Zip

33 New Montgomery St

Suite 1420

San Francisco, CA 94105

This Privacy Policy describes the privacy practices of Greenbax Inc. d/b/a ZipHQ ("ZipHQ", “Zip”,

“Evergreen,” "we", “us” or "our") and how we handle personal information that we collect

through our digital properties that link to this Privacy Policy, including our website ZipHQ.com

(collectively, the “Service”), as well as through social media, our marketing activities, and other

activities described in this Privacy Policy.

Zip provides a pioneering platform that offers one place for employees to initiate a purchase or

vendor request. This Privacy Policy does not apply to information that we process on behalf of our

enterprise customers while providing the Zip platform to them. Our use of such information is

governed by our agreements with those enterprise customers. If you have concerns regarding

personal information that we process on behalf of an enterprise customer, for example if you are

an employee of such an enterprise customer, please direct your concerns to that enterprise

customer.

Our websites, products, and services are primarily designed for enterprise organizations and their

representatives. We do not offer products or services for use by individuals for their personal,

family, or household purposes. Accordingly, we treat all personal information we collect as

pertaining to individuals in their capacities as enterprise organization representatives and not their

individual capacities.

Zip may provide additional or supplemental privacy policies for specific products or services

that we offer at the time we collect personal information or as otherwise notified to you.

Index

Personal information we collect

How we use your personal information

How we share your personal information

Anonymized, aggregated, or de-identified data

How we share your personal information

Your rights

Your choices

Other sites and services

Security

International data transfer

Additional disclosures for California residents

Children

Changes to this Privacy Policy

How to contact us

Personal information we collect

Information you provide to us. Personal information you may provide to us through the

Service or otherwise includes:

● Contact data - such as your first and last name, salutation, email address, billing and

mailing addresses, professional title and company name, and phone number.

● Demographic Information - such as your city, state, country of residence, and postal

code.

● Profile data - such as the username and password that you may set to establish an

online account with us and any other information that you add to your account profile.

● Communications data - that we exchange with you, including when you contact us with

questions or feedback, through the Service, social media, or otherwise. When you

the future.

● Transactional data - such as information relating to or needed to complete your orders

on or through the Service, including order numbers and transaction history.

● Marketing data - such as your preferences for receiving our marketing communications

and details about your engagement with them.

● User-generated content - such as comments, questions, messages, works of

authorship, and other content or information that you generate, transmit or otherwise

make available on the Service, as well as associated metadata. Metadata includes

information on how, when, where, and by whom a piece of content was collected and

how that content has been formatted or edited.

● Financial information - such as your financial account numbers or payment card

information.

● Payment information needed to complete transactions, including payment card

information or bank account number.

● Other data not specifically listed here, which we will use as described in this Privacy

Policy or as otherwise disclosed at the time of collection.

Third-party sources. We may combine personal information we receive from you with personal

information we obtain from other sources, such as:

● Public and private sources - such as government agencies, public records, social

media platforms, and other publicly or privately available sources.

● Data providers - such as information services and data licensors.

● Our affiliate partners - such as our affiliate network provider and publishers,

influencers, and promoters who participate in our paid affiliate programs.

● Marketing partners - such as joint marketing partners and event co-sponsors.

Automatic data collection. We, our service providers, and our business partners may

automatically log information about you, your computer or mobile device, and your

interaction over time with the Service, our communications, and other online services, such as:

● Device data - such as your computer’s or mobile device’s operating system type and

version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU

usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers

used for advertising purposes), language settings, mobile device carrier, radio/network

information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or

geographic area.

● Online activity data - such as pages or screens you viewed, how long you spent on a page or

screen, the website you visited before browsing to the Service, navigation paths between

pages or screens, information about your activity on a page or screen, access times and

duration of access, and whether you have opened our marketing emails or clicked links

within them.

Cookies and similar technologies. Like many online services, we may use the following

technologies:

● Cookies, which are text files that websites store on a visitor’s device to uniquely identify the

visitor’s browser or to store information or settings in the browser for the purpose of

helping you navigate between pages efficiently, remembering your preferences, enabling

functionality, helping us understand user activity and patterns, and facilitating analytics

and online advertising.

● Local storage technologies, like HTML5 and Flash, that provide cookie equivalent

functionality but can store larger amounts of data, including on your device outside of your

browser in connection with specific applications.

● Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a

webpage or email address was accessed or opened, or that certain content was viewed or

clicked.

Data about others. Users of the Service may have the opportunity to refer other contacts to us and

share their contact information with us. Please do not refer someone to us or share their contact

information with us unless you have their permission to do so.

How we use your personal information

We may use your personal information for the following purposes or as otherwise described

at the time of collection.

● Where the processing is necessary to administer our relationship with you,

including where based on our contract with you or to take steps at your request

prior to entering into a contract. For example, we may use your personal

information to:

○ create and administer orders for you;

○ establish and maintain your user profile on the Service;

○ enable security features of the Service, such as by sending you security codes

via email or SMS, and remembering devices from which you have previously

logged in;

○ communicate with you about the Service, including by sending

announcements, updates, security alerts, and support and administrative

messages;

○ provide support for the Service, and respond to your requests, questions,

and feedback; and

○ facilitate you visiting our offices or attending events.

● Where the processing is necessary for our legitimate interests and where our

interests are not outweighed by your data protection rights. For example, we may

use your personal information to:

○ further our research and development, including to analyze and improve the

Service and our business;

○ collect and use your personal information for marketing and advertising

purposes, including through service providers or third parties and to

understand your needs and interests, and personalize your experience with

the Service and our communications;

○ send you Zip-related or other direct marketing communications as

permitted by law;

○ undertake mergers, acquisitions, reorganizations, disposals, or other

business transactions as permitted/required in accordance with local law;

and

○ protect our, your or others’ rights, privacy, safety or property (including by

making and defending legal claims).

● Where necessary to comply with a legal obligation. For example, we may use your

personal information to:

○ comply with applicable laws, lawful requests, and legal processes, such as to

respond to subpoenas or requests from government authorities;

○ audit our internal processes for compliance with legal and contractual

requirements and internal policies;

○ enforce the terms and conditions that govern the Service; and

○ prevent, identify, investigate and deter fraudulent, harmful, unauthorized,

unethical, or illegal activity, including cyberattacks and identity theft.

● With your consent. In some cases, we may specifically ask for your consent to

collect, use or share your personal information, such as when required by law.

Anonymized, aggregated, or de-identified data

Anonymization is a data processing technique that modifies personal information so that it

cannot be associated with a specific individual. Except for this section, none of the other

provisions of this Privacy Policy apply to anonymized, aggregated (i.e., information about

our customers that we combine so that it no longer identifies or references an individual

customer) or de-identified data. We may use this anonymized, aggregated, or de-identified

data and share it with third parties for our lawful business purposes, including to analyze

and improve the Service and promote our business.

How we share your personal information

We may share your personal information with the following parties and as otherwise

described in this Privacy Policy or at the time of collection.

● Affiliates. Our corporate parent, subsidiaries, and affiliates, for purposes consistent

with this Privacy Policy.

● Service providers. Third parties that provide services on our behalf or help us operate

the Service or our business (such as hosting, information technology, customer

support, email delivery, marketing, and website analytics).

● Payment processors. Any payment card information you use to make a purchase from

us, including on the Service, is collected and processed directly by our payment

processors and as such may be subject to that payment processor’s privacy policy.

● Third parties designated by you. We may share your personal information with third

parties where you have instructed us or provided your consent to do so.

● Business and marketing partners. Third parties with whom we collaborate on joint

activities (such as co-sponsors of contests and promotions), with whom we have

entered into joint marketing relationships or other joint ventures, or who we think may

offer you products or services that you may enjoy.

● Professional advisors. Professional advisors, such as lawyers, auditors, bankers, and

insurers, where necessary in the course of the professional services that they render to

us.

● Authorities and others. Law enforcement, government authorities, and private parties,

as we believe in good faith to be necessary or appropriate for the legal compliance and

other purposes described above.

● Business transferees. Acquirers and other relevant participants in business

transactions (or negotiations and diligence for such transactions) involving a corporate

divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition

of all or any portion of the business or assets of, or equity interests in, Zip or our

affiliates (including, in connection with a bankruptcy or similar proceedings).

● Other users and the public. Your profile and other user-generated content (except for

messages) may be visible to other users of the Service and the public. For example,

other users of the Service or the public may have access to your information if you

choose to make your profile or other personal information available to them through

the Service, such as when you provide comments, reviews, survey responses, or share

other content. This information can be seen, collected, and used by others, including

being cached, copied, screen captured, or stored elsewhere by others (e.g., search

engines), and we are not responsible for any such use of information.

Your rights

You may have a right to access and to obtain a copy of your personal information as processed by

Zip. If you believe that any personal information we hold about you is incorrect or incomplete, you

may also request the correction of it (for example by logging into the Service if you have registered

for an account with us).

You may also have the right to:

• object to the processing of your personal information;

• request the deletion of your personal information;

• request a restriction on the processing of your personal information; and/or

• withdraw your consent where Zip obtained your consent to process personal information

(without this withdrawal affecting the lawfulness of any processing that took place prior to

the withdrawal).

Zip will honor such requests for access, correction, deletion or restriction and/or any withdrawal or

objection as required under the applicable data protection laws and regulations, and we will not

discriminate against you for exercising your legal rights. However, please note that such rights are

not absolute: they do not always apply, and exemptions may be applicable. Zip will usually, in

response to any such request, ask you to verify your identity and place of residence and/or provide

information that helps us to better understand your request. If we do not comply with your request,

we will explain why.

To exercise the above rights with Zip, you may contact us as set forth below. If you are not satisfied

with how we process your personal information, please let us know and we will investigate your

concern.

If you are not satisfied with our response, you have the right to make a complaint to the data

protection authority in the jurisdiction where you live or work, or in the place where you think an

issue in relation to your data has arisen. For European residents, the contact details of data

protection authorities in the European Economic Area can be found

here: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-

authorities/index_en.htm.

As highlighted above, if you are personnel of an enterprise customer that uses Zip products or

otherwise have had your personal information collected via Zip products by or on behalf of our

customers, please note this Privacy Policy does not apply to such personal information. If you have

questions regarding your rights in relation to personal information that we process on behalf of an

enterprise customer, for example if you are an employee of such an enterprise customer, please

direct your questions to that enterprise customer.

Your choices

You also have the following choices with respect to your personal information.

● Cookies. Most browsers let you remove or reject cookies. To do this, follow the instructions

in your browser settings. Many browsers accept cookies by default until you change your

settings. Please note that if you set your browser to disable cookies, the Service may not

work properly. For more information about cookies, including how to see what cookies

have been set on your browser and how to manage and delete them, visit

www.allaboutcookies.org.

● Advertising choices. You may be able to limit use of your information for interest-based

advertising by:

○ Browser settings. Blocking third-party cookies in your browser settings.

○ Privacy browsers/plug-ins. By using privacy browsers or ad-blocking browser

plug-ins that let you block tracking technologies.

○ Platform settings. Google and Facebook offer opt-out features that let you opt-

out of use of your information for interest-based advertising:

■ Google: https://adssettings.google.com/

■ Facebook: https://www.facebook.com/about/ads

○ Ad industry tools. Opting out of interest-based ads from companies participating

in the following industry opt-out programs:

■ Network Advertising Initiative:

http://www.networkadvertising.org/managing/opt_out.asp

■ Digital Advertising Alliance: optout.aboutads.info.

■ AppChoices mobile app, available at

https://www.youradchoices.com/appchoices, which will allow you to opt-

out of interest-based ads in mobile apps served by participating members

of the Digital Advertising Alliance.

○ Mobile settings. Using your mobile device settings to limit use of the advertising

ID associated with your mobile device for interest-based advertising purposes.

You will need to apply these opt-out settings on each device from which you wish to opt-out.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to

the online services that you visit. We currently do not respond to “Do Not Track” or similar

signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Declining to provide information. We need to collect personal information to provide certain

services. If you do not provide the information we identify as required or mandatory, we may not

be able to provide those services.

Other sites and services

The Service may contain links to websites and other online services operated by third

parties. In addition, our content may be integrated into web pages or other online services that are

not associated with us. These links and integrations are not an endorsement of, or representation

that we are affiliated with, any third party. We do not control websites or online services operated

by third parties, and we are not responsible for their actions. We encourage you to read the privacy

policies of the other websites and mobile applications and online services you use.

Security

We employ a number of technical, organizational, and physical safeguards designed to protect

the personal information we collect. However, security risk is inherent in all internet and

information technologies and we cannot guarantee the security of your personal information.

International data transfer

We are headquartered in the United States and may use service providers that operate in other

countries. Your personal information may be transferred to the United States or other locations

where privacy laws may not be as protective as those in your state, province, or country.

Additional disclosures for California residents

Zip has not sold personal information as defined under the California Consumer Privacy Act of 2018

in the preceding 12 months.

California law requires that we detail the categories of personal information that we disclose for

certain “business purposes,” such as to service providers that assist us with securing our services or

marketing our products, and to such other entities as described above in this Privacy Policy. We

disclose the following categories of personal information for our business purposes:

• Identifiers;

• Commercial information;

• Internet activity information;

• Financial information;

• Professional and employment-related information;

• Education information; and

• Inferences drawn from any of the above information categories.

If you are an authorized agent wishing to exercise rights on behalf of a California resident, please

copy of the consumer’s written authorization designating you as their agent.

Children

The Service is not intended for use by children under 16 years of age. If we learn that we have

collected personal information through the Service from a child under 16 without the consent of the

child’s parent or guardian as required by law, we will delete it.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this

Service. If required by law we will also provide notification of changes in another way that we

believe is reasonably likely to reach you, such as via email or another manner through the Service.

Any modifications to this Privacy Policy will be effective upon our posting the modified version (or

as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective

date of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.

How to contact us

Email: [email protected]ziphq.com

Mail: 33 New Montgomery St, Suite 1420, San Francisco, CA 94105

Last updated: February 23, 2022