Last updated: December 12, 2023.
Rebilly, Inc. and its group companies ("Rebilly", "we" or "us") respect your privacy. This privacy notice ("Notice") explains who we are, how we collect, use and share personal information about you, and how you can exercise your privacy rights. Rebilly collects and processes personal information about you from various sources to provide our Services and to manage our Website. "You" may be a visitor to one of our websites, a user of one or more of our Services ("Rebilly User"), or a customer of a Rebilly User ("End Customer").
We recommend that you read this Notice in full to ensure you are fully informed. However, to make it easier for you to review those parts of this Notice which apply to you, we have divided up the document into the following sections:
Section 1: WHO WE ARE (applicable to everyone)
Section 2: PRIVACY FOR THE WEBSITE (applicable to visitors to our Website)
Section 3: 3.PRIVACY FOR THE SERVICES (applicable to Rebilly Users and End Customers)
Section 4: GENERAL INFORMATION (applicable to everyone)
- 4.1 How do we share your information?
- 4.2 International Data Transfers
- 4.3 Legal basis for processing personal information(EEA visitors only)
- 4.4 Your data protection rights
- 4.5 How do we keep information secure?
- 4.6 How long do we keep information?
- 4.7 Third-Party Websites and Apps
- 4.8 Children's information
- 4.9 Changes to this Notice
- 4.10 Contact Us
We are a US-based technology company that offers subscription billing software to increase our customers' lifetime value. We enable subscription services to handle payments, invoices, billing disputes, fraud prevention and provide analysis (the "Services"). We have offices in Austin, Montreal and Barbados and other employees based all over the world. You can find out more about us here.
This section describes how we collect and use personal information in the usual course of business, including through our websites (such as https://www.rebilly.com/ (and any of its sub-domains) or any other website which includes a link to this Notice is posted) (the "Website"), as well as in connection with our events, sales and marketing activities.
Information that you provide voluntarily: Our Website offers various ways that individuals may contact us, such as through form submissions, email or phone, in order to inquire about our company and services. For example, when expressing an interest in obtaining additional information about Rebilly or our Service, subscribing to marketing or otherwise contacting us, Rebilly collects personal information from you. This can be via the Website, in person at a tradeshow or event or via a phone call with one of our sales representatives. The personal information we collect may include:
- contact information (such as your name, address, telephone number and email address) as well as the nature of your communication;
- professional information (such as your company name, job title);
- marketing information (such as your contact preferences, source/campaign); and
- any information you choose to provide to us when completing any 'free text' boxes in our forms (for example, for event sign-up or bot interaction).
Information we collect automatically: When using our Website, certain information is automatically collected by most browsers or through your device (such as your IP address, your operating system, your browser, mobile device information, request information (speed, frequency) and information about how you interact with our Website and other websites). In some countries, including countries in the European Economic Area ("EEA"), this information is considered 'personal data' under data protection laws. Some of this information is collected using cookies and similar tracking technology, as explained in our Cookie Notice.
Information we collect from other sources: In order to enhance our ability to provide relevant marketing, offers and services to you, we may obtain information about you from other sources, such as public databases, joint marketing partners, data providers, social media platforms, as well as from other third parties.
Our Website includes plugins of social media platforms, such as Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA; Twitter Inc., 795 Folsom St., Suite 600, San Francisco CA 94107, USA; and LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA. You can identify the plugins by the respective network's logo. Details about purpose and extent of data collection, as well as processing and use of the data, by the social media networks can be obtained by reading the privacy policies of Facebook, Twitter and LinkedIn.
We use the information we collect or receive (alone or in combination) to:
- To respond to your inquiries and fulfill your requests, such as to send you requested materials and newsletters, as well as information and materials regarding our products and services.
- To send administrative information to you, for example, information regarding the Websites and changes to our terms, conditions, and policies.
- To send you marketing communications, including via email and SMS in compliance with applicable laws and in accordance with your preferences, that we believe may be of interest to you.
- To personalize your experience on our Websites by presenting products and offers tailored to you.
- For our business purposes, such as data analysis, audits, fraud monitoring and prevention, developing new products, enhancing, improving or modifying our Websites and services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.
- As we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
This section applies to the personal information we collect and process about Rebilly Users and their End Customers through the Services.
In general, our Service is intended for use by Rebilly Users. As a result, for much of the personal information we collect and process through the Services, we act as a processor. It is primarily Rebilly Users that control what personal information we collect through the Services and how we use it. If you are an End Customer and have privacy related questions or concerns about the privacy practices of or the choices Rebilly Users have made to share your information with us or any other third party, you should contact that Rebilly User or review their privacy policies. Rebilly is not responsible for the privacy or security practices of Rebilly Users, which may differ from those set out in this Notice.
Information you provide to us: If you are a Rebilly User you may provide certain personal information to us through the Services - for example, when you sign up for a Rebilly account to access and use the Services, when you consult with customer support or send us an email or communicate with us in any way (for example, to make a support request).
The personal information we collect may include: your business contact information (such as your name, job title, organization, address, telephone number and email address) and contact preferences; account information (such as your username and password); and if you purchase the Services, payment details (card information, alternative payment method information, invoices, order information and transaction history). If you ever communicate directly with us, we will maintain a record of those communications and responses.
Information we collect automatically: In connection with the deployment of the Services, we may automatically collect certain device data about Rebilly Users and their End Customer's (such as IP address, device type, operating system and internet browser type, screen resolution, operating system name and version, device manufacturer and model) when they interact with the Services.
If you are a Rebilly User we may also collect information about your use of the Services (such as the dates and times you access the Services, page views, which activities and features you use, the links you click on and how you interact with the Services), device event information (such as system activity, error reports (sometimes called 'crash dumps') and hardware settings) and/or log files automatically generated during the use of the Services (such as access times, hardware and software information).
Information we process about End Customers on behalf of Rebilly Users: In connection with the provision of the Service, we may process certain personal information relating to End Customers on behalf of the Rebilly Users. This information may include: contact information (name, email, phone, address), device information (such as IP Address), billing and transactional information (such as payment card information, photo ID, alternative payment method information, date of birth, order information) and any other custom data fields as configured by Rebilly Users. We only use and process this information as a processor and to provide the Services in accordance with the instructions of the relevant Rebilly Users.
- Provide and facilitate delivery of Services. For example, for the creation or administration of your Rebilly account, to communicate with you, and to provide you with customer support or other services you request, such as product updates, product patches and fixes and similar communications and sending other administrative and account related communications.
- To send you marketing communications, including via email and SMS, in compliance with applicable laws and in accordance with your preferences, that we believe may be of interest to you.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us.
- To manage the Rebilly User's account, including for billing purposes as well as for our customer relationship management.
- To prevent potentially illegal activities.
- To respond to legal requests or prevent fraud, we may need to disclose any information or data we hold about you. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
- To help us deliver a better and more personalized experience for Rebilly Users (for example, it enables us to customize our Services according to a Rebilly User's interests).
- For our business purposes, such as data analysis, audits, fraud monitoring and prevention, developing new products and features, enhancing, improving or modifying our products and services, identifying usage trends and expanding our business activities.
- As part of our efforts to keep the Service safe and secure (for example, to help monitor, prevent and detect fraud, enhance security, monitory and verity identity or access, and combat spam or other malware or security risks).
- To comply with and enforce applicable legal and regulatory requirements (such as anti-money laundering and fraud prevention).
Cookies are small text files placed on your device to store data that can be recalled by a web server in the domain that placed the cookie. The Services may make use of first or third party cookies (whether session or persistent cookies) and similar technologies, for such things as session management, account access/ authentication, to recognize returning Rebilly Users, for storing and honoring Rebilly User's preferences and settings, combating fraud, maintaining and monitoring the infrastructure of the Services, ensuring security protections, analyzing how our products perform and other analytics purposes, and fulfilling other legitimate purposes as further described in this Notice (such as fixing issues with and improving our Services and related user experience). We also use analytics cookies to better understand how our Services are being used by tracking how you interact with the Services and where you click.
We do not sell or share your personal information with third parties except as outlined below. We may disclose your personal information to the following categories of recipients:
- Service providers. In order to provide these services to you, it is necessary for us to disclose your information to contracted third parties and service provider partners who perform certain functions of our service on our behalf. Examples include payment providers (to authorize, record, settle and clear payment card transactions); cloud hosting providers (to provide data storage and processing services); communications providers (to process new queries and to manage our emails); and analytics company to perform analysis on the Website and Services.
- Rebilly affiliates. Rebilly is headquartered in Austin and has offices in Montreal and Barbados and other employees based all over the world. We may share information with our parent companies, subsidiaries and/or affiliates for use and processing purposes described in this Notice.
- Compliance with laws. We may disclose information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or other legal process (including in response to public authorities to meet national security or law enforcement requirements).
- Business transfers. We may share or transfer information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Notice.
- Consent. We may share your information with any other person with your consent to the disclosure.
The Rebilly Websites and Service are provided and hosted in the United States. If you are using the Website or Service from outside the United States, please be aware that your information may be transferred to, stored, and processed by Rebilly in our facilities and by those third parties with whom we may share your personal information, in the United States and other locations including Canada and Barbados, where we have offices. These countries may have data protection laws that are different to the laws of your country.
However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Notice. These include implementing the European Commission's Standard Contractual Clauses for transfers of personal information between our group companies, which require all group companies to protect personal information they process from the EEA in accordance with European Union data protection law. Our Standard Contractual Clauses can be provided upon request. We have implemented similar appropriate safeguards where legally required with our third party service providers and partners and further details can be provided upon request.
If you are resident in or a visitor from the EEA, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. In most cases we use personal information: where we need it to perform a contract with you; where the processing is in our legitimate business interests; or, where required by applicable law, we have your consent to do so. In some cases, we may have a legal obligation to collect personal information from you. Typically, our legitimate interests include: (i) providing, improving and personalizing our Website and Services; (ii) managing our relationship with you; and (iii) conducting our marketing activities.
If you have questions or need further information about the legal basis we rely on to collect and use your personal information, please contact us using the contact details provided under the Contact Us section of this Notice. The data controller of your personal information is typically Rebilly, Inc.
Where we are acting as a controller, and depending on your location and subject to applicable law, you may have the following rights with regard to the personal information we control about you:
- You can access, correct, update, delete, and deactivate your personal information through the Website by signing in to your account and editing your information as desired. You can also contact us at email@example.com.
- In addition, if you are a resident of or visitor from the EEA, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information, sent to you by portable electronic format or by mail, in accordance to applicable law. To exercise these rights email firstname.lastname@example.org.
- You can opt out of receiving marketing emails from us by clicking the "unsubscribe" link in the email, by emailing email@example.com. If you choose to no longer receive marketing information, we may still communicate with you regarding such things as your security updates, product functionality, responses to service requests, or other transactional, non-marketing purposes.
- If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details for data protection authorities in EEA are available here.
We are committed to security and privacy, maintaining appropriate physical, technical and administrative standards to protect the personal information that we collect. As part of this commitment, we adhere to the Payment Card Industry Data Security Standard (PCI DSS) as a Level 1 service provider. This is the payment card industry's most stringent security standard. This means that we have taken extensive security measures that include: physical, electronic, and procedural safeguards; documented security policies; use of strong encryption for data transmission; security monitoring tools; restricted access to personally identifiable information; and regular audits by independent, third party security experts.
We require all service providers to take appropriate steps to safeguard the security and privacy of your personal information. The service provider must fit into our overall security framework as part of our PCI DSS Level 1 compliance.
However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so you should take care in deciding what information you send us in this way.
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax or accounting requirements, to enforce our agreements or comply with our legal obligations).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such data. If this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
This Notice only applies to the Rebilly Website and Services. Any access to and use of any linked websites or services is not governed by this Notice, but instead is governed by the privacy policies of those third parties. We are not responsible for the information practices of such third parties.
You must have reached the age of majority to register as a member of or be permitted use of the Website or Service. Any information we receive from people we believe to be under this age will be purged from our database. We do not knowingly collect personal information from children under the age of 13 or have any reasonable grounds to believe that children under the age of 13 are accessing our Website or using our Service.
Rebilly will review and update this Notice periodically and will note the date of its most recent revision above. If we make material changes to this Notice, we will notify you either by prominently posting a notice of such changes prior to implementing the changes or by directly sending you a notification. We encourage you to review this Notice frequently to be informed of how Rebilly is protecting your information.
If you have any questions or suggestions regarding our Notice, feel free to contact us at firstname.lastname@example.org or in writing at: 3801 N. Capital of Texas Hwy. E-240 #72, Austin, Texas 78746, USA