Subscription and use of the services
In subscribing to our services, filling in a contact form on our website (https://www.spendesk.com) or other sites owned by us (Spendesk SAS), or otherwise using our services, you acknowledge that we have access to the information contained in the entries you create in your account, as well as certain information on the payments made directly with your Spendesk card or otherwise recorded on our website, and may gather, process, store and/or use any personal data thus provided in accordance with the policy set out below.
In that capacity and within the scope of the services, your company is responsible in particular for:
- making any declarations necessary to the relevant data protection authority
- complying with its obligations as data controller under all applicable laws and regulations informing you about their data processing practices and, if required, obtaining your explicit consent when collecting your personal data,
- ensuring they have the authority to use the personal data collected in accordance with the defined purposes and refraining from any unauthorised use.
Identity and contact details
Personal data is collected on our website by Spendesk SAS, a company registered under the laws of France under number 821 893 286 with the Paris Trade & Companies Register, and having its registered office at 28 rue d'Hauteville, 75010 Paris, France.
You may lodge any complaints on the manner in which we handle your personal data with your local supervisory authority (for France, the CNIL).
Data collected on the site
Personal data is collected when you register as a user and use our services. This may include information about who you are and how to contact you, browsing data and other technical data collected automatically through your activity on the website, information on the transactions you record through your Spendesk card and/or the website (including purchase history, receipts, amounts, etc.), professional information about identification within your company, your role and team, any requests, information on your subscription and/or account and any cards you hold, any expense policies applicable to you, and your communication with our teams.
Please ensure any information or documents you upload to the website does not include any sensitive personal data, such as Government identifiers (i.e. social security, driving licence, or taxpayer identification numbers), complete credit card or complete personal bank card numbers, medical records or particulars connected with applications for care or treatment associated with private individuals. By way of exception, if you are a manager or a business account holder, we may need to collect proof of your identity, as per our Terms, in order to verify your identity and deliver our services to you securely and in compliance with applicable laws.
You are responsible for ensuring that any third party whose personal data is entered into our services by you or through your use of a Spendesk card has been adequately informed and has consented to their personal data being collected.
Purposes of processing and legal basis
The principal purpose of collecting your personal data is to offer you an optimum, efficient and personalised experience when you use our services. To this end, you acknowledge that we may use your personal data, on the basis of our legitimate interest in offering high quality services and developing our customer relationships to:
- personalise, assess, and improve our services, content and materials;
- analyse the volume and history of your use of our services;
- suggest tips custom to your usage;
- inform you about our services, any updates, and any new services that may be of interest to you
Newsletter and marketing emails
You may unsubscribe from receiving any newsletter and marketing emails we may send you at any time by following the unsubscribe link included in every newsletter and marketing email sent to you by Spendesk.
Without systematically doing so, we may analyse and track the click rates and the number of emails sent which you open to assess performance rates on our emailing campaigns.
With your consent, Spendesk may publish a list of Customers & Testimonials on its site with information on your company and with reference to your name and your job title. Spendesk will only publish any such testimonial on its website with your express consent.
Third party disclosures
Certain personal data relating to you collected on our website may be forwarded to Spendesk’s partner companies or third party providers so that we may obtain assistance and support in the context of carrying out our services. Spendesk ensures that it has in place clear data protection requirements for all of its third party providers.
Spendesk does not sell or rent your personal data to third parties for their own marketing purposes.
Spendesk does not otherwise disclose your personal data to third parties, except if: (1) you (or your account owner acting on your behalf) requests or authorises disclosure thereof; (2) the disclosure is required to process transactions or supply services which you have requested; (3) Spendesk is compelled to do so by a government authority or a regulatory body, in the case of a court order, a summons to appear in court or any other similar requisition from a government or the judiciary, or to establish or defend a legal application; or, (4) the disclosure is necessary to comply with Spendesk’s legal and/or regulatory obligations.
Spendesk will inform you immediately, to the extent we are legally authorised to do so, in case of any application or order originating from an administrative or judicial authority relating to your personal data.
Your data protection rights
You can modify your identifying personal data (title, first name, last name, email, phone number, password) at any time by logging onto your account’s “My profile” section.
In accordance with the French Data Protection Law of 6 January 1978 as amended, and, as of May 25th 2018, the GDPR, you have the right to access, correct, request the portability, request the deletion, and/or oppose the processing of your personal data, under the conditions provided by the GDPR.
You may request to exercise your rights by sending us an email at firstname.lastname@example.org. We will acknowledge receipt of your request within a few days of receiving it, but may need up to 30 days to inform you of our decision to process it or not (unless specific circumstances justifying a longer processing time apply, in which case you will be notified). We may require that your request be accompanied by a photocopy of proof of identity or authority.
In addition, in the event a third party whose personal data you have included in data you enter into our services makes a request to exercise his/her data protection rights, we will honor that request after proper verification and will inform you of any consequences on the data available to you.
The cookies used by Spendesk are intended to enable or facilitate communication, to enable the services requested by users to be supplied, to recognise users when they revisit the site, to store the first referrers of traffic, to register logged-in sessions, to measure impact of ad campaigns and to enable Spendesk, internally, to carry out analyses on hit rates and browsing experience so as to improve content, and to track email opening rates, click rates and bounce-back rates at individual levels.
You can choose to decline acceptance of any or all cookies, but depending on the cookies you choose to decline, your experience of the website may be deteriorated.
To oppose the use of the cookies used on our Website, please refer to the links provided in the table below:
Analytics and customisation cookies.
These cookies collect information that is used either in aggregate form to help us understand how our websites is being used or how effective our marketing campaigns are, or to help us customise our website for you.
|Google Analytics||Used to measure how you interact with our website.||Opt-out|
|Mixpanel||Used to measure how you interact with our website.||Opt-out|
|Fullstory||Used to record logged-in sessions and help debugging and improving our website.||Opt-out|
|Hubspot||Used to measure how you interact with our website.||Opt-out|
|Salesloft||Used to remember the first visits UTMs.||Opt-out link inside every email|
|Segment||Used to enable analytics and functionalities of all the other tools, including Segment.||Opt-out|
|Spendesk||Used to remember the first visits UTMs.||Opt-out|
|Appvizer||Used to measure how you interact with our website.||Opt-out|
Performance and functionality cookies.
These cookies are used to enhance the performance and functionality of our website.
|Intercom||Used to enable customised chat conversations||Opt-out|
|Wootric||Used to enable satisfaction surveys||Opt-out|
These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously re-appearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.
Data retention period
Spendesk retains the personal data it collects about you in active databases, log files or other types of files so long as you use our services, and in accordance with the current regulations in force.
Location of data storage and transfers
The host servers on which Spendesk processes and stores its databases are located exclusively within the European Union (in Ireland). However, some data might transit and be stored outside of the European Union via the usage of certain third party processors located in the United States. Any transfers towards such third-parties will be protected by adequate frameworks such as a Privacy Shield certification or a data transfer agreement based on the EU Commission’s model clauses.
Within the framework of its services, Spendesk attributes the very highest importance to the security and integrity of its customers’ personal data.
Thus and in accordance with the GDPR, Spendesk undertakes to take all pertinent precautions in order to preserve the security of the data and, in particular, to protect them against any accidental or unlawful destruction, accidental loss, corruption, unauthorised circulation or access, as well as against any other form of unlawful processing or disclosure to unauthorised persons.
To this end, Spendesk implements industry standard security measures to protect personal data from unauthorised disclosure.
Moreover, in order to avoid in particular all unauthorised access, to guarantee accuracy and the proper use of the data, Spendesk has put the appropriate electronic, physical and managerial procedures in place with a view to safeguarding and preserving the data gathered through its services.
Notwithstanding this, there is no absolute safety from piracy or hackers. That is why in the event a breach of security were to affect your rights, Spendesk undertakes to inform you thereof without undue delay and to use its best efforts to take all possible measures to neutralise the intrusion and minimise the impacts.