Information Collection and Use
Ramp collects the following types of information on our Site and through our Services: information Users provide to enable us to communicate with them and information obtained through the normal use of our Site or Services.
We classify the information that we collect on our Site, or through our Services, as either Personally Identifiable Information or Non-Personally Identifiable Information. Personally Identifiable Information (PII) refers to information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual. Non-Personally Identifiable Information refers to information that does not by itself identify a specific individual. If we do combine Non-Personally Identifiable Information with Personally Identifiable Information, the combined information will be treated as Personal Identifiable Information for as long as it remains combined.
A non-exhaustive list of the information we collect includes:
We may collect Personally Identifiable Information when Customers subscribe for the Services or when Users voluntarily provide such information on our Site. The Personally Identifiable Information we may collect through our Site, or when using our Services, may include, for example, names and e-mail addresses.
Users may choose to share Personally Identifiable Information, for example names or email addresses, by completing a form on the Site or through other voluntary submission processes. When Users provide Personally Identifiable Information, Ramp may also provide opt-in services to receive future marketing information and communication from us, such as newsletters, email or other information. Users can choose not to receive this communication, if desired. If Users have already chosen to receive such communication, Ramp provides the option to stop this service by clicking the opt-out link on any email communication, or by emailing a request to email@example.com.
When Users visit the Site or use our Services, we may use standard Web server log files, as well as third party services such as Google Analytics, to automatically record certain information, including destination URL, source IP address, client browser type and language, specific search requests, the date and time of the request, the results of any searches.
User information may be used to help Ramp track the way our Site and our products are used in order to provide better services to current and potential future Customers. Ramp may also combine User provided information with information that we collect separately, including information Users may have provided to other organizations (with consent that it can be shared) as well as public information. We do so to provide a better user experience, including customizing content for specific Users.
In general, any information Users provide may be used in the following ways:
- to provide the Services, including services that display customized content and advertising;
- to communicate with Users regarding our Site or Services, including for marketing purposes if opt-in communications have been selected;
- to provide information and/or Services to our Customers who provide content to us;
- to analyze, evaluate and/or improve the Site, the Services and/or market research tools.
Embedded Content from Other Web Sites
Articles on the Site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other web sites behaves in the exact same way as if the User has visited the other web site.
Users should avoid uploading images with embedded location data (EXIF GPS) included, as web site users can download and extract Personally Identifiable Information, including any location data from images on the web site.
Ramp does not invite or knowingly permit individuals under the age of 13 to use Ramp Services. We have no intention of collecting any information from individuals under the age of 13.
Disclosures to Third Parties
Ramp may share your information with third parties as follows:
- With our Customers: but only if access to the Site/Services is through, or at the direction of, our Customer. If Users are accessing content that has been provided to us by a Customer, we may share with that Customer information about such use and access. In most cases, this information will be anonymous and aggregate data.
- With our Subsidiaries, Affiliates, Agents and Representatives: for the limited purpose of providing contracted services or information to Ramp or our Users, at our direction.
- With Service Providers: Ramp may use other companies to perform services including, without limitation, facilitating some aspects of our Site or Service such as billing, processing credit card transactions, sending emails, and fulfilling customer service requests. These other companies may be supplied with or have access to your information solely for the purpose of providing these services to Users on our behalf.
- With Business Partners: When Users make purchases for our Services or engage in promotions offered through our Site, we may share information with the businesses with which we partner to offer products, services, and promotions. When Users elect to engage in a particular business partner’s offer or program, such engagement authorizes us to provide User related information to that business partner. These companies have agreed to treat Ramp provided User information in the way we authorized, and to have procedures in place to protect that information with at least the same level of protections as we provide. We do not share the information you provide with third parties for their direct marketing purposes unless Users affirmatively agree to such disclosure.
- Special Circumstances: We also may disclose User information, including Personally Identifiable Information, in the following circumstances:
- In response to a subpoena or similar investigative demand, a court order, or other request from a law enforcement or government agency; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law;
- When we believe disclosure is appropriate in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees, or others; to comply with applicable law or cooperate with law enforcement; or to enforce our Site’s terms and conditions or other agreements or policies. Note that we may be required to release personal data in response to lawful requests from public authorities including to meeting national security and law enforcement requirements.
- In connection with a corporate transaction, such as the sale of all or a portion of our business, a divestiture, merger, consolidation, or asset sale, or in the event of bankruptcy. We will endeavor to contact affected Users in the event of any of these transactions, but we do not promise to do so
If at any time you are uncertain about whether or not your personal information will be provided to a third party, please feel free to contact us at: firstname.lastname@example.org.
If the User has an account and logs in to this site, the Site will set a temporary cookie to determine if the User’s browser accepts cookies. This cookie contains no personal data and is discarded when the browser is closed.
When a User logs in, the Site will also set up several cookies to save User login information and screen display choices. Login cookies are retained for two days, and screen options cookies are retained for one year. If the User selects “Remember Me”, the login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If a User edits or publishes an article, an additional cookie will be saved in the browser. This cookie includes no personal data; it simply indicates the post ID of the article you just edited and expires after one day.
Ramp follows Information Security best practices and employs a full suite of physical, technical and procedural controls to protect Personally Identifiable Information from loss, misuse, unauthorized access, disclosure, alteration, and destruction. We follow generally accepted industry standards to protect the information submitted to us, both during transmission and when stored on Ramp systems.
Storage and Processing of Personal Information
Personally Identifiable Information collected on the Site or through the Services may be hosted, stored, processed, or supported in the Users country of residence, or any other country in which Ramp or its affiliates, subcontractors or agents maintain facilities. By using the Site, Users consent to the transfer of information outside of their country of residence. If information is transferred outside the country of residence, it will be treated in accordance with applicable data protection laws.
When a User registers on the Site, Ramp stores the Personally Identifiable Information provided for the User profile. All Users can see, edit, or delete their Personally Identifiable Information at any time (except they cannot change their username). Web site administrators can also see and edit this Personally Identifiable Information.
Further, User’s Personally Identifiable Information may be directed to third party sites administered and hosted by a third-party vendor retained by Ramp for processing, provided, that in such event, the third party vendor will have no right to use any such information except as necessary to fulfill its services to Ramp.
Ramp reviews retained User information annually and only retains User information for a reasonable period, in accordance with law and no longer than necessary.
How to Access, Correct or Remove Personally Identifiable Information
Ramp acknowledges the individual’s right to access their personal data. If you do not want your personally identifiable information collected, please do not submit it to us. If you have already submitted this information and would like to review, correct or remove it from our records, please contact email@example.com.
General Data Protection Regulation (GDPR) Compliance
In May 2018, the EU General Data Protection Regulation (GDPR) replaces the existing 1995 EU Data Protection Directive (European Directive 95/46/EC).
Ramp currently complies with applicable data protection regulations and is committed to GDPR compliance across its relevant services when the GDPR takes effect May 25, 2018. Ramp’s ongoing compliance efforts include:
- Assessment: Ramp reviews as appropriate where and how our relevant Services collect, use, store and dispose of personal data and updated policies, standards, governance and documentation as needed.
- Contractual Commitments: Working in conjunction with our Partners and Customers, Ramp reviews our contractual commitments and updates as needed to directly address GDPR requirements.
- Cross-Border Data Transfer: In addition to ensuring Ramp’s contractual commitments meet the requirements to legally transfer data from the EU to the rest of the world under applicable law, Ramp is certified under the EU-US and Swiss-US Privacy Shield Frameworks.
- Employee Training and Awareness: All Ramp employees complete data privacy and security training.
- Ramp Partners and Customers: Compliance with the GDPR requires a partnership between Ramp and our Partners and Customers in their use of applicable Ramp Services. In this context, Ramp generally will act as a data processor and our Partners and Customers generally will act as data controllers.
EU individuals with GDPR questions or complaints have the right to go directly to the appropriate Data Privacy Authority (DPA). Visit http://ec.europa.eu/justice/article-29/structure/dataprotection-authorities/index_en.htm to find your DPA.
Privacy Shield Compliance For EU and Swiss Individuals Whose Data Is Transferred into the U.S.
Ramp is subject to the investigatory and enforcement authority of the United States Federal Trade Commission (FTC). Ramp may be liable for the appropriate onward transfer of EU and Swiss personal data to third parties.
Pursuant to the Privacy Shield Frameworks, the following rights and disclosures apply to EU and Swiss individuals:
- You have the right to access your personal data and may do so by contacting firstname.lastname@example.org.
- Ramp remains liable for the onward transfer of your personal data to third parties unless we can prove we were not a party to the actions giving rise to the damages.
- Ramp does not currently share or transfer data to non-agent third parties. If this practice should change in the future we will update this policy accordingly and illustrate how individuals can exercise opt-out or opt-in choice, as applicable, prior to their data being shared.
In compliance with the Privacy Shield Principles, Ramp commits to resolve complaints about our collection or use of your personal information. European Union and Swiss individuals with inquiries or complaints regarding our Privacy Shield Policy should first contact Ramp at email@example.com.
Ramp has further committed to refer unresolved EU or Swiss Privacy Shield complaints to BBB EU Privacy Shield, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit https://www.bbb.org/EU-privacy-shield/for-eu-consumers or more information or to file a complaint. The services of BBB EU Privacy Shield are provided at no cost to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Links to Third Party Sites
Questions or Feedback
Notification of Changes