Bonterms Privacy Policy
Effective as of July 24, 2023.
This Privacy Policy describes how Bonterms, Inc. (“Bonterms,” “we“, “us” or “our“) handles personal information that we collect through our website at bonterms.com (including any related domains) and the Bonterms Platform (collectively, the “Service”), as well as through our marketing and other activities described in this Privacy Policy.
California residents: See our California privacy notice for information about your personal information and privacy rights.
Individuals in the EEA/UK: See our Notice to European users for information about your personal information and data protection rights.
The Service is designed to assist enterprise companies with entering into commercial agreements and is not intended for use by individuals for personal, family, household or other consumer purposes.
This Privacy Policy does not apply to our processing of personal information on behalf of users of the Bonterms Platform Cloud Service, which is governed by our separate agreements for the Bonterms Platform Cloud Service with those users.
If you have any questions or concerns about our use of your personal information, then please contact us using the contact details under the How to contact us heading below.
Index
Personal information we collect
How we use your personal information
How we share your personal information
Your choices
Other sites and services
Security
International data transfers
Children
Changes to this Privacy Policy
How to contact us
California privacy notice
Notice to European users
Personal information we collect
The personal information we collect from you, either directly or indirectly, will depend on how you interact with us and with our Service. We collect personal information about you from the following different sources:
Information you provide to us. Personal information you may provide to us through the Service or otherwise includes:
- Contact data.Your first and last name, email address, mailing addresses, professional title and company name, phone number and other contact details.
- Profile data. The username and password for your Service account and any other information you choose to add to your Service profile.
- Communications data.Information in your communications with us, including when you communicate with us through the Service, social media, events, or otherwise, including any feedback you provide about the Service and your responses to surveys.
- Other data. Information not specifically listed here, which we will use as described in this Privacy Policy or as otherwise explained at the time of collection.
Information automatically collected. As you navigate through the Service, our communications and other online services, we and our service providers may automatically collect information about you, your computer or mobile device, and your browsing actions and use patterns, such as:
- Device data. This will include technical information about your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique device identification numbers or other identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.
- Usage data. This will include page views and searches, log-in information, how long you spent on a page, the website you visited before browsing to the Service, navigation paths between pages, information about your activity on a page or screen, access times and duration of access, whether you have opened our emails or clicked links within them and other usage or functional information on Service performance (like diagnostics and crash logs).
Cookies and similar technologies. Some of the information we collect automatically is captured using cookies and similar technologies, as further described in our Cookie Notice.
Information from third parties. We may combine personal information we receive from you or collect automatically with personal information we obtain from other sources, such as publicly accessible social media profiles and business contacts who send us information about their colleagues and contacts, including potential customers and partners.
Publicly available sources, such as social media platforms, company website bios and other publicly available websites.
How we use your personal information
We use your personal information for the purposes described in this Privacy Policy or as otherwise described to you at the time of collection:
Service delivery. We use your personal information to register your account on our Service, to manage and administer your Service account, provide the Service and to communicate with you about our Service (including support and administrative messages).
Business operations. We use your personal information to administer and maintain our Service and our IT systems (including monitoring, troubleshooting, data analysis, testing, system maintenance, repair and support, reporting and hosting of data) and to operate our business.
Service improvements. We use your personal information for research and development purposes, including to analyze and improve the Service and our business in an informed way. As part of these activities, we may create aggregated, de-identified and/or anonymized data from personal information we collect. We make personal information into de-identified or anonymized data by removing information that makes the data personally identifiable to you. We may use this aggregated, de-identified or otherwise anonymized data and share it with third parties for our lawful business purposes, including to analyze, improve and promote the Service and our business.
Marketing. We may collect and use your personal information to send you marketing and other non-transactional communications (e.g. newsletters, promotional emails) we think may be of interest in accordance with your preferences. You may opt-out of our marketing communications as described in the Opt-out of marketing section below.
Compliance and protection.
We use your personal information to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities. We also use your personal information to protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims), including by conducting internal audits against our policies; enforcing the terms and conditions that govern the Service; and taking steps to prevent, investigate and deter fraud, cyberattacks or other unauthorized, unethical or illegal activity.
We may share your personal information with the following categories of recipients and as otherwise described in this Privacy Policy or at the time of collection.
Counterparties. Your counterparties to proposed agreements for the purpose of facilitating your negotiation of those agreements with the counterparties through the Service.
Your organization. Any organization that has assigned a Service account to you, which will be able to see your profile data and certain activity associated with the account.
Affiliates. Our corporate affiliates that we control, are controlled by, or with which we are under common control, for purposes consistent with this Privacy Policy.
Service providers. Third parties that provide services on our behalf or help us operate the Service or our business (such as hosting, information technology, customer support, email delivery, marketing, customer research, analytics).
Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.
Business transferees. Parties (and their advisors) to business transactions (or negotiations of or due diligence for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Bonterms or our affiliates (including, in connection with a bankruptcy or similar proceedings).
Your choices
This section applies to all users. Some users may also have additional rights under applicable privacy laws, as described in the relevant region-specific sections below. If you do not provide information we identify as required or mandatory, we may not be able to provide features or services that require that information.
Access or update your information. You may review and update certain Service account information by logging into your account.
Opt-out of marketing communications.
You may opt-out of marketing emails at any time by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. Please note that if you opt-out of promotional emails, you may continue to receive service-related and other non-marketing emails.
Cookies. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. See our Cookie Notice for more information about how to control cookies.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Other sites and services
The Service may contain links to or integrations of websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or other online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.
Security
We use technical, organizational and physical safeguards designed to protect the personal information we collect and process about you. However, security risk is inherent in all internet and information technologies, and we cannot guarantee the security of your personal information.
Retention
We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for the compliance and protection purposes described above. Factors determining the appropriate retention period for personal information include the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information, the purposes for which we process the personal information, whether we can achieve those purposes through other means, and the applicable legal requirements.
When we no longer require the personal information we have collected about you, we will either delete or anonymize it (so that it is no longer personally identifiable with you) or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will isolate your personal information from any further processing, employing security safeguards designed to protect it, until deletion is possible.
International data transfers
We are headquartered in the United States and may use service providers that operate in the United States and other countries other than the country in which you are resident. These countries may have data protection laws that differ from those of your country (and, in some cases may not be as protective as those in your state, province, or country). Specifically, our servers are located in the United States and our third party service providers operate in the United States and may operate in other countries This means that when we collect your personal information we will process it in any of these countries.
Users in the United Kingdom and the European Economic Area should read the information provided below about transfer of personal information outside of those locations.
Children
The Service is not intended for use by anyone under 18 years of age. If you are a parent or guardian of a child from whom you believe we have collected personal information in a manner prohibited by law, please contact us. If we learn that we have collected personal information through the Service from a child without the consent of the child’s parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.
Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service or other appropriate means. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Privacy Policy indicates your acknowledgment that the modified Privacy Policy applies to your interactions with the Service and our business.
How to contact us
If you have questions or concerns about this Privacy Policy or our practices, please contact us at Bonterms, Inc., 268 Bush Street, #2912, San Francisco, California 94104 or privacy@bonterms.com.
California privacy notice
This notice describes our collection, use and disclosure of personal information of California residents in our capacity as a “business” under the California Consumer Privacy Act (“CCPA”) and their rights with respect to their personal information. For purposes of this notice, “personal information” has the meaning given in the CCPA but does not include information exempted from the scope of the CCPA.
Information practices. The following describes our practices currently and during the past 12 months:
- Collection and disclosure.The chart below describes the personal information we collect by reference to the statutory categories of personal information specified in the definition of “personal information” in the CCPA, and the categories of third parties to whom we disclose it. The terms in the chart refer to the categories of information and third parties described above under Personal information we collect. We collect all categories of personal information from the sources and use them for the business/commercial purposes described above in the Privacy Policy. Information you voluntarily provide to us, such as in free-form webforms, may contain other categories of personal information not described below. We may also disclose personal information to professional advisors, law enforcement and government authorities, and business transferees as described in the How we share your personal information section of this Privacy Policy.
Statutory category/ personal information we collect | Categories of third parties to whom we disclose the personal information for a business purpose |
Identifiers ● Contact data ● Profile data ● Communications data ● Device data | ● Counterparties ● Your organization ● Affiliates ● Service providers |
California Customer Records (as defined in California Civil Code §1798.80) ● Contact data ● Profile data ● Communications data | ● Counterparties ● Your organization ● Affiliates ● Service providers
|
Commercial Information ● Device data ● Online activity data | ● Affiliates ● Service providers |
Internet or Network Information ● Device data ● Online activity data | ● Affiliates ● Service providers |
Professional or Employment Information ● Contact data ● Profile data | ● Counterparties ● Your organization ● Affiliates ● Service providers |
Education Information ● Contact data ● Profile data | ● Your organization ● Affiliates ● Service providers |
Inferences May be derived from all of the above. | ● Affiliates ● Service providers |
Sensitive personal information ● Profile data (Service account username/password) | ● Affiliates ● Service providers |
- Sales and sharing of personal information.We do not “sell” or “share” personal information as those terms are defined in the CCPA and have no actual knowledge that we have sold or shared the personal information of California residents under 16 years of age. Accordingly, we do not process requests to opt-out of “sales” or “sharing” of personal information transmitted by opt-out signals.
- Sensitive personal information.We do not use or disclose sensitive personal information for purposes subject to the right to limit under the CCPA.
Your privacy rights. As a California resident, you have the following rights under the CCPA:
- Right to know. You can request information about the categories of personal information that we have collected; the categories of sources from which we collected personal information; the business or commercial purpose for collecting, sharing and/or selling personal information; the categories of any personal information that we sold or disclosed for a business purpose; and the categories of any third parties with whom personal information was sold, shared or disclosed for a business purpose.
- Right to access. You can request a copy of certain personal information that we have collected about you.
- Right to deletion. You can request that we delete personal information that we collected from you.
- Right to correction. You can request that we correct inaccurate personal information that we have collected about you.
- Nondiscrimination. You are entitled to exercise the rights described above free from discrimination as prohibited by the CCPA.
Exercising your rights. You may submit requests to exercise your right to know, access, deletion and correction by contacting us. The rights described above are not absolute, and in certain cases, we may decline your request as permitted by law. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.
Identity verification. We need to verify your identity to process your requests to exercise your rights to know, access, deletion, and correction, and we reserve the right to confirm your California residency. To verify your identity, we may require you to log into a Service account if you have one, provide identifiers we can match against information we may have collected from you previously, confirm your request using the email address or telephone number that we have on record, provide government identification, or provide a declaration under penalty of perjury, where permitted by law.
Authorized agents. Your authorized agent may make a request on your behalf upon our verification of the agent’s identity and our receipt of a copy of a valid power of attorney given to your authorized agent pursuant to applicable state law. If you have not provided your agent with such a power of attorney, we may ask you and/or your agent to take additional steps permitted by law to verify that your request is authorized, such as information required to verify your identity and that you have given the authorized agent permission to submit the request.
Notice to European users
The information provided in this notice applies only to individuals in the United Kingdom (“UK”), the European Economic Area (“EEA”) and Switzerland (we collectively refer this group of countries as “Europe”).
The personal information that we collect from you is identified and described in greater detail in the section of the Privacy Policy entitled Personal information we collect.
Controller. Bonterms, Inc. is the controller of your personal information described in this Privacy Policy. See the Contact us section above for contact details.
Legal bases for processing. European data protection law requires that we have a “legal basis” for each purpose for which we process your personal information. Depending on the purpose for collecting your information, we may rely on one of the following legal bases:
- The processing is necessary to perform a contract that we are about to enter into, or have entered into, with you (“Contractual Necessity”).
- The processing is necessary to pursue our legitimate interests or those of a third party and we are confident that your privacy rights will be appropriately protected (“Legitimate Interests”).
- We need to comply with laws or to fulfill certain legal obligations (“Compliance with Law”).
- We have your specific consent to carry out the processing for the purpose in question (“Consent”). Generally, we do not rely on Consent as a legal basis for using your personal information other than in the context of direct marketing communications where required by applicable law.
The table below identifies the legal bases we rely on in respect of the relevant purposes for which we use your personal information. For more information on these purposes and the categories of personal information involved, see the section in the Privacy Policy entitled How we use your personal information.
Processing purpose
| Types of personal information processed | Legal basis |
Service delivery | ● Contact data ● Profile data ● Communication data ● Device data ● Online activity data
| Contractual Necessity.
If we have not entered into a contract with you, we process your personal information based our Legitimate Interests (in providing the Services you access or request) |
Business operations | ● Contact data ● Profile data ● Communication data ● Device data ● Online activity data
| Contractual Necessity.
If we have not entered into a contract with you, we process your personal information based our Legitimate Interests (in operating, providing and improving our business) |
Research and development | ● Contact data ● Profile data ● Communication data ● Device data ● Online activity data
| Our Legitimate Interests (in analyzing and improving our Services and our business). |
Marketing | ● Contact data ● Profile data ● Communication data
| Our Legitimate Interests (in promoting our products and services through marketing communications). In circumstances or in jurisdictions where consent is required under applicable data protection laws, we rely on your Consent to send marketing communications. |
Sharing your personal information as described in this Privacy Policy | ● Contact data ● Profile data ● Communication data
| We use the original legal basis relied upon, if the relevant further use is compatible with the initial purpose for which the personal information was collected. Otherwise, we rely on your Consent. |
Compliance and Protection
| ● All data relevant in the circumstances. | Compliance with Law (where processing is necessary to comply with our legal obligations). Otherwise, we rely on our Legitimate Interests (in protecting our, your or others’ rights, privacy, safety or property). |
Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.
Sensitive personal information. We do not collect sensitive personal information (e.g., social security (or equivalent) numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) and ask that you do not provide us with any such information.
Your rights. European data protection laws give individuals in Europe the following rights regarding their personal information:
- Right of access: You can ask us to provide you with information about our processing of your personal information and give you access to your personal information.
- Right to rectification: If the personal information we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified.
- Right to erasure: You can ask us to delete or remove your personal information where there is no lawful reason for us continuing to store or process it, where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law.
- Right to restrict processing: You can ask us to suspend the processing of your personal information:
- if you want us to establish the information’s accuracy;
- where our use of the information proves to be unlawful but you do not want us to erase it;
- where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- if you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.
- Right to object: You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) to do so and you believe it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Right to data portability: You have the right, in certain circumstances, to ask us to provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format.
- Right to withdraw consent at any time: Where we are relying on consent to process your personal information you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
Exercising those rights. Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the personal information or where certain exemptions apply. If we decline your request, we will tell you why, subject to legal restrictions.
To exercise any of these rights, please contact us. We may request specific information from you to help us confirm your identity and process your request.
Your Right to Lodge a Complaint with your Supervisory Authority. If you are not satisfied with our response to a request you make, or how we process your personal information, you can make a complaint to the data protection regulator in your habitual place of residence.
For users in the EEA: The contact information for the data protection regulator in your place of residence can be found here: https://edpb.europa.eu/about-edpb/board/members_en
For users in the UK: The contact information for the UK data protection regulator is below:
The Information Commissioner’s Office
Water Lane, Wycliffe House
Wilmslow – Cheshire SK9 5AF
Tel. +44 303 123 1113
Website: https://ico.org.uk/make-a-complaint/
International data transfers.
We are headquartered in the United States and may use service providers that operate in the United States and other countries. Therefore, we may transfer your personal information to recipients outside of the European Economic Area and/or the UK. Some of these recipients are located in countries which have been formally recognized as providing an adequate level of protection for personal information by the European Commission and Secretary of State in the UK, in which case, we rely on the relevant “adequacy decisions”.
Where the transfer is not subject to an adequacy decision or regulations, we take appropriate safeguards to ensure your personal information remains protected in accordance with this Privacy Policy and applicable laws by entering into appropriate data transfer mechanism permitted under Article 46 of the GDPR / UK GDPR (as applicable), such as the European Commission’s Standard Contractual Clauses or the UK International Data Transfer Addendum (as applicable). A copy of our data transfer mechanism can be provided on request.