SERVICE PRIVACY POLICY

CHOOSE ANOTHER LANGUAGE:

Effective:  May 25, 2018
Prior Version:  July 27, 2017


Service Privacy Policy

This Service Privacy Policy describes the information privacy practices that SciQuest d.b.a. JAGGAER and its subsidiaries, including BravoSolution and Pool4Tool, (“JAGGAER”) employ when JAGGAER’s customers and suppliers use our software applications and services (together, the “Solution”).

The data controller for the information you provide or that we collect from you when you use the Solution is:

SciQuest, Inc. d.b.a. JAGGAER
3020 Carrington Mill Blvd., Suite 100
Morrisville, NC 27560

This Service Privacy Policy does not cover any information collected by JAGGAER for marketing purposes or when you are not using the Solution, which is governed by our Marketing Privacy Policy available at  https://www.jaggaer.com/privacy-policy/.

Personal Information JAGGAER Processes

In the normal course of using the Solution, users of customers and suppliers may enter personal information into the Solution, such as business contact information or, with respect to customers using the Solution, an individual’s role in the customer’s organization. By submitting personal information to the Solution, you consent to JAGGAER’s storage, use and other processing of this information in accordance with this Service Privacy Policy.

Use and Disclosure of Personal Information

JAGGAER treats personal information as confidential and JAGGAER accesses personal information provided by you through the Solution in order to provide the Solution to you, fulfil your requests related to the Solution and enhance your use of the Solution.

JAGGAER does not sell any personal information to third parties. JAGGAER does not share any personal information with third parties unless: (i) authorized by you in writing, (ii) the third parties are service providers authorized by JAGGAER to perform services for you on JAGGAER’s behalf and for the purposes described in this Service Privacy Policy, and only when agreements are in place that require each third party to protect the privacy and confidentiality of the personal information that is shared and comply with all applicable privacy and data protection laws; (iii) it is reasonably necessary to comply with a legal process, such as a court order, subpoena or search warrant, government investigation or other legal requirements, including to meet national security or law enforcement requirements, or  (iv) necessary for the prevention or detection of crime (subject in each case to applicable law) or to establish or defend a legal claim.

JAGGAER uses and shares information that by itself, does not identify an individual, customer or supplier (such as device information or general behavioral data), primarily to enhance your use of the Solution and for benchmarking purposes.

Access

If you are an employee of a customer or supplier who uses the Solution and you seek access, or seek to correct, amend, or delete inaccurate personal information about you, please first direct your request to your employer because our customers and suppliers generally have administrative rights to make these changes.

If our customer, a supplier or any employee of a customer or a supplier requests that JAGGAER to correct, amend, or delete inaccurate personal information to comply with applicable data protection regulations, then JAGGAER will respond to the request within thirty (30) business days.

If you wish to contact JAGGAER directly to access the personal information that JAGGAER holds about you, you may email your request to JAGGAER at privacy@jaggaer.com. JAGGAER will respond to the request within thirty (30) business days. To protect your privacy, we may ask you to verify your identity or provide additional information before we let you access or update your information.

JAGGAER will provide you with the information you have sought by email, or if possible, in another form that you have requested. We may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets, intellectual property or the privacy of another user.   If JAGGAER decides to deny you access to some or all of your personal information, JAGGAER will notify you of our decision in writing within thirty (30) business days, which will include an explanation of our decision and directions regarding how you can complain if you are not satisfied with our decision.

JAGGAER EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework Privacy Statement

If you are located in the European Union or Switzerland, this section of the Service Privacy Policy provides notice that your personal information may be processed in the United States. JAGGAER complies with the applicable provisions of the EU-US Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information transferred to the United States from the European Union and Switzerland, respectively. JAGGAER has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms of this Service Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program and to view JAGGAER’s certification, please visit: https://www.privacyshield.gov/.

Complaint Handling; Dispute Resolution

In compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Principles, JAGGAER commits to resolve complaints about your privacy and our collection or use of your personal information. Individuals with inquiries or complaints regarding this Service Privacy Policy should contact JAGGAER at privacy@jaggaer.com.

JAGGAER has further committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. Additionally, in accordance with the EU-U.S. Privacy Shield, an individual may, under certain conditions, invoke binding arbitration.

Investigations; Enforcement; Liability

As a result of JAGGAER’s adherence to the EU-U.S. and Swiss-U.S. Privacy Shield Principles, JAGGAER is subject to the investigatory and enforcement powers of the Federal Trade Commission. In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US and Swiss-U.S. Privacy Shield Principles, JAGGAER is potentially liable.

Contact Details

At any time you may contact JAGGAER with questions or concerns about this Service Privacy Policy at privacy@jaggaer.com.  You also may communicate with us at:

SciQuest, Inc. dba JAGGAER
Attention: General Counsel
3020 Carrington Mill Blvd. Suite 100
Morrisville, NC 27560

If you are located in the European Union and have questions about this Service Privacy Policy, you also may contact the Supervisory Authority of your country of residence (see http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080).

Data Retention

We keep your personal information only as long as we need it for legitimate business purposes and as permitted by applicable law and any timeframes set forth in the applicable customer or supplier agreement.

Security

The security of your data, including personal information, is very important to JAGGAER. JAGGAER maintains a comprehensive, written information security program that contains administrative, technical and physical safeguards designed to protect your data against unauthorized access, theft and loss, including physical and logical access controls, firewalls, intrusion detection systems, network and database monitoring, anti-virus systems and backup systems. JAGGAER limits access to your data to those persons who have a specific business purpose for processing your data. JAGGAER’s employees who are granted physical access to personal information are required to protect the confidentiality, integrity, and availability of that information and are provided training and instruction on how to do so. With respect to customer use of the Solution, JAGGAER designs its Solution to enforce user access controls and our customers are authorized and responsible for configuring these settings appropriately.

Changes to our Service Privacy Policy

This Service Privacy Policy is effective and current as of the date set forth at the top of this page. JAGGAER reserves the right to modify any part of this Service Privacy Policy from time to time to reflect changes to technology, legal obligations and information handling practices. JAGGAER will alert you to any change to this this Service Privacy Policy by indicating the date it was last updated at the top of this page. We will notify you in writing before any material change takes effect so that you have time to review the terms of the revised Service Privacy Policy before the changes are in effect.