPA) Personal Information that we collect on the Site with other people or unaffiliated companies for their own marketing purposes (see here for more information).
We may share the Personal Information described above with the following service providers and third parties:
- To our subsidiaries and affiliates in order to provide the Services.
- To our marketing partners in order to send you promotional communications on our behalf.
- To promotional vendors we use to administer contests and promotions.
- To IT service providers, such as our data hosting provider.
- To other contractors, service providers and other third parties we use to support our business and who are bound by contractual obligations to keep Personal Information confidential and use it only for the purposes for which we disclose it to them.
- To a buyer or other successor in the event of a proposed or completed merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of Ocrolus’ assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which Personal Information held by Ocrolus about our users is among the assets transferred.
We may also share Personal Information as follows:
- To comply with any court order, law or legal process, including to respond to any government or regulatory request.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Ocrolus, our customers or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
- To fulfill the purpose for which you provide it.
- With your consent or direction, or as otherwise permitted or required by law.
Our Site includes links/widgets to third parties, including social media. If you click on these links, you are leaving our website, and the collection, use, and disclosure of your Personal Information will be subject to these third parties’ privacy practices, terms, and policies.
We may share non-personally identifiable information (anonymized, aggregated, or otherwise) with third parties for any reason.
- INFORMATION SECURITY
We take reasonable measures to safeguard the security of Personal Information (including Personal Information in Records) with industry-standard physical, electronic, and managerial procedures. The safety and security of Personal Information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We restrict access to Personal Information to certain employees who require that information in order to maintain and operate Ocrolus’ systems and to provide the Services.
Where you have given Personal Information in Records to us so that we can process it on your behalf as part of providing Services, you are responsible for ensuring the privacy and security of that Personal Information and obtaining the necessary authorizations and consent or otherwise having the appropriate legal authority for it to be shared with us for the Services.
Transmission of information via the Internet is not secure with absolute certainty. Although we do our best to protect Personal Information and provide transmission security in line with commercially-approved methods, we cannot guarantee the security of Personal Information transmitted to or through our Site from theft, loss, alteration, misuse, or unauthorized access. We do not make any representation as to the reasonableness, efficacy, or appropriateness of the measures we use to safeguard your Personal Information. Any transmission of Personal Information is at your own risk. We are not responsible for any attempt to circumvent or any circumvention of privacy settings or security measures contained on or within the Site. If you have questions about our security measures in place, please contact us at firstname.lastname@example.org.
- DATA RETENTION
We store the Personal Information we collect for as long as is necessary for the purpose(s) for which we originally collected it. We may retain certain information for legitimate business purposes, as required by our legal obligations, or as necessary to resolve disputes, defend our legal rights, and enforce our agreements.
- TRANSFER OF INFORMATION TO THE U.S. AND OTHER COUNTRIES
Ocrolus is headquartered in the United States and we process and store information in the U.S. and other countries. As such, we and our service providers may transfer information (including Personal Information) to, or store or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your Personal Information and the Personal Information in Records receives an adequate level of protection in the jurisdictions in which we process it. If you are using the Site or Services, you agree to the transfer of your Personal Information and the Personal Information in the Records you provide to us to the United States and processing globally. By providing your Personal Information and the Personal Information in Records for processing, you consent to any transfer and processing in accordance with this Policy. If there are any questions about where the information is being transferred or the service providers we work with, please contact us at the contact information set out in Section 13.
- YOUR CHOICES AS A USER
Access, update, correct, or delete your information:
Upon request, we will provide you with information about whether we hold, or process on behalf of a third party, any of your Personal Information. If your Personal Information changes, or if you no longer desire our Services, you may correct, update, or delete it by emailing us at email@example.com or the contact information listed below in Section 13. We will need to verify your identity before processing most requests, which may require us to obtain additional Personal Information from you. We will only use the information received in a request for the purposes of responding to the request.
You may delete your Ocrolus account under the terms of an applicable agreement between you and Ocrolus. We will endeavor to act on deletion requests as soon as reasonably practicable. Deletions take effect when we act on them, and we will delete your Ocrolus account according to the technical mechanisms available to us. However, residual information related to your account may remain for some time on our servers due to technical limitations. Some areas of the Site and some of the Services will not be available to you unless you choose to share certain Personal Information and Records.
As described above, we will endeavor to act on these requests as soon as reasonably practicable, and residual information may remain on our servers due to technical limitations. However, we may deny your deletion request if retaining the information is necessary for us, in accordance with applicable laws or our contractual commitments.
You may opt out of marketing-related emails by clicking on a link at the bottom of each such email, or by contacting us at firstname.lastname@example.org. You may continue to receive service-related and other non-marketing emails.
If you gave us consent to post a testimonial on our Site, but wish to update or delete it, please contact us at email@example.com.
Choosing not to share your Personal Information:
Where we are required by law to collect your Personal Information, or where we need your Personal Information in order to provide a requested service to you or operate the Site, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with the requested services or operate the Site. We will tell you what information you must provide to receive a requested service or interact with the Site by designating it as required on the Site or through other appropriate means.
- To improve your experience when navigating our website.
- To remember some of your preferences or save some of your credentials for your next visit.
- To perform analytics and understand the pages and advertisements that you like, how you ended up on our website, and from what type of devices.
- To do re-targeting and ensure that you are presented with relevant ads about our Services.
When you browse our website, different types of cookies are set on your hard disk or your device’s storage space. Cookies can be installed by us or can be installed by third parties.
- First-party cookies are those that are issued by our website domain, and they can only be set or retrieved by us. They are used for purposes specific to us, such as to personalize the website.
- Third-party cookies are usually placed on the website via scripts or tags added to a web page. Sometimes, these scripts will also bring additional functionality to the site.
We use different categories of cookies, which we classified using the standard from the International Chamber of Commerce:
- Strictly Necessary: These cookies are essential to enable you to navigate our website and use its features.
- Performance Cookies: These cookies collect information about how visitors use a website, such as the pages that visitors go most often, and whether they get an error messages from our web pages. These cookies do not collect information that allow us to specifically identify you; it only provides aggregated information about our visitors. Most performance cookies are persistent.
- Functionality Cookies: These cookies are used to allow certain functionality. For instance, these cookies allow our website to make remember the choices you made and provide enhanced or more personalized features.
- Targeting Cookies: These cookies are used to deliver advertising more relevant to you and your interests, including by social media. They are also used to limit the number of times you see an advertisement as well as to help measure the effectiveness of a campaign. These cookies can remember that you visited a website and share this information with third parties for re-targeting purposes.
The above-described cookies can be session cookies or persistent cookies:
- Session Cookies: These are cookies set temporarily on your device and deleted once you close your browser. They are not stored nor transmitted to third parties. We use this type of cookies to ensure you have a user-friendly experience.
- Persistent Cookies: These cookies remain active on your device for some time, which may vary from a few days to two years after your visit on our website.
Our third-party partners, such as advertising networks, social media widgets, and analytics providers (Google Analytics), collect certain information by automated means, such as cookies.
By using the Site, you consent to the placement of cookies, beacons, and other similar technology in your browser and on emails in accordance with this Policy.
You can typically use your browser settings to block and delete cookies when you access the Site through a web browser. Depending on the browser that you are using, different instructions and adjustments are applicable (usually located within the “settings,” “help,” “tools,” or “edit” facility). Many browsers are set to accept cookies until you change your settings. If you block or do not accept cookies, the Site may not work properly and you may not be able to access all functionalities on the Site. The Site does not currently respond to browser do-not-track signals. To find out more about “Do Not Track,” please visit https://allaboutdnt.com/.
- THIRD-PARTY LINKS
The Site may contain links to other sites, some of which are not owned by Ocrolus. Ocrolus is not responsible for the security or privacy practices of non-Ocrolus sites, the products or services offered by such sites, or the content appearing at such sites. Likewise, Ocrolus does not endorse any of the products or services marketed at non-Ocrolus sites. Ocrolus prohibits the framing of any materials available through the Site and unauthorized hypertext links to the Site. Ocrolus reserves the right to disconnect or otherwise disable any unauthorized frames or hypertext links.
- CHILDREN’S PRIVACY
Users under the age of 18 are not permitted to use the Services. In any event, we do not knowingly collect, maintain, store, or use Personal Information from children under 13 years of age, and no part of the Site is directed to children under the age of 13 years. We also do not sell Personal Information, as previously described within this Policy. As such, we do not knowingly sell Personal Information of minors under 16 years of age without affirmative authorization.
If a parent or guardian becomes aware that their child has provided us with Personal Information without their consent, they may alert us using the contact information in Section 13. If we learn that we have collected any Personal Information from children under 13 years old without parental consent, we will promptly take steps to delete such information from our files as reasonably practicable.
- CHANGES TO THIS POLICY
We are required to review and update, and will review and update, this policy at least annually or if there are any substantive changes to our data collection and processing practices. The revised version will be effective when it is posted to our Site, and the date when the most recent revisions will appear above. We reserve the right to change this Policy at any time at our sole discretion. If we make any material changes, we will let you know through the Site or other communication that we believe will be reasonable likely to reach you. We encourage you to read this Policy periodically to stay up-to-date about our privacy practices. If you do not agree to any changes made to this Policy, you should end your use of the Site or Services.
- CONTACT INFORMATION
If you have questions or comments about this Policy, please contact us at:
101 Greenwich St, Floor 23
New York, NY 10006
Tel: (646) 850-9090
- ADDITIONAL INFORMATION FOR EUROPEAN ECONOMIC AREA AND CANADIAN USERS
If you are located in the European Economic Area (“EEA”) or Canada, you have certain rights and protections under the law regarding the processing of your Personal Information under the General Data Protection Regulation (“GDPR”) and Canadian privacy laws, as applicable (“Canadian Privacy Laws”).
As noted above, we may process Records concerning your customers that we receive from you in the role of a processor on your behalf. Such Records may include Personal Information from your customers located in the EEA and/or Canada. In those instances, we will process those Records and assist you with the fulfillment of your obligations under the GDPR and/or the Canadian Privacy Laws, as applicable, pursuant to the applicable contract between you and Ocrolus.
Legal Basis for Processing
If you are located in the EEA or Canada, when we process your Personal Information we will only do so in the following situations:
- We need to use your Personal Information to perform our responsibilities under our contract with you (e.g., providing the Services you have requested).
- We have a legitimate interest in processing your Personal Information. For example, we may process your Personal Information to send you marketing communications (unless you opt-out), to communicate with you about changes to our services, and to provide, secure, and improve our Services.
- You have given your consent to the processing of your Personal Information for one or more specific purposes.
Data Subject Requests
If you are located in the EEA or Canada, you have the right to access Personal Information we hold about you and to ask that your Personal Information be corrected, erased, or transferred. You may also have the right to object to, or request that we restrict, certain processing. If you would like to exercise any of these rights, you may contact us at firstname.lastname@example.org.
If you are located in Canada, the following rights also apply: You have the right to know what Personal Information we have about you and to request additional information about whether and how we have collected, used, disclosed, and sold Personal Information about you. In addition, if you do not wish for us to use your Personal Information for purposes that are not necessary to provide the Services (e.g., marketing), then please contact us at email@example.com and let us know your preference.
In addition, if you are located in Canada, subject to legal and contractual requirements, you can refuse to consent to Ocrolus’ collection, use or disclosure of Personal Information, or you may withdraw your consent to Ocrolus’ further collection, use or disclosure of Personal Information at any time in the future by giving Ocrolus reasonable notice, unless: (i) the consent is otherwise required by law or (ii) the use or disclosure is permitted by law or is related to the legal or regulatory requirements described herein. You can do so by contacting us at firstname.lastname@example.org. If you refuse to consent or withdraw your consent where such consent relates to the provision of requested products or services, Ocrolus may not be able to provide you, or continue to provide you, with such products, services or information. You cannot be discriminated against for exercising your rights hereunder.
Questions or Complaints
If you are located in the EEA or Canada and have a concern about our processing of Personal Information that we are not able to resolve, you have the right to lodge a complaint with the data privacy authority where you reside. For contact details of your local Data Protection Authority in the EEA, please see: https://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm. For individuals subject to Canadian privacy laws, please see: https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/02_05_d_15/ for access to the Office of the Privacy Commissioner of Canada and links to the various provincial privacy officer counterparts.
- CALIFORNIA PRIVACY NOTICE AND RIGHTS
Do Not Sell My Personal Information
We do not, and will not, sell (as defined under the CCPA) your Personal Information and have not sold your Personal Information in the past 12 months.
“Personal Information” is anything that identifies, relates to, describes, or is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or household.
California consumers have the right to request:
- Deletion of Personal Information we have about them and for us to direct the same of any third-party service providers processing their information on our behalf.
- Additional information about whether and how we have collected, used, disclosed, and sold Personal Information about them.
- Specific pieces of Personal Information we have about them.
- Opt-out of the sale of their Personal Information, if the Personal Information is being sold by the business, and not be contacted to request the resumption of those activities for at least 12-months.
- That any information held be returned by mail or electronically, and if electronically held, be returned in a format permitting its transfer to another service.
We note that certain Records provided by you for processing may be subject to the privacy rules of the GLBA. For Personal Information in the Records that is collected and disclosed pursuant to the GLBA requirements, we will consider whether such Personal Information is exempt from the requests. To the extent the Records provided by you for processing includes Personal Information from you or your customers subject to the CCPA, we will process those Records and assist you with the fulfillment of your obligations under the CCPA pursuant to the applicable contract between you and Ocrolus.
California consumers also have the right not to receive discriminatory treatment if they exercise the rights listed above. You cannot be charged a fee for these requests, penalized in any way, denied benefits, products, or services or charged differently for benefits, products, or services for doing so.
California law permits California consumers to use an authorized agent to make privacy rights requests. We require the authorized agent to provide us with proof of the California consumer’s written permission (for example, a power of attorney) that shows the authorized agent has the authority to submit a request for the California consumer.
- NEVADA PRIVACY RIGHTS
Nevada residents have the right to submit a verified request directing us not to sell their Personal Information. As noted above, we do not sell Personal Information. If you are a Nevada resident and have questions, please contact us at email@example.com or the contact information listed above.