Service Privacy Policy

    Purpose

    JAGGAER’s Service Privacy Policy (this “Policy”) describes JAGGAER’s privacy practices when JAGGAER processes personal information related to users of the JAGGAER One platform (the “Platform”) for its business purposes, where JAGGAER determines the purposes and means of the processing.

    This Policy does not cover when JAGGAER processes personal information on behalf of its clients as part of the JAGGAER’s services. Such processing is governed by agreements with clients including any applicable data processing agreement.

    This Policy also does not cover any information collected through www.jaggaer.com for marketing purposes, which is governed by our Website Privacy Policy.

    Scope

    This Policy applies to JAGGAER, LLC and all its subsidiaries (collectively, “JAGGAER”) and all its directors, officers, employees, and contractors (“JAGGAER Team Members”).

    In a Nutshell – Policy Summary

    1. JAGGAER processes Personal Information from clients’ and suppliers’ users of the Platform (collectively, “Users”) to provide and to improve our services.
    2. JAGGAER collects Personal Information in two principal ways:
      • Information input by Users
      • Information collected by the Platform, through cookies and system logs
    1. Supplier users registering in the JAGGAER One platform must input their Personal Information to receive credentials to use the Platform.
    2. JAGGAER collects certain information automatically, such as Users’ operating system version, and browser type. JAGGAER also collects information about Users’ interaction with the Platform, through system logs and cookies.
    3. All Users may update or correct their information by making changes to their profile in the Platform or by submitting a request to privacy@jaggaer.com.
    4. Users in certain jurisdictions may have additional rights related to their Personal Information processed by JAGGAER. See Appendix A for more information on jurisdiction-specific privacy information.
    5. Users registering with JAGGAER in the Platform provide an email address. Those email addresses may be used to contact Users for a Policy change or Platform notices (such as security alerts).
    6. JAGGAER only retains Personal Information as long as we need it for legitimate business purposes and as permitted by applicable law.
    7. The security of Users’ Personal Information is very important to JAGGAER. Please also see our JAGGAER Trust Center for more information about our privacy and information security programs.

    Policy

    1. Definitions

    Personal Information: Any information that identifies or can be used to identify a User. Common examples of Personal Information include:

    • Full name
    • Email address
    • Device information
    • Logs
    1. Purpose of Processing as Controller

    Personal Information is collected, accessed, used and stored (“processed”) by JAGGAER for the business purposes of enabling:

    • Users to access and use the Platform;
    • traceability, auditability, reliability, and accountability of business transaction activity in the Platform; and
    • security and access controls.

    Additional purposes of processing by JAGGAER include legitimate business interests such as:

    • Product and service development and enhancement,
    • Fraud or other crime detection and prevention,
    • Support the claims management process related to possible legal actions
    • Enhancement of our cybersecurity

    In each circumstance, we weigh the purpose of our processing Personal Information against privacy and confidentiality interests, including taking into account Users’ reasonable expectations, the impact of processing, and relevant safeguards.

    1. Personal Information Processing by JAGGAER

    When providing services to clients, JAGGAER primarily acts a Data Processor, under the instructions of a client which acts as Data Controller, as provided under a data processing agreement or another client agreement.

    This Policy concerns only Personal Information processed by JAGGAER as an independent Data Controller.

    JAGGAER determines the purposes and means of the processing of the below set of Personal Information:

    1. Users’ interaction with the Platform, such as: activity logs and/or other information associated with the activity of Users and their devices.
    2. Users’ registration data input in the Platform.

    (a) Information Provided by Users

    When creating and signing into the Platform, supplier users must provide their Personal Information by completing forms for the credentials. This includes supplier users’ names and email addresses. Additionally, supplier users may enter Personal Information into the Platform, such as business contact information or, an individual’s role in the User’s organization.

    In some instances, Users may elect to provide JAGGAER with location and address information. Users may also provide JAGGAER with Personal Information when reporting a problem or asking questions about the Platform.

    The Platform may offer interactive and social features that permit Users to submit content and communicate with JAGGAER. Users may provide Personal Information to JAGGAER when they post information in these interactive and social features. Please note that postings in these areas of these sites may be publicly accessible or accessible by other Users.

    When creating an account to access or use the Platform on a mobile device, supplier users may provide information such as name, email address, username, or password. Additionally, when a device syncs with JAGGAER’s application, certain data recorded on that device is transferred from the device to the Platform.

    Users can choose not to provide certain Personal Information to JAGGAER, but as a result may not be able to take advantage of some features of the Platform.

    (b) Information Collected Through the Use of JAGGAER Platform

    JAGGAER collects certain information automatically, such as a User’s operating system version, browser type, and internet service provider. JAGGAER also collects information about Users’ interaction with the Platform, such as logging into accounts or interacting with the Platform on mobile devices. The Platform automatically collects and stores this information in service logs. This also includes:

    • Web portal use details
    • Internet Protocol (IP) address
    • Browser information
    • Clickstream data
    • The referring web page
    • Pages visited

    JAGGAER may also collect and use information about a User’s location. This information may or may not include Personal Information, but JAGGAER may associate it with Personal Information it collects in other ways or receives from third parties.

    Location can be determined by IP address and information about things near a device, such as Wi-Fi access points and cell towers. The specificity of the location data collected depends on various factors, including the device in use (e.g., laptop, smartphone or tablet) and the type of internet connection (e.g., broadband or Wi-Fi).

    When using the Platform via a wireless device, JAGGAER may request permission to collect location data. If location services are enabled on our mobile application, JAGGAER may collect location data periodically as someone uses or leaves open our mobile application. JAGGAER may associate such location data with Personal Information a User provides. Depending on the platform used to access our mobile application (e.g., Apple’s iOS, Google’s Android), Users may be able to control whether location data is collected in device or mobile application settings.

    Some features within the Platform may only function upon confirmation of a User’s location, and therefore, such features will not be available if a User chooses not to provide JAGGAER their location data.

    Additionally, JAGGAER may collect a User’s unique device ID. JAGGAER may use such information for internal purposes and to provide Users a better experience, such as troubleshooting. JAGGAER may associate device ID with Personal Information Users provide to us. Users may learn more about opting out of any anonymous device ID collection in their mobile device settings.

    JAGGAER uses cookies to collect and store information when Users visit the Platform, and as necessary to provide the service.

    JAGGAER deploys only cookies that are required for the Platform to operate – we refer to these as “essential” or “strictly necessary” cookies.

    1. JAGGAER’s Legal Basis for Processing Personal Information

    JAGGAER processes Users’ Personal Information, based on one or more of the following:

    • Legitimate interest in the performance of JAGGAER services related to Users, such as a contractual agreement with JAGGAER clients,
    • Compliance with a legal obligation to which the JAGGAER is subject.
    Personal data categoryData SubjectPurpose of processingLegal basis for data processing
    User registration data:
    • Name and Surname
    • Business email address
    • Optional fields data: Company, job title etc.
    • Supplier users registering in Platform
    • Allowing Users to access and use the Platform
    • Storing as permitted to meet JAGGAER’s obligations under applicable law, or if required to manage claims by or against JAGGAER or its Customers
    • Legitimate Interests
    • Compliance with a legal obligation to which the controller is subject
    Data Collected Systematically in Platform:
    • Application logs
    • IP addresses
    • Operating system
    • Browser
    • Language preferences
    • Clickstream data
    • Network data
    • Communication data
    • Customer’s authorized users
    • JAGGAER’s customers’ business contacts and suppliers
    • Supplier Users who register in Platform
    • Product development and enhancement
    • Security enhancement
    • Fraud or other crime detection and prevention
    • Meeting JAGGAER’s obligations under applicable law
    • Support the claims management process related to possible legal actions
    • Legitimate Interests
    • Compliance with a legal obligation to which the controller is subject
    1. Use and Disclosure of Personal Information

    JAGGAER treats Personal Information as confidential, and JAGGAER only accesses Personal Information to provide its Platform services, respond to requests related to the services and enhance the Platform, as described in more detail in Section 2 (Purpose of Processing).

    JAGGAER does not sell any Personal Information to third parties. JAGGAER will only share Personal Information with third parties in the following circumstances:

    • When authorized by the User to do so in writing;
    • When it is reasonably necessary to comply with a legal process, such as a court order, subpoena or search warrant, government investigation or other legal requirements, including to meet national security or law enforcement requirements;
    • During any direct or indirect reorganization process, including, but not limited to, mergers, acquisitions, and sales of all or substantially all our assets — and in such cases, sharing Personal Information would be subject to applicable laws and regulations such as obtaining prior consent where applicable; or

    When necessary for the prevention or detection of crime (subject in each case to applicable law) or to establish or defend a legal claim. JAGGAER will only provide Personal Information to third-party service providers and vendors that are authorized by JAGGAER to provide services on JAGGAER’s behalf and for the purposes described in this Policy, and only when agreements are in place that require each third party to protect the privacy and confidentiality of Personal Information that is shared and to comply with all applicable privacy and data protection laws.

    At this time, JAGGAER does not share Personal Information referenced in this Policy with third parties for their direct marketing purposes.

    1. Users’ Rights

    Users may have certain rights relating to their Personal Information under local data protection law. JAGGAER aims to provide Users with choices about how JAGGAER uses their Personal Information, whenever possible. We also aim to provide Users with access to their Personal Information. If a User informs JAGGAER that Personal Information requires amendment, we strive to provide ways to update it quickly or to delete it – unless we have to keep that information for legitimate business or legal purposes. Subject to applicable law, Users may obtain a copy of Personal Information JAGGAER maintains about them, or they may update or correct inaccuracies in that information by contacting us. To help protect privacy and maintain security, JAGGAER will take steps to verify a User’s identity before granting access to such information.

    1. Requesting and Accessing Personal Information

    You may submit requests or complaints related to your Personal Information to privacy@jaggaer.com. All Users may update or correct information about themselves by making changes to their profile in the Platform or by submitting a request to privacy@jaggaer.com.

    You may also communicate with us at:

    JAGGAER, LLC
    Attention: Legal Department
    P.O. Box 12768
    700 Park Offices
    Suite 300
    Research Triangle Park, NC 27709

    Please note that we may ask Users to provide additional information to verify their identity before taking further action on their request. Users may designate an authorized agent to make a request on their behalf in certain circumstances.

    JAGGAER may retain an archived copy of records of received requests as required by law, to comply with our legal obligations, to resolve disputes, to enforce our agreements, or for other legitimate business purposes.

    In some cases, our ability to respond to a User’s request may depend on our obligations to process Personal Information for security, safety, fraud prevention or compliance requirements, or because processing is necessary to perform services. Therefore, we may inform Users of such dependencies in response to a request.

    JAGGAER endeavors to respond to verifiable requests within 30 days of receipt, consistent with applicable laws.

    We do not charge a fee to process or respond to a verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will explain why we made that decision and provide a cost estimate before completing the request.

    1. Data Retention

    JAGGAER only keeps Personal Information consistent with our legitimate business interests and as permitted and/or required by applicable law and, any timeframes set forth in the applicable contractual agreement with JAGGAER’s Client. We retain Personal Information even after business relationships end if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our Terms of Service, or fulfill request to “unsubscribe” from further messages from us.

    1. Specific Jurisdictional Terms

    Appendix A to this Policy includes terms specific to certain jurisdictions that may apply to Users. JAGGAER may update the Appendix from time to time, including to address changes in applicable laws without the requirement for notice. Appendix A is incorporated in and constitutes part of this Policy.

    1. Questions about this Policy

    If you have any questions relating to this Policy, please contact privacy@jaggaer.com.

    1. Changes to this Policy

    JAGGAER reserves the right to modify any part of this Policy from time to time. The most up-to-date version can be found on this website.

    1. Related Policies and Procedures

    JAGGAER Marketing Privacy Policy

    Appendix A – Specific Jurisdictional Rights

    Rights of Residents of the European Economic Area, United Kingdom, and Switzerland

    The European Economic Area’s General Data Protection Regulation (“GDPR”), and corresponding legislation in the United Kingdom and Switzerland, provide European, Switzerland, and United Kingdom residents with certain rights in connection with Personal Information Users have shared with JAGGAER. Residents in the European Economic Area may have the following rights:

    • The right to be informed. Users are entitled to be informed of the use of Personal Data (as defined under GDPR). This Policy provides such information.
    • The right of access. Users have the right to request a copy of their Personal Data which JAGGAER holds.
    • The right of correction. Users have the right to request correction or changes of the Personal Data if it is found to be inaccurate or out of date.
    • The right to withdraw consent. Users have the right to withdraw a previously given consent for processing their Personal Data for a specific purpose.
    • The right to be forgotten. Users have the right to request JAGGAER, at any time, to delete their Personal Data from our servers and to erase their Personal Data when it is no longer necessary for us to retain such data. Note, however, that deletion of Personal Data will likely impact a User’s ability to use JAGGAER Platform.
    • The right to object (opt-out). Users have the right to opt out of certain uses of their Personal Data, at any time.
    • The right to data portability. Users have the right to a “portable” copy of the Personal Data they have submitted to us. Generally, this means their right to request that we move, copy, or transmit their Personal Data stored on our servers or information technology environment to another service provider’s servers or information technology environment.
    • The right to refuse to be subjected to automated decision making, including profiling. Users have the right not to be subject to a decision and insist on human intervention if the decision is based on automated processing and produces a legal effect or a similarly significant effect.
    • The right to lodge a complaint with a supervisory authority. Users have the right to lodge complaints about our data processing activities by filing a complaint with JAGGAER or with the relevant Supervisory Authority. A list of Supervisory Authorities is available here: National Data Protection Authorities

    If Users are located in the European Union, U.K., or Switzerland, this section of the Policy provides notice that their Personal Information may be processed in the United States and other Third Countries in accordance with the applicable data protections laws.

    JAGGAER may, directly or indirectly through third parties around the world, process, store, and transfer the information Users provide, including their Personal Information, as described in this Policy. Specifically, the information and Personal Information that we collect may be transferred to, and stored at, a location outside of a User’s jurisdiction. It also may be processed by persons operating outside of a User’s jurisdiction who work for us or for one of the organizations outlined in this Policy in connection with the activities outlined in this Policy. When transferring, storing or processing Users’ Personal Information JAGGAER will take all steps necessary to ensure that Personal Information is treated securely and in accordance with this Policy and applicable Data Protection Laws. We have put in place commercially reasonable technical and organizational procedures to safeguard the information and Personal Information we collect in the Platform While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

    If Users are located in the European Economic Area and have questions about their rights, they may also contact the Supervisory Authority of your country of residence (see National Data Protection Authorities).

    Rights of Residents of California

    The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide consumers based in California with specific rights regarding their personal information, including:

    • The right to know. Users have the right to request that JAGGAER disclose certain information to them about JAGGAER’s collection and use of their Personal Information, such as the specific pieces of Personal Information JAGGAER has collected, as well as information about JAGGAER’s sale or disclosure for business purposes of their Personal Information to third parties. Once JAGGAER receives and confirms a User’s request, JAGGAER will disclose to the User the information they have requested.
    • The right to delete. Users have the right to request that JAGGAER deletes any of their Personal Information that JAGGAER collected from them and retained, subject to certain exceptions. Once JAGGAER receives and confirms their verifiable consumer request, JAGGAER will delete (and direct JAGGAER’s service providers to delete) Users’ Personal Information from its records, unless an exception applies.
    • The right to correct inaccurate Personal Information maintained by the business
    • The right to data portability. Users have the right to request that Personal Information is transferred to another entity in a structured, commonly used, machine-readable format, to the extent possible.
    • The right to opt-out of the sale of Personal Information. JAGGAER does not sell Users’ Personal Information to third parties.
    • The right to limit the use and disclosure of Sensitive Personal Information. Users have the right to limit the use and disclosure of their Sensitive Personal Information to that use which is necessary to perform the expected service.
    • The right to non-discrimination. JAGGAER will not discriminate against Users for exercising any of their CCPA rights.

    If Users are located in California and have questions about their rights, they may also contact CCPA Toll Free Number: 1-866-467-8688, enter Service Code 987#.

    Effective: September 2025

    Prior Version: April 2024