This policy was last updated on March 31, 2017.
Privacy and the security of the data that BoughtMilk.com (“we”, “us” or “our”) collect, store, analyze and use is our paramount concern. We take reasonable steps to protect the privacy of our visitors’ data. To fulfill this responsibility to users of the website, BoughtMilk.com is managed and maintained by a third-party administrator (“Administrator”) who has developed a service platform that enables a wide range of enterprises to conduct their financial processes in a fully digital, secure and engineered way.
2. What do we collect and use
3. How we share and disclose information
4. Choice and opt-out
5. Data protection
6. Changes and notifications
7. Safe Harbor Framework
8. Contact us
This Policy applies to this site; any interface we power, consume or use; interfaces that may be accessed or connected to APIs, including all subpages and successor pages (collectively referred to as the “Website”); and also applies to all software and services that we offer, including use of Administrator’s services that may be accessed or connected through other mobile, web or application interfaces (collectively referred to as the “Services”).
By using our Website or Services, you are accepting the practices described in this Policy. If you do not agree with this Policy, delete all cookies from your browser cache after visiting our Website and do not visit or use our Website or Services. Your continued use of our Website or Services signifies your acceptance of this Policy.
Broadly speaking, we collect information in four ways: (1) when you provide it directly to us in forms, email, SMS texts, applications or through the interfaces of our customers into the Administrator’s systems, (2) when we obtain verification information about you or your company through trusted third parties (e.g. banks, credit bureaus, other websites, contract services we may elect to use, networks, identity validators, etc.), (3) passively through technology such as “cookies”, device identifiers, IP addresses, geolocation information, operating systems and (4) when the information is shared with us by our customers or our network partners in the course of our contractual relationships with them in our normal course of business.
The term “Personal Information”, as used in this Policy, refers to any information that can be used to identify a specific person, or any anonymous information (e.g., IP Address) that is linked to a specific person. Personal information does not include information that has been aggregated or made anonymous such that it can no longer be reasonably associated with a specific person.
Cookies and Web Server Logs
Similar to many commercial websites, we utilize “cookies” and other technologies to collect non-personally-identifiable information from our Website, services and may come to us when we deploy sub-sites, interstitials or modals within a customer or partner network site. “Cookies” are a feature of web browser software that allows web servers to recognize the computer used to access a website. Cookies store information accessed through your browser to streamline activities on related web sites, and make the online experience easier and more personalized. Information gathered through cookies and web-server log files may include information such as the date and time of visits, the pages viewed, IP addresses, links to/from any page, and time spent at a site. We use cookie data to measure web traffic and usage activity for purposes of improving and enhancing the functionality of our Services, to look for possible fraudulent, illegal or incompliant activity, and to better understand the sources of traffic and transactions on to our Services. Cookies may also allow our servers to remember your account information for future visits and to provide personalized and streamlined information across related pages on our Website and also across other websites or applications. Log files are used to monitor, measure, analyze, improve, and troubleshoot our Services. You can choose to disable cookies for our Website but this may limit your ability to use our Website and Services; see below in Section 4 (“Choice and opt-out”).
To simply browse our Website, you are not required to provide any Personal Information. However, we may gather non-personally-identifiable information, as described directly above, just for the purposes of monitoring and improving our Website and Services. We will not share this information with third parties except as a necessary part of providing our Website and Services, nor will we use it to target any advertisements to you.
To gain full access to the Websites we power and our Services as offered to our customers of Websites we run, you may be required to register or already be registered with our customers. When you register for an account, Personal Information may be collected which you voluntarily provide it to us or by our customers, network partners and thus to us, such as but not limited to the following:
- Your name, company name, location, email address, and phone number, and account password, to set up your account
- Your business and personal tax, social security, or other government-issued identification or identification numbers, as well as your date of birth, to verify your identity for underwriting purposes
- Your bank account information, network handles, credit card/debit card information or other information to settle funds for transactions of our customers or to you
- Your IP addresses, devices, and locations used to access this site, our Administrator’s systems, websites and applications, which will be linked to your account for fraud detection/prevention purposes
We may retrieve additional Personal Information about you from third parties and other identification/verification services such as credit bureaus, network partners, banks and contracted authorities. With your consent, we may also collect additional Personal Information in other ways including emails, logins, network partner interaction, surveys, and other forms of communication. Once you begin using the Service through your accounts, customer accounts or accounts of our network partners, we will keep records of your transactions and collect information of your other activities related to our Services. The foregoing Personal Information will be shared and disclosed as described below in Section 3 (“Sharing and disclosure of information”).
Children’s Online Privacy Protection Act
Our Website, Services, customer websites and network partners are directed to the general public. We do not knowingly collect information from children under 13 years of age or have any reasonable grounds for believing that children under the age of 13 are accessing our Website, Services, customer websites and network partners. If we learn that we have inadvertently collected Personal Information from a child under age 13, we will delete that information as quickly as possible. If you believe that we might have any information from a child under age 13, please contact us.
We nor the Administrator sell or rent your Personal Information to marketers or third parties.
We may disclose your Personal Information to law enforcement, government officials, or other third parties if: (i) we are compelled to do so by subpoena, court order or other legal process, (ii) we must do so to comply with laws, statutes, rules or regulations, including credit card rules, (iii) we believe in good faith that the disclosure is necessary to prevent physical harm or financial loss, to report suspected illegal activity, (iv) to investigate suspicious activity with our customers or network partners or to investigate violations of our Services Agreement.
We will only disclose your Personal Information in response to such a request if we believe in good faith that doing so is necessary to comply with applicable law or a legal obligation to which we are bound. If we receive such a request, we will use reasonable efforts to give you prompt notice, so that you may contest it if you choose. We won’t provide you such notice if we determine in good faith that either (a) we are not permitted to provide it under applicable law, or (b) that doing so would result in an imminent risk of death, serious physical injury or significant property loss or damage to us, the Administrator or a third party.
In addition, in the event of a merger, acquisition, reorganization, bankruptcy, or other similar events, any information in our possession may be transferred to our successor or assign.
We may be required to collect certain Personal Information to confirm your identity and comply with our obligations as part of money transmission, FinCen, State and Federal law related money laundering, OFAC and know your customer requirements. If you elect to not provide Personal Information in optional fields it may limit your ability to use our Services.
We and the Administrator are acting on our behalf or network partners who may occasionally email you with information about us or networks partners offers or new services. You can opt out of these email communications by replying with unsubscribe in the subject line, or via an unsubscribe link included in such communications. However, you will continue to receive critical safety and configuration communications related to your account including information regarding transactions and your relationship with us and network partners.
If you wish to opt out of having cookies set on your browser (as described above in Section 2), the only way to ensure that this happens is to manage the settings on your web browser to delete all cookies and disallow further acceptance of cookies. For more information, refer to your browser’s technical information. You may also consider visiting aboutcookies.org, which provides helpful information about cookies. Note that disabling cookies on your browser prevents us from tracking your activities in relation to our Website, Services and network partners. However, it may also disable many of the features available through our Website, Services and network partners. We therefore recommend that you leave cookies enabled.
We and the Administrator have a variety of obligations to retain the data that you provide us, both to ensure that transactions can be appropriately processed, settled, refunded, to identify fraud, harden Services, and also to comply with laws applicable to us, the Administrator, network partners, banking providers and regulated entities. Accordingly, even if you close your account directly with us, our Website, and network partners, we will retain certain information as necessary to meet our obligations.
Although no data transmission can be guaranteed to be 100% secure, we take reasonable steps to protect all Personal Information. We and the Administrator maintain strict administrative, technical, and physical procedures to protect information stored on servers, which are located in the United States. Access to information is very limited (through user/password credentials and software systems) to those who require it to perform their job functions. We use industry-standard Secure Socket Layer (SSL) encryption technology to safeguard the account registration process and sign-up information. Other security safeguards include but are not limited to data encryption, firewalls, and physical access controls to building and files.
We reserve the right, in our sole and absolute discretion, to make changes to this Policy from time to time. Please review this Policy periodically to check for updates. If any changes are material and/or retroactive, we may provide additional notice and/or an opportunity to “opt-in,” as appropriate under the circumstances.
We will provide you with disclosures and alerts regarding this Policy by posting them on our Website, network partners, by directly emailing you or communicating in situ using the handles, email addresses or mobile device information we possess, and/or by mailing to the physical address we may have from our Website, Services and network partners. You agree that electronic disclosures and notices have the same meaning and effect as if we had provided you with a paper copy. Such disclosures and notices in relation to this Policy shall be considered to be received by you within 24 hours of the time it is posted by us on our Website or communicated electronically to you (unless we receive notice that electronic communication was not delivered).
We and the Administrator comply with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. We also conform to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. You can learn more about the Safe Harbor program, and view the Administrator’s certification, by visiting https://www.privacyshield.gov/list. If you have questions regarding the Administrator’s Safe Harbor certification, please contact us.