ARIBA DATA POLICY AND PRIVACY STATEMENT
(Referred to as the "Ariba Data Policy")
ARIBA DATA POLICY
This document describes Ariba's policy for handling, processing, storing, and otherwise treating transactional and other data of Ariba Customers (which may be referred to as "you" or "Buyer" or "Supplier"), and data associated with individual users and employees of the Buyer and Supplier organizations, when sent to Ariba as part of your use of the Solution.
CONTENTS
Definitions
Transaction Data Handling
- Data Use By Ariba
- Business Contact Information
- Promoting Your Organization
- Transaction Data and Third Parties
- Ariba's Commitment to Data Security
Personal Information Data Handling and Privacy
"Solution" means the following services (if actually transacted for and paid for by the Ariba Customer):- the Ariba Network ("AN") (including the "Supplier Connectivity" offering) (https://service.ariba.com),
- the Ariba hosted On-Demand Basic and On-Demand Professional offerings (also called, "Ariba Technology Features", "Ariba OnDemand Solutions", or "Ariba Application Services" ) (https://s1.ariba.com/[company-specific]),
- project management, market execution, and strategic procurement services provided by Ariba's global sourcing team ("Ariba Sourcing Services"), and
- Ariba Hosting Service(s) (accessible via customer-specific URLs).
"TRADING PARTNER" means an entity with which you or your company transacts using the Solution.
When using the Solution, Ariba collects information that you, or a Trading Partner, or other data sources send to the Solution (such as internet-protocol addresses, transaction-related data, and user account information). This data is addressed below in two categories, Transaction Data (as defined below) and Personal Information (data that can identify an individual or that is associated with the identity of an individual).
Transaction Data Handling
Ariba understands the sensitive nature of the transaction data you or your organization may provide while using the Solution. Transaction Data may include information you provide to Ariba or your Trading Partners during the registration, cataloging, displaying, sourcing/negotiating, ordering process, or through any e-mail or other communication sent by you to the Solution as well as other information that you store within the Solution. It may also include data of transactions sent by your Trading Partners to you via the Solution or by you to your Trading Partners via the Solution. Transaction data may include Personal Information addressed more specifically below. You agree that your Transaction Data will not include information regulated under the International Traffic in Arms Regulations (U.S. government regulations addressing defense-related articles and services).
Data Use by Ariba
Ariba will treat your Transaction Data as confidential information and will use it only to: facilitate operation of the Solution and its related services; enhance your use of the Solution and its related web pages; perform internal tracking and Solution improvement; analyze the extent to which you use the Solution (e.g., the volume and history); enable us to contact you; and process your transactions through the Solution.
Ariba may use the bidding information submitted by Suppliers in the course of Ariba Sourcing Services projects to determine general price trends in various supply industries, to create predictive analyses useful for estimating likely market prices, and to evaluate suppliers appropriate for inclusion in future spend management projects in similar markets. Ariba may also use such bidding information in the publication of "high level" sourcing project results, provided that such publication (i) does not directly or indirectly identify Supplier or Buyer by name or provide a third party with sufficient information to allow a third party to identify Supplier or Buyer, (ii) is aggregated with data from at least four (4) comparable suppliers from a single project, (iii) does not specifically identify Supplier's products or services, or the prices of those products or services, and (iv) does not identify Supplier as a participant of any specific project.
If you are a Supplier that objects to submitting transaction data to your Trading Partner via the Solution, please contact the Trading Partner directly to investigate options (e.g. submitting information outside of the Ariba Solution, using anonymous contact information, etc).
Business Contact Information
When a representative of a Buyer or a Supplier organization creates a business account on the Solution, Ariba asks for the name and contact information for an Account Administrator. The Account Administrator's information will be used by Ariba to contact the company with notices, service offerings and Solution administration purposes. If you so choose, your organization may provide additional contacts. Depending on the Solution and the visibility choices selected by you or your company, your user names, phone numbers, and email addresses and other profile information may be visible to other Buyers and Suppliers using the Solution. For example, Suppliers using the Ariba Network may choose to have their contact information visible only to certain Buyer organizations or to all Buyer organizations.
You should submit only publicly available, business contact information. Individual contact information submitted to the Solution should not include private home contact information. You agree not to enter sensitive government id numbers associated with individual persons (e.g. U.S. Social Security numbers) into the Solution or to send documents over the Solution containing such identifiers. Individual names and personal information associated with an individual is addressed below as "Personal Information.
Promoting Your Organization
You may be given the opportunity to advertise your organization to other users. In addition, other users of the Solution may conduct a search on the Solution by using various criteria (e.g., information in your organization profile or other information you select to be made visible to or searchable by other users) and find your organization. In the interest of promoting suppliers to buyers, Ariba may supplement Supplier profiles with data from Ariba systems or by allowing others to provide feedback on your organization (similar to eBay'sâ„¢ buyer/seller feedback system). If you so choose, you will be able to opt out of disclosing certain types of this organizational information.
Transaction Data and Third Parties
In using the Solution, you understand that Ariba will send your Transaction Data to your Trading Partners (or others that you or your Trading Partners authorize) and Ariba service providers in order to facilitate your transactions. Your Trading Partner may access statistical reports on your trading history with that Trading Partner, and determine whether you are enabled with other trading organizations. In addition, high level statistical reports relating to the Solution may utilize Transaction Data, so long as such reports contain only anonymous, aggregated data form so as not to identify your company or any specific Transaction Data, and such reports may be reported publicly.
Ariba's Commitment to Data Security
The Ariba Network (AN) application; the shared service offerings of Ariba Category Management (ACM), Ariba Enterprise Sourcing (AES), Ariba Analysis, Ariba Spend Visibility, Ariba Procure to Pay (P2P), Ariba Travel and Expense, and Electronic Invoice Presentation and Payment (EIPP) applications have been audited for compliance against the WebTrust Standards for Availability, Confidentiality, Processing Integrity, and Security. Information about Ariba's participation in the WebTrust Program can be found at http://www.ariba.com/legal/ariba_webtrust.cfm. General information on the WebTrust Program can be found at http://www.webtrust.org.
Ariba takes steps to appropriately safeguard credit card and remittance information using recommended industry encryption methods. We've designed our services so that these categories of information can only be viewed from within the Solution. We offer you the use of roles to limit access to the users with a need to see such information. Please see our Security Disclosures (located in the footer from each Solution) for additional information about the measures Ariba takes to address the security of the Solution.
Personal Information Handling and Privacy
Personal Information Handling and Privacy (the "Ariba Privacy Statement")
The current Ariba Privacy Statement available at http://www.ariba.com/legal/ariba_privacy_statement.cfm is incorporated into this document and includes important terms regarding Ariba’s handling of Personal Information in the Solutions and your obligations related to such processing by Ariba.
Miscellaneous
The English version of this Data Policy shall govern in the event of any conflict or substantive translation changes into a non-English language.
******
Data Policy v16.1 April 15, 2011 (created separate link for Privacy Statement April 15, 2011)
