Last Updated: September 26, 2016
Please read this Policy carefully. Your access to or use of any part of the Services will constitute your notice about our collection, use, and disclosure of your information in accordance with this Policy. If you do not wish for us to collect, use, and disclose your information in accordance with this Policy, please do not access or use the Services. This Policy does not cover information collected elsewhere, including, without limitation, offline or on sites linked to through the Services. We may add to or amend this Policy with other notices. We may also post different privacy statements for some Services and when we do so, this Policy does not apply.
This Policy applies solely to information collected by us through the Services and does not apply to any third-party activities, including third party websites linked from our Services, third party social networking platforms or features we make available through our Services, or third-party ads displayed on our Services. We are not responsible for the privacy practices or content of such third-parties. We encourage you to read the privacy statements of those third parties.
We collect information from you in various ways when you use our Sites. We collect information you directly provide to us. For example, we collect your name, home location, billing or mailing address, email address, postal address, phone number, fax number, demographics, preference information and other information you provide us on our Sites. We also collect credit card numbers if you purchase services on our Sites or use services that reconcile your credit card charges. We may also obtain information from other sources and combine that with information we collect on our Sites.
When you visit our Sites, some information is automatically collected. For example, when you visit our Sites, your computer's operating system, Internet Protocol (IP) address, Device Identifier, access times, browser type, device type, domain name, access times, duration of visit, referring URL, platform, new and repeat information, time stamp and language, and referring Web site addresses are logged automatically. We also collect information about your usage and activity on our Sites. A Device Identifier is a number that is automatically assigned to your Device used to access the Services, and allows us to identify your Device by its Device Identifier.
Tracking Technologies. We may use various technologies to automatically collect Device Identifiers, and other information about you ("Tracking Technologies"). These Tracking Technologies work in different ways, for example some may be downloaded to your Device and others may set or modify settings on your Device. The following are examples of a few of the methods that may be used to collect information include, without limitation, the following (and subsequent technology and methods hereafter developed):
Web Beacons. We may collect information using Web beacons. Web beacons are electronic images that may be used on our Sites or in our emails. We use Web beacons to deliver cookies, count visits, understand usage and campaign effectiveness and to tell if an email has been opened and acted upon.
ETag, or entity tag. A feature of the cache in browsers. It is an opaque identifier assigned by a web server to a specific version of a resource found at a URL. If the resource content at that URL ever changes, a new and different ETag is assigned. Used in this manner, ETags are a form of Device Identifier. ETag tracking may generate unique tracking values even where the consumer blocks HTTP, Flash, and HTML5 cookies.
Targeting‑Related. We may use Tracking Technologies to learn more about you and your preferences and deliver content, including ads that seem relevant to your interests on our Services and third‑party services, based on how you interact with advertisements or content, and/or based on your location and other information about you.
Flash LSOs. When we post videos or other media on our blog, third parties may use local shared objects, also known as Flash cookies, to store your preferences for volume control, or to personalize certain features. Flash cookies are different from browser cookies because of the amount of, type of, and how data is stored. Cookie management tools provided by your browser will not remove Flash cookies. To learn how to manage privacy and storage settings for Flash cookies click here:
USE OF PERSONAL INFORMATION WE COLLECT
We use personal information collected through our Sites for purposes described in this Policy or disclosed to you on our Sites or in connection with our services. For example, we may use your information to:
Concur may store and process personal information in the United States and other countries.
SHARING OF PERSONAL INFORMATION
When you use the Service, your personal information and your travel information will be shared with the third parties you designate for access to such information including other companies, websites, mobile applications, your friends, relatives, and business associates. Depending upon the type of access you grant to such third parties, they may also be permitted to edit the information you have provided to us and to designate others to access and edit such information. You may change these settings as to who has access to your information by going to your account settings and then changing your publishing options.
You may choose to display certain information you give us in your public profile. Our Site also offers publicly accessible blogs or community forums. You should be aware that any information you choose to share in these areas may be read, collected, and used by others. In addition, you may be able to send your location information via the Services to other Services users. You should consider the pros and cons involved in disclosing your location information to us and to other people. Where a user of the Services requests that their location information be revealed to other persons, the user will be provided options for managing sharing services, which may be through third party services such as through Twitter and Facebook. We are not responsible for the acts, omissions or policies of such third parties.
In general, most of your travel related information, such as upcoming destinations and travel statistics, is displayed only to other users of the Service to whom you have specifically connected as part of your Concur / TripIt network. You can change your privacy settings to designate which types of information are shared and with whom by visiting the Profile and Privacy page. You may also post information about your travel plans or current travel status through your Concur / TripIt connections or other social networking connections or otherwise instruct the Service to automatically provide such information to other users of the Service and with your social networking connections.
We do not share your personal information with third parties other than as follows:
SECURITY OF YOUR PERSONAL INFORMATION
We maintain data handling and storage practices and procedures that are designed to promote the integrity and confidentiality of the personally identifiable information. No method of transmission over the Internet or method of electronic storage is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal information in an effort to prevent loss, misuse and unauthorized access, disclosure, alteration and destruction, we cannot guarantee its absolute security.
INTERNATIONAL TRANSFER OF YOUR PERSONAL INFORMATION
The Internet is a global environment and Concur is a global corporation operating in many countries around the world. Collecting and processing your information using the Internet necessarily involves the transmission and storage of personal information on an international basis and when Concur transfers your personal information across national borders, we do so in compliance with applicable law and the practices we have developed to ensure the integrity and confidentiality of the personally identifiable information we process.
Pursuant to the European Court of Justice ruling dated October 6, 2015 which invalidated the ability of European companies to rely on the Safe Harbor Framework for cross border data transfers, and in an effort to meet the “adequacy requirements” under EU data protection laws, the Concur affiliates have entered into and executed an Intra-Group Data Protection Agreement with SAP SE, as the ultimate parent company of Concur, which covers the processing and the transfer of your personal information from the European Economic Area and which incorporates the Standard Contractual Clauses to provide a mechanism approved by the European Commission as offering adequate protection when transferring personal information from the European Economic Area under the EU Data Protection Directive 95/46/EC.
Where Concur has entered into a business agreement for the use of Concur’s services to its business customers that involves the transfer of personal data, then, as applicable, Concur may enter into appropriate contractual clauses, including, without limitation, Standard Contractual Clauses where the transfer is required by a Concur business customer located in the European Economic Area to a country outside of the European Economic Area which does not meet the adequacy standard.
YOUR INFORMATION CHOICES AND CHANGES
We think that you benefit from a more personalized experience when we know more about you and your Concur experiences. The nature of our Services depends upon the use of Tracking Technologies for the purposes described above and we require your consent to such uses in order to use the Services, except that you have the option to change settings on your device and uninstall the Apps. We are giving you detailed notice of the Tracking Technologies and your limited choices regarding them so that your consent is meaningfully informed. In some cases you can limit the information you provide to us, and you can limit the communications that we send to you. You may opt out of receiving promotional emails from Concur by following the instructions in those emails. If you are registered on any of our Sites, you may login and make certain changes to your information in your account. You may also send requests about your preferences and changes to your information by emailing email@example.com. If you opt out, we may still send you non-promotional emails, such as emails about your accounts or our ongoing business relations. Additionally, if you are participating in a Concur service through your employer, your employer may make changes to information on your behalf. If you wish to cancel your account, modify your information, or request that we no longer use your information to provide you the Service, contact us at firstname.lastname@example.org.
Email Choices. You can manage your email preferences by updating your profile settings. You can also unsubscribe from promotional emails by: (1) following the unsubscribe instructions in our emails; or (2) emailing us at email@example.com. You may update your email preferences from time to time. Please note that even if you unsubscribe from promotional email messages, we may still need to contact you with important transactional information related to your account and your use of the Service. For example, even if you have unsubscribed from our email messages, we will still send you emails confirming emails relating directly to an itinerary or travel profile created through the Service confirming registration.
SMS Choices. You may manage the SMS alerts regarding flight delays, gate changes, and other alert information specific to your itinerary sent by the Service to your mobile device by following the opt-out instructions in each SMS message.
Do Not Track. We may not recognize or respond to every type of “do not track” signal or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party websites or online services, but we give you certain choices about how we collect personally identifiable information as described in this Policy. Many Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Site including certain opt-out cookies. Cookie management tools provided by your browser usually will not remove Flash cookies. To learn how to manage privacy and storage settings for Flash cookies click here:http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html#117118 (or in the EU http://www.youronlinechoices.com/).
We encourage you to review the privacy policies of our third party advertisers and analytics service providers (http://preferences-mgr.truste.com/) to learn about your choices about information they collect from you. In addition, the Network Advertising Initiative offers information about some of the Internet advertising companies we may use, including how to opt-out of interest based advertising they deliver. To opt-out of Google Analytics web tracking you can download Google Analytics Opt-out Browser Add-on.
CHANGES TO THIS POLICY
If you have any questions about this Policy or to file any complaint regarding this Policy, please contact us at the following address:
Concur Technologies, Inc.
601 – 108th Avenue NE, Suite 1000
Bellevue, WA 98004
Telephone: (888) 883-8411
Concur will investigate and attempt to resolve complaints and disputes regarding the collection, use, and disclosure of personal information by referencing the privacy principles stated in this Policy. For complaints that cannot be resolved Concur shall adhere to the following dispute resolution procedures in the investigation and resolution of complaints to resolve disputes: (1) For disputes involving all personal information received by Concur from Switzerland, Concur has agreed to cooperate with the Swiss FDPIC; (2) For disputes involving employment-related personal information received by Concur from the EEA, Concur has agreed to cooperate with the independent dispute resolution service provided by the Data Protection Authorities in the EEA and to participate in the dispute resolution procedures of the panel established by the European Data Protection Authorities; and (3) For all other disputes, you can contact TRUSTe on-line at http://watchdog.truste.com/pvr.php?page=complaint or at the address below. If you are faxing or mailing TRUSTe to lodge a complaint, you must include the following information: the name of company, the alleged privacy violation, your contact information, and whether you would like the particulars of your complaint shared with the company. For information about TRUSTe or the operation of TRUSTe's dispute resolution process, click here or request this information from TRUSTe at any of the addresses listed above. The TRUSTe dispute resolution process shall be conducted in English.
55 2nd Street, 2nd Floor
San Francisco, CA 94105
Telephone: (415) 520-3400
Facsimile: (415) 520-3420