Last Updated October 2022
Your privacy is important to us. To better protect your privacy Acumatica, Inc. (“Acumatica,” “us” or “we”) provides this privacy statement (“Privacy Statement”) to explain who we are, how we collect, use and share your personal information and your data protection rights.
When this Privacy Statement applies:
This Privacy Statement applies to individuals:
- who visit our website, including Acumatica Marketplace, at https://www.acumatica.com (the “Website“);
- who visit or interact with our social media pages;
- who send us communications, or to whom we send communications, about our events, products and services (including by email and phone); and
- who attend or otherwise take part in our events,
(collectively and for the purposes of this Privacy Statement, the “Services”).
This Privacy Statement does not apply to any personal information that Acumatica processes when you purchase and use the Acumatica cloud-based enterprise resourcing platform and related services that we provide to our customers. For further information, see our Platform Privacy Statement.
This Privacy Statement addresses specific requirements that may apply depending on the country in which you are located and the data protection laws that apply. Please see the heading entitled “Supplemental region-specific privacy requirements” for further information.
If there is a specific section of this Privacy Statement that you wish to read, you can most easily navigate to that section by clicking on the appropriate link below.
- Personal information Acumatica collects
- Cookies and other technologies
- How Acumatica uses personal information
- How Acumatica shares personal information
- Data retention
- Third party links
- Privacy Rights
- Changes to this Privacy Statement
- Contacting us
- Supplemental region-specific privacy requirements
Personal information Acumatica collects
Information you voluntarily provide
The personal information we collect depends on the context of your interaction with Acumatica and the Services.
We collect personal information that is necessary to provide the Services you have requested. Some of this personal information is provided by you directly to us, such as when you enter your details or contact us through the Services, contact us through the Services, or request support through the Services.
This personal information we collect may include:
- Business contact information including your name, contact details, country, job title and company;
- The details of any communication you have sent us;
- Your marketing preferences; and
- Any other information you voluntarily provide to us.
You can choose not to provide personal information. You may always decline to provide your personal information to us.
Automatically Collected Usage and Device Information
Similar to other websites, when you visit the Services we collect information automatically from your web browser, mobile, or other device. In some countries, this information may be considered personal information.
This information may include your Internet Protocol (“IP”) address, browser type and language, referring/exit pages and URLs, other browser history, platform type, number of clicks, landing pages, the pages you requested and viewed, the amount of time spent on particular pages, the date and time of your visits and other information relating to your device. Our collection of this information, described in more detail below, allows us to provide more personalized high-quality services to you and to track usage of the Services. Some of this information may be collected using cookies and other technology, as explained further under the heading “Cookies and other technology” below.
Information from Other Sources
We may obtain personal information about you from business partners, contractors, suppliers, and marketing service providers, where they are lawfully permitted to share this information with us. We, and the third parties we engage, may combine information we collect from you over time, and across the Services, with information obtained from other sources. This helps us improve the personal information’s overall accuracy and completeness, and tailor our interactions with you.
We may also collect personal information from third parties, such as social networks, payment processors, product vendors, and other partners. Our collection of this information allows us to provide you with our products and services, establish, maintain and support your use of the Services, and communicate with you in accordance with any marketing preferences you have expressed. For example, where you interact with our social media pages or advertisements, the social media or advertising partner may share with us insights on your interaction with such advertisements, and other device information.
Cookies and other technologies
We use tracking technologies to automatically collect certain technical information from your web browser, mobile, or other device when you visit the Services. For further information about the types of cookies we use, why and how you can control cookies, see our Cookie Notice.
How Acumatica uses personal information
We may use the personal information identified above for one or more of the following purposes (each a “Business Purpose”):
- To fulfil or meet the reason you provided the information (e.g., to send you product and service information);
- To understand how our Services are being used and to improve our Services to ensure that content is presented in the most effective manner for you;
- To provide certain features or functionalities on the Services;
- To send marketing and promotions (for example, newsletters, marketing emails, SMS or push notifications), in accordance with your marketing preferences;
- To provide you with support, to communicate with you and respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses;
- To personalize our Services and to deliver content and product and service offerings, products, and services relevant to your interests, including offers and advertisements, through our Services and third-party sites, and via email (with your consent, where required by law);
- To help maintain the safety, security, and integrity of our Services, services, databases, other technology assets, and business;
- For testing, research, analysis, and product development, including to develop and improve the Services, and our products and services;
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;
- To manage event registrations and attendance, including sending related communications to you;
- To prevent illegal activity, fraud, and abuse;
- As described to you when collecting your personal information;
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our users is among the assets transferred or liquidated.
Social Media Features
Our websites may use social media features, such as the Facebook “like” button, the “Tweet” button and other sharing widgets (“Social Media Features”). You may be given the option by such Social Media Features to post information about your activities on a website to a profile page of yours that is provided by a third party social media network in order to share with others within your network. Social Media Features are either hosted by the respective social media network or hosted directly on our website. To the extent the Social Media Features are hosted by the respective social media networks and you click through to these from our website, the latter may receive information showing that you have visited our website. If you are logged in to your social media account, it is possible that the respective social media network can link your visit to our websites with your social media profile. Your interactions with Social Media Features are governed by the privacy policies of the companies providing the relevant Social Media Features.
How Acumatica shares personal information
We may share personal information for any of the purposes listed above with the following third parties:
- group companies and/or affiliates to assist with providing the Services;
- advertising partners, such as third party advertising networks, exchanges and social media platforms (like Facebook) to display advertising on our websites or to manage and service advertising on other sites;
- sponsors of contests, events or promotions for which you register (for example, if you attend an event or webinar hosted by us, or download or access materials on our website, we may share your data with the sponsors of the event);
- affiliated persons or third-party service providers assisting us in the operation, management, improvement, research and analysis of the Services, including analytics providers, payment processors and marketing service providers;
- to government regulators or law enforcement authorities in accordance with applicable law or regulation;
- to any other person with your consent to the disclosure.
We will retain your personal information for as long as necessary for the purposes it was collected, or for other essential purposes such as complying with our legal and reporting obligations, resolving disputes, enforcing our agreements, completing any outstanding transactions and for the detection and prevention of fraud.
Third party links
The Website contains links to third party websites and services, including links to social media, payment processors and other business partner websites. We are not responsible for the privacy practices of any external websites or services. The linked websites and services may collect personal information from you that is not subject to our control.
Your privacy rights
If you wish to exercise any rights in relation to the personal information that Acumatica collects and uses about you (including rights of access, correction or deletion, where applicable), please contact us using the details provided below. Acumatica will fulfil any data protection rights requests in accordance with its obligations under applicable data protection laws.
Please see the heading “Supplemental region-specific privacy requirements” for further information about the specific rights you can exercise depending on the territory you are in and the data protection laws that apply.
The Services are not intended for anyone under the age of 18, and we do not intend to, or knowingly, collect or solicit personal information online from anyone under the age of 18. Accordingly, we do not knowingly “sell” or disclose personal information of anyone under the age of 18. If you are a parent or guardian and you believe we have collected information from your child in a manner not permitted by law, contact us using the contact details provided below under the “Contact Us” section. Acumatica will delete any personal information which it becomes aware it has received from a minor in accordance with applicable laws.
Changes to this Privacy Statement
Acumatica will occasionally update this Privacy Statement to reflect changes in services, laws and regulations, or privacy practices, as well as customer feedback. When Acumatica posts changes to this Privacy Statement, the “last updated” date at the top of this Privacy Statement will be revised. If there are material changes to this Privacy Statement or in how Acumatica will use your personal information, Acumatica will notify you by prominently posting a notice of such changes prior to implementing the change. Acumatica encourages you to periodically review this Privacy Statement to be informed of how Acumatica is protecting your personal information.
Acumatica welcomes your comments regarding this Privacy Statement. If you have questions about this Privacy Statement, please contact Acumatica at:
- Acumatica, Inc.
- Attn: Acumatica Privacy
- 3933 Lake Washington Blvd NE #350,
- Kirkland, WA 98033
Supplemental region-specific privacy requirements
EEA and UK
If you are located in the European Union, the EEA or UK, the following will be incorporated into the Privacy Statement:
Legal basis for processing
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “Contacting us” heading above.
International Data Transfers
Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country and in some cases, may not be as protective.
Specifically, Acumatica is headquartered in the United States and the Services are mainly run from here. This means that when we collect your personal information we will process it in the US. Our service providers, who process personal information to help us provide the Services, may be located around the world. We have implemented appropriate safeguards, including entering Standard Contractual Clauses approved by European Union and UK authorities where necessary, to require that your personal information will remain protected in accordance with this Privacy Statement and applicable data protection laws. If you have any questions about our use of Standard Contractual Clauses, please contact us using the details set out in this Privacy Statement.
Specific rights for UK and EEA based visitors
You may have the following data protection rights:
- to access, correct, update or request deletion of your personal information;
- to object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under
- to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you.
- to opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us using the contact details provided under the “Contacting us” heading above.
- similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- to complain to a data protection authority about our collection and use of your personal information. For EEA residents please use the following website: https://edpb.europa.eu/about-edpb/board/members_en. UK residents should contact the ICO whose contact details can be found at ico.org.uk.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. If you request to exercise your rights above, we may require verification of your identity before we respond to any such request. Any requests to exercise the above-listed rights may be made to firstname.lastname@example.org.
The data controller of your personal information is Acumatica, Inc. who can be contacted using the contact details set out in this Privacy Statement.
If you are using the Services as a Californian resident, the following will be incorporated into the Privacy Statement:
Categories of personal information we collected about California residents
In the preceding twelve (12) months, we have collected the following categories of personal information:
|Category of personal information||Do we collect?||Do we disclose for Business Purposes?|
|A.||Name, contact information, and other identifiers such as a real name, alias, address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.||Yes||Yes|
|B.||Customer records such as other paper and electronic customer records containing Personal Information, such as name, signature, physical characteristics or description, address, telephone number.||Yes||Yes|
|C.||Characteristics of protected classifications under California or federal law such as characteristics of protected classifications under California or federal law such as race, color, sex, age, religion, national origin, and disability.||Yes||Yes|
|D.||Commercial information such as records of products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies.||Yes||Yes|
|E.||Biometric Information such as physiological or behavioral characteristics that can be used alone or in combination with each other to establish individual identity, including facial recognition (subject to applicable laws and where relevant to the Services we provide to you).||Yes||Yes|
|F.||Usage data such as internet or other electronic network activity information, including, but not limited to, browsing history, clickstream data, search history, and information regarding a resident’s interaction with an internet website, application, or advertisement.||Yes||Yes|
|G.||Geolocation data such as precise geographic location information about a particular individual or device.||Yes||Yes|
|H.||Audio, video, sensory and other electronic data: audio, electronic, visual, or similar information such as, video footage, photographs, and call recordings.||Yes||Yes|
|I.||Professional or employment-related information, such as current or past job history or performance evaluations.||Yes||Yes|
|J.||Non-public education information, such as education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||Yes||Yes|
|K.||Profiles and Inferences such as inferences drawn from Personal Information to create a profile reflecting a resident’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.||Yes||Yes|
Sales of personal information
When we disclose personal information for a Business Purpose, we enter into a contract that describes the purpose and requires the recipient to keep that personal information confidential and use only for performance of the contract, and not for any other purpose. We share or make your information available, including any personal information, in the circumstances described below.
In the preceding twelve (12) months, we have made available the following categories of personal information:
- Category A: Identifiers
- Category B: California Customer Records personal information categories
- Category C: Protected classification characteristics under California or federal law
- Category D: Commercial information
- Category I: Professional or employment-related data
We also make personal information available to the following categories of third parties:
- Analytics providers
- Payment processors
- Other third party marketing service providers
- Affiliated persons or third-party service providers assisting us in the operation, management, improvement, research and analysis of the Site. Affiliated persons or our third party service providers may augment, extend, and combine non-personally identifiable information with data from additional third party sources in order to assist us with the above. Use of information by affiliated persons and third party service providers will be subject to this Privacy Statement or an agreement that is at least as restrictive as this Privacy Statement.
In the preceding twelve (12) months, we have disclosed the following categories of personal information for the purposes described in this Privacy Statement’s Section titled “How Acumatica uses personal information”:
- Identifiers such as those set forth above;
- Category B: California Customer Records personal information categories
- Internet or other electronic network activity information;
- Demographic information / Classification characteristics;
- Commercial information;
- Geo-location data;
- Audio, video and other electronic data; and
- Profiles and inferences.
By way of reminder, personal information does not include:
- Publicly available information from government records.
- De-identified or aggregated consumer information.
- Information excluded from the CCPA’s scope including, without limitation:
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; and
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
You have the right to opt out of the sale of your personal information to third parties by opting out by sending us an e-mail at email@example.com or through our webform here: https://www.acumatica.com/do-not-sell-my-information-request/. If you decide to opt-out, we will stop sharing your information with third parties. However, your use of our website may still be tracked by us and our service providers to perform functions that are necessary for our business such as hosting our website, ensuring there is no fraud, etc. These entities are contractually obligated to keep this information confidential and will not use it for any purpose other than for the services they provide to our business.
Data protection rights for Californian residents
Right to Access Information and Data Portability Right
You may have the right under the CCPA to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information that we have collected about you.
- The categories of sources for the personal information that we have collected about you.
- Our business or commercial purpose for collecting or making available that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information that we have collected about you (also called a data portability request).
- If we disclosed your personal information for a Business Purpose, the Business Purpose for which such personal information was disclosed, and the personal information categories that each category of recipient obtained.
- If applicable, (1) the categories of your personal information that we have made available for valuable consideration; (2) the categories of third parties to whom such personal information was made available; and (3) the category or categories of personal information that we have made available to each category of third parties.
Right to Delete
You may have the right under the CCPA to request that we delete any of your personal information that we have collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) or vendor(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation or legal order.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Right to Opt-Out
To exercise the right to opt-out or right to opt-in, you (or your authorized representative) may submit a request to us by sending us an e-mail at firstname.lastname@example.org.
Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize certain information sharing practices. However, you may change your mind and opt back in at any time by sending us an e-mail at email@example.com. We will only use personal information provided in an opt-out request to review and comply with the request.
Please note that your use of our website may still be tracked by us and our service providers to perform functions that are necessary for our business such as hosting our website, ensuring there is no fraud, etc. These entities are contractually obligated to keep this information confidential and will not use it for any purpose other than for the services they provide to our business.
Exercising Your Rights
To exercise the access, correction, data portability, and deletion rights described above, or to access this policy in an alternative format, please submit a verifiable consumer request to us by:
- Sending us an e-mail at firstname.lastname@example.org; or
- Completing and submitting a web form located here: https://www.acumatica.com/access-correct-delete-my-information-request/
Only you, or an authorized agent that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent’s identity to protect your personal information.
You may only make such a request for access or data portability twice within a twelve (12) month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
We will respond to verifiable requests received from California residents as required by law. Any disclosures we provide will only cover the twelve (12) month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
California Shine the Light Law
California Civil Code § 1798.83 permits users who are California residents to obtain from us once a year, free of charge, a list of third parties to whom we have disclosed personal information (if any) for direct marketing purposes in the preceding calendar year. If you are a California resident and you wish to make such a request, please send an e-mail with “California Privacy Rights” in the subject line to email@example.com. In your request, please attest to the fact that you are a California resident and provide a current California address. We will reply to valid requests by sending a response to the email address or physical address from which you submitted your request. Please note that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing and the relevant details required by the Shine the Light law will be included in our response.
If you are a California resident who is under age 18 and you are unable to remove publicly-available content that you have submitted to us, you may request removal by contacting us at: firstname.lastname@example.org. When requesting removal, you must specify the information you want removed and provide us with specific information, such as the URL for each page where the information was entered, so that we can find it. We are not required to remove any content or information that: (1) federal or state law requires us or a third party to maintain; (2) was not posted by you; (3) is anonymized so that you cannot be identified; (4) you do not follow our instructions for removing or requesting removal; or (5) you received compensation or other consideration for providing the content or information. Removal of your information from the Services does not ensure complete or comprehensive removal of that information from our systems or the systems of our service providers. We are not required to delete information posted by you; our obligations under California law are satisfied so long as we anonymize the information or render it invisible to other users and the public.
If you are using the Services as a Canadian resident, the following will be incorporated into the Privacy Statement:
The Services and our privacy practices are compliant with The Personal Information Protection and Electronic Documents Act (“PIPEDA”) fair information principles. In addition to the disclosures made above, we:
- Have appointed a privacy officer to monitor our compliance with PIPEDA.
- Only collect personal information for the uses described herein.
- Only use and disclose personal information as described herein.
- Take reasonable steps to verify the accuracy of the personal information that we collect.
- Take appropriate safeguards to protect the personal information, as further described herein.
Data protection rights for Canadian residents
You have the right to request access to the existence, use and disclosure of your personal information. Additionally, you have the right to challenge the accuracy and completeness of the information and request to have it amended as appropriate. Finally, you have the right to challenge Acumatica’s compliance with the PIPEDA fair information principles by contacting our privacy officer. To exercise your rights under this Section, please send an e-mail to email@example.com or write us at the address listed in above.