By accessing and using our Services, you are agreeing to the terms of this Policy. Where we require your consent to process your personal data, we will ask for your consent to the collection, use, and disclosure of your personal data in advance, and such consent is voluntary and can be withdrawn at any time. However, if you withdraw such a consent, Ramp may not be able to provide you Services.
If you do not agree with or you are not comfortable with any part of this Policy, please immediately discontinue access or use of our Services.
Ramp collects certain personal data about you and your use of the Service. This information falls into three primary categories: (1) information you provide to us, (2) information we collect from you automatically, and (3) information we collect from third parties. Personal data is any information that identifies or makes an individual identifiable.
Information you provide to us. Collection of this personal data is either required by law, or necessary to provide the requested service. We may collect the following types of personal data from you:
Information we automatically collect from you. To the extent permitted under the applicable law, we may collect certain types of information automatically, such as whenever you interact with the Sites or use the Services. This information helps us address customer support issues, improve the performance of our Sites and Services, provide you with a streamlined and personalized experience, and protect your account from fraud by detecting unauthorized access. We may collect following types of information automatically from you:
Information we collect from third parties. From time to time, we may obtain information about you from third party sources as required or permitted by law such as your service providers and through publicly available sources. For example, payment providers you use to transfer money to us will provide us with your basic personal information, such as your name and address, as well other data necessary to carry out transactions. We may also collect data from AISP if you choose to use this identification and/or payment method (on the basis of your explicit consent given to AISP to obtain account information).
We and third parties on our behalf may employ various tracking technologies, such as cookies and other similar technologies (collectively, “Tracking Technologies”) to collect additional Personal data automatically as you interact with our Services, that help us to personalize your experience with our Service, and help us better manage content on our Service by informing us what content is effective.
Our Sites may use a ‘load balancer’ to store an identifier on your browser to help keep you connected to the same web server throughout your visit, for a smoother browsing experience. Similarly, session cookies enable our individual web servers to keep track of your progress throughout your visit. When you submit data through a form such as a contact page or comment box, cookies may be set to remember your user details for future correspondence.
We may use the following third-party cookies:
If you do not want Ramp to deploy cookies in your browser, you can opt-out by setting your browser to refuse some or all cookies, or notify you when a website tries to set a cookie in your browser software. If you choose to disable cookies in your browser, you can still use the Website, although your ability to use some of the features may be affected. If you want to learn the correct way to modify your browser settings, please use the Help menu in your browser or review the instructions provided by the following browsers: Internet Explorer, Google Chrome, Mozilla Firefox, Safari Desktop, Safari Mobile; and Android browser.
Our primary purpose in collecting personal data is to provide you with a secure, smooth, efficient, and customized experience. In general, we use personal data to create, develop, operate, deliver, and improve our Services. We may use your personal data to:
For individuals who are located in the European Economic Area, Switzerland or the United Kingdom (collectively, “Europe Residents”) at the time of data collection, our legal bases for processing your information under the applicable data protection laws will depend on the personal data at issue, the specific context in the which the personal data is collected and the purposes for which it is used. We generally only process your data where we are legally required to; where processing is necessary to perform any contracts we entered with you or to take steps at your request prior to entering into a contract with you; where processing is in our legitimate interests to operate our business and not overridden by your data protection interests or fundamental rights and freedoms,; or where we have obtained your consent to do so,. Below is a chart showing how Ramp uses your personal data, as described above in Section 3, with the corresponding legal bases for processing.
We share your personal data as needed to fulfill the purposes described in this Policy and as permitted by applicable law. We may share your personal fata in the following circumstances:
Depending on the applicable law where you reside, you may exercise the following rights. We may limit these privacy rights requests: (1) when denial of access is required or authorized by law; (2) when granting access would have a negative impact on another's privacy; (3) to protect our rights and properties; (4) where the request is frivolous or burdensome. If you would like to exercise your rights under applicable law, please contact us at email@example.com. We may seek to verify your identity when we receive your privacy rights request to ensure the security of your personal data.
Our Service is operated in the European Economic Area (EEA), the United Kingdom, the United States, and potentially elsewhere. For EEA Residents, the personal data we collect from you will not be transferred to or stored outside of the EEA unless you consent to authorizing a U.S. payment processing services providers or Ramp’s U.S. affiliates and partners to fulfill the transactions. If you choose to authorize such transactions, you hereby irrevocably and unconditionally consent to the transfer, processing, and use of your information in the United States.
If we transfer your personal data outside of the EEA and UK to a data processor, we will ensure that the transfer is lawful and that data processors in third countries are obliged to comply with the European Union (EU) General Data Protection Act 2016 and the UK Data Protection Act 2018.
We will protect your personal data in accordance with this Policy wherever it is processed and will take appropriate contractual or other steps to protect the relevant personal data in accordance with applicable laws. We contractually obligate recipients of your personal data to agree to at least the same level of privacy safeguards as required under applicable data protection laws.
We will only retain your personal information for as long as it is necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting obligations or to resolve disputes. For example, for the purposes of our compliance with Anti-Money Laundering obligations, we will store your personal data for five years beginning on the date on which our business relationship has come to an end.
We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.
We maintain (and contractually requires third parties that shares your personal data to maintain) appropriate physical, technical and administrative safeguards to protect the security and confidentiality of your personal data both during transmission and at rest. For example, we use industry standard encryption methods, such as TLS/SSL protocol, for all data transmissions and we store all data in encrypted databases to ensure the security of your data.
Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. We cannot guarantee that the information you supply will not be intercepted while being transmitted over the Internet. In particular, e-mail sent to us may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail (and please do not send us sensitive information, such as payment card information or government issued IDs). You are responsible for protecting your password(s) and maintaining the security of your browsers and devices.
If you have reason to believe that your personal data is no longer secure, please contact us immediately at: firstname.lastname@example.org.
This section only applies to California residents. The purpose of this section is to inform California residents (“consumers” or “you”), at or before the time of collection of “personal information” (as that term is defined in the California Consumer Privacy Act (“CCPA”)), about our data collection practices and your privacy-related rights under California law). Your “right to know” about personal information collected, used, and disclosed by Ramp includes what categories of personal information we collect from you and the purpose for its collection; how we use those categories of personal information; and how we share the personal information you entrust to us.
The chart below describes the categories of personal information that Ramp has collected in the preceding 12 months, the sources and purpose of such collection, and the parties to whom the information was shared for business purpose.
Access to Specific Information and Data Portability Rights – Subject to certain exceptions, if you are a California resident you have the right to request a copy of the personal information that we collected about you during the 12 months before your request. Once we receive your request and verify your identity, we will disclose to you:The categories of personal information we have collected about you;
Sale of Personal Information – You have the right to request that we disclose to you: the categories of your personal information that we sold, and the categories of third parties to whom your personal information was sold. Ramp does not sell your personal information in its ordinary course of business and will never sell your personal information to third parties without your explicit consent.
Deletion Request Rights – Subject to certain exceptions, you have the right to request that we delete any of your personal information that we collected from you and retained.
Non-Discrimination – We recognize and respect that you have the right to not receive discriminatory treatment by the business for exercising any of your CCPA rights.
Exercising Access, Data Portability, and Deletion Rights – To exercise the access, data portability, and deletion rights described above as a California resident, please submit a verifiable consumer request to us by contacting us as described in the “Contact Us” section below.
Use of an Authorized Agent to Submit a Request – Only you or a person you formally authorize to act on your behalf, may make a verifiable consumer request related to your personal information as a California consumer. If you use an authorized agent to submit such a request, we will require written proof that the authorized agent has been authorized to act on your behalf or a copy of the power-of-attorney document granting that right.
We do not knowingly request to collect personal data from any person under the age of 18. Hereinafter “Child”. If a user submitting personal data is suspected of being under the age of 18, we will require the user to close his or her account, terminate the user’s access to our Service, and take steps to delete the personal data collected as soon as possible. If you know of any Child using our Services, please notify us via the method identified in the Contact Us section below so we can take action to prevent access to our Services.