Last updated: 06/28/2019
This Privacy Notice applies (i) when you access or use www.kabbageplatform.com (the "Site"), which is owned or administered by Kabbage, Inc. ("we", "us" and "our") or (ii) when you license our automated, online lending platform (“Platform”). We are committed to protecting the information that we collect from our business customers and their employees and representatives (collectively, "you" or "your") who access or use the Site or license the Platform. This Privacy Notice describes how we collect, store, use, disclose, and protect information that you provide, directly in connection with your use of the Site or licensing of the Platform. This Privacy Notice describes your choices and access rights regarding the information collected in connection with your use of the Site or licensing of the Platform. For the purpose of the General Data Protection Regulation ("GDPR"), we are the controller of information about the employees or representatives of our business customers gathered in connection with the use of the Site or licensing of the Platform ("Personal Data"). By accessing or using the Site or licensing of the Platform, you accept the practices described in this Privacy Notice.
EU-U.S. Privacy Shield
Kabbage, Inc. participates in, and has certified its compliance with, the EU-U.S. Privacy Shield Framework ("Privacy Shield" or the "Framework"). We are committed to subjecting all Personal Data received from European Union ("EU") member countries, in reliance on Privacy Shield, to the Framework’s applicable principles. To learn more about the EU-U.S. Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov/list. If there is any conflict between the terms in this Privacy Notice and the Framework, the Framework shall govern.
We are responsible for the processing of Personal Data we receive under Privacy Shield, and subsequently transfer to a third party acting on our behalf. We comply with the Privacy Shield Principles for all onward transfers of Personal Data from the EU, including the onward transfer liability provisions. More information on these Principles, available here: https://www.privacyshield.gov/EU-US-Framework.
With respect to Personal Data received or transferred pursuant to Privacy Shield, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In connection with your use of the Site or licensing of the Platform, we collect, directly or indirectly, three types of information:
- Information regarding a business that is a business customer of the Platform ("Business Information");
- Information about such business customer's employees and representatives ("User Information"); and
- Information from your computer, mobile device, or other access device that is automatically collected as you interact with the Site ("General Information").
Business and User Information
We may receive Business Information from business customers, including, but not limited to: business name, mailing address, email address, and telephone number. We may also receive User Information from employees or representatives of business customers that consists of information, including, but not limited to: the individual's name, job title, business mailing address, business email address, and business telephone number.
We collect User Information and Business Information from you when you communicate with us by email, mail, text, telephone, or other electronic means.
We collect General Information from your computer, mobile device or other access device when you use the Site (including downloading and using a mobile application or accessing a mobile optimized site), view content about the Site on a third-party website or open emails or links in emails from us. This General Information is collected automatically and may include, but is not limited to, information about (i) your internet connection; (ii) the equipment you use to access the Site and usage details; (iii) your operating system, browser version and Internet Protocol (IP) address; (iv) your mobile device type, your device’s unique identifier and your mobile network information, and (v) web pages or advertisements that you view and information that you search for on the Site. As is true of most websites, we gather certain information automatically and store it in log files. This information may include IP addresses, browser type, Internet Service Provider (ISP), referring/exit pages, the files viewed on our Site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data. We may link this automatically collected data to other information we collect about you.
We may receive information about you from other sources, including publicly available databases, and combine this data with information we already have about you. This helps us to update, expand and analyze our records, identify new customers, and provide products and services that may be of interest to you. If you provide us personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us. Examples of the types of personal information that may be obtained from public sources and combined with information we already have about you, may include Personal Data for the purpose of correcting incorrect information, i.e. correction of a suite number associated with a business customer's address.
Use of Information
We use Business Information, User Information and General Information collected in connection with your use of the Site or licensing of the Platform for our legitimate business purposes including, but not limited to:
- Enabling you to obtain information about products and services through the Site;
- Enabling you to understand the business case and functionality of the Kabbage Platform;
- Directing you to the Kabbage Business Development group to request more information;
- Administering physical, network, and information security;
- Preventing fraud, misuse of services, money laundering, or other illegal activities;
- Enforcing legal claims;
- Conducting data analytics;
- Measuring the effectiveness of promotional campaigns and advertising;
- Enhancing, modifying or improving our services; and
- Understanding historical, statistical, and usage trends.
We will not reuse your Personal Data for a new purpose other than the original one(s) for which it was collected, unless one or more of the following apply:
- The new use is compatible with the original use such that you would reasonably expect such a similar use;
- We have notified you of the new use and given you an opportunity to authorize it; or
- The new use is otherwise permitted or required by law.
You have the right to object to this processing and if you wish to do so, please contact the Data Protection Officer at firstname.lastname@example.org.
We will retain your information collected in connection with your use of the Site or licensing of the Platform for as long as the information is needed to provide you services, comply with our legal or contractual obligations, to resolve disputes or for other business purposes.
We take your privacy seriously and will only share information as described in this Privacy Notice. We may share, whether aggregated or not, Business Information and User Information with trusted business partners and service providers (collectively, "Third Parties") under the following circumstances:
- To support our business operations including, but not limited to, Site user services, fraud prevention, secure data storage, and other similar services;
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other transfer of all or a portion of our business or an operating unit;
- To fulfill the purpose for which you provide such information to us or any other purpose disclosed by us when you provide the information to us;
- To any third party with your express consent;
- To protect the confidentiality or security of your records, to protect against or prevent actual or potential fraud, unauthorized transactions, claims or other liability, or for resolving disputes or inquiries;
- To comply with international, U.S. federal, state or local laws, rules and other applicable legal requirements, to comply with properly authorized civil, criminal or regulatory investigations, subpoenas, summons, bankruptcy notices by federal, state or local authorities, or to respond to judicial process or government regulatory authorities that have jurisdiction over us for examination, compliance or other purposes as authorized by law;
- To the extent permitted or required under other provisions of laws to law enforcement or self-regulatory organizations for an investigation related to public safety; and
- To protect our rights, protect your safety, or the safety of others.
Third Parties are authorized to use Business Information and User Information only as necessary to provide these services to us and are required by contract to maintain confidentiality and data security of such information. Subject to your express consent, we may share, whether aggregated or not, Business Information and User Information with Third Parties, including for jointly offered products and services, under agreements which restrict such Third Parties' use of the information and require such Third Parties to follow policies regarding privacy and safeguarding of User Information and Business Information. Third Parties may use such information obtained from us to market their or our products or services to you, including jointly offered products or services.
We may also use, sell, license or distribute General Information or User Information that has been anonymized so that the information does not identify a specific user without restriction, including, but not limited to producing data analytics and reports for Third Parties.
We may notify you via email of any change in ownership of User Information and Business Information (including as a result of a merger, acquisition, or sale of all or substantially all assets), changes to this Privacy Notice, as well as changes to any choices you may have regarding your Personal Data.
At any time, you can request access to your Personal Data, request that any inaccuracies be corrected, by sending an e-mail clearly outlining your request to the Data Protection Officer at email@example.com. You can also ask about:
- Whether and why we have your Personal Data;
- How we got your Personal Data;
- What we have done with your Personal Data;
- To whom we have communicated your Personal Data;
- Where your Personal Data has been stored, processed or transferred;
- How long we will retain your Personal Data, or how that retention period will be determined; and
- The safeguards in place to protect your Personal Data if it is transferred to another country.
Finally, you can ask us not to collect or use your Personal Data for certain purposes, you can ask us to erase your Personal Data, or you can ask us to provide your Personal Data to a third party.
Depending on which laws apply to your Personal Data, we may only be able to do some of these things for you. If you make a request and we are unable to do it, we will explain your legal rights, the reason for our refusal and any recourse you may have.
We will respond to your request without undue delay and within a reasonable timeframe. We reserve the right to take reasonable steps to verify the requestor's identity prior to granting access or processing changes or corrections.
With respect to information processed through the Platform on behalf of our business customers, we have no direct relationship with the individual end users whose Personal Data is processed. An individual who seeks access, or who seeks to correct, amend, or erase data should submit a query directly to that business customer.
We commit to investigating and resolving complaints about our collection or use of your Personal Data. To make a complaint, contact the Data Protection Officer at firstname.lastname@example.org.
Clearly state the following to help us address the issue effectively:
- The specific data privacy complaint (please provide as much detail as possible including country, our practice to which your complaint applies, your understanding of the data privacy infringement and issues, redress requested);
- Your full name and how we may contact you; and
- Any previous correspondence on this specific data privacy issue.
If you are not satisfied with our resolution of your complaint, you can make a privacy complaint to the Federal Trade Commission and/or your country's supervisory authority..
If you have any unresolved privacy or data use concerns that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Providing information regarding your browsing and application activity is voluntary. Most computer systems and browsers offer their own privacy settings. You can adjust your privacy settings to disable the cookies used on the Site. If you disable cookies, you can still use the Site, but your ability to use some features of the Site may be limited. Most mobile phones allow you to control privacy settings, including location-based services by accessing the device's settings menu. If you have questions about the privacy settings on your mobile device, you should contact your mobile service carrier.
We, our affiliates and our business partners may contact you to offer you products and services that may be of interest to you. Out of respect for your privacy, you may choose to stop receiving communications from us, our affiliates, and our business partners by following the unsubscribe instructions included in these emails or by contacting us at email@example.com or by telephone at 877-320-6061. You may write to us at Kabbage Platform Customer Service, P.O. Box 77073, Atlanta, GA 30357-1073, Attn: Opt-Out/Data Protection Officer. We will respond to your request within a reasonable timeframe. Opting out of newsletter or other forms of contact will not stop any notifications related to the Site's functionality or the products or services available through the Site.
Third Party Information Collection
If you wish to limit the collection of information by us or Third Parties to provide you with targeted advertising based upon your website browsing activities and interests, you may click here to opt out of targeted advertising (or if located in the European Union click here). To opt out of targeted advertising on your mobile device, iOS users can click here to learn how to limit ad tracking and Android users can click here to learn how to opt out of interest-based ads. Please note that opting out of interest-based/targeted advertising does not limit all advertising. You may continue to receive generic advertisements.
We do not make decisions about you, as it relates to your use of the Site or licensing of the Platform, automated or otherwise, and do not attempt to analyze or predict your behavior, preferences, interests, health or other personal characteristics.
We protect User Information, Business Information and General Information, both during transmission and once it is received, by using generally accepted standards and reasonable physical, electronic and procedural safeguards in compliance with laws that apply to the Site. Such safeguards include, but are not limited to:
- Use of computer safeguards such as firewalls and data encryption using Transport Layer Security (TLS) or similar;
- Installation of comprehensive anti-virus and anti-spyware program;
- Limitation on employees who can access information to those who need the information to fulfill their job responsibilities and only to the extent necessary to complete their job duties;
- Maintaining the confidentiality of passwords or access codes used in connection with the Site and requiring those passwords or access codes be periodically updated;
- Conducting appropriate due diligence on information safeguards of vendors that handle User Information, Business Information or General Information;
- Conducting annual reviews of all database security controls and vulnerability testing.
If you have any questions about the security of information, you can contact us at the address at the bottom of this Privacy Notice.
Links to Third Party Websites
Social Media Widgets
Children Under 13
This Site and products or services available through this Site are not intended for children under 13 years-old. We do not knowingly solicit data online from or market online to children under 13 years-old. If we knowingly receive a child's Personal Data, we will immediately delete it from our system.
Changes to Privacy Notice
By accessing or using the Site or licensing of the Platform, you accept the practices described in this Privacy Notice. We may update this Privacy Notice from time to time by making available a revised, dated version on the Site. If the revised version includes a substantial change, we will provide a more prominent notice (including, for certain services, an email notification of Privacy Notice changes) prior to such change taking effect. Your continued use of the Site shall constitute your acceptance of such updated Privacy Notice. We encourage you to periodically review this page for the latest information on our privacy practices.
If you have questions or suggestions regarding this Privacy Notice or our handling of Personal Data, please contact us at:
925B Peachtree Street NE, Suite 1688
Atlanta, GA 30309
Kabbage’s Data Protection Officer:
925B Peachtree Street NE, Suite 1688
Atlanta, GA 30309
Kabbage’s EU Representative:
We have designated Achieved Compliance Advocacy, Ltd. as our representative in the Union. In addition to contacting our Data Protection Officer, business customers and their employees and representatives located in the Union may contact our EU representative for all issues related to the processing of Personal Data under the GDPR, at:
Achieved Compliance Advocacy, Ltd.
Swansea, United Kingdom