Privacy Policy

Updated: May 6, 2019

This Privacy Policy sets forth the policy and procedures of PandaDoc, Inc. (variously, “PandaDoc”, “we”, “our” or “us) in regard to the collection, usage and disclosure of personal and/or corporate information that you may provide to us through using this website (www.pandadoc.com), or by using any product or service provided by PandaDoc (the “Website”).

If you do not accept this Privacy Policy and/or do not meet and/or comply with the provisions set forth herein, then you may not use our Website.

PRIVACY CERTIFICATION: EU – U.S. PRIVACY SHIELD FRAMEWORK

PandaDoc may from time to time collect, use, and/or retain Personal Information from individuals located within the European Union (“EU”) member countries.  PandaDoc has certified that it adheres to the ‘EU-US Privacy Shield Principles’ of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability as set forth by the US Department of Commerce.    PandaDoc is under the jurisdiction as well as the investigatory and enforcement powers of the US Federal Trade Commission for purposes of the ‘EU-US Privacy Shield Framework.’  This Privacy Policy applies to all Personal Information received by PandaDoc whether in electronic, paper or verbal format.  If there is any conflict between the policies in this Privacy Policy and the ‘Privacy Shield Principles’, the ‘Privacy Shield Principles’ shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

1. Information we collect

When you use our Website, you may provide PandaDoc with two main types of information: (1) Non-Personal Information and (2) Personal Information.  We collect information from you when you (a) use and/or access our Website, (b) open and/or respond to our emails, (c) contact PandaDoc, (c) visit any page online that displays our content, (d) purchase products through our Website, and/or (e) provide information to any of our Service Providers.  To view our Website you do not need to submit any Personal Information other than your name, email address, general geographic location, profession and/or industry that you operate in.

1.1 Personal Information

“Personal Information” is personally identifiable information that you knowingly choose to disclose, which is collected on an individual basis.  We may ask for certain Personal Information from you for the purpose of providing to you content and/or services that you request.  We collect Personal Information such as your: (i) contact information (including name, address and email); (ii) financial information (such as credit card number, expiration date, verification number and billing address); (iii) contact information of your company and/or other identity information you share with us (including industry or profession); (iv) location information (such as geographic location of the device you are using) and/or (v) preferences and feedback.  By registering, you are authorizing us to collect, store and use your email address, and other such information you provide during registration, in accordance with this Privacy Policy.  Once you register, you have opted in to receive electronic communications from PandaDoc.  If you use an external application accounts (like ‘Google’) to sign into the Website, we will collect and store your user identification information (“ID”). The privacy practices of external applications and websites are set forth in their privacy policies, and PandaDoc has no control over the use of your ID by such parties.  PandaDoc may also provide you with the opportunity to participate in surveys through our Website.  If you participate, we will request certain personally identifiable information.  Participation in surveys is completely voluntary and you therefore have a choice whether to disclose such information.

1.2 Non-Personal Information

“Non-Personal Information” is general user information that does not contain personally identifiable information, which is collected on an aggregate basis as you use our Website.    We collect Non-Personal Information such as:

1.3 Information you provide by using the Website

You may submit User Content (as defined in the Terms of Use) to the Website, including certain information via online forms. We will not sell the information obtained in any User Content.

1.4 Information you send to other Users

This Privacy Policy only addresses the use and disclosure of information we collect from you. If you disclose your information to other parties using the Website, or visit other websites linked through the Website, different rules may apply to their use or disclosure of the information you disclose to them. Since the PandaDoc does not control the privacy policies of third parties, or other individual’s actions, you are subject to the privacy policies of that third party or those individuals. We encourage you to be sure the recipients are authenticated to your satisfaction before you send them any documents or sensitive information.

2. How we use and share information

2.1 General Use

We may share your Personal Information to fulfill the purpose for which you provide it, for any other purpose disclosed by us when you provide the information, with your consent, and/or to third parties designated by you. Except as otherwise stated in this Privacy Policy, we do not sell, trade, rent or otherwise share for marketing purposes your Personal Information with third parties without your consent. For example, we may use your information to:

The information collected in the aggregate enables PandaDoc to better understand your use of the Website and to enhance your enjoyment.  We may use financial information to process payment for any purchases made on the Website, enroll you in one of our accounts and/or other related services in which you elect to participate.  If you use the Website, you agree to receive certain communications from us including but not limited to the following:

Special Offers, Newsletters and Updates. We will occasionally send you information on products, special deals, promotions and newsletters. You can sign up for these emails from us at any time on our website.  Out of respect for your privacy, you may elect not to receive these types of communications by changing your account setting through the Website.

Customer Service. Based upon the personally identifiable information you provide us, we will communicate with you in response to your inquiries, to provide the services you request and to manage your account.  We will communicate with you by email or telephone, as you may elect.

Supplementation of Information. In order to process your credit card orders, we use a third party provider to validate and verify your account information.  All billing and account information is transmitted via https, which is a secure encrypted protocol system.

2.2 Parties with whom we may share your information

We may share Personal Information and User Content with vendors, employees, contractors and/or agents who are performing services for PandaDoc, (such as the servers for our email communications who are provided access to user’s email address for purposes of sending emails from us; authentication systems, and fraud detection) (collectively, “Service Providers”). Our Service Providers will be given access to your information as is reasonably necessary to provide the Website and related products and/or services.  We strive to use commercially acceptable means to protect your Personal Information. If Service Providers acquire confidential or proprietary information belonging to PandaDoc or its customers, such information is required to be handled in confidence and may not be disclosed to unauthorized third parties. Service Providers who violate our security and safe maintenance of data policies are subject to appropriate discipline including, but not limited to, termination. Certain Service Providers will automatically collect non-identifying information about your use of our Website by using cookies and other technologies as similarly used by PandaDoc. Our Service Providers are contractually obligated to use your Personal Information only at our direction and in accordance with our Privacy Policy.

2.3 Disclosures

We also may be required to disclose an individual’s Personal Information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.   For example, we will disclose your Personal Information in the following circumstances: (i) to investigate and defend PandaDoc members against any third party claims and/or allegations and/or otherwise to protect PandaDoc from liability, (ii) to investigate, prevent and/or take action regarding suspected and/or actual illegal activities, (iii) to assist government enforcement agencies, respond to a legal process and/or comply with the law, (iv) to exercise or protect the rights, property and/or personal safety of the users of the Website and/or (v) to protect the security and/or integrity of the Service.  In response to a verified request by law enforcement or other government officials relating to a criminal investigation or alleged illegal activity, we can (and you authorize us to) disclose your name, city, state, telephone number, email address, user ID history, fraud complaints, and usage history, without a subpoena, in connection with an investigation of fraud, intellectual property infringement, piracy, and/or other unlawful activity.

2.4 Business Transitions

In the event we undergo a business transaction such as a merger, acquisition by another company, or sale of all or a portion of our assets, your Personal Information may be among the assets transferred and/or examined during the due diligence process. You acknowledge and consent that such transfers may occur and are permitted by this Privacy Policy, and that any acquirer of our assets may continue to process your Personal Information as set forth in this Privacy Policy.

3. Information Choices

Depending on the situation, PandaDoc may obtain consent to the collection of Personal Information in different ways. Express consent may be obtained verbally, online and/or in writing. Implied consent may be obtained through your use of our Website and related services, and/or when you approach us to obtain information, inquire about or request services from us.  PandaDoc will offer individuals the opportunity to choose (opt out) whether their Personal Information is to be used for any purpose other than what it was collected for.  We respect your privacy and give you an opportunity to opt out of receiving announcements of certain information.  Although we think that you benefit from a more personalized experience when we know more about you and what you like, you can limit the information you provide to PandaDoc, and you can limit the communications that PandaDoc sends to you.  If you visit our Website and volunteer personally identifiable information, you can opt out of receiving notifications, and you may review, modify, update, and/or delete such Personal Information by contacting us and/or by changing your preferences on the Website.  Please be aware that even after your request for a change is processed, PandaDoc may, for a time, retain residual information about you in its backup and/or archival copies of its database.  Please be aware that we may still email you non-commercial emails related to your account and your transactions through our Website.  PandaDoc may retain information (including without limitation your account information) for a commercially reasonable time for backup, archival, and/or audit purposes.  In some cases, if you choose not to provide PandaDoc with requested information, you may not be able to use and/or access our Website.

3.1 Your California Privacy Rights

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to receive: (a) information identifying any third party companies to whom PandaDoc may have disclosed Personal Information to for direct marketing, within the past year; and (b) a description of the categories of Personal Information disclosed. To obtain such information, please email your request to privacy@pandadoc.com and we will provide a list of categories of Personal Information disclosed within thirty (30) days after receiving such a request.  This request may be made no more than once per calendar year.  We reserve the right not to respond to requests submitted in ways other than those specified above.

4. Service Eligibility and Changes

4.1 Children and Minors

PandaDoc does not knowingly collect personally identifiable information from children under the age of thirteen (13).  If we learn that we have collected Personal Information from a child under age thirteen (13), we will delete such information as quickly as possible. If you believe that a child under the age of thirteen (13) may have provided us Personal Information, please contact us at privacy@PandaDoc.com.  By using the Website, you represent that you are at least eighteen (18) years old and understand that you must be at least eighteen (18) years old in order to create an account and/or purchase the goods and/or services through the Website.

4.2 Changes to Privacy Policy

In general, changes will be made to this Privacy Policy to address new or modified laws, changes to ‘EU-US Privacy Shield Framework’ and/or new or modified business procedures.  However, we may update this Privacy Policy at any time, with or without advance notice, so please review it periodically. We may provide you additional forms of notice of modifications and/or updates as appropriate under the circumstances. Your continued use of the Website after any modification to this Privacy Policy will constitute your acceptance of such modifications and/or updates.  You can determine when this Privacy Policy was last revised by referring to the date it was last “Updated” above.

5. Other websites and services

We are not responsible for the practices employed by any websites and/or services linked to and/or from our Website, including the information and/or content contained therein. Please remember that when you use a link to go from our Website to another website and/or service, our Privacy Policy does not apply to such third-party websites and/or services. Your browsing and interaction on any third-party website and/or service, including those that have a link on our Website, are subject to such third party’s own rules and policies. In addition, you agree that we are not responsible and do not have control over any third-parties that you authorize to access your Personal Information. If you are using a third-party website and/or service and you allow them to access your Personal Information, you do so at your own risk.

6. How we protect information

6.1 Security

We implement security measures designed to protect your information from unauthorized access. Your account is protected by your account password and we urge you to take steps to keep your Personal Information safe by not disclosing your password and by logging out of your account after each use. We follow generally accepted industry standards to protect the Personal Information submitted to us, both during transmission and once we receive it. We periodically review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems. We further protect your information from potential security breaches by implementing certain technological security measures including encryption, firewalls and secure socket layer technology. Because the internet is not a completely secure environment, PandaDoc cannot warrant the security of any information you transmit to PandaDoc or guarantee that information on the Website may not be accessed, disclosed, altered and/or destroyed by breach of any of our physical, technical and/or managerial safeguards.  In addition, while we take reasonable measure to ensure that Service Providers keep your information confidential and secure, such Service Provider’s practices are ultimately beyond our control.  We are not responsible for the functionality, privacy and/or security measures of any other organization. By using our Website, you acknowledge that you understand and agree to assume these risks.

7. Privacy Shield Compliance

Personal Information may be transferred abroad (including outside the EU for our users in the EU) in connection with PandaDoc’s provision of hosted application services and related support services to our users.  PandaDoc strives to collect and use Personal Information in a manner consistent with the laws of the countries in which we do business and is self-certified to the ‘EU-US Privacy Shield Framework’ developed by the U.S. Department of Commerce in coordination with European Commission. Pursuant to the Privacy Shield Principles, PandaDoc is liable for the onward transfer of EU personal data to third parties acting on our behalf, unless we can prove we were not a party giving rise to the damages.

7.1 Data Integrity Purpose Limitation

PandaDoc will use Personal Information and User Content only for purpose of delivering the services made available in the Website, which is in the confines of document generation and electronic execution, and to facilitate the services you request related thereto.  PandaDoc will take reasonable steps to ensure that Personal Information is reliable for its intended use, accurate, complete and current.  We may occasionally contact you to determine that your data is still accurate and current.

7.2 Access

Pursuant to the Privacy Shield Framework we acknowledge the right of EU individuals to access their personal data. Upon request, we will grant you reasonable access to Personal Information that we hold about you.  PandaDoc may deny requests where legitimate rights of persons other than you would be violated or where disclosure would interfere with national security, defense, or public security.  For security purposes, PandaDoc may require verification of identity before providing access to Personal Information.  Further, PandaDoc will allow the individual to correct, update, or delete information. Individuals who wish to make an access request or remove Personal Information from our records, or if you have any questions in regard to this Privacy Policy or believe that PandaDoc has not complied with the provisions of this Privacy Policy, should direct such a request to PandaDoc Solutions Center at the address provided below or by sending an email to us at privacy@pandadoc.com.  We will respond to your request within a reasonable time.

PandaDoc, Inc.
153 Kearny Street, 5th Floor
San Francisco, CA 94108

7.3 Onward Transfers

PandaDoc will offer users in the EU whose Personal Information has been transferred to the United States the opportunity to opt out from: (a) the disclosure of personally identifiable information to a non-agent third party (other than Service Providers); and (b) the use or disclosure of Personal Information for a purpose other than the purposes for which the information originally was collected or subsequently authorized by the individual or a compatible purpose.  If PandaDoc were to receive “sensitive Personal Information” (which includes, without limitation, Personal Information specifying medical and/or health conditions, racial and/or ethnic origin), PandaDoc will request and obtain affirmative consent before disclosing such information to a non-agent third party and before using such information for a purpose other than the purpose originally disclosed and/or a similar purpose.  PandaDoc will provide you with reasonable mechanisms to exercise your choices should such circumstances arise.  PandaDoc will not transfer Personal Information originating from the EU to third parties unless such third parties have entered into an agreement in writing with us requiring them to provide at least the same level of privacy protection to your Personal Information as required by the principles of the ‘EU-US Privacy Shield Framework’.  We will only transfer data to our agents, resellers or third party Service Providers who need the information in order to provide services to or perform activities on behalf of PandaDoc, including without limitation in connection with the delivery of services or products, PandaDoc management, administration and/or legal responsibilities.  PandaDoc will make sure that any third party agents receiving Personal Information subscribes to the ‘EU- US Privacy Shield Principles’.

7.4 Data transfers

Please be aware that our Website is subject to United States laws, including laws governing privacy and security of your information.  By using our Website, you agree and consent (and represent that you have the authority to provide such consent) to the information collection, use and/or sharing practices described in this Privacy Policy and understand that the laws of the United States and other countries and territories related to the foregoing may differ from those of other countries and may not be as protective as the laws in the country where you reside.  Regardless of the laws in place in such countries, we will treat the privacy of your information in accordance with this Privacy Policy.

 7.5 Recourse, Enforcement and Liability

PandaDoc uses a self-assessment approach to assure compliance with this Privacy Policy and periodically verifies that the Privacy Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, implemented and accessible and in conformity with the ‘EU- US Privacy Shield Principles’.  In compliance with the ‘EU-US Privacy Shield Principles’, PandaDoc commits to resolve complaints about your privacy and our collection or use of your Personal Information.  European Union individuals with inquiries or complaints regarding this privacy policy should first contact PandaDoc at privacy@pandadoc.com.  We encourage you to raise any concerns using the contact information provided and we will investigate and attempt to resolve any disputes regarding use and disclosure of Personal Information in accordance with the ‘EU- US Privacy Shield Principles’.

If the Personal Information in question was transferred from the EU to the United States, and for some reason a complaint or dispute cannot be resolved through our internal process, we have further committed to refer unresolved ‘EU-US Privacy Shield’ complaints to an independent dispute resolution mechanism located in the United States.

PandaDoc has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers  for more information and to file a complaint. This service is provided free of charge to you.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction

8. Language

The governing language of this Privacy Policy is English, which shall prevail over any other languages used in any translated document.

9. How to contact us

If you have questions and/or comments about this Privacy Policy, please email us at privacy@pandadoc.com.