Privacy Policy

This policy was last updated September 2022.

Corpay One Privacy Policy

Corpay One takes the privacy of your personal information seriously. In the course of operating our business and interacting with you, we collect, use, and share personal information.

Corpay One offers a software platform and services for bill management and payment. We collect data about individuals and businesses, when they use the platform, services and our websites(collectively known as "Services").

This Privacy Policy provides you with information about how we collect, use, and share personal information, and describes choices and rights available to you regarding your personal information.This privacy policy is separate to our Terms of Services and other important information available on our Services, and does not replace them.

Find terms, conditions and relevant definitions here.

Who we are

Corpay One has appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to our privacy policy and how we handle your personal data. Details about how to contact our DPO can be found in the “How to reach us” section of this privacy policy.

Information we collect

Corpay One may have a direct relationship with you, and you may choose to provide personal data tous in connection with that relationship or we may collect it via other means. The data we collect about you may include:

Private individual

Name
AddressPhone NumberE-mail

Company

Company name
Company contact person
Address
Phone number
E-mail
CVR number (company registration number)

Other

Content you provide to us, such as technical information about your device and website usage(cookies, browser data, IP address e.g). Transactional data, such as bills paid, bill amount, date of bill payment and payment method. Cookie policy can be found here.

We do not collect nor store personal data in the form of credit or debit card numbers. This information is collected through our payment partners. When using our integration to connect your bank account to Corpay One, Corpay One may store and transmit routing and account information.

Information about usage pattern

X. Location of use.

XI. Language preferences.

XII. Status in the company via CVR register.

XIII. Which internet browser the customer is using.

XIV. Which browser version the customer is using.

XV. Which language the customer is using in their browser.

XVI. The customer's PC operating system

XVII. Which URL the customer comes from before they log in (for example during a campaign).

XVIII. Which mobile phone the customer has.

XIX. Which version of Corpay One's app the customer has set on their mobile phone.

XX. How many times the customer has used Corpay One's app.

XXI. Which version of the operating system the customer has on their mobile phone.

XXII. Which accounting software the customer uses (provided the customer adds integration).

XXIII. IP address

XXIV. Transactions on Corpay One's website.

XXV. Screen resolution, the size of the window.

How we collect your information

We use different methods to collect data from and about you, depending upon the nature of our relationship. This may include through direct interactions we have with you, through the use of automated technologies (e.g. cookies) and from third parties or publicly available sources.

How we use your data

Depending on the nature of our relationship with you, we may use your data to:

▪ Provide the services our customers have signed up for

▪ Process your transactions

▪ Administer your online account

▪ Protect ourselves against fraud and money laundering.

▪ Provide you with information about our products and services.

▪ Allow you to participate in interactive features e.g. via the website such as via our live chatfunction.

▪ Operate, evaluate and improve our business.
▪ Perform analysis (including anonymisation) of your data.
▪ Comply with our legal obligations, applicable industry standards and our policies.

▪ Administer the contracts we have with our customers, including to update contracts and to correspond with our customers about our services and the contracts.

▪ Other ways which we notify you of at the time of its collection or use.

Data we share and receive

We do not sell or otherwise disclose your data, except as described in this privacy policy. We may ona legitimate basis share you data with the following parties:

▪ Other members of the Fleetcor group

▪ Marketing and data analytics companies

▪ Partners who provide features on our websites.

▪ IT suppliers.

▪ Risk and fraud monitoring providers.

▪ Our insurers and professional advisers.

▪ Regulators and other government agencies including, but not limited to, public authorities, regulators, the police and other law enforcement agencies.

▪ Any company to whom we sell or buy any business or assets, in which case we may discloseyour personal data to the prospective seller or buyer of such business or assets, along with its professional advisers.

We do not authorize any third parties that we share data with to use or disclose your data except as necessary to perform certain services on our behalf or comply with legal requirements. We require these third parties, through our contractual arrangements with them, to appropriately safeguard the privacy and security of the data they process on our behalf.

We may also receive data about you from the following third parties:

▪ Social media platforms.
▪ Data brokers.
▪ Our commercial partners.

▪ Public databases.
▪ Regulators and other government agencies.

If you would like to receive a full list of our suppliers and other third parties who we share your datawith or receive your data from then you can get in touch with us using the details provided in the section “Who should you contact with questions?”.

Where your data may be sent

As with any multinational organization, we are often required to transfer data internationally.Accordingly, your personal data may be transferred globally (if your data is collected within theEuropean Union, this means that your data may be transferred outside of it). This includes transfers that have been identified in the previous section “Who do we share your data with and for what purposes”.

How we keep your information secure

Corpay One will take appropriate technical and organizational security measures to secure your personal data and to protect it from loss, misuse or alteration. Personal data that we hold about you is stored on our secure servers or those of our appointed suppliers.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website. You are responsible for keeping this password confidential. We ask you not to share this password with anyone.

Corpay One maintains an information security program that is designed to:▪ Secure and maintain confidentiality of your personal data.

▪ Protect against anticipated threats or hazards to security or integrity of your data.

▪ Protect against unauthorized access to or use of your data that could result in substantial harm or inconvenience to you or your entity if compromised.
▪ Comply with applicable laws.

How long we may keep your data

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data can be requested by contacting the Corpay One DPO.

In some circumstances you can ask us to delete your data, please see “Your Rights and Choices”.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with or be used to identify you) for research or statistical purposes in which case we may use suchdata indefinitely without further notice to you.

Children’s privacy

Corpay One’s websites are not intended for use by children, especially those under the age of 18. No individual under the age of 18 should provide any personal data or participate in any forums, chats, or online discussions. Minors under the age of 18 are prohibited from applying for emails, newslettersand/or products or services, on our websites. If we identify that we have received any such personal data we will delete it.

Your rights and choices

You may have some or all of the following rights in respect of personal data about you that we hold:

● Request us to give you access to it.

● Request us to rectify it, update it, or erase it.
● Request us to restrict our using it, in certain circumstances.
● Object to our using it, in certain circumstances.
● Where legally possible, withdraw your consent to our using it.
● Data portability, in certain circumstances.
● Opt out from using it for direct marketing.
● Lodge a complaint with the supervisory authority in your country (if there is one).

You are able to exercise these rights by contacting Corpay One using the details set out in the “How to reach us” section below.

How to reach us

If you have any questions about our privacy policy, including any requests to exercise your legal rights in relation to the data we hold on you, then please contact support@corpayone.com ordpo@fleetcor.com

Furthermore, if you have any complaints about Corpay One’s processing of your data you may contact the Danish Data Protection Agency at:

Datatilsynet
Carl Jacobsens Vej 352500

Valbydt@datatilsynet.dk

Updates to this privacy policy

We will update this policy from time to time to reflect changes in our business. We will inform you of these changes as required under applicable laws.

This privacy policy was last modified Sep. 13th 2022.