Unless otherwise defined herein, all capitalised terms used in this Privacy Policy are defined in the Terms and Conditions (“Terms”) and will apply to this Privacy Policy unless the context indicates otherwise.

This Privacy Policy explains how We Process Your Personal Data.


Personal Data” shall mean any information relating to an identified or identifiable living individual, whether directly or indirectly.

Processing” or “Process” shall mean, in relation to information, an operation and/or set of operations performed on information and/or sets of information, such as: collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, otherwise making available, alignment, combination, restriction, erasure and/or destruction.


By using the Website, You consent to Our Processing and disclosure of Your Personal Information on the basis set out in this Privacy Policy.


In Your use of the Website, You may provide Us with the following information and/or Personal Data, in the following ways:

  • Personal Data when You correspond with Us through the Website, either on Your own behalf and/or on behalf of an organisation. 
  • Personal Data when You subscribe to receive marketing material from Us. 
  • Support data, such as feedback and/or information about a technical issue(s) that has been reported.
  • Information in respect of invoices, which may include but is not necessarily limited to: the country of expense; the date of the expense; the value; the expense type; the currency; the billing address; the supplier information (if available); scan or image of the invoice; and/or the details of a traveller, which may include a traveller’s name and/or allocated reference number.
  • Any information You choose to provide to Us when completing any ‘free text’ boxes in Our forms or blogs, or by sending Us any data as outlined above that contains other information as well.


In Your Use of the Website or as provided by Your employer, We may collect and/or store internationally the following information and/or Personal Data: 

  • Your name, entity name, and/or email address.
  • Professional or employment related information.
  • Correspondence via the Website and/or information relating to transactional activity via the Website.
  • Browsing activity, Website connection information, statistics on page views, traffic to and from the Website, IP address and/or standard web log information.
  • Log-in credentials such as Your User ID and password to access the Website (where applicable).
  • Sign-in information: If You log in to the Website using a third-party sign-in service (such as LinkedIn or Facebook), We may collect information from that sign-in service that You give Us permission to receive. This may include information such as Your name, social media profile and/or location. 
  • We may derive Your general (not specific) location based on Your IP address.
  • We may also receive information about You from other sources, including publicly available databases or third parties such as lead generation providers and/or business intelligence platforms.


The Website uses cookies to distinguish You from other users of the Website. This helps Us to provide You with a positive experience when You browse the Website and also allows Us to improve the Website. By continuing to browse the Website, You agree to Our use of cookies.

A cookie is a small file of letters and numbers that We store on Your browser or the hard drive of Your computer if You agree. Cookies contain information that may be required for the Website to work or to work more efficiently and assist in providing personalised content.

Cookies set by Us as the Website owner are called “First Party Cookies.” We are the only ones that can access the First Party Cookies. Cookies set by other parties are called “Third Party Cookies.” Third Party Cookies are cookies placed by third parties, are not managed by Us and enable third party features or functionality to be provided on or through the Website. The third parties that set these cookies can recognise Your device when it visits the Website and also when it visits other websites that have partnered with such third parties. When accepting Our cookies, You only accept First Party Cookies.

Types of Cookies used on the Website:

We use the following cookies:

  • Strictly necessary cookies which are required for the basic operation of the Website.
  • Statistics/analytical/performance cookies which allow Us to recognise and/or count the number of visitors and/or to see how visitors move around the Website when they are using it. This helps Us to understand how users interact with the Website and/or helps Us improve the way in which the Website works, for example, by ensuring that users can easily locate what they’re looking for.
  • Preference or Functionality cookies which are used to recognise You when You return to the Website and/or allows Us to remember the choices that You have made in the past. This enables Us to personalise Our Content for You, welcome You by name and/or remember Your preferences (for example, Your choice of language and/or region). These cookies allow You to interact with the Website and access features thereof.  Furthermore, these cookies are used when a chat is started on the Website and allows Us to provide chat history. 
  • Targeting cookies which record Your visit to the Website, the pages You have visited and/or the links You have followed. We will use this information to make the Website more relevant to Your interests. We may also share this information with third parties for this purpose.


If You visit the login page of the Website, We will set a temporary cookie to determine if Your browser accepts cookies. This cookie contains no Personal Data and is discarded when You close Your browser.

When You login to the Website, We will set up several cookies to save Your login information and Your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If You select “Remember Me,” Your login will persist for two weeks. If You logout of Your account, the login cookies will be removed.

If You edit or publish an article, an additional cookie will be saved in Your browser. This cookie includes no Personal Data and simply indicates the post ID of the article You just edited. It expires after 1 day.


At the outset, please note that You will always remain the owner of Your Personal Data. We do not sell Your Personal Data to anyone, for any reason, at any time.

In general, We will use the Personal Data We collect only for the purposes described in this Privacy Policy or for purposes that We explain to You at the time We collect Your Personal Data. However, We may also use Your Personal Data for other purposes that are compatible with the purposes We have disclosed to You if and where this is permitted by applicable data protection laws.

We may use, disclose and share Your Personal Data only as follows:

  • To verify Your identity (for example, when You return to the Website and have already logged in) and/or to authenticate You when You contact Us.
  • Respond to any queries and/or requests as received from You.
  • For marketing purposes and/or to communicate any benefit, feature and/or other information about the Website to You.
  • To analyse Website usage and/or to improve the Website.
  • To deliver any administrative notices, alerts and/or communications relevant to Your use of the Website.
  • For market research, project planning, troubleshooting, and/or detecting and/or protecting against error, fraud and/or other criminal activity.
  • In order to detect, prevent and/or respond to potential fraud and/or violations of the Terms , We Process Personal Data in order to track use of the Website for the purpose of maintaining security, including verifying accounts and/or activity, investigating suspicious activities and/or enforcing the Terms and/or Our policies, in reliance on Our legitimate interest in promoting the safety and security of the Website, systems and applications and in protecting Our rights and the rights of others.
  • As otherwise set out in the Terms.


We may disclose Your Personal Data to the following recipients:

  • Suppliers, services providers (sub-processors), agents and/or partners – We may use certain trusted third parties/sub-processors who provide data Processing services to Us (including but not limited to data storage, maintenance services, database management, and/or web analytics ) and/or enable Us to provide the Website to You.  
  • In addition, We may disclose Your Personal Data (i) to law enforcement officials, government officials and/or other third parties as We, in Our sole discretion, believe necessary or appropriate in order to establish and/or defend any of Our rights; (ii) in connection with a legal obligation in law for Us to disclose the Personal Data; and/or (iii) in relation to an investigation of fraud, intellectual property infringements, assisting investigations of unauthorised attempts to modify the Website, install harmful files,  cause damage to the Website and/or other activities that are illegal or may expose Us to legal liability.
  • With and to Our other business divisions and/or other companies within Our group of companies for the purposes of supporting and/or improving the Website, and/or determining any illegal and/or fraudulent conduct and/or violations of any group company polices.
  • Third party applications – the Website includes links to other websites whose privacy practices may differ from Ours. For example, the Website includes social media features such as Facebook and LinkedIn. These features allow You to share information about Your activities on the Website through social media networks. This Privacy Policy does not apply to Your use of any such third party plug-ins and/or applications and We are not responsible for how those third parties use and/or disclose Your information. Your interactions with these features are governed by the privacy policy of the company providing it. 
  • Business transfers – Your Personal Data and/or information may be transferred to potential or actual buyers (and their agents and advisors) in connection with a merger, acquisition, due diligence process and/or the sale of all or a portion of Our assets, provided that We inform the buyer or potential buyer that it must use Your Personal Data only for the purposes disclosed in this Privacy Policy. 


In the event that You would like to receive further information on how Your Personal Data is transferred/disclosed, and to whom, kindly contact Us at or


For all Australian users of the Website, if We receive Personal Data about You that We did not ask for either directly from You, from someone on Your behalf and/or through someone on Our behalf, We will determine whether this could have been collected from You. If so, We will take reasonable steps to notify You, as soon as is practicable, that We have collected Your Personal Data. If We could not have reasonably collected this Personal Data from You (or if You do not agree to Us collecting this Personal Data in this way), We will anonymise/ de-identify or destroy that Personal Data.


You are entitled to opt out of any disclosure of Your Personal Data to a third party and/or use of Your Personal Data for a purpose incompatible with the purpose for which it was originally collected or subsequently authorised, by emailing Us at or

You can also use Google’s opt-out browser add-on, which will assist Website users to prevent their data from being used by Google Analytics here:

You can follow the Google Chrome  or Microsoft Edge help guides to automatically block third-party cookies.

In the event that You wish to update Your Personal Data, please e-mail Us at one of the aforementioned email addresses.


We may transfer Your Personal Information to, and/or store the data We collect about You in countries other than the country in which such Personal Data and/or data was originally collected, including destinations outside of the European Economic Area (“EEA”). Those countries may not have the same data protection laws as the country in which You reside and/or from which You provide the Personal Information and/or data. When We transfer Your Personal Information and/or data to other countries, We will protect same as described in this Privacy Policy, and comply with all applicable legal requirements. 

If You are located in the EEA, Switzerland or the United Kingdom (“UK”), We will only transfer Your Personal Data if: 

  • The country to which the Personal Data will be transferred has been granted an adequacy decision; or
  • We have put in place appropriate safeguards in respect of the transfer, for example We have entered into EU Standard Contractual Clauses, the Swiss addendum and/or the UK addendum and/or required additional safeguards with the recipient, or the recipient is party to binding corporate rules.


If You leave a comment on the Website or on any of Our systems, the comment and its metadata are retained indefinitely. This is so that We can recognise and/or approve any follow-up comments automatically, instead of holding them in a moderation queue.

Cookies will follow the retention periods as set out in this Privacy Policy, and/or cookies stored on a user’s device will be stored until the user deletes the cookies, i.e. until the user clears their cache and deletes the cookies.

For users that register on the Website, We store Personal Data provided in the user profile.


In certain circumstances, You may have certain rights in terms of applicable data protection laws, which may include the following:

  • Right to access Your Personal Data – what Personal Data We hold about You and how We collect and use such Personal Data. 
  • Right to rectify or correct any Personal Data We hold about You.
  • Right to request Us to delete or erase Your Personal Data. 
  • Right to restrict Our Processing of Your Personal Data. 
  • Right to object to Us Processing Your Personal Data.
  • Right to data portability (i.e. to obtain and reuse Your Personal Data for Your own purpose).
  • Right to opt out of receiving marketing communications at any time. 
  • Where You have provided Personal Data voluntarily, or otherwise consented to its use, You have the right to withdraw consent.
  • You have the right to complain to a relevant data protection authority in line with applicable data protection laws.


Please note that in certain circumstances, where You do not provide the Personal Data that We require, You will not be able to access the Website and We may not be able to comply with a legal obligation on Us.


We take reasonable technical, administrative, organisational and physical steps to protect against unauthorised access to and/or disclosure of Personal Data.

We use a combination of firewall barriers, encryption techniques and authentication procedures, among others, to maintain the security of Your online session and to protect Our systems from unauthorised access. Our databases are protected from general personnel access both physically and logically.

Please visit Our Trust Centre for more information on VAT IT’s security posture.


We may make content from third party websites available to You via links located on the Website. Embedded content from other websites behaves in the identical manner as if the visitor has visited said other website.

Such websites may collect data about You, use cookies, embed additional third-party tracking, and monitor Your interaction with that embedded content, including tracking Your interaction with the embedded content if You have an account and are logged in to that website. Such websites are not subject to the Terms, and We therefore recommend that You review the terms of each such website to determine how that website protects Your privacy.


We reserve the right to update this Privacy Policy when necessary and at our sole discretion, for reasons that include but are not limited to: in order to reflect any changes in law, changes to Our business, or as based on feedback We have received. We will inform You of the date that this Privacy Policy has last been reviewed by reflecting the date at the top of this page. We encourage You to periodically review this Privacy Policy to best understand how We Process Your information.


Copyright in the Website Terms and Conditions and Privacy Policy vests in VAT IT.