Billsby Limited ("Billsby" "we" "us" or "our") takes your privacy seriously. This Privacy Notice explains how we collect, use, share, and process the personal information of individuals (“you” or “your”) covered by this Privacy Notice. This Privacy Notice applies to everyone who visits our website, www.billsby.com, as well as anyone we interact with for sales, marketing, recruitment, and research purposes whereby we control or determine the means and purposes of processing your personal information. It also applies to personal information we may collect either from you directly or from third parties in certain cases. Please read this Privacy Notice together with any other information we give you when we collect or process your personal information. Our website is not for use by anyone under the age of 18 years or anyone considered to be a minor under the local laws to which they are subject. We do not knowingly collect personal information from these individuals and no personal information regarding any such person should be shared with us.
Personal information we collect about you
The information we collect about you depends on who you are and how we interact with you. It may include:
- personal details such as your name, mailing address, email, personal phone number, and ID number
- general information like your job title, area of work, industry and location information;
- internet activity information like your browsing history, search history, and interaction with websites or advertisements
- online identifiers including IP address, device ID, browser, internet service provider, operating system
- information specific to our interaction with you such as your education and/or work history, remuneration, insurance information, and payment details
- sensitive personal information like your social security number, health information, and criminal history (if applicable)
- any other personal information you may provide to us or we collect from you or third parties during our interactions
How we collect your personal information
We collect your personal information in various ways, either directly from you or from third parties, for instance:
- when you register for our products and services, events we sponsor or host, fill out forms on our website, blogs, and forums or enter information on our website; and/o
- from publicly available sources or third parties such as our business partners, event organizers, platforms, and service providers, including single sign-on services, database services, and social media websites in which cases we rely on the third parties’ commitment that you have authorized the disclosure of such personal information to us.
Basis for our collection of your personal information
We collect your personal information:
- based on your desire to use our services or engage with us
- so that we may fulfil a contract or commitment with you
- so that we may comply with our legal obligations including for business, accounting and tax purposes
- our legitimate interest in improving, enhancing, and operating our products, services, and business
How we use your personal information
We may use your personal information in a variety of ways including to:
- provide, improve, and develop our products, services, and website, such as delivering our products, administering your account, processing payments, improving user experience, and compiling reports
- process registrations and complete transactions, such as processing payments for events you sign up for, completing forms you submit to us, and allowing you to download certain materials from our website
- comply with business and legal obligations, such as accounting, record-keeping, compliance with legal requests, and preventing violation of laws
- protect our products, services, and business operations, to ensure safety and protect the rights and property of Billsby or its stakeholders
- prevent and detect fraud, unauthorized activities and access, and other misuse
- investigate and take action regarding illegal activities, suspected fraud, threats to safety or legal rights, or violations of our terms of service
- send marketing communications, contextualize and personalize content, send product updates, newsletters, rewards, incentives, gifts, and vouchers, publish testimonials and reviews, host events and programs, show personalized advertisements, and analyze usage patterns
- conduct surveys, solicit feedback, and analyze usage and behavior patterns
- evaluate job applications, retain information for future job opportunities, and reach out for job opportunities
- process information for CSR initiatives, responsible disclosure policy, bug bounty program, and other specific initiatives and programs
Protection and retention of your personal information
We take appropriate security measures to protect your personal information and retain it only for as long as necessary to fulfil our legal obligations and enforce our agreements. We determine the appropriate retention period for personal information on the basis of the amount, nature, and sensitivity of the personal information being processed, the potential risk of harm from unauthorized use or disclosure of the personal information, whether we can achieve the purposes of the processing through other means and any applicable legal requirements. After the applicable retention period, your information will be deleted, unless deletion is not practical or impossible to do so due to technical or other reasons. In such cases, we will implement measures to prevent misuse of the information. We may anonymize your personal information so that it can no longer be associated with you in which case we may use such information without further notice to you.
Cross border transfers of information
Your personal information may be processed by us in countries where we are located, or any other country where our service providers, partners and other third parties listed above are located, including the United States and the United Kingdom, and which may or may not be subject to an adequacy decision for the purposes of the General Data Protection Regulation (EU Regulation 2016/679). When your personal information is transferred across borders, the company will ensure that it is done in compliance with applicable laws, and appropriate measures will be taken to safeguard the information.
You may have certain rights with regard to your personal information, such as the right to access, rectify, erase, restrict processing, receive a transferable copy, and not be subject to decisions based solely on automated processing. These rights will be dependent on applicable data protection laws. Rights specific to the residents of California and Virginia are set out below in the section entitled “California and Virginia specific rights and provisions”.
Exercise of rights
You may contact us at the address below in the “Contact us” section regarding the right you wish to exercise, the details of the personal information with respect to which you wish to exercise the right and your location, and applicable law (if known). We may need to collect additional information from you to fulfil your request or verify your identity. We will review your requests and respond within the relevant legal time frame. In some cases, if the request is complex, we may need more time or decline it. At all times we will aim to keep you informed. If you object to or opt out of certain processing of your personal information, we will retain only what is necessary to ensure we don't contact you or process your information for those purposes. We encourage you to use the specified ways we have provided to opt out of certain communications and processing, such as:
- Marketing communications by using the "unsubscribe" option provided in such communications. Please note that opting out of marketing communications does not mean you will stop receiving communications related to your existing relationship with us, such as product and service updates, maintenance notifications, security information, and event information. To exercise your rights, you can use the available options within your account, such as updating your settings, preferences, and profile information.
Information controlled by third parties
We are not responsible for third-party websites and products linked to our website. These links have separate privacy policies and terms. We do however aim to protect the integrity of our website and welcome any feedback in relation to third party links. Our blog comments may be managed by a third-party application that requires registration. We do not have control over the information posted in the comments section, and you will need to contact the third-party application to have your personal information removed.
Updates to this Privacy Notice
We may update this Privacy Notice to reflect changes in our privacy practices. If there are any material changes that affect your rights, we will notify you through a notice or banner on our website, an email to an administrator of your account, or through an in-app notification. We recommend reviewing this page regularly for the latest information. If you have any questions about this Privacy Notice, our privacy practices, or your relationship with us, you can contact us using the information provided below.
If you have any queries regarding this Privacy Notice or your engagement with us please contact us at:
New Derwent House
69-73 Theobalds Road
California and Virginia specific rights and provisions
This section provides additional information for California and Virginia residents and the personal information we collect from them as a business about their rights under the California Consumer Privacy Act (“CCPA”) and the Virginia Consumer Data Protection Act (“VCDPA”), respectively. This section does not apply to any personal information that is exempt under CCPA or VCDPA.
Categories of personal information collected
The categories of personal information that we have collected in the twelve (12) months prior to the Effective Date and that we may collect include:
- Commercial information
- Internet or electronic network activity information
- Geolocation data
- Audio, electronic, visual, or similar information
- Professional or employment-related information
- Education information
- Inferences drawn from the above
- Sensitive personal information (e.g. social security number, state ID, passport number, geolocation data, government ID, biometric info, criminal history, health info
Purposes for which we collect personal information
We collect this information for the following business purposes (see also section entitled, "What we use your personal information for" above):
- To provide, improve, and develop our products, services, and website
- To process registrations and transactions
- To comply with business and legal obligations
- To ensure security and protect rights
- For sales and marketing activities
- For business and research purposes
- For recruitment activities
- For other company initiatives
Disclosure of personal information
In the last twelve (12) months, we have disclosed some of the categories of personal information listed in paragraph 1 above for business purposes to service providers, contractors, or other third parties who support our business.
Sale and sharing of personal information
We do not sell personal information for money. However, we may be considered as "selling" and "sharing" personal information through our use of third-party analytics and advertising cookies. In the last twelve (12) months, we have shared or sold (as defined by CCPA) the following categories of personal information for advertising purposes:
We do not sell personal information if we have actual knowledge that the consumer is under 18 years of age. We do not have actual knowledge that we "sell" or "share" information from individuals under 18. You have the right to opt-out of "sales" and "sharing" of your personal information (as defined by CCPA). To exercise this right, please email us at email@example.com. Please note that opting out of "sales" will not opt you out of sharing data with our service providers. Pursuant to the provisions of applicable law, the Company may disclose some of the personal information described above for business purposes to third parties listed in the section entitled, “Sharing your information with third parties” above.
De-identification of personal information
In certain circumstances, the Company may deidentify personal information and use such deidentified information for internal purposes. The Company agrees to maintain and use this information in deidentified form and shall not attempt to reidentify it, except to evaluate the effectiveness of the deidentification process.
Rights of the residents of the State of California
Subject to applicable limitations, residents of the State of California have certain rights with respect to their personal information including to:
- Request information regarding the categories of personal information collected, the sources of collection, business or commercial purpose of collection or sale, categories of third parties with whom the information was shared, and specific pieces of personal information collected
- Request correction of inaccurate personal information
- Request deletion of personal information held by the Company or its service providers, contractors, or other third parties to whom the information was disclosed
- Opt out of any sale or sharing of personal information
- Request transfer of specific pieces of personal information to another entity
- Limit use and disclosure of sensitive personal information in specific instances
- Not be discriminated against for exercising rights under the CCPA.
“Shine the Light” requests. California residents may submit a "Shine the Light" request to obtain information about any personal information shared with third parties for their direct marketing use. This request may be submitted once per calendar year. The request must include a current California address and an attestation of California residency. “Do Not Track” requests. We do not respond to “Do No Track” requests.
Rights of the residents of the Commonwealth of Virginia
Residents of the Commonwealth of Virginia have certain rights, subject to applicable limitations, with respect to their personal data including to:
- Confirm processing of their personal data and access such data
- Correct inaccuracies in their personal data, taking into account the nature of the data and the purpose of processing
- Request the deletion of personal information provided by or obtained from you
- Request the deletion of personal information collected from sources other than you. We shall comply with such a request by either (i) retaining a record of the deletion request and the minimum information necessary for the purpose of ensuring your personal information remains deleted from the business’s records and not using such retained information for any other purpose pursuant to this section or (ii) opting you out of the processing of such personal information for any purpose except those exempted by the Virginia Data Protection Act
- Request the transfer of the personal information collected to another controller in a technical feasible and readily usable format
- Opt-out of the processing of the personal information for purposes of (i) targeted advertising (ii) the sale of personal information or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you
Requests under CCPA and VCDPA
Residents of California and Virginia may make a request pursuant to their rights under the CCPA and VCDPA respectively by contacting us at firstname.lastname@example.org or via mail to our address at the “Contact us” section above. We will verify your request using the information associated with your account. We will let you know if we need additional information to verify your identity. We shall not disclose further the personal information collected for verification of a request or retain it for longer than is necessary for the purpose of verification. If we are unable to verify your identity after a good faith attempt, we may deny your request. In such circumstances, we shall explain the basis for the denial. You may also designate an authorised agent to exercise these rights on your behalf. They must provide us with sufficient verification in their first communication with us of their legal ability to submit a request on your behalf. Businesses acting as authorized agents must provide both (i) a certificate of good standing with its state of organization, and (ii) a written authorization signed by the Californian resident. Individuals acting as authorized agents must provide either (i) a notarized power of attorney signed by the Californian resident, or (ii) a written authorization signed by the Californian resident expressly authorizing the individual to act on their behalf. For security reasons, we reserve the right to reject requests from authorized agents who do not fulfil these requirements to protect the information of the individual in question.
Where we are a service provider
We may also act as a service provider (as defined in CCPA). When we act as a service provider (including by providing our services to another company who you interact with, we follow the instructions of the company that engaged us as a service provider and you should directly contact that company if you have any questions or would like more details on how your personal information is processed by that company.