Company is a controller of the PII it processes in relation to the personnel of its customers, vendors, service providers or partners. When Company processes PII on behalf of its customers, Company is a data processor under the GDPR (or may be deemed as a Service Provider under the CCPA), to the extent applicable. In that case, Company’s customer will be a data controller under the GDPR (or a business under the CCPA), and will be responsible to obtain the data subject’s consent or establish any other applicable lawful basis for processing and to ensure that data subjects can exercise their rights set forth in Rights of Data Subjects Section below.
YOU ARE NOT LEGALLY REQUIRED TO PROVIDE US WITH PII, HOWEVER USE OF THE SERVICES REQUIRES THAT YOU PROVIDE PII. IF YOU CHOOSE TO WITHHOLD ANY PII REQUIRED IN RESPECT THEREOF IT WILL NOT BE POSSIBLE FOR YOU TO USE THE SERVICES. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS SET FORTH HEREIN PLEASE DO NOT USE THE SERVICES.
“PII” means any information relating to an Identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Information We May Collect and How We May Use It
We may collect personal data about our customers and their representatives and visitors of our Services. We also may collect personal data included in publicly available sources. We use PII to provide and improve our Services, and to meet our contractual, ethical and legal obligations.
In order to provide and operate our Services and provide services in connection therewith, we may collect and process PII, including the following types of information:
- Your Contact Information. For activation of the Services we ask you to provide PII, including: name, date of birth, email address, address for delivery, zip code, allergens and phone number.
- Payment method. All payment information is collected and held by credit card gateways and payment companies and in accordance with their own privacy policies
- Third Parties. We sometimes supplement the PII with information that is received from third parties.
- Usage information. When you use the Services, we automatically receive and record information from your device and browser, including without limitation information such as cookie information and statistics about your online/offline status, order history, your IP address, geolocation data (including country and city), device identifiers, internet service provider, connection speed, search history, type of browser, your regional and language settings and software and hardware attributes and if you participated in any campaigns. You are not obligated to allow transmission of location data, however you will not be able to use some features on the Services. Our systems automatically record and store technical information regarding the method and nature of your use of the Services. An IP address is a numeric code that identifies your browser on a network, or in this case, the Internet. Your IP address is also used to gather broad demographic information. The Company uses all of the PII identified in this Section in order to understand the usage trends and preferences of our users, including recent visits to our Services and how you move around different sections of our Services for analytics purposes and in order to make our Services more intuitive.
- User Communications. When you(?) send emails or other communications to the restaurant, we retain those communications in order to process your inquiries, respond to your requests and improve our Services. We send you push notifications, e-mails and text messages to send you news and updates in respect of the Services. We also send you updates and promotional communications regarding sales, products and gifts. You may opt-out of this service within the specific promotional communication.
CCPA Notice regarding collection and sale of information
We may collect the following categories of PII from California consumers within the last twelve (12) months:
||A name, email address, or other similar identifiers (if you are a Clinch Solution User/Corporate Client), Internet Protocol address.
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
||A name, address, telephone number. Some PII included in this category may overlap with other categories.
|C. Internet or other similar network activity
||Online status, your IP address, any type of device advertising ID (like IDFA/ADID), cookie information, browser ID, device ID, your regional and language settings, network status (WiFi/ cellular carrier), and software and hardware attributes .
|D. Geolocation data
||Physical location of your device, your location (country, city, ZIP) (if you have permitted your location-aware device to transmit location data).
|E. Professional or employment-related information
|F. Inferences drawn from other personal information.
||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behaviour, attitudes, intelligence, abilities, and aptitudes.
We transfer PII of customers of merchants that are our customers as follows: (i) to those merchants, (ii) to gateway and payment solution service providers, (iii) to loyalty service providers and gift card providers on behalf of the merchants. Such merchants may be deemed as a ’business’ under the CCPA, in which case we are deemed as a ‘service provider’, in which case such transfers are deemed as sale of information under the CCPA. You can opt-out of the sale of information with the applicable merchant with whom you placed your order.
We transfer PII of customers only for better service and for additional added value both to our merchant and customers.
In order to collect the data described herein we use temporary cookies that remain on your browser for a limited period of time. We also use persistent cookies that remain on your browser until the Company’s Services are removed, in order to manage and maintain the Services and record your use of the Services. Cookies by themselves cannot be used to discover the identity of the user. A cookie is a small piece of information which is sent to and stored on your browser. Cookies do not damage your browser. Most browsers allow you to block cookies but you may not be able to use some features on the Services if you block them. You may set most browsers to notify you if you receive a cookie (this enables you to decide if you want to accept it or not). We also use web beacons via the Services to collect information. Web beacons or “gifs”, are electronic images that are used in our Services or in our emails. We use Web beacons to deliver cookies, count visits and to tell if an email has been opened and acted upon.
If any of your data subjects (e.g. employees or customers) are minors under the age of 16, you must obtain parental consent prior to using our Services. The Company will not knowingly contact or engage with children under the age of 16 without said parental consent. If you have reason to believe that a child has provided us with their PII, please contact us at the address given above and we will endeavor to delete that PII from our databases
Disclosure of your information
In connection with the provisioning of the Services, we disclose your PII to third parties who assist us in providing the Services, such as affiliates, agents, representatives, clients (e.g. merchants working with us, with whom a data subject made a purchase using our online platforms) and service providers will have access to your PII. We have a contract with those third parties to govern their processing on our behalf. We may also transfer PII to comply with any obligations by which we are bound or to an investor or in connection with a merger or acquisition or similar transaction or to credit card companies, if so requested.
We follow generally accepted industry standards to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of PII. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your PII, we cannot guarantee its absolute security. We retain your PII only for as long as reasonably necessary for the purposes for which it was collected or to comply with any applicable legal or ethical reporting or document retention requirements.
Data Retention of your Personal Data
We retain PII only for as long as necessary to meet our legal and ethical obligations, which for different types of PII will be different periods.
- Company will retain PII in accordance with its record retention policy. PII associated with our customers and business partners, will be retained for the duration of our engagement, and a period of seven years thereafter unless earlier requested to be deleted. Company performs periodic reviews of our databases, and have established specific time limits for data retention, based on the criticality of the PII and the purposes of the data processing. We will also retain PII to meet any audit, compliance and business best-practices.
- PII with respect to which Company is the processor will be deleted only on instruction of the controller, except where such data must be retained by us, in our judgment, as above.
You may also send us an email to email@example.com to request access to, correct or delete any personal information that you have provided using our system.
If you would like to know more about how long we will retain your Personal Data, please contact our Data Protection Representative at firstname.lastname@example.org.
Automated Decision-Making and Profiling
In order to offer you exclusive products through the Services, we use automated decision-making and profiling based on your purchase history.
Rights of Data Subjects.
- Accessing and Correcting Your Information. Data subjects have the right to know what PII we may collect about them and to ensure that such data is accurate and relevant for the purposes for which we collected it. We allow data subjects the option to access and obtain a copy of their PII and to rectify such PII if it is not accurate, complete or updated. However we may first ask data subjects to provide us certain credentials to permit us to identify their PII.
- Right to Delete PII or Restrict Processing. Y Data subjects have the right to delete their PII or restrict its processing. We may postpone or deny such requests if the PII is in current use for the purposes for which it was collected or for other legitimate purposes such as compliance with legal obligations.
- Right to Withdraw Consent. Data subjects have the right to withdraw their consent to the processing of their PII. Exercising this right will not affect the lawfulness of processing the PII based on consent obtained before its withdrawal.
- Right of Data Portability. Where technically feasible, data subjects have the right to ask to transfer their PII in accordance with their right to data portability, if required pursuant to applicable law. You may exercise the above rights by sending a request to email@example.com
- Right to Lodge Complaint. Data subjects also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of their PII.
Legal Justification and Consent to Processing.
- When Company processes PII on behalf of its customers, Company is a data processor. In that case, Company’s customer will be a data controller, and will be responsible to obtain the data subject’s consent or establish any other applicable lawful basis for processing and we rely on our contractual relationship with the controller (i.e. our customer).
Your California Privacy Rights.
California Civil Code Section 1798.83 permits customers of Company who are California residents to request certain information regarding its disclosure of PII to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org. Please note that we are only required to respond to one request per customer each year.