Service Privacy Policy
Purpose
JAGGAER’s Service Privacy Policy (this “Policy”) describes JAGGAER’s privacy practices when JAGGAER processes personal information related to users of the JAGGAER One platform (the “Platform”) for its business purposes, where JAGGAER determines the purposes and means of the processing.
This Policy does not cover when JAGGAER processes personal information on behalf of its clients as part of the JAGGAER’s services. Such processing is governed by agreements with clients including any applicable data processing agreement.
This Policy also does not cover any information collected through www.jaggaer.com for marketing purposes, which is governed by our Website Privacy Policy.
Scope
This Policy applies to JAGGAER, LLC and all its subsidiaries (collectively, “JAGGAER”) and all its directors, officers, employees, and contractors (“JAGGAER Team Members”).
In a Nutshell – Policy Summary
- JAGGAER processes Personal Information from clients’ and suppliers’ users of the Platform (collectively, “Users”) to provide and to improve our services.
- JAGGAER collects Personal Information in two principal ways:
- Information input by Users
- Information collected by the Platform, through cookies and system logs
- Supplier users registering in the JAGGAER One platform must input their Personal Information to receive credentials to use the Platform.
- JAGGAER collects certain information automatically, such as Users’ operating system version, and browser type. JAGGAER also collects information about Users’ interaction with the Platform, through system logs and cookies.
- All Users may update or correct their information by making changes to their profile in the Platform or by submitting a request to privacy@jaggaer.com.
- Users in certain jurisdictions may have additional rights related to their Personal Information processed by JAGGAER. See Appendix A for more information on jurisdiction-specific privacy information.
- Users registering with JAGGAER in the Platform provide an email address. Those email addresses may be used to contact Users for a Policy change or Platform notices (such as security alerts).
- JAGGAER only retains Personal Information as long as we need it for legitimate business purposes and as permitted by applicable law.
- The security of Users’ Personal Information is very important to JAGGAER. Please also see our JAGGAER Trust Center for more information about our privacy and information security programs.
Policy
- Definitions
Personal Information: Any information that identifies or can be used to identify a User. Common examples of Personal Information include:
- Full name
- Email address
- Device information
- Logs
- Purpose of Processing as Controller
Personal Information is collected, accessed, used and stored (“processed”) by JAGGAER for the business purposes of enabling:
- Users to access and use the Platform;
- traceability, auditability, reliability, and accountability of business transaction activity in the Platform; and
- security and access controls.
Additional purposes of processing by JAGGAER include legitimate business interests such as:
- Product and service development and enhancement,
- Fraud or other crime detection and prevention,
- Support the claims management process related to possible legal actions
- Enhancement of our cybersecurity
In each circumstance, we weigh the purpose of our processing Personal Information against privacy and confidentiality interests, including taking into account Users’ reasonable expectations, the impact of processing, and relevant safeguards.
- Personal Information Processing by JAGGAER
When providing services to clients, JAGGAER primarily acts a Data Processor, under the instructions of a client which acts as Data Controller, as provided under a data processing agreement or another client agreement.
This Policy concerns only Personal Information processed by JAGGAER as an independent Data Controller.
JAGGAER determines the purposes and means of the processing of the below set of Personal Information:
- Users’ interaction with the Platform, such as: activity logs and/or other information associated with the activity of Users and their devices.
- Users’ registration data input in the Platform.
(a) Information Provided by Users
When creating and signing into the Platform, supplier users must provide their Personal Information by completing forms for the credentials. This includes supplier users’ names and email addresses. Additionally, supplier users may enter Personal Information into the Platform, such as business contact information or, an individual’s role in the User’s organization.
In some instances, Users may elect to provide JAGGAER with location and address information. Users may also provide JAGGAER with Personal Information when reporting a problem or asking questions about the Platform.
The Platform may offer interactive and social features that permit Users to submit content and communicate with JAGGAER. Users may provide Personal Information to JAGGAER when they post information in these interactive and social features. Please note that postings in these areas of these sites may be publicly accessible or accessible by other Users.
When creating an account to access or use the Platform on a mobile device, supplier users may provide information such as name, email address, username, or password. Additionally, when a device syncs with JAGGAER’s application, certain data recorded on that device is transferred from the device to the Platform.
Users can choose not to provide certain Personal Information to JAGGAER, but as a result may not be able to take advantage of some features of the Platform.
(b) Information Collected Through the Use of JAGGAER Platform
JAGGAER collects certain information automatically, such as a User’s operating system version, browser type, and internet service provider. JAGGAER also collects information about Users’ interaction with the Platform, such as logging into accounts or interacting with the Platform on mobile devices. The Platform automatically collects and stores this information in service logs. This also includes:
- Web portal use details
- Internet Protocol (IP) address
- Browser information
- Clickstream data
- The referring web page
- Pages visited
JAGGAER may also collect and use information about a User’s location. This information may or may not include Personal Information, but JAGGAER may associate it with Personal Information it collects in other ways or receives from third parties.
Location can be determined by IP address and information about things near a device, such as Wi-Fi access points and cell towers. The specificity of the location data collected depends on various factors, including the device in use (e.g., laptop, smartphone or tablet) and the type of internet connection (e.g., broadband or Wi-Fi).
When using the Platform via a wireless device, JAGGAER may request permission to collect location data. If location services are enabled on our mobile application, JAGGAER may collect location data periodically as someone uses or leaves open our mobile application. JAGGAER may associate such location data with Personal Information a User provides. Depending on the platform used to access our mobile application (e.g., Apple’s iOS, Google’s Android), Users may be able to control whether location data is collected in device or mobile application settings.
Some features within the Platform may only function upon confirmation of a User’s location, and therefore, such features will not be available if a User chooses not to provide JAGGAER their location data.
Additionally, JAGGAER may collect a User’s unique device ID. JAGGAER may use such information for internal purposes and to provide Users a better experience, such as troubleshooting. JAGGAER may associate device ID with Personal Information Users provide to us. Users may learn more about opting out of any anonymous device ID collection in their mobile device settings.
JAGGAER uses cookies to collect and store information when Users visit the Platform, and as necessary to provide the service.
JAGGAER deploys only cookies that are required for the Platform to operate – we refer to these as “essential” or “strictly necessary” cookies.
- JAGGAER’s Legal Basis for Processing Personal Information
JAGGAER processes Users’ Personal Information, based on one or more of the following:
- Legitimate interest in the performance of JAGGAER services related to Users, such as a contractual agreement with JAGGAER clients,
- Compliance with a legal obligation to which the JAGGAER is subject.
Personal data category | Data Subject | Purpose of processing | Legal basis for data processing |
User registration data:
|
|
|
|
Data Collected Systematically in Platform:
|
|
|
|
- Use and Disclosure of Personal Information
JAGGAER treats Personal Information as confidential, and JAGGAER only accesses Personal Information to provide its Platform services, respond to requests related to the services and enhance the Platform, as described in more detail in Section 2 (Purpose of Processing).
JAGGAER does not sell any Personal Information to third parties. JAGGAER will only share Personal Information with third parties in the following circumstances:
- When authorized by the User to do so in writing;
- When it is reasonably necessary to comply with a legal process, such as a court order, subpoena or search warrant, government investigation or other legal requirements, including to meet national security or law enforcement requirements;
- During any direct or indirect reorganization process, including, but not limited to, mergers, acquisitions, and sales of all or substantially all our assets — and in such cases, sharing Personal Information would be subject to applicable laws and regulations such as obtaining prior consent where applicable; or
When necessary for the prevention or detection of crime (subject in each case to applicable law) or to establish or defend a legal claim. JAGGAER will only provide Personal Information to third-party service providers and vendors that are authorized by JAGGAER to provide services on JAGGAER’s behalf and for the purposes described in this Policy, and only when agreements are in place that require each third party to protect the privacy and confidentiality of Personal Information that is shared and to comply with all applicable privacy and data protection laws.
At this time, JAGGAER does not share Personal Information referenced in this Policy with third parties for their direct marketing purposes.
- Users’ Rights
Users may have certain rights relating to their Personal Information under local data protection law. JAGGAER aims to provide Users with choices about how JAGGAER uses their Personal Information, whenever possible. We also aim to provide Users with access to their Personal Information. If a User informs JAGGAER that Personal Information requires amendment, we strive to provide ways to update it quickly or to delete it – unless we have to keep that information for legitimate business or legal purposes. Subject to applicable law, Users may obtain a copy of Personal Information JAGGAER maintains about them, or they may update or correct inaccuracies in that information by contacting us. To help protect privacy and maintain security, JAGGAER will take steps to verify a User’s identity before granting access to such information.
- Requesting and Accessing Personal Information
You may submit requests or complaints related to your Personal Information to privacy@jaggaer.com. All Users may update or correct information about themselves by making changes to their profile in the Platform or by submitting a request to privacy@jaggaer.com.
You may also communicate with us at:
JAGGAER, LLC
Attention: Legal Department
P.O. Box 12768
700 Park Offices
Suite 300
Research Triangle Park, NC 27709
Please note that we may ask Users to provide additional information to verify their identity before taking further action on their request. Users may designate an authorized agent to make a request on their behalf in certain circumstances.
JAGGAER may retain an archived copy of records of received requests as required by law, to comply with our legal obligations, to resolve disputes, to enforce our agreements, or for other legitimate business purposes.
In some cases, our ability to respond to a User’s request may depend on our obligations to process Personal Information for security, safety, fraud prevention or compliance requirements, or because processing is necessary to perform services. Therefore, we may inform Users of such dependencies in response to a request.
JAGGAER endeavors to respond to verifiable requests within 30 days of receipt, consistent with applicable laws.
We do not charge a fee to process or respond to a verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will explain why we made that decision and provide a cost estimate before completing the request.
- Data Retention
JAGGAER only keeps Personal Information consistent with our legitimate business interests and as permitted and/or required by applicable law and, any timeframes set forth in the applicable contractual agreement with JAGGAER’s Client. We retain Personal Information even after business relationships end if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our Terms of Service, or fulfill request to “unsubscribe” from further messages from us.
- Specific Jurisdictional Terms
Appendix A to this Policy includes terms specific to certain jurisdictions that may apply to Users. JAGGAER may update the Appendix from time to time, including to address changes in applicable laws without the requirement for notice. Appendix A is incorporated in and constitutes part of this Policy.
- Questions about this Policy
If you have any questions relating to this Policy, please contact privacy@jaggaer.com.
- Changes to this Policy
JAGGAER reserves the right to modify any part of this Policy from time to time. The most up-to-date version can be found on this website.
- Related Policies and Procedures
JAGGAER Marketing Privacy Policy
Appendix A – Specific Jurisdictional Rights
Rights of Residents of the European Economic Area, United Kingdom, and Switzerland
The European Economic Area’s General Data Protection Regulation (“GDPR”), and corresponding legislation in the United Kingdom and Switzerland, provide European, Switzerland, and United Kingdom residents with certain rights in connection with Personal Information Users have shared with JAGGAER. Residents in the European Economic Area may have the following rights:
- The right to be informed. Users are entitled to be informed of the use of Personal Data (as defined under GDPR). This Policy provides such information.
- The right of access. Users have the right to request a copy of their Personal Data which JAGGAER holds.
- The right of correction. Users have the right to request correction or changes of the Personal Data if it is found to be inaccurate or out of date.
- The right to withdraw consent. Users have the right to withdraw a previously given consent for processing their Personal Data for a specific purpose.
- The right to be forgotten. Users have the right to request JAGGAER, at any time, to delete their Personal Data from our servers and to erase their Personal Data when it is no longer necessary for us to retain such data. Note, however, that deletion of Personal Data will likely impact a User’s ability to use JAGGAER Platform.
- The right to object (opt-out). Users have the right to opt out of certain uses of their Personal Data, at any time.
- The right to data portability. Users have the right to a “portable” copy of the Personal Data they have submitted to us. Generally, this means their right to request that we move, copy, or transmit their Personal Data stored on our servers or information technology environment to another service provider’s servers or information technology environment.
- The right to refuse to be subjected to automated decision making, including profiling. Users have the right not to be subject to a decision and insist on human intervention if the decision is based on automated processing and produces a legal effect or a similarly significant effect.
- The right to lodge a complaint with a supervisory authority. Users have the right to lodge complaints about our data processing activities by filing a complaint with JAGGAER or with the relevant Supervisory Authority. A list of Supervisory Authorities is available here: National Data Protection Authorities
If Users are located in the European Union, U.K., or Switzerland, this section of the Policy provides notice that their Personal Information may be processed in the United States and other Third Countries in accordance with the applicable data protections laws.
JAGGAER may, directly or indirectly through third parties around the world, process, store, and transfer the information Users provide, including their Personal Information, as described in this Policy. Specifically, the information and Personal Information that we collect may be transferred to, and stored at, a location outside of a User’s jurisdiction. It also may be processed by persons operating outside of a User’s jurisdiction who work for us or for one of the organizations outlined in this Policy in connection with the activities outlined in this Policy. When transferring, storing or processing Users’ Personal Information JAGGAER will take all steps necessary to ensure that Personal Information is treated securely and in accordance with this Policy and applicable Data Protection Laws. We have put in place commercially reasonable technical and organizational procedures to safeguard the information and Personal Information we collect in the Platform While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
If Users are located in the European Economic Area and have questions about their rights, they may also contact the Supervisory Authority of your country of residence (see National Data Protection Authorities).
Rights of Residents of California
The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide consumers based in California with specific rights regarding their personal information, including:
- The right to know. Users have the right to request that JAGGAER disclose certain information to them about JAGGAER’s collection and use of their Personal Information, such as the specific pieces of Personal Information JAGGAER has collected, as well as information about JAGGAER’s sale or disclosure for business purposes of their Personal Information to third parties. Once JAGGAER receives and confirms a User’s request, JAGGAER will disclose to the User the information they have requested.
- The right to delete. Users have the right to request that JAGGAER deletes any of their Personal Information that JAGGAER collected from them and retained, subject to certain exceptions. Once JAGGAER receives and confirms their verifiable consumer request, JAGGAER will delete (and direct JAGGAER’s service providers to delete) Users’ Personal Information from its records, unless an exception applies.
- The right to correct inaccurate Personal Information maintained by the business
- The right to data portability. Users have the right to request that Personal Information is transferred to another entity in a structured, commonly used, machine-readable format, to the extent possible.
- The right to opt-out of the sale of Personal Information. JAGGAER does not sell Users’ Personal Information to third parties.
- The right to limit the use and disclosure of Sensitive Personal Information. Users have the right to limit the use and disclosure of their Sensitive Personal Information to that use which is necessary to perform the expected service.
- The right to non-discrimination. JAGGAER will not discriminate against Users for exercising any of their CCPA rights.
If Users are located in California and have questions about their rights, they may also contact CCPA Toll Free Number: 1-866-467-8688, enter Service Code 987#.
Effective: September 2025
Prior Version: April 2024