Dates That Matter
This policy is effective from 1/1/2020. The policy was last updated on 1/1/2021.
Information We Collect
We may collect personal data from or on behalf of Merchants. Merchants determine the scope of the personal data transferred to us or that we collect, and the information we receive may vary by Merchant. Typically, the information we collect on behalf of Merchants includes:
Information that we collect when a Merchant’s customers make a payment
When a customer makes a payment via payment providers, we collect information about the transaction, which may include personal data. Information about transactions includes the payment card used, name associated with the payment card, the location of the merchant’s store, date and time of the transaction, transaction amount, and information about the goods or services purchased in the transaction.
Additional information Merchants’ customers provide through the POS ancillary to a payment
We may collect additional information ancillary to the payment. This information may include:
- Customers’ email address or phone number, such as when the customer chooses to receive an electronic receipt
- Customers’ marketing preferences, such as whether the customer wishes to receive marketing communications or newsletters
- Information about participating customers’ activity in a merchant loyalty program
- Customers’ physical address, where needed for delivery of goods or services
- Other information the customer provides, such as birthdate, interests or preferences, reviews, and feedback
Additional information that Merchants provide to us about their customers or personnel
Merchants may provide us with additional information directly, via access they grant to us, or otherwise. The types of information that merchants may provide to us about their customers include email addresses, phone numbers, and purchase history.
How We Use the Information We Collect
We use the personal data we collect for or on behalf of Merchants, to provide our services and the functionality of our application such as alerts (for example order status) and marketing campaigns.
We may also use personal data for related internal purposes, including:
- To provide information about the application, such as important updates or changes to the application and security alerts
- To measure performance of and improve the application
- To respond to inquiries, complaints, and requests for customer support
In addition, Company may use personal data as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests and legal processes, such as to respond to subpoenas or requests from government authorities; (b) enforce the terms and conditions that govern our application; (d) protect our rights, privacy, safety or property, and/or that of you or others; and (e) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
How We Share Information
We may share personal data that we collect with:
- The Merchant from whom or on whose behalf we collected the personal data
- With third parties as a Merchant may direct
- With third party service providers that help us manage and improve the application
Company may disclose personal data to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests and legal processes, such as to respond to subpoenas or requests from government authorities; (b) enforce the terms and conditions that govern our application; (d) protect our rights, privacy, safety or property, and/or that of you or others; and (e) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
Your Rights and Choices
Data Subject Rights
To the extent that applicable law provides individuals with rights pertaining to their personal information, such as to review and request changes to their personal information, individuals should contact the Merchant with any requests pertaining to the Merchant’s use of our application. To the extent that POS is responsible for responding to data subject rights requests under applicable law, individuals may contact the POS provider with applicable requests as explained in its applicable privacy documentation. . Company will assist a Merchant, or POS, as applicable, in responding to such requests subject to our agreement with a Merchant or POS.
If you have a complaint about our handling of personal data, you may contact us via the contact information provided below.
Additional Information for Merchants Located in Europe
Company is a data processor acting for and on behalf of the Merchant that has installed our application on their POS. That Merchant is the controller of personal data that we process on its behalf. POS is also a controller of personal data in some circumstances.
Legal Bases for Processing
Company processes personal data as directed or permitted by the Merchant that uses our application. The Merchant is responsible for establishing a legal basis for our processing of personal data for or on behalf of the Merchant.
Subject to our agreement with a Merchant, Company retains personal data for as long as necessary to (a) provide our products and services; (b) comply with legal obligations; (c) resolve disputes; and (d) enforce the terms of any agreement we may have with a Merchant. You may contact us for additional information about our data retention practices in connection with the application.
Data Subject Rights
All individuals who are the subject of personal data held by Company are entitled to:
- Ask what information the Company holds about them and why.
- Ask how to gain access to it.
- Be informed how to keep it up to date.
- Be informed how the company is meeting its data protection obligations.
These are Subject access requests.
Subject access requests from individuals should be made to the POS provider or Merchant (the “data controller”), depending on whom the individual provided their personal data to. The Merchant or POS provider will then notify Customer Connect and we will provide notice of any such data and delete if requested.
The data controller will always verify the identity of anyone making a subject access request before handing over any information.