Privacy Policy

 

 

Esker, Inc. ("Esker,” “we,” “us,” or “our”), a subsidiary of Esker, S.A., is a recognized leader in helping organizations eliminate manual processes, gain process visibility, and control, and reduce the use of paper by automating the flow of documents into, within, and out of an organization. Esker respects individual privacy and values the confidence of its customers, employees, consumers, business partners, and others. Not only does Esker strive to collect, use, and disclose information that can be used to identify a person (“Personal Information") in a manner consistent with the laws of the countries in which it does business, but it has a tradition of upholding the highest ethical standards in its business practices. This Privacy Policy (“Policy”) applies to the following Esker websites: www.esker.com, www.esker.com/termsync-terms-service and www.eskerondemand.com (“Esker Websites”) and extends to any communication Esker uses to conduct business. By visiting the Esker Websites you are agreeing to the processing of your Personal Information in accordance with this Policy. This Policy explains when Personal Information is collected, what types of Personal Information are collected, and how the Personal Information is used by Esker.

 

When Personal Information is collected. Examples of when Esker collects Personal Information include but are not limited to the following: (a) create a user account to become a member of the Esker Websites; (b) make online purchases; (c) register Esker products online; (d) employment application submissions to Esker Human Resources;  (e) register for webcasts; (f) complete information requests or document download forms on the Esker Websites; (g) participate in surveys, evaluations, promotions, contests, giveaways, or online chats; (h) submit questions or comments to Esker; (i) sign a contract for Esker services; (j) subscribe to Esker’s blog; and (k) attend conventions, trade shows, and expositions. Esker also collects Personal Information through the use of cookies and web beacons on the Esker Websites and via communications by post, email, live chat, contact forms, phone, or any other medium. In case of telephone calls or chat sessions, Esker uses third party service providers to provide these services and may record such calls or chat sessions to improve the quality of services of Esker after informing you accordingly during that call and, subject to applicable law, receiving your prior consent before the recording begins.

 

Types of Personal Information Collected. The types of Personal Information which may be collected when you visit the Esker Websites include but are not limited to the following: (a) your first and last name; (b) your title, department, and your company's name; (c) your home, work, or other physical address (including street name, name of a city or town, state/province); (d) your e-mail address; (e) your telephone number; (f) your fax number; (g) internet protocol address or any other identifier/connection data that permits Esker to make physical or online contact with you; and (h) any information that Esker collects online from you and maintains in association with your account, such as your Esker username and password.

 

How Personal Information is used. Esker will use Personal Information only in ways that are compatible with and relevant for the purposes for which it was collected. Esker will retain the Personal Information for no longer than is necessary for the purposes for which the Personal Information was collected. Esker may be required to release an individual’s Personal Information in response to lawful requests by public authorities including to meet national security and law enforcement requirements. Esker will not share, sell, rent, or trade with third parties for their marketing purposes any of your data or your customer’s data collected by us, unless you direct us to do so and have the appropriate authorization to do so. Examples of how Esker may use the Personal Information you provide include, but are not limited to the following: (a) create and maintain your accounts; (b) process, fulfill, and follow-up on your orders and special requests; (c) register your products; (d) answer your questions; (e) register you in programs (per your request); (f) send you marketing surveys, newsletters, event invitations, and product information (g) customize and facilitate your navigation on the Esker Websites; (h) process your employment application; (i) provide you with information related to your account and the products and/or services you purchase from Esker; (j) better understand your needs and interests; (k) improve and develop Esker’s products and services internally at Esker and Esker, S.A. and its affiliates ; (l) personalize communications; (m) prevent and detect fraud and abuse in order to protect your security and the security of Esker’s customers; and (n) comply with legal obligations. Any other information transferred by you in connection with its visit to the Esker Websites-that is information that cannot be used to identify you-may be included in databases owned and maintained by Esker or its agents. Esker retains all rights to these databases and the information contained in them. Esker also posts your testimonials/comments/reviews on the Esker Websites which may contain Personal Information. Esker obtains your consent via email prior to posting the testimonial to post your name along with your testimonial. Esker Websites offer publicly accessible blogs or community forums such as blog.esker.com. You should be aware that any Personal Information you provide in these areas may be read, collected, and used by others who access them. Esker shall not be responsible or liable for the Personal Information you choose to submit in these forums.

 

Pursuant to the Data Privacy Frameworks, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain Personal Information relating to you in the United States. Upon request, we will provide you with access to the Personal Information that we hold about you. You may also correct, amend, or delete the Personal Information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the Data Privacy Frameworks, should direct their query to usprivacy@esker.com. If requested to remove data, we will respond within a reasonable timeframe. 

 

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your Personal Information, please submit a written request to

 

Third Party Websites, Third Party E-Commerce Solutions Provider & Esker’s Agents. As a convenience to you, the Esker Websites may contain links to a number of other third-party websites that Esker believes may offer useful information. This Policy does not apply to those third-party websites. All Personal Information collected on the third-party websites is controlled by that company’s privacy policy. Esker recommends you contact those websites directly for information on their privacy, security, data collection, and distribution policies. Esker’s shopping cart is hosted by its e-commerce solutions provider, who hosts Esker’s ordering system and collects Personal Information that pertains to billing-such as your credit card number-directly from you for the purpose of processing your order. When you place your order and hit the “payment” box, you are navigated away from the Esker Websites and taken directly to the website of Esker’s e-commerce solutions provider to provide your Personal Information and complete your order. Esker does not access, use, or store the Personal Information that pertains to your billing information. This Policy does not apply to Esker’s e-commerce solutions provider. You should read the privacy statement of Esker’s e-commerce solutions provider with regards to how it accesses, handles, and stores your Personal Information. Esker also engages service providers and suppliers (“agents”) to perform certain functions on Esker’s behalf such as: information processing, extending credit, fulfilling orders, delivering products to you, managing and enhancing your data, providing customer service, assessing your interest in Esker products and services, data analysis, auditing services, and conducting legitimate research or marketing satisfaction surveys. Those agents will be permitted to process Personal Information only to perform the services specified by Esker. They are required to maintain the confidentiality of the information and are prohibited from using it for any other purpose. Each agent has entered into written terms with Esker requiring that the agent abide by terms no less protective than Esker’s own privacy standards.

 

Esker’s accountability for personal data that it receives in the United States under the Data Privacy Frameworks and subsequently transfers to a third party is described in the Data Privacy Frameworks. In particular, Esker remains responsible and liable under the Data Privacy Frameworks if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Esker proves that it is not responsible for the event giving rise to the damage. 

 

Security. Esker takes reasonable and appropriate physical, technical, and organizational precautions to protect your Personal Information in its possession from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Specifically, with regard to the Esker Websites, Esker hosts the Esker Websites in a secure server environment that uses firewalls, intrusion detection systems, and other advanced technology to prevent interference or access from outside intruders. Furthermore, Esker uses Secure Socket Layer technology on the Esker Websites to encrypt Personal Information when Personal Information is sent on the Esker Websites. Additionally, Esker annually trains its employees on this Policy. Even with these safeguards in place, no method of transmission over the internet is 100% secure and Esker does not guarantee the security of Personal Information transmitted via the Internet.

 

Data Privacy Frameworks. Esker complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Esker has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  Esker has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  Furthermore, Esker adheres to the EU-U.S. DPF Principles with regard to personal data transferred from the European Union and the United Kingdom and the Swiss-U.S. DPF Principles with regard to personal data transferred from Switzerland. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

 

With respect to personal data received or transferred pursuant to the Data Privacy Frameworks, Esker is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. In certain situations, Esker may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. In compliance with the Data Privacy Framework Principles, Esker commits to resolve complaints about your privacy and our collection or use of your Personal Information transferred to the United States pursuant to the DPF Principles.  EU, UK and Swiss individuals with DPF inquiries or complaints should first contact Esker here at usprivacy@esker.com. Esker has further committed to refer unresolved privacy complaints under the Data Privacy Framework Principles to an independent dispute resolution mechanism, BBB NATIONAL PROGRAMS.  If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you. If your Data Privacy Frameworks complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See DPF Annex 1 at https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf  

  

Your Rights under the General Data Protection Regulation (“GDPR”). EU Individuals may lodge privacy complaints or enforce their GDPR rights with a supervisory authority listed at: https://ec.europa.eu/justice/article-29/structure/data-protection-author.... The Global Data Protection Officer for Esker can be contacted at euprivacy@esker.com and the Chief Compliance Officer in the United States can be contacted at usprivacy@esker.com.

 

Notice to Residents of Québec – Law 25. Regarding An Act to Modernize Legislative Provisions regarding the Protection of Personal Information, known as Law 25, the personal data that we collect or receive about you may be transferred to and processed by recipients who are located in a jurisdiction where the level of data protection may not be equivalent to the level of protection applicable at your location. Where local laws require, Esker will take steps to ensure that any transfer of personal data outside of the originating jurisdiction is carefully managed to protect your privacy rights and ensure that adequate safeguards are in place.  Transfers of Personal Information from the UK or EEA to third countries will be made pursuant to Standard Contractual Clauses or other legally acceptable mechanisms approved by the relevant supervisory authority with jurisdiction over Esker, Inc. Esker, Inc. has also established an intra-group data transfer agreement to regulate cross-border transfers of Personal Information within other subsidiaries of Esker, Inc’s. parent company, Esker, S.A.

 

Notice to Residents of California. Rights under the California Consumer Privacy Act (CCPA) of 2018 as expanded by the California Privacy Rights Act of 2020 (“CPRA”). If you are a California resident, Esker processes your Personal Information in accordance with the applicable sections of the CPRA and the CCPA regulations as set by the California Privacy Protection Agency (CPPA Regulations). Except as what is specified under the applicable laws, EU Individuals are not entitled to CPRA rights and California residents are not entitled to GDPR rights. Esker does not share, sell, rent, trade, or lease your Personal Information, nor does it retain, use, or disclose Personal Information for any purpose, including commercial purposes, unless expressly permitted by the CPRA or CPPA Regulations. Thus, Esker does not offer an opt-out to the sale of Personal Information. In the preceding twelve months, Esker has not sold Personal Information. Esker will not discriminate against you for exercising any of your CPRA rights. Under the CPRA, you have the right to request that Esker disclose certain information to you about its collection and use of your Personal Information over the past twelve months. Once Esker receives and confirms your verifiable consumer request, Esker will disclose to you: (1) the categories of Personal Information collected about you, (2) the categories of sources for the Personal Information collected about you, (3) Esker’s business or commercial purposes for collecting or selling the Personal Information, (4) the specific pieces of Personal Information collected about you, and (5) if your Personal Information was sold or disclosed for a business purpose, Esker will identify the Personal Information sold, who it was sold to, and for what business purpose. Under the CPRA, you have the right to request that Esker delete your Personal Information and limit the use or disclosure of any sensitive Personal Information (if applicable). Once Esker receives and confirms your verifiable consumer request, Esker and any of its applicable agents will delete your Personal Information from its records, unless an exception under the CPRA or CPPA Regulations applies.

 

To exercise any of the above-referenced rights, please submit a verifiable consumer request to Esker at usprivacy@esker.com. Only you, or a person registered with the California Secretary of State that you authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may only make a verifiable consumer request twice within a twelve-month period. Additional information may be requested by Esker to verify your identity before honoring the request. Esker will use reasonable commercial efforts to respond to a verifiable consumer request within forty-five days of its receipt. If Esker requires up to ninety days to respond, written notification will be sent to you advising of the reason for the delay. In the event Esker determines in good faith that a verifiable consumer request is excessive, repetitive, or unfounded, a fee may be charged. In such a case, Esker shall notify you in writing and provide you with reasons for the fee and a cost estimate before completing your request.

 

Other California Privacy Rights. California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your Personal Information by us to third parties for the third parties’ direct marketing purposes. California Business and Professions Code Section 22581 permits registered users who are minors to request and obtain deletion of certain posted content. California Business and Professions Code Section 22575 requires an operator of a commercial website that collects Personally Identifiable information about California residents to disclose how it responds to web browser "do not track" signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about online activities over time. Because there is currently no industry standard on responding to such signals or mechanisms, Esker does not respond to them at this time.

 

Use of Cookies & Web Beacons. The Esker Websites use "cookies." A cookie is a small file that an Esker Website may send to your browser. This file is then stored on your hard drive. Cookies cannot be used to run programs or deliver viruses to a computer. The cookie saves information regarding your session and account on the Esker Website, which the browser passes back to the Esker Website's server. Cookies enable Esker to build better websites by recording how and when you use the Esker Websites and to better serve you when you return to the Esker Websites. Cookies are also used to ensure you do not fill out forms on the Esker Websites multiple times. You can set your browser to refuse cookies. The use of cookies by Esker’s business partners, affiliates, or service providers is not covered by this Policy. Esker does not have access to, or control over, those cookies. Esker’s business partners, affiliates, and service providers use session ID cookies to make it easier for you to navigate the Esker Website, in order for a visitor to use the shopping cart, etc. The Esker Websites contain electronic images known as web beacons (sometimes called single-pixel gifs) which may be used in some of Esker’s emails to let Esker know which emails and links have been opened by recipients. Some of Esker’s business partners also employ web beacons that help it better manage content on the Esker Websites. However, Esker has no access to or control over such web beacons.

 

Children’s Privacy. Children are restricted from customer registration and buying products/services on the Esker Websites. Furthermore, Esker does not knowingly collect or solicit any Personal Information from anyone under the age of thirteen through the Esker Websites. If Esker learns that it has Personal Information on a child under the age of thirteen it will immediately be deleted from Esker’s systems.

 

Esker’s Contact Information. To ask questions regarding this Policy, contact Esker at:

 

Esker, Inc.

Attn: General Counsel/Chief Compliance Officer

1850 Deming Way, Ste. 150

Middleton, WI 53562

Telephone: 1-800-368-5283

Email: usprivacy@esker.com

 

EU Individuals may lodge privacy complaints or enforce their GDPR rights with a supervisory authority listed at: http://ec.europa.eu/justice/article-29/structure/data-protection-authori... en.htm. The Global Data Protection Officer for Esker can be contacted at euprivacy@esker.com.

 

Changes to this Policy. Esker may amend this Policy from time to time. When Esker does update this Policy, it will also revise the “Last Updated” date at the bottom of this Policy. Any material changes to this Policy will also be posted at https://www.esker.com/privacy-policy/

  

Last Updated: December 20, 2023  

Top