This website requires JavaScript.
Skip to content

Privacy Policy

Summary

I. How is Your Personal Data collected and processed by Spendesk?

1) Personal Data collected on the Website

1. What Personal Data is collected on the Website?

2. Why is this Personal Data being collected?

3. How long is the Personal Data stored?

1. What Personal Data is collected for the use of the Spendesk Solution?

2. Why is Personal Data collected?

3. How long will Your Personal Data be stored?

II. What are Your rights?

1) How to exercise Your rights?

2) Where is Your Personal data stored?

3) Are your Personal Data shared with third parties?

III. Do we use cookies?






Privacy Policy

Spendesk, a simplified joint stock company registered in the Paris Trade and Companies Register under No. 821 893 286, having its registered office at 51 rue de Londres - 75008 Paris (France), offers an intuitive solution that helps companies to better manage, pay and monitor their professional expenses (hereinafter the “Spendesk Solution”) and publishes the website at https://www.spendesk.com (hereinafter the “Website”).

The provision and use of the Spendesk Solution and the Website require the processing of certain Personal Data. Personal Data are any information relating to an identifiable natural person and may include information that we collect relating to (i) persons who visit the Website and/or transmit Personal Data via the Website, and/ or (ii) employees and collaborators authorised by their employer to use the Spendesk Solution to manage their professional expenses (hereinafter the “Users”, the “User”, “You”, “Your” (plural) and “Your” (singular)).

By subscribing to and/or using the Website and/or the Spendesk Solution, You acknowledge and agree that Spendesk may process certain Personal Data concerning You, as well as certain information about the expenses made with the tools and/or recorded via the Spendesk Solution.

The purpose of this Personal Data Protection Policy is to describe how Spendesk processes Your Personal Data in connection with the use of the Website and/or the Spendesk Solution, and to inform You of Your rights in this regard. It may be updated, in particular in the event of changes to applicable laws regulating the processing of Personal Data or if we make improvements, additions or changes to the Spendesk Solution or the Website. The applicable version is the one accessible on the Website on the day of Your use of it and/or the Spendesk Solution.

Spendesk places the utmost importance on the security and integrity of the Personal Data entrusted to it. Spendesk undertakes to take all necessary precautions to preserve the security of Personal Data and, in particular, to protect Personal Data against any accidental or unlawful destruction, accidental loss, corruption, distribution or unauthorised access, as well as against any other form of unlawful processing or disclosure to unauthorised individuals.

To this end, Spendesk implements security measures that comply with our industry’s standards to protect Personal Data from unauthorised disclosure. In addition, to avoid any unauthorised access and to guarantee the accuracy and proper use of Personal Data, Spendesk has implemented appropriate electronic, technical and organisational measures to safeguard and preserve the Personal Data collected through its services.

Spendesk has appointed a Data Protection Officer (DPO), who can be contacted by email (privacy@spendesk.com) and whose role is, in particular, to ensure that Spendesk complies with the French Data Protection Act of 6 January 1978 (as amended), the EU General Data Protection Regulation of 27 April 2016 and any other applicable laws regulating the processing of Personal Data (hereinafter the “Data Protection Regulations”), and to respond to any requests and questions that are submitted.

Please find below the main answers to the questions You may ask about Spendesk’s commitments to the protection of Personal Data


I. How is Your Personal Data collected and processed by Spendesk?

1) Personal Data collected on the Website

Spendesk is the “data controller” of Personal Data collected via its Website.

1. What Personal Data is collected on the Website?

Personal Data about You may be collected when You browse the Website, mainly Your browsing data and Your IP address. We collect this in particular through the use of Cookies.

In addition, Personal Data relating to your identity (surname, first name, email address (professional and/or personal), telephone number, if applicable Your CV) may be sent to us by You via the Website when You contact us using contact forms, request a demonstration, or if You respond to a Spendesk job opening.

If You send Personal Data, documents or information to us via the Website, please check that this information does not contain any unnecessary confidential or sensitive data (for example, social security number, driver's license number, medical data, confidential information about Your company or employer, etc.).

In certain specific cases, Spendesk may need to ask for a copy of Your identity document, for example to verify Your right to use the Website, or any request You make to exercise Your rights under the Data Protection Regulations.

2. Why is this Personal Data being collected?

The main purpose of collecting Your Personal Data is to provide You with an optimal, efficient and personalised experience when You use our Website and its features.

The processing of Your Personal Data is based on Your consent and its purpose is to give You access to the Website and its various features, to respond to Your requests, but also to improve Your navigation, our services and offers, and to keep You informed of our news.

You can naturally, at any time, contact us in this regard and exercise Your rights under the Data Protection Regulations (see “What are Your rights?” below).

3. How long is the Personal Data stored?

Spendesk has defined retention periods for Personal Data collected from its Website.

With regard to Your browsing data, you will find their retention period in the “Cookies” section.

In the case of requests for information, contact or a demonstration, Your Personal Data is kept for 36 months since our last contact.

With regard to Your responses to our job openings or if you make a spontaneous online application, we retain Your Personal Data for the entire duration of our recruitment procedure or the duration necessary for the review of Your application and, with Your approval, an additional period of 2 years. If Your application is successful, we will retain Your Personal Data for the entire duration of the employment contract and for an additional period of 5 years after the end of our employment relationship.

These retention periods apply subject to the exercise of Your rights under the Data Protection Regulations, as indicated above.

The Spendesk Solution is made available to Users (employees or staff) at the request of their employer. In this context, the processing of Personal Data is carried out by Spendesk in its capacity as data processor within the meaning of the Data Protection Regulations, and on behalf of the employer in its capacity as “data controller”.

1. What Personal Data is collected for the use of the Spendesk Solution?

As part of the use of the Spendesk Solution, Spendesk may collect and store information that can securely identify Users, keep the history of their visits to the Website and their use of the Spendesk Solution, and in particular their transactions (payments using the Spendesk tools, refund requests, transmission of supporting documents), in accordance with the expenses policy and authorisations defined by the employer.

In particular, the following may be processed:

  • professional contact details and User identification information: first and last name, gender, business email address, telephone number, photograph (with the approval of the person concerned), post or position;
  • data required to provide access to the Spendesk Solution: username and password, IP address;
  • payment information, refund requests and expenses recorded in connection with the use of the Spendesk Solution;
  • invoices, expense reports and receipts sent via the Spendesk Solution.

For certain processing operations, Spendesk may use subcontractors, in compliance with its commitments to the data controller and its obligations under the Data Protection Regulations.

Spendesk undertakes to ensure the utmost security and confidentiality of the information, including Personal Data, whose processing is entrusted to it by the data controller.

Users of the Spendesk Solution are responsible for using it in compliance with the expense policy and authorisations defined by their employer and for ensuring that their access to the Spendesk Solution is secure, in particular by not sharing their personal usernames and passwords, regularly renewing them and immediately informing their employer and/or Spendesk of any fraudulent loss, disclosure or intrusion.

2. Why is Personal Data collected?

Spendesk needs to collect this Personal Data to perform the contract with the employer who subscribed to the Spendesk Solution and, consequently, to provide Users with access to the Spendesk Solution in accordance with that contract, but also to comply with its legal obligations (in particular accounting and tax obligations), in compliance with the Data Protection Regulations.

To apply the principle of data minimisation, Spendesk limits its collection and processing to the Personal Data and purposes that are strictly necessary to perform its contractual and legal obligations.

In particular:

  • the contact details of Users are processed to allow for the sending of information relating to the Spendesk Solution, its operation or use, security codes and instructions;
  • the User login data guarantee the connection of employees, identify them and provide them with access to the Spendesk Solution, and Spendesk invoice their employer for the Spendesk Solution;
  • the identification of the post or position of the Users allows user rights and authorisations to be applied as set out by the employer;
  • data relating to payment information is collected to ensure full payment or reimbursement of the User's business expenses, and their accounting treatment by the employer;
  • the invoices, expense reports and receipts sent by the Users are collected to retain evidence and accounting information necessary for payments and reimbursements, and for their accounting treatment.

3. How long will Your Personal Data be stored?

Spendesk retains Personal Data necessary for the use of the Spendesk Solution for as long as You use it and for an additional 24 months from the end of such use, to provide the necessary Personal Data to the data controller and to meet its contractual and legal obligations.

Payment and reimbursement data and supporting documents sent via the Spendesk Solution are archived for 11 years, in compliance with the Data Protection Regulations.

II. What are Your rights?

1) How to exercise Your rights?

In accordance with the Data Protection Regulations, You have the right to access, rectify, limit, erase and delete Personal Data concerning You, as well as the right to object and a right to portability.

You may at any time modify your Personal Identification Data (title, first name, last name, email address, telephone number, password) by logging in to the "My Profile" section of Your account, in compliance with the identification and use policy of the Spendesk Solution implemented by Your employer.

You may request to exercise Your rights through Your employer (data controller), but also by writing directly to us at: privacy@spendesk.com. We will acknowledge receipt of Your request and respond to it within 30 days, which may be renewable. We may require that Your request be accompanied by a photocopy of an identity document, kept only for the time to ensure this verification, and will inform Your employer of the nature of Your request and the actions to be taken.

To know more about Your rights regarding the protection of Personal Data, You may consult the relevant supervisory authority within the jurisdiction in which you reside.

2) Where is Your Personal Data stored?

The servers on which Spendesk processes and stores Personal Data are located in the territory of the European Union (Ireland).

3) Are your Personal Data shared with third parties?

Spendesk does not sell or lease Your Personal Data to third parties.

To facilitate the functioning of certain tools associated with the Spendesk Solution, for example to allow card payments or reimbursements, or to provide the commercial or technical service of the Spendesk Solution, certain Personal Data may be transmitted to partners located outside the European Union. The list of these partners is available upon written request.

Spendesk requires each of its partners to comply with applicable Data Protection Regulations and to provide written contractual guarantees regarding the safety and confidentiality of the processing. Spendesk does not otherwise disclose Your Personal Data to third parties, unless: (1) You (or the holder of Your Account acting on Your behalf) request or authorise disclosure; (2) disclosure is necessary to process transactions or provide the services you have requested; (3) Spendesk is required to transmit Your Personal Data to an administrative or judicial authority (requisition), or if (4) disclosure is necessary to comply with legal and/or regulatory obligations.

III. Do we use cookies?

We use cookies when You visit our website. A cookie is a small text file normally consisting of just letters, which is sent by our site or by third-party sites to Your computer or Your smart phone, and stored by Your browser or Your smart phone.

Cookies cannot delete or read information from Your computer or smart phone. However, the placing and recording of cookies can indirectly identify a user since they can detect the pages visited by a user on a site and remember their visit and profile. However, cookies are neither spyware nor viruses.

We use functional and technical cookies, which are essential for the use of the website; in particular, they allow You to access certain pages of our website or, for example, to store Your login details.

We may also use cookies to analyse and measure traffic on our site, its use, the effectiveness of our campaigns, and cookies for the purposes of personalising the content or services displayed (real-time browsing personalisation, identification of browsing problems in order to offer assistance, etc.).

Third party cookies may be installed when You visit our website, for example by advertising providers or social networks, to assess the performance of a campaign or to display advertisements for Spendesk on external sites.

You are informed of the existence and installation of cookies via the information banner displayed on the home page and You may at any time consult the list of cookies and exercise Your rights (acceptance or refusal of all or part of the cookies) via that browser banner and the link appearing on each page of our website.

Important: deactivating all or part of the cookies may prevent You from browsing the site or accessing certain content.

You can also configure Your browser to accept or refuse all or part of the cookies. For more information, please follow the link for Your browser:

🍪 We use cookies to optimize your user experience. By browsing our website, you agree to the use of cookies.

Read our cookies policy
close