Keeping your information private and secure is our top priority.
Stax Bill is committed to keeping your information private in accordance with applicable law, such as Canada’s Personal Information Protection and Electronic Documents Act, as well as Canadian Standards Association’s Model Code for the Protection of Personal Information.
Stax Bill End User Information Collection
Stax Bill is the sole custodian of the Personal Information, described below, that is collected on the publicly visible portion of www.staxbill.com. Information acquired is limited to only information required to provide services to end users and as needed to support service usage. Information from our end users is collected at the following points on our website:
Signup & Contact Information
Stax Bill requests Personal Information from customers on the service signup form. Customers must provide the following contact information: name, phone number and email address, and company name and address, if applicable. This Personal Information is used to contact the customer to provide access to the Software Services and to communicate related news and information. We may ask additional information about our customer’s business such as size, revenues and numbers of clients as well as more information about our customers such as their position in the company and the names and contact information of their colleagues. This information is used to help determine the nature and extent of Stax Bill services that are appropriate
A cookie is a piece of data stored on the website user’s and visitor’s computer tied to information about software service usage. The Website uses “cookies” to collect information and improve our products and services. A cookie is a small data file that is stored on your device. Cookies cannot be used to see any other data on your computer, nor can they determine your email address or identity.
We may use session cookies to save your registration ID and login password for future logins to our service. We may also use persistent cookies to enable the Software Services to remember certain settings and preferences. We delete persistent cookies after one month.
The website may include advertisement partners cookies which may be used to track results of ad campaigns (marketing) and re-marketing our Software Services within other websites the user may visit. These third parties may place cookies on your computer and collect data about your online activities across websites or online services when you are logged into the third-party service, including for targeted advertising. Users can opt out by visiting the advertisement platform’s website.
For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work. Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/.
Log Files and Clear Gifs
Like most websites, our servers use log files to analyze trends, administer the site, track user’s movement in the aggregate, and gather broad demographic information for aggregate use.
Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of website users. The main difference between the two is that clear gifs are invisible on the page and are much smaller, about the size of the period at the end of this sentence.
These technologies may be used for analyzing trends, administering the website, tracking users’ movements around the website, and gathering demographic information about our user base as a whole. Various browsers may offer their own management tools for removing these types of tracking technologies.
For a current this of third parties that may process Personal Information on behalf of Stax Bill, please visit: https://www.fusebill.com/fusebill-gdpr-statement.
Use of Customer Information
Personal Information collected is used only for configuration and maintenance of Software Services, providing customer support, processing invoice payments, and conveying information about accounts and upcoming Stax Bill features and benefits. Stax Bill will not disclose to third parties the names, titles, phone numbers or email addresses or other Personal Information uploaded to our websites by our customers and end users.
Special Offers and Updates
Customers are sent welcoming and educational emails after they sign up for Software Services. These notifications provide information about the the service. End users will also receive emails requesting feedback about the Software Services as well as information on our services, features, promotions and a newsletter. All emails will include an unsubscribe options and requests will be honored in accordance with applicable anti-spam laws, such as Canada’s Anti-Spam Legislation (CASL) and CAN-SPAM.
On rare occasions, it is necessary to send out a strictly service related announcement. For instance, if any of our Software Services are temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account. However, these communications are not promotional in nature.
We communicate with users on a regular basis to provide requested Software Services and in regards to issues relating to their account we reply via email or through Staxbill.com.
Stax Bill’s Customer Data
- Stax Bill Customer Information. We collect information about individuals within our Stax Bill Customers organization (“Customer Information”). Customer Information may include information related to the Customer’s account, name, work e-mail address, work phone number, job title, credit card information and billing information or similar kinds of information. We use Customer Information to support the Customer account, maintain our business relationship with the Customer, respond to Customer inquiries, or perform accounting functions. Stax Bill Customers may update personal information and password by logging into the Stax Bill Platform and updating their account. Stax Bill Customers may contact Stax Billsupport in order to delete their Personal Information. In some cases, we may not be able to delete Customer Information, and in such cases we will tell you why.
- Information about our Customers’ Contacts. We collect information about any contacts, such as their users and others, that may be uploaded into the Stax Bill Platform (“Information about our Customers’ Contacts”). Information about our Customer’s Contacts may include name, e-mail address, phone number, job title, or similar kinds of information. We use Information about our Customer’s Contacts for the purposes of providing Services to such contacts. Stax Bill Customers may update or delete Information about their contacts in the Stax Billl Platform. Stax Bill Customers may also contact Stax Bill support in order to update and delete such information. In some cases, we may not be able to delete such information, and in such cases we will tell you why.
- Archival Information. We collect communications information for archival purposes on behalf of, and as directed by, our Stax Bill Customers. This information may include emails, texts, websites, social media messages or posts, and other forms of data or electronic communications (“Archival Information”). Archival Information includes data about our Stax Bill Customers and the third parties they correspond with. We do not control or monitor the information our Stax Bill Customers collect and store through our services, or their privacy practices or policies. It is our Customer’s obligation to obtain all necessary consents and to comply with all applicable laws with respect to the Customer’s communications and use of our services. Our Customer’s privacy policies or practices apply to Archival Information, the purposes for which the Customer collects Archival Information, how the Customer may use Archival Information and what choices the individual may have with respect to Archival Information. Individuals must contact the applicable Customer in order to correct, amend, or delete their information, or to opt out of any collection, uses or disclosure of their information by our Customer.
- Automatically Collected Information. We collect information automatically about how Stax BillCustomers use the services (“Automatically Collected Information”). Data collection technologies such as cookies, web beacons, gifs or other tracking technologies may be used to collect information. This information is collected in order to monitor, support and improve our services or to provide Stax Bill Customers with certain customized features. Automatically Collected Information may be used to understand how our Stax BillCustomers use the services, to improve the services or develop new products, services or features. We may combine this information with other information collected.
We treat Customer Information, Information about our Customer’s Contacts, Archival Information and Automatically Collected Information as the confidential and proprietary information of our Stax BillCustomers, subject to the terms of the Stax Bill Terms of Service and any other service agreement between Stax Bill and the Stax Bill Customer. We do not share Customer Information, Information about our Customer’s Contacts, Archival Information or Automatically Collected Information with third parties unless directed to do so by our Customer, as may be necessary to provide services to the Customer, to our advisors, affiliates, representatives, agents, service providers, in connection with a business transaction (such as a merger or sale), as allowed under the terms of our agreement with our Customer, or in response to a court order, subpoena, warrant or to comply with a legal requirement or to cooperate with an investigation. We may disclose Customer Information, Information about our Customer’s Contacts, Archival Information or Automatically Collected Information for the aforementioned reasons, or in order to protect our rights or the rights of our affiliates, Stax Bill Customers, or service providers.
We will retain Customer Information processed on behalf of Stax Bill Customers for as long as needed to provide services to our Customer, or for the period of time requested by a particular Customer. Stax Bill Customers are responsible for obtaining consent and maintaining any Personal Information collected with their forms. Please let us know if your Personal Information was improperly collected by a Stax Bill Customer. Stax Bill customers own all of their client data, which may include Personal Information. Our customers use the Software Service to manage their clients. Stax Bill will only process Personal Information belonging to customers in the course of providing its services. This may include, for example, client names, contact information, billing information and credit card information stored by Stax Bill for use by the customer in the course of using our Software Services. While Stax Bill only collects the Personal Data necessary to provide Services, Stax Bill customers may collect a wide variety of information from your customers using the forms you create with our Services.
We will not send promotional materials to or communicate directly with our customer’s clients other than on our customer’s behalf, and per their instruction. We will not share any customer information other than as required by law, or with express written permission of the appropriate person. It is the responsibility of our customers to ensure they have the appropriate consents in place for the collection and management of their data and Personal Information of third parties, such as their clients, and that all data is collected in a fair and lawful manner. Furthermore, it is our customers’ responsibility to update their clients’ Personal Information and to provide appropriate access to, and information about, the existence, use and disclosure of their information. Please contact any third-party organization directly for any inquiries about Personal Information collected by the organization.
Sharing Personal Information
While we make every effort to preserve user privacy, we may need to disclose Personal Information when required or permitted by law. In particular, we may disclose Personal Information to satisfy any applicable law, regulation, legal process or governmental request; enforce our contracts or user agreement, including investigation of potential violations hereof; and/or detect, prevent, or otherwise address fraud, security or technical issues.
Where reasonable, we will expeditiously provide customers with notice of any potential disclosure so that they can take appropriate protective measures.
Service Providers and Business Partners
Stax Bill employs third parties to perform tasks on our behalf and we may need to share Personal Information with them to provide certain services. Unless we tell you differently, such third parties do not have any right to use the Personal Information we share with them beyond what is necessary for them to provide the tasks and services on our behalf. The third parties we currently engage includes third party companies and individuals employed by us to facilitate our services, including the provision of database management, payment processing and customer relationship management tools. For a current list of third-party sub-processors that process Personal Information on behalf of Stax Bill, please visit: https://www.fusebill.com/fusebill-gdpr-statement.
If our business (or substantially all of our assets) are acquired by a third party, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information may be made available or otherwise transferred to the new controlling entity, in accordance with applicable law.
This website contains links to other sites. Please be aware that Stax Bill is not responsible for the privacy practices of such other sites. We encourage our visitors to be aware when they leave our site and to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies solely to information collected by this Web site.
Stax Bill takes every precaution to protect our visitors’ and our customers’ information. When sensitive information is submitted via the website, the information is protected both online and off-line. When our Software Services ask users to enter sensitive information, that information is encrypted and it is protected in alignment with recommendations from industry groups such as the Payment Card Industry Data Security Standard (PCI DSS). Along with encrypting the information while it is transmitted “in transit”, our systems are configured to protect the information through additional encryption after it is stored “at rest”. Servers that store personally identifiable information are in a secure environment. Stax Bill protects credit card information according to Payment Card Industry Data Security Standards (PCI-DSS). As part of the Stax Bill PCI program, the software services are reviewed by an external PCI Qualified Security Assesor to verify the security of the application in accordance with PCI-DSS requirements. In the event that Stax Bill becomes aware of a security breach, as required by applicable law or our customer agreements, we will notify customers whose data is affected and describe the measures being taken to contain the breach.
Supplementation of Information
If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.
We use and retain your Personal Information for as long as necessary to fulfill the purpose for which it is being processed, to carry out legitimate business interests, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).
After expiry of the applicable retention periods, your Personal Information will be deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of such data.
Notification of Changes
If the changes are significant, or if required by applicable law, we will contact you (based on your selected preferences for communications from us) and all our registered users with the new details and links to the updated or changed policy.
If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal information.
The Site is not intended for use by children. We do not intentionally gather Personal Information about visitors who are under the age of 16 (or a minor in the jurisdiction in which you are accessing our Sites or Services). If a child has provided us with Personal Information, a parent or guardian of that child may contact us to have the information deleted from our records. If you believe that we might have any information from a child under age 16 in the applicable jurisdiction, please contact us at [email protected]. If we learn that we have inadvertently collected the personal information of a child under 16, or equivalent minimum age depending on jurisdiction, we will take steps to delete the information as soon as possible.
Our Legal Basis for Collecting Personal Information
Whenever we collect Personal Information from you, we may do so on the following legal bases:
- Your consent to such collection and use;
- Out of necessity for the performance of an agreement between us and you, such as your agreement to use our Services or your request for Services;
- Our legitimate business interest, including but not limited to the following circumstances where collecting or using Personal Information is necessary for:
• Intra-organization transfers for administrative purposes;
• Product development and enhancement, where the processing enables Stax Bill to enhance, modify, personalize, or otherwise improve our services and communications for the benefit of our Users, and to better understand how people interact with our Sites;
• Fraud detection and prevention;
• Enhancement of our cybersecurity, including improving the security of our network and information systems; and
• General business operations and diligence;
Provided that, in each circumstance, we will weigh the necessity of our processing for the purpose against your privacy and confidentiality interests, including taking into account your reasonable expectations, the impact of processing, and any safeguards which are or could be put in place. In all circumstances, we will limit such processing for our legitimate business interest to what is necessary for its purposes.
Your Choices and Accessing, Updating or Deleting Your Personal Information
You may have certain rights relating to your Personal Information, subject to local data protection law. Whenever you choose to visit our Site and use our Services, we aim to provide you with choices about how we use your Personal Information. If we have collected your Personal Information because you visited our website or contacted us, then we will facilitate your rights directly because we are the controller of your Personal Information. If we have collected your Personal Information on behalf of a customer when you have been employed by that customer, your rights are facilitated by the customer because they are the controller of your Personal Information.
Subject to applicable law, you may obtain a copy of Personal Information we maintain about you. In addition, if you believe that Personal Information we maintain about you is inaccurate, subject to applicable law, you may have the right to request that we correct or amend the information by contacting us as indicated in the “Contact Information” section below. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to the information.
Residents of the European Economic Area (“EEA”)
Some data protection laws, including the European Union’s General Data Protection Regulation (“GDPR”), provide you with certain rights in connection with Personal Information you have shared with us when we are the data controller. If you are resident in the European Economic Area, you may have the following rights:
- The right of access: You have the right to request a copy of your Personal Information which we hold about you.
- The right of correction: You have the right to request correction or changes of your Personal Information if it is found to be inaccurate or out of date.
- The right to be forgotten: You have the right to request us, at any time, to delete your Personal Information from our servers and to erase your Personal Information when it is no longer necessary for us to retain such data. Note, however, that deletion of your Personal Information will likely impact your ability to use our services.
- The right to object (opt-out): You have the right to opt-out of certain uses of your Personal Information, such as direct marketing, at any time.
- The right to data portability: You have the right to a “portable” copy of your Personal Information that you have submitted to us. Generally, this means your right to request that we move, copy or transmit your Personal Information stored on our servers / IT environment to another service provider’s servers / IT environment.
- The right to refuse to be subjected to automated decision making, including profiling: You have the right not to be subject to a decision and insist on human intervention if the decision is based on automated processing and produces a legal effect or a similarly significant effect on you.
- The right to lodge a complaint with a supervisory authority.
You can make these requests by emailing us at [email protected] or by contacting us at the contact information below. We will consider your request in accordance with applicable laws.
For more information, please view our GDPR Statement.
This section provides additional details about the Personal Information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act (the “CCPA”). Stax Bill does not sell (as that term is defined in the CCPA) the Personal Information we collect.
During the last twelve (12) months, we have collected the following categories of personal information from consumers.
|Category||Type of Identifiers We Collect Collected||Collected|
|A. Identifiers.||First and last name, postal address, unique personal identifier, online identifier, Internet Protocol address, email address.||YES|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, physical characteristics or description, address, telephone number, education, employment, employment history and disciplinary action, professional memberships, employee reference checks, trade union membership, bank account number, credit card number, debit card number, or any other financial information, medical information.||YES|
|C. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||YES|
|D. Internet or other similar network activity.||Browsing history, search history, information on a consumer’s interaction with a website, application logs, device data and registration, social media account information or advertisement.||YES|
|E. Geolocation data.||Physical location or movements||YES|
|F. Sensory data||Audio, electronic, visual, thermal, olfactory, or similar information.||YES|
|G. Inferences drawn from other personal information.||Profile reflecting a person’s preferences, behavior, and attitudes.||YES|
We obtain the categories of Personal Information listed above from the following categories of sources:
- Directly or indirectly from our customers or their agents.
- Directly and indirectly from activity on our website (www.staxbill.com). For example, from website usage details that are collected automatically. In addition, like many companies, we use “cookies” which are small text files a website can use to recognize repeat users, facilitate the user’s ongoing access to and use of the site and to track usage behavior of, for example, the webpages you visit.
- From social media websites, such as Facebook, Twitter, LinkedIn, YouTube, Instagram, and Pinterest.
From third parties that assist us in providing certain transactions and services (e.g. payment processing, cloud hosting), even though it appears that you may not have left our Site.
We disclose your Personal Information for a business purpose to the following categories of third parties:
- Our affiliates;
- Strategic business partners who provide goods, services and offers that enhance our services;
- Service providers and other third parties we use to support our business, including without limitation those performing core services (such as credit card processing, customer support services, customer relationship management, accounting, auditing, processing insurance claims, administering surveys, advertising and marketing, analytics, email and mailing services, data storage, and security) related to the operation of our business and/or the Services, the processing and fulfillment of your orders, and making certain functionalities available to our users;
Subject to certain limitations, the CCPA provides California consumers with certain rights. This section describes Californians’ rights and explains how California consumers can exercise those rights.
Below we further outline specific rights which California residents may have under the California Consumer Privacy Act.
- Right to Access Your Data. You have the right to request that we disclose certain information to you about our collection, use and disclosure of your Personal Information over the past twelve (12) months. Any disclosures we provide will only cover the 12-month period preceding the receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
- Right to Data Portability. You have the right to a “portable” copy of your Personal Information that you have submitted to us. Generally, this means you have a right to request that we move, copy or transmit your Personal Information stored on our servers or information technology environment to another service provider’s servers or information technology environment.
- Right to Delete Your Data. You have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.
- Right to Non-Discrimination for the Exercise of Your Privacy Rights. You have the right not to receive discriminatory treatment by us for exercising your privacy rights conferred by the California Consumer Privacy Act.
Exercising Your Rights
If you are a California resident who chooses to exercise your rights, you can:
- Submit a request via email to [email protected], or
- Call 888-519-1425 option 2 to submit your request.
You may also designate an agent to exercise your privacy rights on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, the requester’s valid government-issued identification, and the authorized agent’s valid government issued identification.
Our Response to Your Request
Upon receiving your request, we will confirm receipt of your request by sending you an email. To help protect your privacy and maintain security, we may take steps to verify your identity before granting you access to the information. In some instances, such as a request to delete personal information, we may first separately confirm that you would like for us to in fact delete your personal information before acting on your request.
We will respond to your request within forty-five (45) days. If we require more time, we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
In some cases our ability to uphold these rights for you may depend upon our obligations to process Personal Information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, listed below, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- Debug products to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.);
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
- Comply with a legal obligation; or
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
- You may make this type of request once every calendar year.
Do Not Track
Some browsers have a “Do Not Track” feature that lets you tell websites that you do not want to have your online activities tracked. At this time, we do not respond to browser “Do Not Track” signals.
Last updated: June 22, 2021