Espresa Privacy Policy

Last updated 28, September 2023

This Privacy Policy (“Policy”) describes our privacy practices and how you can exercise your rights as it relates to websites operated by Espresa Inc (“Company”, “Espresa”) that link to this Privacy Policy (collectively, the “Site”) and the applications, mobile applications, and services offered by Espresa (collectively, the “Services”)

Espresa is the “Data Controller” for operational data, such as telemetry and logs.

Your employer or an entity with which you have a relationship (“Customer”) may subscribe to the Services. Espresa may receive Information about you from the Customer or collect Information from you under the direction of the Customer. Concerning Personal Information provided by a Customer or collected under the direction of a Customer, Espresa is the data processor, and the Customer is the data controller. Espresa knows that you care about how your Personal Information is used and shared, and we take your privacy seriously.

By using the Site or Services, you accept the practices outlined in this Policy. This Policy also applies to any of our other websites that post this Policy. This Policy does not apply to websites that post different statements.

ONE – THE SCOPE

This Privacy Policy covers Espresa’s treatment of personally identifiable information (“Personal Information”) that Espresa gathers when you access or use the Services in any format, including electronic, paper, or verbal.

TWO – WHAT AND HOW WE COLLECT

We get information about you in a range of ways.

Information You Give Us. We collect your name, postal address, email address, phone number, fax number, username, password, employer, demographic information (such as your gender and occupation), as well as other information you directly give us on our Site. However, we do not store your credit/debit card information.  We use an authorized, trusted third-party service to process card payments, and Espresa does not save such sensitive personal identifiers within our system.

Information We Get From Others. We may get information about you from other sources, including your employer and our provider partners, which may be added to information previously provided to Espresa by yourself and the Site.

Information Automatically Collected. We automatically log information about you and your computer. For example, when visiting our Site, we log your computer operating system type, browser type, browser language, pages you viewed, how long you spent on a page, access times, and information about your use of and actions on our Site. In addition, we may use trusted third-party services such as Google Analytics that collect, monitor, and analyze logged information.

Cookies. We may log information using “cookies.” Cookies are small data files stored on your hard drive by a website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site. This type of information is collected to make the Site more useful to you and to tailor the experience with us to meet your special interests and needs.

THREE – USE OF PERSONAL INFORMATION

We use your personal information as follows:

We use your personal information to operate, maintain, and improve our sites, products, and services.

We use your personal information to process and deliver contest entries and rewards.

We use your personal information to respond to comments and questions and provide customer service.

We use your personal information to send information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages.

We use your personal information to distribute emails used to promote Customer-sponsored events and available employee benefits. All email distributed has been authorized by the Customer. You have the option to decline receipt of such emails as described in Section 7.

We use your personal information to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.

We use your personal information to provide, deliver, further develop, and improve products and services customers request, including through our provider partners.

FOUR – PRIVACY PRINCIPLES

Where Espresa collects personal information directly from individuals, it will inform them about the type of personal information collected, the purposes for which it collects and uses the personal information, and the types of non-agent third parties to which Espresa discloses or may disclose that information, and the choices and means, if any, Espresa offers individuals for limiting the use and disclosure of their personal information.  Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to Espresa, or as soon as practicable thereafter, and in any event before Espresa uses or discloses the information for a purpose other than that for which it was originally collected.

Where Espresa receives personal information from its subsidiaries, affiliates, or other entities, it will use and disclose such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such personal information relates.

FIVE – SHARING OF PERSONAL INFORMATION

We may share personal information as follows:

We may share personal information with your consent. For example, you may let us share personal information with your employer, our provider partners, and others. Those uses will be subject to their privacy policies.

We may share personal information with Customer-authorized Third-Party Partners (as defined in Section 6) who offer a service to you.

We may share personal information when we do a business deal or negotiate a business deal involving the sale or transfer of all or a part of our business or assets. These deals may include any merger, financing, acquisition, or bankruptcy transaction or proceeding.

We may share personal information for legal, protection, and safety purposes.

We may share information to comply with laws.

We may share information to respond to lawful requests and legal processes.

We may share information to protect the rights and property of Espresa, Inc., our agents, provider partners, and others. This includes enforcing our agreements, policies, and terms of use.

We may share information in an emergency. This includes protecting the safety of our employees and agents, our provider partners, or any person.

We may share information with those who need it to do work for us, such as website hosting, the processing and delivery of mailings, providing customer support, or providing credit card processing services.

We may also share aggregated and/or anonymized data with others for their own uses.

SIX – THIRD-PARTY PARTNERS AND INTEGRATIONS

The Site may contain links to third-party agents, websites, or services, such as third-party integrations and identity providers (‘Third-Party Partner’).

At the direction of the Customer and for your benefit, Espresa may contract with other companies and individuals to perform functions or services on our behalf. The companies and individuals may have access to Personal Information but only as needed to perform their functions and/or deliver their services to you.

Espresa will obtain assurances from its agents that they will only process the data for the limited and specified purposes consistent with the consent provided by the individual and will safeguard personal information consistently with this Policy.

It is our responsibility to take steps to ensure that the Third Party Partner processes Personal Information appropriately.  Where Espresa becomes aware that an agent is using or disclosing Personal Information in a manner contrary to this Policy, we will take reasonable steps to prevent and/or stop the use or disclosure.  If the agent no longer meets its obligation to provide adequate Protection, we require the agent to notify Espresa promptly, and at such time, Espresa will take reasonable and appropriate steps to stop and remediate unauthorized processing.

SEVEN – INFORMATION CHOICES AND CHANGES

You are the owner of your Personal Information.

Our marketing emails tell you how to “opt out.” If you opt out, we may still send you non-marketing emails. Non-marketing emails include emails about your accounts and our business dealings with you.

Prior to sharing any information with non-agent third parties or sharing information for a purpose other than the purpose for which it was originally collected or subsequently authorized for use, Espresa will offer individuals clear, conspicuous, and readily available mechanisms to choose:

In the case of personal information, to “opt-out” of having personal information (a) be disclosed to a non-agent third party or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

In the case of sensitive personal information, to affirmatively and explicitly “opt-in” consent to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

If your Personal Information that we hold is inaccurate and you cannot update it, please let us know, and we will update the relevant information.

You may send requests about Personal Information copy or deletion to our Contact Information below.

We will notify you within 30 days of your valid request about the relevant action taken.

We will retain your information for as long as your account is active or as needed to provide you services.

You may view and modify your personal information through your account settings.

We may not be able to modify or delete your information in all circumstances, as federal and state law may require that we maintain certain types of information for a set period.

You may not be able to delete or modify certain information that your employer requires that we maintain.

If you have any questions about reviewing, modifying, or deleting your account information, you can contact us directly at the address below.

You can typically remove and reject cookies from our Site with your browser settings. Many browsers are set to accept cookies until you change your settings. Removing or rejecting our cookies may affect how our Site works for you.

EIGHT – CONDITIONS OF USE FOR CALIFORNIA AND VERMONT RESIDENTS

If you decide to access or use the Services, any possible dispute over privacy is subject to this Privacy Policy and our Terms of Use, including limitations on damages, arbitration of disputes, and application of your state’s law.

NINE – DATA STORAGE

We use third-party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run our services. Although we own the code, databases, and all rights to the Site and our applications, you retain all rights to your data.

Espresa will use Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual.  Espresa will take reasonable steps to ensure that Personal Information is relevant to its intended use, accurate, complete, and current.

TEN – SECURITY OF PERSONAL INFORMATION

The security of your personal information is important to us. When you enter sensitive information (such as a credit card number) on our order forms, we encrypt the transmission of that information using secure socket layer technology (SSL).

We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once we receive it.

The Espresa team and its contractors are continuously implementing and updating administrative, technical, and physical security measures to help protect your Personal Data against unauthorized access, loss, misuse, destruction, unavailability, or unauthorized changes. Espresa takes into account the risks associated with processing and the nature of personal data.

If you have any questions about security on our Website, you can contact us at the address below.

ELEVEN – PERSONAL DATA BREACH

As a Data Processor, Espresa will notify a Customer (‘Data Controller’) without undue delay after becoming aware of a personal data breach.

TWELVE – ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS

This section provides information organized in accordance with the California Consumer Privacy Act (“CCPA”) for residents of California about how we handle certain personal information we have collected over the past 12 months.

Categories of Personal Information. This Privacy Policy discloses the categories of personal information that we collect, use, and disclose in order to operate our business over the past 12 months.

Collect​: The section above entitled “2. WHAT AND HOW WE COLLECT” discloses the categories of personal information that we collect.

Use​: The section above entitled ​“3. USE OF PERSONAL INFORMATION” discloses how we use your personal information.

Disclose: The sections above entitled “5. SHARING OF PERSONAL INFORMATION” and “6. THIRD-PARTY PARTNERS AND INTEGRATIONS” discloses how we may share your personal information.

Espresa does not sell your personal information to third parties.

Since Espresa sells enterprise products to businesses and not directly to consumers, we do not knowingly collect any information from children.

Requests for Deletion, Copy, and Right to Know Your Information: California consumers have the right to make the following requests, which we endeavor to honor from non-California residents as well:

Deletion​: You have the right to request the deletion of personal information that we have collected about you.

Copy and Right to Know: You have the right to request a copy of the specific pieces of personal information that we have collected about you over the past 12 months, including the categories of information, sources, and purposes of collection, as well as categories of third parties we have shared it with.

Designated Agent: You may designate an agent to make a request on your behalf. That agent must have access to your account in order for us to verify the request.

You may submit deletion, copy, and right-to-know requests by calling us at +1 844.377.7372 or emailing support@espresa.com

Non-Discrimination: Espresa will not discriminate against you, including by denying or providing a different level or quality of goods or services, should you choose to exercise your options under the CCPA.

THIRTEEN – QUESTIONS OR CONCERNS

Espresa commits to resolving complaints about our collection or use of your Personal Information.

European Union(EU) and Swiss individuals with inquiries or complaints regarding our policy should first contact Espresa at:

Espresa, Inc.

2625 Middlefield, Rd., Suite 486

Palo Alto, California 94306, USA

Email: info@espresa.com

We will make every effort to resolve your concerns and questions.

Espresa has further committed to cooperating with the panel established by the EU Data Protection Authorities (DPAs).

FOURTEEN – CHANGES TO THIS PRIVACY POLICY

Espresa may change this Privacy Policy.  If Espresa makes any changes, we will change the Last Updated date above.