This Privacy Notice will become effective as of February 28, 2021 (30 days after its original posting on this website).
Your privacy is important to LLamasoft; maintaining your trust is paramount to us.
This Privacy Notice discloses the information practices for LLamasoft, Inc., a Delaware corporation, and its affiliates (“LLamasoft”) including, but not limited to, LLamasoft Deutschland GmbH, LLamasoft France SAS, LLamasoft Europe Limited, Optimiza Limited, LLamasoft (Shanghai) Co. Ltd., LLamasoft KK, LLamasoft South Africa (PTY) Ltd, LLamasoft Federal, Inc., Opex Analytics LLC and Opex Analytics Private Limited (collectively referred to as the “LLamasoft Group”), including what type of information is gathered and tracked, how the information is used, and with whom the information is shared. When this Privacy Notice refers to “you,” “your,” or similar words, it means the individual to who the personal information pertains.
From time to time, we may supplement this Privacy Notice with additional information relating to a particular interaction we have with you.
Application of this Privacy Notice; Notes for Persons in the European Economic Area and Switzerland
This Privacy Notice applies to persons in the United States and all other jurisdictions except to the extent stated otherwise in the sections below titled: “International Data Transfers”, “Additional Notices for Persons in the European Economic Area, Mexico, Brazil, Japan and Australia”, and “Special Information for California Residents”. If you are in those jurisdictions or the law of one or more of those jurisdictions applies the provisions of those sections will apply to you and supersede any inconsistent provision of the rest of this Privacy Notice.
Otherwise, the provisions of this general Privacy Notice will apply to you.
If you have questions, you can contact us using the contact information in the section entitled “Privacy Questions and Access” at the bottom of this notice.
To help you navigate and understand the structure of this Privacy Notice, see below where to find the most relevant sections to you:
- Collection of Personal Information
- Use of Personal Information
- To Fulfill a Contract
- Fulfilling your Transaction Request
- Personalizing your Experience on our Web Site
- Providing Support
- Usage Data
- Access to Our Offices
- Monitoring or Recording of Calls, Chats and Other Interactions
- Protecting the Rights and Property of LLamasoft and Others
- Compliance with Law and Due Diligence Checks
- Sharing of Personal Information
- Information Security and Accuracy
- Cookies, Web Beacons and Other Technologies
- Links to Non-LLamasoft Web Sites and Third-Party Applications
- Special Information for California Residents
- Information Pertaining to Children
- International Data Transfers
- Additional Notices for Persons in the European Economic Area, Mexico, Brazil, Japan, and Australia
- Notification of Changes
- Privacy Questions and Access
Collection of Personal Information
You may choose to give us personal information directly in a variety of situations. For example, you may want to give us your name and contact information to communicate with you, to process an order, to provide you with a subscription or a service, or to do business with us if you are a supplier or a business partner.
You may also provide your credit card details when you pay for services or may share a description of your education and work experience in connection with a job opening at LLamasoft for which you wish to be considered. If you tell us that you do not want us to use your information to make further contact with you beyond fulfilling your request, we will respect your wishes.
We may also collect information relating to your use of our Web site through the use of various technologies. For example, when you visit our Web site, we may log certain information that your browser sends us, such as your IP address, browser type and language, access time, and referring Web site addresses. We may also collect information about the pages you view within our site and other actions you take while visiting us. In addition, we may also use such technologies to determine whether you’ve opened an e-mail or clicked on a link contained in an e-mail. Collecting information in this manner allows us to collect statistics about our Web site usage and effectiveness and personalize your experience while you are on our Web site, as well as tailor our interactions with you. For details regarding the technologies we employ, see the “Cookies, Web Beacon and Other Technologies” section below.
From time to time, we may also collect information that pertains to you indirectly, typically from your organization, but also through other sources, such as marketing partners. When we do so, we ask these third parties to confirm that the information was legally acquired by them and that we have the right to obtain it from them and use it.
The information that we collect, either directly or indirectly, may be combined to help us improve its overall accuracy and completeness and to help us better tailor our interactions with you.
Use of Personal Information
The following paragraphs describe in more detail how LLamasoft may use your personal information.
To Fulfill a Contract
In the context of our business activities, the terms of our contract with your employer or organization may require us to process your personal information in order to comply with our obligations under that contract or to exercise our rights under it. We use your information, primarily, to give you access to our products and services, as requested by your employer. Our contractual arrangements with your organization will ensure that we only process your information as instructed by them and only as necessary to comply with our contractual obligations.
The legal grounds for processing this information are the performance of our contract with your employer or organization and the legitimate interest of LLamasoft in providing goods and services to persons who contract with LLamasoft to provide those services and goods.
Fulfilling your Transaction Request
If you request something from LLamasoft, for example, a product or service, a callback, or specific marketing materials, we will use the information you provide to fulfill your request. To help us do this, we may share information with others, for instance, LLamasoft’s business partners, financial institutions, shipping companies, or postal or government authorities, such as customs authorities, involved in fulfillment. In connection with a transaction, we may also contact you as part of our customer satisfaction surveys or for market research purposes.
The legal ground for processing this information is the legitimate interest of LLamasoft to conduct its business.
Personalizing your Experience on our Web Site
We may use information we collect about you to provide you with a personalized experience on our Web site, such as providing you with content in which you may be interested and making navigation on our site easier.
The legal ground for processing this information is the legitimate interest of LLamasoft to provide you with working and functional websites and with a pleasant user experience when interacting with our websites.
We may use your personal information to support products or services you or your organization have obtained from us, such as notifying you of a product update or fix. We may use third-party platforms to provide you with these support services and to enable access to product help guides, product documentation and forums to support your use of our products or services.
The legal grounds for processing this information are the performance of our contract with your employer or organization and the legitimate interest of LLamasoft in providing goods and services to persons who contract with LLamasoft to provide those services and goods, including product and service support.
The information you provide to LLamasoft directly, as well as the information we have collected about you indirectly, may be used by LLamasoft for marketing purposes. We may receive your information indirectly from third parties, including our marketing partners in certain regions who collect personal information from you and pass it on to us, and we may use this information for marketing purposes. In any case and, before we do so, we will disclose the source from which we received the information (if collected indirectly) and we will offer you the opportunity to choose whether or not to have your information used in this way. At any time, you may choose not to receive marketing materials from us by following the “unsubscribe” instructions included in each e-mail you may receive, by indicating so when we call you, or by contacting us directly (please refer to “Privacy Questions and Access” below).
The legal ground for processing this information is the legitimate interest of LLamasoft to conduct its business and our legitimate interest in sending electronic marketing communications to current and potential customers concerning our products and services.
We do not conduct any profiling or automated decision processes in our direct marketing activities.
Some of our offerings may be co-branded, that is, sponsored by both LLamasoft and third parties. If you sign up for these offerings, be aware that your information may also be collected by and shared with those third parties. We encourage you to familiarize yourself with their privacy policies to gain an understanding of the manner in which they will handle information about you.
If you choose to “Email This Page” to a friend or colleague, we will ask for their name and e-mail address. We will automatically send a one-time e-mail sharing the page you indicated, but will not use that information for other purposes.
In connection with a job application or inquiry, whether advertised on our site or otherwise, you may provide us with information about yourself, such as a resume and contact information. We may use this information throughout LLamasoft in order to address your inquiry or consider you for employment purposes. Unless you tell us not to do so, we may keep the information for future consideration for a period of up to 3 years and then destroy it.
The legal ground for processing this information for this purpose is LLamasoft’s legitimate interest in analyzing candidate information in connection with identifying qualified candidates to fill open positions at LLamasoft.
Access to Our Offices
We may ask you to provide certain personal information (such as your name and the organization you belong to) as part of our office visitor check-in system. We will only use your information for the purpose of establishing and verifying your identity and purpose of visit so that we can authorize your physical access to LLamasoft’s facilities. Your information will be held for up to 90 days and then destroyed or irreversibly anonymized, unless: (i) a request for the data or the preservation of the data is made by law enforcement; or (ii) the data is relevant to an ongoing or prospective investigation related to our facilities on the relevant date(s) of your visit.
The legal ground for processing your information for this purpose is the legitimate interest of LLamasoft to manage and secure access to our offices.
Recording of Calls, Chats and Other Interactions
Certain transactions may involve you calling us or us calling you, such as in the context of us providing product support to you. They may also involve online chats. LLamasoft may in some cases record such interactions product support investigations or, at your request, for your own training purposes. We will always ask you before we do this.
The legal ground for processing this information for these purposes is LLamasoft’s legitimate interest in providing quality services and support and to improve the quality of its services and support.
Protecting the Rights and Property of LLamasoft and Others
We may also use or share your information to protect the rights or property of LLamasoft, our business partners, suppliers, clients, or others when we have reasonable grounds to believe that such rights or property have been or could be affected. In addition, we reserve the right to disclose your personal information as required by law and when we believe that disclosure is necessary to protect our rights, the rights of others, or to comply with a judicial proceeding, court order, or legal process served on LLamasoft.
The legal ground for processing your information for this purpose is the legitimate interest of protecting our rights as a business and/or establishing, exercising or defending any legal claims.
Compliance with Law and Due Diligence Checks
We may collect and use your personal information in the context of our corporate compliance protocols and processes in place to ensure our organization’s compliance with law (including Anti-Money Laundering legislation). For example, we may have an obligation to screen and conduct due diligence on you or your organization in order to ensure LLamasoft’s compliance with regulations and law as we determine whether to move forward with a potential business relationship with you or your organization. We may also obtain additional information from public sources in order to carry out these due diligence and regulatory checks that we are required to undertake.
The legal ground for processing this information is compliance with our legal obligations and the legitimate interest of meeting our corporate compliance requirements.
Sharing of Personal Information
This section of the Notice describes how we will, in some circumstances, have to share personal information about you with third parties (“Third Parties”), in accordance with data protection law, in connection with and for the purpose of facilitating the provision of certain services that may be provided by these Third Parties to LLamasoft or to you.
In all cases, all our Third-Party providers are required to take appropriate security measures to protect your personal data in line with our policies and all applicable legal requirements. Providers are only permitted to process your personal data for specified purposes and in accordance with our instructions.
- Our parent company: We share your personal data with our parent company, LLamasoft, Inc., based in Ann Arbor, MI, USA. Our parent company may use your data for the purposes of tracking sales; contacting current and potential customers in connection with marketing LLamasoft products and services; assisting current and potential customers; and for internal business purposes, such as conducting research and analysis in order to improve our products and services.
- The LLamasoft Group: We may share your personal data across the LLamasoft Group as necessary for the relevant internal departments to provide you with certain services or to interact with you. We rely on our Intra-Group Data Transfer Agreement (the “Intra-Group DTA”) (which contains the Controller to Controller and Controller to Processor versions of the European Commission’s Standard Contractual Clauses for the transfer of personal data to third countries, pursuant to Decisions 2004/915/EC and 2010/87/EU (“SCC’s”)) for any transfer of personal data to other LLamasoft Group entities (disclosed in the “International Data Transfers” section below).
- Our suppliers and service providers: In some cases, LLamasoft uses suppliers or resellers located in various countries to collect, use, analyze, and otherwise process information on its behalf. It is LLamasoft’s practice to require such suppliers or resellers to handle information in a manner consistent with LLamasoft’s policies.
- Our business partners: From time to time, we may disclose information that identifies you at an individual level and which we collected on our Web site to other non-LLamasoft entities that are not acting as our suppliers, such as our business partners. Except as described in this Privacy Notice, we will only do so with your prior consent.
- Our hosting and platform services provider: Your personal data may also be transferred to and stored on servers at LLamasoft’s hosting provider, Amazon Web Services (AWS), in the United States. AWS relies on its data processing addendum, which includes the SCC’s, available at https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf.
- Third-party electronic payment vendors: When you pay for products or services through our sites or third-party partner sites we collect, but do not store, your payment information (such as credit card or PayPal information).
- Our customer relationship and data management system: Personal information collected through LLamasoft’s website may be processed by salesforce.com and/or one or more of its affiliates (“SFDC”) through its Pardot service. Under the contract with SFDC, SFDC is required to maintain appropriate administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of personal data. Those safeguards include, but will not be limited to, measures designed to prevent unauthorized access to or disclosure of personal data (other than by LLamasoft). Further, the data processing addendum at https://www.salesforce.com/company/legal/agreements.jsp (the “DPA”) covers such personal data. To the extent SFDC processes personal data from the European Economic Area (EEA), the United Kingdom, or Switzerland, SFDC’s Processor Binding Corporate Rules and/or the SCC’s apply as described in the DPA.
- Third parties in connection with business reorganization: Circumstances may arise where, whether for strategic or other business reasons, LLamasoft decides to sell, buy, merge or otherwise reorganize businesses, in whole, in part, or in some countries. Such a transaction may involve the disclosure of personal information to prospective or actual purchasers, or the receipt of such information from sellers. It is LLamasoft’s intent to seek appropriate protection for information in these types of transactions.
- Governmental entities and third parties: Please be aware that in certain circumstances, personal information may be subject to disclosure to government agencies pursuant to a judicial proceeding, court order, or legal process. We may also share your information to protect the rights or property of LLamasoft, our business partners, suppliers or clients, and others when we have reasonable grounds to believe that such rights or property have been or could be affected.
Information Security and Accuracy
We intend to protect your personal information and to maintain its accuracy. LLamasoft implements appropriate physical, administrative and technical safeguards to help us protect your personal information from unauthorized access, use and disclosure. We also require that our suppliers and resellers protect such information from unauthorized access, use and disclosure.
We will retain your information for as long as your account is active, as needed to provide you services or as necessary for the original purpose for which it was collected.
We will retain and use your information as necessary to comply with our legal obligations, enforce our agreements, or in order to establish, exercise or defend any legal claims (subject to the applicable statute of limitations in the relevant country).
If you wish to request that we no longer use your information to provide you services contact us at GDPR@coupa.com. Your provision of personal data is a contractual requirement for the issuance of LLamasoft’s software on a named-user license basis. Failure to provide the required personal data will result in limitation or prevention of LLamasoft’s ability to issue the necessary license keys or credentials that have been purchased by you or your organization for your usage.
Cookies, Web Beacons and Other Technologies
As mentioned above, we collect information from your visits to our Web site to help us gather statistics about our Web site usage and effectiveness, personalize your experience on our site, and tailor our interactions with you.
We do so through the use of various technologies, including one called “cookies”. A cookie is a piece of data that a Web site can send to your browser, which may then be stored on your computer as a tag that identifies your computer. While cookies are often only used to measure Web site usage and effectiveness and to allow for ease of navigation or use and as such, are not associated with any personal information, they are also used at times to personalize a known visitor’s experience to a Web site by being associated with profile information or user preferences. You can set your browser in most instances to notify you before you receive a cookie, giving you the chance to decide whether to accept it or not. You can also generally set your browser to turn off cookies. Since cookies allow you to take advantage of some of our Web site’s features, we recommend that you leave them turned on. If you block or otherwise reject our cookies, you will not be able, for instance, to add items to your shopping cart, proceed to checkout, or use any Web site services that require you to sign in.
We may use Web beacons or other technologies to better tailor customer service. These technologies may be in use on a number of pages across LLamasoft’s Web site. When a visitor accesses these pages, a non-identifiable notice of that visit is generated which may be processed by us or by our suppliers. These Web beacons usually work in conjunction with cookies. If you don’t want your cookie information to be associated with your visits to these pages, you can set your browser to turn off cookies. If you turn off cookies, Web beacon and other technologies will still detect visits to these pages; however, they will not be associated with information otherwise stored in cookies.
We may also include Web beacons in marketing e-mail messages or our newsletters in order to determine whether messages have been opened and links contained within clicked on.
Many web browsers have a “do not track” setting. That said, there is no widely-accepted standard (through the World Wide Web Consortium or otherwise) governing what should happen when a user selects “do not track” in a browser. If and when an industry consensus is reached about how to treat a “do not track” setting, LLamasoft will determine whether to follow that consensus approach. In the meantime, enabling “do not track” in your browser will not change what information is exchanged with your computer, or how that information is used.
You might be able to exercise choices regarding third-party cookies and/or tracking devices. You can obtain more information about those choices at http://www.networkadvertising.org/choices/ or http://www.aboutads.info/choices/.
Links to Non-LLamasoft Web Sites and Third-Party Applications
To allow you to interact with other Web sites on which you may have accounts (such as Facebook and other social media sites) or join communities on such sites, we may provide links or embed third-party applications that allow you to login, post content or join communities from our Web sites. We may also provide you with general links to non-LLamasoft Web sites.
Your use of these links and applications is subject to the third parties’ privacy policies, and you should become familiar with the third-party sites’ privacy policies before using the links or applications. LLamasoft is not responsible for the privacy practices or the content of those other Web sites.
Special Information for California Residents
Your California Privacy Rights: California privacy law specifies that California residents may request that LLamasoft, up to twice in any 12-month period and free of charge, provide California residents with the categories and specific pieces of personal information that LLamasoft has collected about you. You may request this information by contacting LLamasoft using the contact information below in the section entitled “Privacy Questions and Access”.
Information Pertaining to Children
LLamasoft does not knowingly collect personal information of, or relating to, children as defined by applicable law. If you are younger than the age of consent in your jurisdiction, or are the parent or guardian of such a person, please contact LLamasoft immediately using the contact information below in the section entitled “Privacy Questions and Access” so that LLamasoft can delete or otherwise address such information.
International Data Transfers
The LLamasoft Group has business processes, management structures and systems that cross borders. As such, we may share information about you within the LLamasoft Group and transfer it to countries in the world where we do business in connection with the purposes identified above and in accordance with this Privacy Notice. Our Privacy Notice and our practices are designed to provide a globally consistent level of protection for personal information all over the world. This means that even in countries whose laws provide for less protection for your information, LLamasoft will still handle your information in the manner described in this Privacy Notice.
LLamasoft may, pursuant to the purposes listed above, transfer your personal data within the EU or Switzerland and to a different jurisdiction. In this case, LLamasoft relies on the SCC’s, which are the European Commission’s Standard Contractual Clauses for the transfer of personal data to third countries, pursuant to Decisions 2004/915/EC and 2010/87/EU).
We have put into place an Intra-Group DTA, which includes the Controller to Controller SCC’s and the Controller to Processor SCC’s, to safeguard your information. Please contact the LLamasoft Privacy Team at GDPR@coupa.com should you wish to examine the Intra-Group DTA entered into by the LLamasoft Group.
While Privacy Shield is no longer a valid lawful basis on which LLamasoft may rely to transfer personal data from the EU to the United States pursuant to Regulation (EU) 2016/679 (General Data Protection Regulation or GDPR), LLamasoft continues to comply with both the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, as administered by the U.S. Department of Commerce, regarding the collection, use, and retention of personal data from the European Union (the “EU”), the United Kingdom (the “UK”) and Switzerland, respectively, to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles that are a part of the Privacy Shield program. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. LLamasoft’s Privacy Shield certification extends to our U.S. subsidiary, Opex Analytics LLC, who adheres to the Privacy Shield Principles in the same manner. LLamasoft’s Privacy Shield Privacy Statement is different from this general Privacy Notice. You can see our Privacy Shield Privacy Statement at: https://success.coupa.com/Trust/Data_Privacy/z_LLamasoft_Privacy_Shield_Statement. If the Privacy Shield Privacy Statement applies to you and anything in this general Privacy Notice is different from the Privacy Shield Privacy Statement, the provision in the Privacy Shield Privacy Statement governs.
Additional Notices for Persons in the European Economic Area, Mexico, Brazil, Japan, and Australia
To the extent required by applicable law, LLamasoft makes the following disclosures.
- The organization collecting your information is LLamasoft. Depending on your location, the data controller in respect of any personal data will vary. For persons located in France, LLamasoft France SAS is the data controller. For persons located in Germany, LLamasoft Deutschland GmbH is the data controller. For persons located in European locations outside of Germany or France, LLamasoft Europe Limited is the data controller. The data controller for your location will be referred to in this Notice as "LLamasoft", "we" or "us".
LLamasoft’s contact information appears below in the section entitled “Privacy Questions and Access”.
The purposes of the processing for which the personal data are intended are as stated in the remainder of the general Privacy Notice.
The legal bases for processing are as stated under the relevant purpose outlined in this Privacy Notice.
The recipients or categories of recipients of the personal data are as stated elsewhere in the general Privacy Notice.
LLamasoft intends to, and does, transfer EEA personal data to one or more third countries that are not the subject of general adequacy decision by the European Commission. In such cases, LLamasoft relies on its Intra-Group DTA (disclosed above) and/or contractual arrangements such as the EC-approved SCC’s we may have put in place with your organization.
The period for which the personal data will be stored is described above in the section entitled “Retention” or as stated under the relevant purpose outlined in this Privacy Notice.
You have the right to request from LLamasoft access to, and rectification or erasure of, personal data or restriction of processing concerning your personal data or to object to processing, as well as the right to data portability.
Except as otherwise stated in applicable law, you have right to withdraw consent for the processing of your personal data at any time without affecting the lawfulness of processing based on consent before its withdrawal.
You have the right to lodge a complaint with a supervisory authority.
Your provision of personal data is not a contractual requirement unless and until you or your organization enter into a software license or service agreement with LLamasoft, in which case the provision of enough personal data to permit LLamasoft to perform under the contract will be necessary (usually, name, e-mail address, and other business contact information necessary for user license credentialing and management and information necessary to provide technical and other support). In such cases, failure to provide the required personal data will result in limitation or prevention of LLamasoft’s ability to provide goods, services, or software to you or your organization.
LLamasoft does not conduct automated decision-making, including profiling, using personal data.
Notification of Changes
We will post a notice for 30 days at the top of this page notifying users when this Privacy Notice is updated or modified in a material way. If we are going to use your personal information in a manner different from that stated at the time of collection and applicable law requires that we obtain your consent or give you a choice, we will notify you to seek your consent and/or you will have a choice as to whether or not we can use your personal information in such a way.
Privacy Questions and Access
If you have a question about this Privacy Notice or LLamasoft’s handling of your personal data, you can send an email to the LLamasoft Privacy Team at GDPR@coupa.com.
In certain cases, you may have the ability to view or edit your personal information online. In the event your information is not accessible online, and you wish to obtain a copy of particular information you provided to LLamasoft, or if you become aware the information is incorrect and you would like us to correct it, contact us.
Before LLamasoft is able to provide you with any information or correct any inaccuracies, however, we may ask you to verify your identity and to provide other details to help us to respond to your request. We will contact you within 30 days of your request.
If you no longer wish to receive marketing e-mails from LLamasoft, please send an e-mail to email@example.com or follow the unsubscribe instructions included in each marketing email.