Service Privacy Policy

Effective: December 2022
Prior Version: February 2021

Purpose

JAGGAER’s Service Privacy Policy (“Policy”) describes JAGGAER’s privacy practices with respect to processing of personal information related to users of JAGGAER’s hosted software applications and related services (collectively, “Solutions”), obtained in connection with use of the Solutions, where JAGGAER determines the purposes and means of the processing and makes decisions about processing activities.

This Policy does not cover JAGGAER’s personal information processing activities carried out on behalf of our business clients as part of the JAGGAER’s services (“Platform”), as such processing is governed by the applicable Data Processing Addendum.

This Policy does not cover any information collected by JAGGAER for marketing purposes, which is governed by our Marketing Privacy Policy available at https://www.jaggaer.com/marketing-privacy-policy/.

Scope

This Policy applies to JAGGAER, LLC and all of its subsidiaries (which we refer to in this Policy as “JAGGAER” or the “Company”) and all of its directors, officers, employees, and contractors (“JAGGAER Team Members”).

In a Nutshell – Policy Summary

“Sensitive Personal Information” refers to a smaller subset of Personal Information which is considered more sensitive to the individual, such as race and ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic or biometric information, physical or mental health information,or medical insurance data.

  1. In the provision of its Solutions, JAGGAER collects information from users of the Solutions (collectively, “Users”), including Personal Information (as defined in this Policy), to provide and to improve services.
  2. JAGGAER collects Personal Information in two principal ways:
    • Information provided by Users
    • Information collected through the operation of our Solutions, including through cookies and similar technology
  3. Supplier users registering with JAGGAER under the JAGGAER Supplier Terms of Use must provide Personal Information about themselves by completing forms so they can receive credentials to use our Solutions.
  4. JAGGAER collects certain information automatically, such as Users’ operating system version, browser type, and internet service provider. JAGGAER also collects information about Users’ interaction with the Solutions, such as creating or logging into accounts, or opening or interacting with the Solutions on mobile devices.
  5. JAGGAER uses various technologies to collect and store information when Users access and use our Solutions, and this may include using cookies or similar technologies to identify a browser or device.
  6. All Users may update or correct information about themselves by making changes to their profile in the Solutions or submitting a request via email to privacy@jaggaer.com.
  7. Additionally, users in certain jurisdictions, such as in the European Economic Area and the state of California, may have additional rights related to their Personal Information, outlined in this Policy. See Appendix A for more information on jurisdiction-specific privacy information.
  8. Supplier users registering with JAGGAER under the JAGGAER Supplier Terms of Use provide an email address in order to use JAGGAER’s Solutions. It may be used to contact users in the event of a change in this Policy, to provide users with any Solution-related notices, such as security alerts, or related educational information.
  9. JAGGAER only retains Personal Information as long as we need it for legitimate business purposes and as permitted by applicable law and any timeframes set forth in the applicable customer agreements.
  10. The security of Users’ Personal Information is very important to JAGGAER. Please also see our JAGGAER Trust Center (https://www.jaggaer.com/trustcenter/) for more information about our privacy and information security programs.

Policy

1. Definitions

Personal Information: Any information that identifies or can be used to identify a User. Common examples of Personal Information include:

  • Full name
  • Email address
  • Digital identity (login name or handle)
  • Device information
  • Metadata
2. Purpose of Processing

Personal data processed by JAGGAER as described in Section 3 (Processing of Personal Information) are collected, accessed, used and stored (“processed”) by JAGGAER for the purposes of:

  • Allowing Users to access and use the Solutions.
  • Ensuring traceability, auditability, reliability, and accountability of business transactions negotiated and managed through the Solutions; and
  • Ensuring security and avoiding unintended access and/or use of the Solutions.

Additional purposes of processing by JAGGAER include, but are not limited to, legitimate business interests such as:

  • Product development and enhancement, where the processing enables JAGGAER to enhance or modify our Solutions and related support for the benefit of Users, and to better understand how Users interact with our Solutions,
  • Fraud or other crime detection and prevention,
  • Enhancement of our cybersecurity, including improving the security of the Solutions, our network and other information systems, and
  • General business operations and due diligence,

Provided that, in each circumstance, we weigh the necessity of our processing for the purpose against privacy and confidentiality interests, including taking into account Users’ reasonable expectations, the impact of processing, and any safeguards which are or could be put in place. JAGGAER will limit such processing for our legitimate business interest to what is necessary for its purposes.

3. Personal Information processing by JAGGAER acting as Data Controller and as Data Processor

This section describes the JAGGAER’s processing of Personal Information about Users and its role in such processing.
In the course of providing services JAGGAER primarily acts a Data Processor, under the instructions of a JAGGAER Client which acts as a Data Controller, as provided under a Data Processing Addendum.
However, there is a different set of Personal Information processed by JAGGAER as independent Data Controller.
Regardless of the role in data processing, in the context of service provision, JAGGAER does not request or collect sensitive personal information.
JAGGAER determines the purposes and means of the processing of the below set of Personal Information, and makes decisions about processing activities for the information that Users provide or that JAGGAER collects when they use the Solutions:

  1. Users’ interaction with the Solutions, such as: activity logs and/or other information associated with the activity of Users and their devices.
  2. Information Collected Through the Use of JAGGAER Solutions
  3. Provided Users elect to register in the Solutions to be included within JAGGAER’s supplier network of J1 Suppliers portal, JAGGAER processes Users’ registration data.
Personal data category Data Subject Purpose of processing Legal basis for data processing

User registration data:

  • Name and Surname
  • Business email address
  • Optional fields data: Company, job title etc.
  • Supplier users registering with JAGGAER under the JAGGAER Supplier Terms of Use
  • Allowing Users to access and use the Solutions
  • Storing in as permitted or required to meet JAGGAER’s obligations under applicable law, and in the case, they are required to support the claims management process related to possible legal actions engaged by or against JAGGAER or JAGGAER’s Customers
  • Legitimate Interests
  • Performance of a contract to which the data subject is party
  • Compliance with a legal obligation to which the controller is subject
  • Consent

Solutions interaction information and information Collected Through Cookies and Similar Technology:

  • Application logs,
  • IP addresses
  • OS information
  • Browser information
  • Language preferences
  • Navigation activities and Clickstream Data
  • Network data
  • Communication data
  • Authorized users accessing Solutions under a customer’s contractual agreement with JAGGAER
  • JAGGAER’s customers’ business contacts, customer’s suppliers
  • JAGGAER’s customers’ current and potential, customer’s suppliers current and potential
  • Supplier users registering with JAGGAER under the JAGGAER Supplier Terms of Use
  • Product development and enhancement
  • Security enhancement
  • Fraud or other crime detection and prevention
  • General business operations and due diligence
  • Meeting JAGGAER’s obligations under applicable law,
  • Support the claims management process related to possible legal actions
  • Legitimate Interests
  • Performance of a contract to which the data subject is party
  • Compliance with a legal obligation to which the controller is subject
  • Consent

Table 1 JAGGAER’s processing as Data Controller

(a) Information Provided by Users

When creating and signing into the Solutions, Users must provide Personal Information about themselves by completing forms for the credentials. This includes Users’ names and email addresses. Additionally, Users may enter Personal Information into the Solutions, such as business contact information or, an individual’s role in the User’s organization.

In some instances, Users may elect to provide JAGGAER with location and address information. Users may also provide JAGGAER with Personal Information about themselves when reporting a problem or asking questions about JAGGAER’s Solutions.

The Solutions may offer interactive and social features that permit Users to submit content and communicate with JAGGAER. Users may provide Personal Information to JAGGAER when they post information in these interactive and social features. Please note that postings in these areas of these sites may be publicly accessible or accessible by other Users.

When creating an account to use our Solutions on a mobile device, the application requires certain information such as a User’s name, email address, username, and password. Additionally, when a device syncs with JAGGAER’s application, certain data recorded on that device is transferred from the device to JAGGAER’s Solutions.
Users can choose not to provide certain information to JAGGAER, but as a result may not be able to take advantage of some features of the Solutions.

(b) Information Collected Through the Use of JAGGAER Solutions

JAGGAER collects certain information automatically, such as a User’s operating system version, browser type, and internet service provider. JAGGAER also collects information about Users’ interaction with the Solutions, such as creating or logging into accounts, or opening or interacting with the Solutions on mobile devices. The Solutions automatically collect and store this information in service logs. This also includes:

  • Web portal use details
  • Internet protocol address
  • Cookies and similar technology that uniquely identify a browser
  • The referring web page
  • Pages visited

JAGGAER may also collect and process information about a User’s actual location. This information may or may not include Personal Information, but JAGGAER may maintain it or associate it with Personal Information it collects in other ways or receives from third parties.

If granted access to a User’s location, JAGGAER may collect information about their location when they use the Solutions. Location can be determined by IP address and information about things near a device, such as Wi-Fi access points and cell towers. The specificity of the location data collected may depend on a number of factors, including the device in use (e.g., laptop, smartphone or tablet) and the type of internet connection (e.g., via cable broadband connection, Wi-Fi).

When using the Solutions via a wireless device, JAGGAER may solicit permission to collect location data. If location services are enabled on our mobile application, JAGGAER may collect location data periodically as someone uses or leaves open our mobile application. JAGGAER may associate such location data with Personal Information a User provides. Depending on the platform used to access our mobile application (e.g., Apple’s iOS, Google’s Android), Users may be able to control whether location data is collected from JAGGAER within “Settings” or other controls on their wireless device and/or mobile application

Some features within the Solutions may only function upon confirmation of a User’s location, and therefore, such features will not be available if a User chooses not to provide their location data to JAGGAER.

Additionally, JAGGAER may collect a User’s unique device ID. JAGGAER may use such information for internal purposes and to provide Users a better experience, such as to troubleshoot Solution problems. JAGGAER may associate device ID with Personal Information Users provide to us. Users may learn more about opting out of any anonymous device ID collection via the privacy settings available within their mobile device.

(c) Information Collected Through Cookies and Similar Technology

JAGGAER uses various technologies to collect and store information when Users visit one of our Solutions, and this may include using cookies or similar technologies to identify a browser or device.

The technologies we use for this automatic data collection may include:

  • Cookies
  • Web Beacons
  • Clickstream Data

Cookies. A cookie is a small file placed on the hard drive of a device. Users may refuse to accept browser cookies by activating the appropriate setting on their browser. However, if this setting is selected, Users may be unable to access certain parts of the Solutions. Unless a browser is adjusted to refuse cookies, the Solutions will issue cookies when a browser accesses our Solutions.

Some cookies are required for technical reasons for the Solutions to operate – we refer to these as “essential” or “strictly necessary” cookies. Other cookies could enable us to analyze performance and use of the Solutions. Other cookies could enable us to target advertising to the interests of our visitors.
More specifically, the types of cookies that could be served through the Solutions and their purposes are described below:

  • “Strictly necessary” cookies must be set to allow us to deliver the Solutions to you and to provide specific services that you request from us.
  • “Performance” or “Analytics” cookies, which help us to collect information about how visitors use our Solutions and helps us analyze and improve the Solutions. Performance or analytics cookies will remain on your computer after you close your browser.

Web Beacons. Pages in the Solutions or e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit JAGGAER to perform simple analysis. For example, web beacons allow JAGGAER to count Users who have visited certain pages or opened an e-mail.

Clickstream Data. Clickstream data is information collected by the Solutions when Users request certain web pages. Clickstream data may include information such as the page served, the time spent viewing the page, source of the request, type of browser making the request, the preceding page viewed and similar information. Clickstream data permits us to analyze how Users arrive at our Solutions, what type of content or activity is popular, what type of Users in the aggregate are interested in particular kinds of content or activities in the Solutions.

4. Use and Disclosure of Personal Information

JAGGAER treats Personal Information as confidential, and JAGGAER only accesses Personal Information in order to provide the Solutions to its Users, fulfil requests related to the Solutions and enhance the use of the Solutions, as described in more detail in Section 2 (Purpose of Processing).
JAGGAER does not sell any Personal Information to third parties. JAGGAER will only share Personal Information with third parties in the following circumstances:

  • When authorized by the User to do so in writing.
  • When it is reasonably necessary to comply with a legal process, such as a court order, subpoena or search warrant, government investigation or other legal requirements, including to meet national security or law enforcement requirements.
  • In the course of any direct or indirect reorganization process, including, but not limited to, mergers, acquisitions, and sales of all or substantially all of our assets — and in such cases, sharing Personal Information would be subject to applicable laws and regulations such as obtaining prior consent where applicable; or
  • When necessary, for the prevention or detection of crime (subject in each case to applicable law) or to establish or defend a legal claim.

Additionally, Users may register in the Solutions to be included within JAGGAER’s supplier network (“JAGGAER Supplier Network”) under the JAGGAER Supplier Terms of Use. When registering for the JAGGAER Supplier Network, information will be shared with buyers that are Users as well as third-party service providers and vendors.

JAGGAER will only provide Personal Information to third-party service providers and vendors that are authorized by JAGGAER to provide Solutions on JAGGAER’s behalf and for the purposes described in this Policy, and only when agreements are in place that require each third party to protect the privacy and confidentiality of the personal information that is shared and comply with all applicable privacy and data protection laws.

5. JAGGAER’s Legal Basis for Processing Personal Information

JAGGAER processes Users’ Personal Information, based on one or more of the following:

  • Users’ consent to JAGGAER’s processing of personal information, such as in case of processing of User’s location, or completing “optional” fields when registering in the Solutions.
  • Legitimate interest in the performance of JAGGAER services related to Users, such as a contractual agreement with JAGGAER Clients to use our Solutions;

A legitimate business interest exists, including but not limited to the circumstances described in Section 2 (Purpose of Processing) above.

6. Users’ Rights

Users may have certain rights relating to their Personal Information, subject to local data protection law. JAGGAER aims to provide Users with choices about how JAGGAER uses their Personal Information, whenever possible. We also aim to provide Users with access to their Personal Information. If a User informs JAGGAER that information requires amendment, we strive to provide ways to update it quickly or to delete it – unless we have to keep that information for legitimate business or legal purposes. Subject to applicable law, Users may obtain a copy of Personal Information JAGGAER maintains about them, or they may update or correct inaccuracies in that information by contacting us. To help protect privacy and maintain security, JAGGAER will take steps to verify a User’s identity before granting access to the information.

7. Requesting and Accessing Personal Information

JAGGAER commits to resolve requests and complaints related to privacy and our collection or use of Personal Information. You may submit requests or complaints to privacy@jaggaer.com. All Users may update or correct information about themselves by making changes to their profile in the Solutions or by submitting a request via email to privacy@jaggaer.com.

You may also communicate with us at:
JAGGAER, LLC
Attention: Legal Department
3020 Carrington Mill Blvd. Suite 100
Morrisville, NC 27560

Please note that we may ask Users to verify their identity and request and/or to provide additional information to verify their request before taking further action on their request. We will not use this additional information for anything other than handling these requests. Users may designate an authorized agent to make a request on their behalf in certain circumstances.

JAGGAER may respond to requests by letter, email, telephone, or any other suitable method. If a User completely deletes all such information, then their account may become deactivated. JAGGAER may retain an archived copy of records as required by law, to comply with our legal obligations, to resolve disputes, to enforce our agreements, or for other legitimate business purposes.

In some cases, our ability to uphold these rights for Users may depend upon our obligations to process Personal Information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver requested services. Where this is the case, we may inform Users of such dependencies in response to their request.

JAGGAER endeavors to respond to verifiable requests within 30 days of receipt, consistent with applicable laws.
We do not charge a fee to process or respond to a verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will explain why we made that decision and provide a cost estimate before completing the request.

At this time, JAGGAER does not share Personal Information referenced in this Policy with third parties for their direct marketing purposes.

8. Data Retention

JAGGAER only keeps Personal Information consistent with our legitimate business interests and as permitted and/or required by applicable law and, any timeframes set forth in the applicable contractual agreement with JAGGAER’s Client. We retain Personal Information even after business relationships end if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our Terms of Service, or fulfill request to “unsubscribe” from further messages from us.

9. Specific Jurisdictional Terms

Appendix A to this Policy includes terms specific to certain jurisdictions that may apply to Users. JAGGAER may update the Appendix from time to time, including to address changes in applicable laws without the requirement for notice. Appendix A is incorporated in and constitutes part of this Policy.

10. Questions about this Policy

If you have any questions relating to this Policy, please contact privacy@jaggaer.com.

11. Changes to this Policy

JAGGAER reserves the right to modify any part of this Policy from time to time. The most up-to-date version can be found on this website.

12. Related Policies and Procedures

JAGGAER Marketing Privacy Policy
JAGGAER Information Security Policy

 

Appendix A – Specific Jurisdictional Rights

Rights of Residents of the European Economic Area, United Kingdom, and Switzerland

The European Economic Area’s General Data Protection Regulation (“GDPR”), and corresponding legislation in the United Kingdom and Switzerland, provide European, Switzerland, and United Kingdom residents with certain rights in connection with Personal Information Users have shared with JAGGAER. Residents in the European Economic Area may have the following rights:

  • The right to be informed. Users are entitled to be informed of the use of Personal Data (as defined under GDPR). This Policy provides such information.
  • The right of access. Users have the right to request a copy of their Personal Data which JAGGAER holds.
  • The right of correction. Users have the right to request correction or changes of the Personal Data if it is found to be inaccurate or out of date.
  • The right to withdraw consent. Users have the right to withdraw a previously given consent for processing their Personal Data for a specific purpose.
  • The right to be forgotten. Users have the right to request JAGGAER, at any time, to delete their Personal Data from our servers and to erase their Personal Data when it is no longer necessary for us to retain such data. Note, however, that deletion of Personal Data will likely impact a User’s ability to use our Solutions.
  • The right to object (opt-out). Users have the right to opt out of certain uses of their Personal Data, at any time.
  • The right to data portability. Users have the right to a “portable” copy of the Personal Data they have submitted to us. Generally, this means their right to request that we move, copy, or transmit their Personal Data stored on our servers or information technology environment to another service provider’s servers or information technology environment.
  • The right to refuse to be subjected to automated decision making, including profiling. Users have the right not to be subject to a decision and insist on human intervention if the decision is based on automated processing and produces a legal effect or a similarly significant effect.
  • The right to lodge a complaint with a supervisory authority. Users have the right to lodge complaints about our data processing activities by filing a complaint with JAGGAER or with the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm

If Users are located in the European Union, U.K., or Switzerland, this section of the Policy provides notice that their Personal Information may be processed in the United States and other Third Countries in accordance with the applicable data protections laws.

JAGGAER may, directly or indirectly through third parties around the world, process, store, and transfer the information Users provide, including their Personal Information, as described in this Policy. Specifically, the information and Personal Information that we collect may be transferred to, and stored at, a location outside of a User’s jurisdiction. It also may be processed by persons operating outside of a User’s jurisdiction who work for us or for one of the organizations outlined in this Policy in connection with the activities outlined in this Policy. When transferring, storing or processing Users’ Personal Information JAGGAER will take all steps necessary to ensure that Personal Information is treated securely and in accordance with this Policy and applicable Data Protection Laws. We have put in place commercially reasonable technical and organizational procedures to safeguard the information and Personal Information we collect on the Solutions. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

If Users are located in the European Economic Area and have questions about their rights, they may also contact the Supervisory Authority of your country of residence (see http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080).

Rights of Residents of California
The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide consumers based in California with specific rights regarding their personal information, including:

  • The right to know. Users have the right to request that JAGGAER disclose certain information to them about JAGGAER’s collection and use of their Personal Information, such as the specific pieces of Personal Information JAGGAER has collected, as well as information about JAGGAER’s sale or disclosure for business purposes of their Personal Information to third parties. Once JAGGAER receives and confirms a User’s request, JAGGAER will disclose to the User the information they have requested.
  • The right to delete. Users have the right to request that JAGGAER deletes any of their Personal Information that JAGGAER collected from them and retained, subject to certain exceptions. Once JAGGAER receives and confirms their verifiable consumer request, JAGGAER will delete (and direct JAGGAER’s service providers to delete) Users’ Personal Information from its records, unless an exception applies.
  • The right to correct inaccurate Personal Information maintained by the business
  • The right to data portability. Users have the right to request that Personal Information is transferred to another entity in a structured, commonly used, machine-readable format, to the extent possible.
  • The right to opt-out of the sale of Personal Information. JAGGAER does not sell Users’ Personal Information to third parties.
  • The right to limit the use and disclosure of Sensitive Personal Information. Users have the right to limit the use and disclosure of their Sensitive Personal Information to that use which is necessary to perform the expected Solutions.
  • The right to non-discrimination. JAGGAER will not discriminate against Users for exercising any of their CCPA rights.

If Users are located in California and have questions about their rights, they may also contact CCPA Toll Free Number: 1-866-467-8688, enter Service Code 987#.

We use cookies to ensure that we give you the best experience on our website. This includes cookies from third party social media websites and advertising cookies that may analyze your use of this site. Learn more