Privacy Statement

Version 2.0


Table of Contents


Updated June 2024

This Privacy Statement (“Privacy Statement”) describes the various ways in which Emburse, Inc., for itself and on behalf of its affiliates, (collectively "Emburse," "we," “us,” and “our”) collects, processes, uses, and shares Personal Data about individuals (also “users” and “Data Subject”) in the context of sales, marketing activities, and for its own business purposes.

If a company has retained Emburse services, different or additional Privacy Protections may govern the service agreement between the company and Emburse. Data Subjects should contact their employer for information about the Privacy Protections that apply directly to them.

“Personal Data” means any data that directly or indirectly identifies a Data Subject. Personal Data typically includes, for example, a person’s first and last name, email addresses, telephone numbers, residence (country, state/province, city), title, department, job description, and financial information. Personal Data does not include information that identifies a company or organization.

For the purpose of this Privacy Statement, “Services” is intended to include access to Emburse’s websites, offerings, contests, sweepstakes, non-marketing related newsletters, whitepapers, events, conferences, webinars, seminars, and any other Emburse content.

“Websites” shall mean any and all web pages, applications, any other electronic channel owned or controlled by Emburse.

Use of Emburse Websites by Children. Emburse’s Websites are not directed to users under the age of 13. Children younger than 13 may not use our Websites. Parents or guardians who believe we may have collected information about a child, please contact us at


Data Collection. We collect Personal Data directly, indirectly, and automatically as described below.

When permitted by applicable law, we may combine the Personal Data collected about a Data Subject. We treat all this information as Personal Data.

Direct Collection

We directly collect Personal Data when voluntarily provided to us in a few different ways. For example, we collect Personal Data when individuals:

  • Submit online forms
  • Register at Emburse sponsored events, webinars, and webinars recordings
  • Allow us to scan their badge at an Emburse sponsored event
  • Complete lead cards at Emburse sponsored events
  • Provide information at Emburse sponsored events
  • Download information from the Emburse Websites
  • Request information about our businesses and partners
  • Subscribe to Emburse communications
  • Connect with us through the Emburse online chat
  • Submit questions through the Emburse “contact us” form
  • Post information or materials on our chat rooms
  • Subscribe to Emburse marketing communications
  • Complete Emburse questionnaires and surveys
  • Participate in Emburse sponsored sweepstakes and contests

Indirect Collection

We also obtain Personal Data, as allowed by applicable laws, indirectly from third party sources. For example:

  • Information collected by third parties providing sales and marketing services to Emburse such as: lead generation providers, opt-in list providers, data aggregators, and industry and association event organizers
  • Information provided on Emburse contracted or allied third party websites
  • Publicly available Personal Data

Personal Data collected indirectly through third party websites is governed by the privacy policies posted on those third party websites. We ask that Data Subjects review the third party’s privacy policy to better understand how they handle Personal Data. Individuals interested in opting-out, should visit the third party’s website and follow their instructions. We are not responsible for the third parties’ privacy policies and practices.

Automatic Collection

We collect Personal Data automatically through the use of tracking technologies when Data Subjects access, use, and interact with the Emburse Websites.

We also automatically assign a device identifier number to the desktop, laptop, and mobile device individuals use to access the Emburse Websites. This enables us to use tracking technologies to collect and analyze information about browser activities. Personal Data collected automatically includes:

  • Device’s operating system
  • Internet Protocol (IP) address
  • City and/or Zip Code
  • Device Identifier (device ID)
  • Web Browser
  • Device type
  • Domain of the website requested
  • Duration of the visit
  • Time stamp
  • Referring URL
  • New and repeat information
  • Language preferences
  • Behavioral data about usage and activity, for example, websites visited, click paths, content downloaded, and dates and times of these activities
  • Information obtained from third parties on an individual’s interests

Information collected through tracking technologies may be considered Personal Data under applicable Data Protection Laws. For additional information about our use of Tracking Technologies, please see below under “How We Follow Visits and Usage (Cookies and Analytics).”

Please contact us at for more information about Emburse Personal Data collection practices


Legal Basis for Processing. We process Personal Data under the following legitimate purposes:

  • To provide the Services contracted
  • To respond to inquiries
  • To operate our business
  • To meet contractual and legal obligations
  • To ensure compliance with Data Protection Laws and other applicable laws
  • To protect the security of our systems
  • To protect our customers
  • As required or permitted by applicable Data Protection Laws
  • Pursuant to Data Subject consent

Voluntary Consent. In certain situations, Data Subjects may choose to voluntarily share their Personal Data. This means that they voluntarily consent to the collection and processing of their Personal Data. Data Subjects are always free not to share Personal Data. However, there is some Personal Data that is necessary in order to benefit from Emburse’s Services. This means that, if a Data Subject chooses not to share the required Personal Data, Emburse may not be able to offer some Services.

Purposes of Processing. We use and process Personal Data for purposes described below:

  • Provide information about Emburse and/or our affiliated companies
  • Send notices, updates and other administrative messages about the Services contracted. Generally, Data Subjects cannot opt-out of these communications, which are required to fulfill Service request(s)
  • Improve Emburse products and services or for insights into customer behavior for public relations purposes. Whenever required by applicable Data Protection and Data Privacy Laws, Personal Data will be anonymized prior to processing
  • Provide customer or technical support
  • Improve the quality of our support services.
  • We may, as permitted by Data Protection and Data Privacy Laws, retain copies of chat conversations.
  • Market, sell, and advertise Emburse services
  • Ensure our records are accurate and up-to-date
  • Provide information and assess satisfaction about webinars, seminars, conferences, and/or events relevant to our Services.
  • Providing access to an event, conference or seminar we may ask for information about disabilities or special dietary requirements during the event. Any such use of information is based on consent and shall be collected upon registration to the event, conference, or seminar. If users choose not to provide such information, Emburse's ability to fully accommodate them may be limited. Enrollment will not be affected by the decision to share or not disability status and/or dietary restrictions
  • Create and maintain a digital user profile
  • Comply with this Privacy Statement, applicable Data Protection and Privacy Laws, and other applicable laws and court orders
  • Verify identity, if and when, a Data Subject decides to exercise their privacy rights under applicable Data Protection and Data Privacy Laws
  • Safeguard against threats to public health and safety
  • Prevent, detect, mitigate, and investigate fraudulent, or illegal activity
  • Develop, provide, and support functionality and security of Emburse services
  • Confirm Personal Data security incidents, notify individuals, customers and authorities of security incidents, and mitigate the effects of security incidents on individuals
  • Perform and enforce Emburse contractual obligations
  • Provide updates to this Privacy Statement and other documents applicable to a Data Subject’s relationship with Emburse
  • Defend against legal claims, and exercise our legal and contractual rights
  • Required or permitted by Data Protection and Data Privacy laws


We use tracking technologies such as cookies, beacons, tags, and scripts to analyze trends, administer our Websites, track users’ movements around our Websites, and gather demographic information about the user base as a whole.

Cookies. Cookies are small text files placed on a device allowing device identification. Emburse uses cookies to remember users’ settings and for account authentication. Data Subjects may control the use of cookies by (1) changing the preferences in their browser, or (2) by clicking on our cookie banner and adjusting the preferences (see below “What Privacy Choices Are Available to Data Subjects” for more information). If a Data Subject rejects cookies, the functionality of our Websites may be affected.

Local Storage Objects (HTML 5). We use Local Storage Objects (LSOs), such as HTML5 to store content information and preferences. LSOs allow Emburse to store data on a Data Subject’s browser. The data persists even after the browser window is closed. LOSs are useful because they allow users to save usernames and passwords, if a user chooses to do so. Various browsers may offer management tools to remove LSOs, please follow the browser’s directions to personalize LSOs preferences.

Third Party Behavioral Targeting. We partner with third parties to either display advertising on our Websites or to manage our advertisements on other websites.

Our third party partners may use their own tracking technologies to gather information about a Data Subject online behavior. If a Data Subject wishes to not have this information used for the purpose of serving them interest-based ads, they may be able control their preferences using the resources available on the Network Advertising Initiative, and the Digital Advertising Alliance opt-out pages. In some cases, Data Subjects may be able to remove all ads by following their browser’s instructions. Please review the browser’s privacy practices to see if that choice is available.

Analytics. We use analytics, including analytics conducted by third party partners, to help improve our Websites and user experience.


Data Subjects have the right to: (1) accept, reject, or limit cookies; (2) opt-out of third party analytics; and (3) opt-out of receiving interest-based advertising from Emburse at any time. The organizations named below provide guidance to the public on the opt-out mechanisms for Personal Data collection and processing by advertisers and analytics service providers

Network Advertising Initiative

Digital Advertising Alliance (US)

Your Online Choices (EU)

Digital Advertising Alliance of Canada (Canada)

Data Driven Advertising Initiative (Japan).

Analytics. To opt-out of Google Analytics web tracking individuals are welcome to download Google Analytics Opt-out Browser Add-on.

Cookies. In addition to what is specified in this Privacy Statement, individuals can manage Cookies preferences directly from their own browser.

Where required by applicable laws, individuals can opt-out of Cookies that are not required to enable core site functionality. Data Subjects can manage Cookie preferences by clicking on the Cookie banner on our Websites.

Third Party Advertisement. Individuals can customize and control the privacy practices of third party advertisers and analytics service providers by following the third party’s opt-out procedures.

Promotional Emails. Individuals can unsubscribe from promotional emails by following the unsubscribe instructions in our emails.

Please remember that even if an individual chooses to unsubscribe from promotional email messages, Emburse may contact them with transactional information related to the Services contracted or requested through our Websites.

Please contact us at for additional information about opt-out mechanisms.


We work with affiliated and third party vendors, consultants, and other service providers that help us run Emburse sales and marketing activities.

These companies provide work and services such as:

  • Email and postal delivery
  • Collecting business information
  • Event or campaign registration and management
  • Information technology and related infrastructure services
  • Data analysis and insight
  • Auditing

In some cases, these companies need access to Personal Data to carry out their work for us. They are not, however, authorized to use said Personal Data for their own promotional or business purposes.

If a Data Subject provides consent, we may share the individual’s contact information with sponsors, co-sponsors, exhibitors at events, and/or conferences organized and hosted by Emburse.

Our sponsors, co-sponsors, and/or exhibitors may directly collect Personal Data at their conference booths or during presentations. Individuals should review the sponsors, co-sponsors, and/or exhibitors’ privacy policies to learn how they use Personal Data prior to sharing it.

If a Data Subject registers for an Emburse event, seminar, webinar, or conference, based on the individual’s consent we may share basic participant information such as name, company, and email address with other participants to foster communication and exchange of ideas.

We may share information in an aggregated form that does not directly or indirectly identify a Data Subject, such as statistical information about visits to our Websites.

We may also share Personal Data in the following circumstances:

  • When appropriate to:
    • investigate, prevent, or take action regarding illegal or suspected illegal activities
    • protect and defend the rights, property, or safety of Emburse, our users, or others
    • enforce our Terms of Service and other contractual obligations.
  • In connection with a corporate transaction, such as a divestiture, merger, acquisition, consolidation, asset sale (or the negotiation thereof), or in the unlikely event of bankruptcy
  • as required by law and when we believe that disclosure is necessary to protect our rights, comply with a judicial proceeding, court order, data protection authority request, or legal process served to us

Emburse is required under applicable export laws and trade sanctions to take measures to prevent entities, organizations, and parties listed on government-issued sanctioned-party lists from accessing our Embuse services. Such measures may include automated checks of registration data against applicable sanctioned-party lists and repeated checks against updated lists. In the event of a match, Emburse will suspend the individual’s access and verify the individual’s identity.


Emburse has implemented data handling and storage practices and procedures that are designed to promote the integrity and confidentiality of Personal Data.

We update and test our security technology on an ongoing basis and use commercially accepted means to protect Personal Data in an effort to prevent loss, misuse, unauthorized access, disclosure, alteration and destruction. We are unable, however, to guarantee absolute security.


As part of a global group of companies, Emburse has affiliates and third party service providers within, as well as outside of, the European Economic Area (EEA). Therefore, Personal Data may be transferred, accessed, used, processed, and/or stored in the United States or any other country where Emburse operates. Some jurisdictions may not have Data Protection Laws equivalent to those provided in the Data Subject’s home country.

Emburse takes steps designed to ensure that the Personal Data we collect under this Privacy Statement is processed in accordance with applicable Data Protection Laws.

When we receive Personal Data, Data Subjects agree to the transfer, storage, and processing in the United States and other countries outside of the European Economic Area.

In those cases, we implement data transfer safety mechanisms, such as the Standard Contractual Clauses (according to EU Commission Decision 2021/815 od Jun 4, 2021), the UK Contractual Clauses (IDTA), or other acceptable mechanism to contractually ensure that Personal Data is subject to the appropriate level of data protection.

Data Privacy Framework Notice

Emburse Inc. complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Emburse has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Emburse has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Statement and the EU-U.S. DPF Principles, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. DPF Principles (the EU-U.S. DPF Principles, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF Principles collectively, the “DPF Principles”) the DPF Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit

Emburse’s commitments under the DPF are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

This statement applies to Personal Data that we handle. For purposes of this statement, “Personal Data” means information that:

  • Is transferred from the European Economic Area (EEA), Switzerland and/or the United Kingdom to the United States, in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF
  • Is about, or pertains to, a specific individual
  • Can be linked, either directly or indirectly, to that individual

DPF Principles

Emburse ensures our collection, use, and retention of Personal Data complies with the DPF Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement, and liability, as well as the DPF Supplemental Principles.


The Privacy Statement describes the purposes for which we collect and use your Personal Data, the types of third parties to which we disclose your Personal Data, the choices and means, if any, we offer you for limiting the use and disclosure of your Personal Data, and how to contact us. This Privacy Statement will be made available to you before we use or disclose your Personal Data for a purpose other than that for which it was originally collected.


Emburse offers you the opportunity to limit how your Personal Data is used or disclosed. You may opt out of (i) the disclosure of your information to third parties (other than the disclosure to a third party acting as our agent to perform tasks on our behalf, pursuant to our instructions and subject to a contract); or (ii) the use of your information for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. If you wish to exercise either of these rights, please contact us at

When we collect sensitive information (i.e., personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual), we will obtain affirmative express consent from you if such information is to be (i) disclosed to a third party or (ii) used for a purpose other than those for which it was originally collected or subsequently authorized by you through the exercise of opt-in choice. We will also treat as sensitive any personal information received from a third party where the third party identifies and treats it as sensitive.

Accountability for Onward Transfer

We may share Personal Data with third parties to provide services to you. We require written agreements with third parties to ensure Personal Data is protected with the same level of protection the DPF Principles require. Those written agreements ensure Personal Data is only processed for limited and specified purposes consistent with the consent provided by you. Third parties must inform us if they can no longer meet the obligations set forth in those written agreements. If we have knowledge that a third party uses or discloses Personal Data in a manner contrary to these requirements and this Notice, we will take reasonable steps to remediate or cease the use or disclosure of such Personal Data. In cases where we transfer Personal Data to third parties, we may be potentially liable for those third parties in certain circumstances.


Emburse maintains reasonable and appropriate security measures to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction in accordance with the DPF Principles.

Data Integrity and Purpose Limitation

We use Personal Data only in ways that are compatible with the purposes for which it was collected or subsequently authorized by you. We take reasonable steps to ensure that Personal Data is relevant to its intended use, accurate, complete, and current.


You have the right to access the Personal Data we hold about you and to request that we correct, amend, or delete your Personal Data if it is inaccurate or has been processed in violation of the DPF Principles. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of Personal Data, you can submit written requests to the contact information provided below. We may request specific information from you to confirm your identity.

Recourse, Enforcement, and Liability

In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), Emburse commits to resolve complaints about our collection or use of your personal information transferred to the U.S. pursuant to the EU-U.S. DPF, the UK extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. EU, UK, and Swiss individuals with inquiries or complaints should first contact

We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your Personal Data within 45 days of receiving your complaint. In compliance with the Data Privacy Framework, Emburse has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See

Required Disclosure

Under certain circumstances, we may be required to disclose your Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.


We may amend this Notice from time to time by posting a revised statement on this website. If we amend the Notice, the new Notice will apply to personal data previously collected only insofar as the rights of the individual affected are not reduced. So long as we adhere to the EU-U.S. DPF,the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF , we will not amend our Notice in a manner inconsistent with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

Contact Us

In compliance with the Data Privacy Framework, Emburse commits to resolve DPF Principles-related complaints about our collection and use of your Personal Data. EU, UK and Swiss individuals with inquiries or complaints regarding our handling of Personal Data received in reliance on the DPF should first contact Emburse at

For additional information regarding Personal Data Transfers please contact us to


We retain Personal Data as long as:

  • Required by applicable laws. For example:
    • Taxation purposes
    • Legal purposes
    • Accounting
  • Necessary for Emburse’s lawful and legitimate business purposes
  • Judicial and governmental proceedings
  • Compliance with this Privacy Statement.
  • As required to assert or defend against legal claim

Retention of Personal Data is also subject to an individual’s requests for restrictions on processing or erasure of Personal Data, objections to processing, and withdrawal of consent to processing, if applicable.

For additional information regarding our data retention practices please contact us at


Applicable Data Protection and Privacy Laws grant Data Subjects certain rights regarding the collection, use, processing, and retention of their Personal Data by Emburse.

US State Privacy Laws. Data Subjects residing within states having comprehensive privacy law may have additional privacy rights. Please refer to the applicable state law to understand those rights. Additional resources are available here.


Right of Access. Data Subjects may request access to and obtain copies of their Personal Data in a structured, commonly used, machine-readable and interoperable format.

Right to Know. Data Subjects may request information about the purposes for collecting and processing their Personal Data, the third parties to which their Personal Data is disclosed or transferred, the period of retention of their Personal Data, an individual’s privacy rights, and any automatic decision making and profiling using their Personal Data.

Right of Rectification.* Data Subjects may request rectification of their Personal Data which they believe to be inaccurate or incomplete.

Right of Erasure.* (Right to be Forgotten). Data Subjects may request the erasure of their Personal Data.

Right to Restrict Processing.* Data Subjects may request restrictions on the processing of their Personal Data.

Right to Object to Processing.* Data Subjects may object to the processing of their Personal Data.

Right to Data Portability. Data Subjects may request the transfer of their Personal Data to a third party.

Right to Non-Discriminatory Treatment. Data Subjects have the right to be protected from discriminatory effects of processing Personal Data on the basis of racial or ethnic origin, political opinion, religion or beliefs, trade union membership, genetic or health status or sexual orientation, or processing that results in measures having such an effect on individuals.

Right to Object to Automated Decision Making or Profiling. Data Subjects have the right to object to decisions made solely on the basis of automated processing or profiling.

Right to Withdraw Consent. Data Subjects may withdraw their consent to the processing of their Personal Data for processing on the basis of the Data Subject’s consent.

Right to Complain to Authorities. Data Subjects may contact authorities designated in applicable Data Protection and Privacy Laws regarding Emburse’s collection, processing, use, disclosure and retention of their Personal Data. Emburse encourages Data Subjects with complaints to first contact Emburse as directed in this Privacy Statement.

*Emburse will restrict or stop processing of Personal Data if an Data Subject’s request states: 1) the Data Subject knows or has reason to believe Personal Data is incorrect or incomplete or 2) the Data Subject alleges Emburse has no legitimate business interest or other legal basis for processing under applicable Data Protection and Privacy Law. Emburse will continue to retain Personal Data if retention is legally required or legally necessary for the individual to make or defend against legal claims and to exercise legal rights.

Please contact us at to exercise any of the above rights.

We will promptly respond to Data Subjects’ requests under these rights and in no event later than thirty (30) days from receipt of the request, verification of the requesting individual’s identity, and confirmation of the grounds of the request. Data Subjects shall exercise any of the above rights without fee charged by Emburse.

We are required to verify the identity of the Data Subject making the request to exercise their rights under applicable Data Protection and Privacy Laws, and to confirm the grounds of requests to a reasonable degree of certainty.We may verify a Data Subject’s identity by matching data points contained in the request with data points in our possession, as permitted or required by applicable Data Protection and Privacy Laws.

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here:



We may update this Privacy Statement from time to time by posting a revised Privacy Statement on our Websites. We encourage users to periodically review this Privacy Statement for the latest information on our privacy practices.


Please contact us at with any questions about this Privacy Statement or to file a complaint.

Emburse will investigate and attempt to resolve complaints and disputes regarding the collection, use, and disclosure of Personal Data by referencing the privacy principles stated in this Privacy Statement.