Effective Date: August 1st, 2020
Last Updated: June 3rd, 2021
We collect anonymous data from every visitor of the Website to monitor traffic and fix bugs. For example, we collect information like web requests, the data sent in response to such requests, the Internet Protocol address, the browser type, the browser language, and a timestamp for the request.
You are able to view, change and remove your data associated with your profile. Should you choose to delete your account, please contact us at firstname.lastname@example.org, and we will follow up with such request as soon as possible.
Minors and children should not use Online Restaurant. By using the Website, you represent that you have the legal capacity to enter into a binding agreement.
We may collect personal data from or on behalf of Merchants. Merchants determine the scope of the personal data transferred to us or that we collect, and the information we receive may vary by Merchant. Typically, the information we collect on behalf of Merchants includes:
Information that we collect when a Merchant’s customers place an order
When a customer places an order via a Clover POS, we collect information about the order, which may include personal data. Information about transactions includes the customer’s name, payment status, the location of the merchant’s store, date and time of the transaction, transaction amount, customer phone number, and information about the goods or services noted in the order.
In addition, we collect:
We may collect additional information ancillary to the payment. This information may include:
We may collect information about Merchants’ personnel and interactions with the Clover POS, including identification of employees responsible for placing the order.
Merchants may provide us with additional information directly, via access they grant to us, or otherwise. The types of information that merchants may provide to us about their customers include email addresses, phone numbers, and purchase history [describe any other applicable information]. The types of information that merchants may provide to us about their personnel include sales history.
We only use your personal information to provide you the Online Restaurant services or to communicate with you about the services or the Website.
With respect to any documents you may choose to upload to Online Restaurant, we take the privacy and confidentiality of such documents seriously. We encrypt all documents, and permanently delete any redacted edits you make to documents. If you choose to make a document public, we recommend you redact any and all references to people and addresses, as we can’t protect public data and we are not responsible for any violation of privacy law you may be liable for.
We employ industry standard techniques to protect against unauthorized access of data about you that we store, including personal information.
We do not share personal information you have provided to us without your consent, unless:
Online Restaurant is operated from the United States. If you are visiting the Website from outside the U.S., you agree to any processing of any personal information you provide us according to this policy.
Online Restaurant may contact you, by email or other means. For example, Online Restaurant may send you promotional emails relating to Online Restaurant or other third parties Online Restaurant feels you would be interested in, or communicate with you about your use of the Online Restaurant website. Online Restaurant may also use technology to alert us via a confirmation email when you open an email from us. You can modify your email notification preferences by clicking the appropriate link included in the footer of email notifications. If you do not want to receive email from Online Restaurant, please opt out of receiving emails at the bottom of any Online Restaurant emails.
We use the personal data we collect for or on behalf of Merchants, to provide our services and the functionality of our application:
Customer Data: Display Names and order numbers, provide easily identifiable reference to orders, and provide ability to contact customer via text, only when facilitated by app’s user.
Order Data: Provide ability to update order status, provide ability to view order receipts, and provide dynamically updated wait times
We may also use personal data for related internal purposes, including:
We collect and process these categories of Personal Data as a matter of contractual necessity so that we can provide the Services to you in accordance with our Terms of Service. For example, we cannot open an account for you if you do not provide us with your first and last name. When we process Personal Data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of the Services that require such Personal Data.
We also use the Personal Data we collect directly from you to operate, improve, understand and personalize our Services based on our legitimate business interest in operating our Services in a way that benefits us and our users. For example, we use the Personal Data to:
Information we receive from third party sources: Some third parties provide us with Personal Data about you, such as the following:
Account information for third party services: If you interact with a third party service when using our Services, such as if you use a third party service to log-in to our Services (e.g., Facebook Connect), or if you share content from our Services through such third party service, the applicable third party service will send us certain Personal Data (specifically your first name, ID, token and profile picture URL) if the third party service and your account settings allow such sharing. Specifically, this Personal Data permits us to create and manage user profiles and sync your progress when you connect to Facebook through the Services. The Personal Data we receive will depend on the policies and your account settings with the applicable third party service. We process this Personal Data based on our legitimate business interest of personalizing and optimizing the Services to improve user experience.
Information from our advertising partners: We receive information about you from some of our service providers (e.g., LinkedIn) who assist us with marketing or promotional services related to how you interact with our websites, applications, products, services, advertisements or communications. We process this Personal Data based on our legitimate business interest in providing direct marketing about our products and services.
Information we automatically collect when you use our Services: Some Personal Data is automatically collected when you use our Services, such as the following:
We process this Personal Data based on the following legitimate business interests:
In collecting the Personal Data, we sometimes use “cookies” and other tracking technologies (e.g., web beacons and pixel tags). Cookies allow us to recognize your browser or device and “remember” your browser during subsequent visits for purposes of functionality, preferences, and website performance, and they also tell us how and when pages and features in our Services are visited and by how many people. The Services use the following cookies:
Essential Cookies. Essential cookies are required for providing you features or services that you have requested. For example, certain cookies enable you to log into secure areas of our Site. Disabling these cookies may make certain features and services unavailable.
Functionality Cookies. Functional cookies are used to record your choices and settings regarding our Services, maintain your preferences over time, and recognize you when you return to our Services. These cookies help us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Performance/Analytical Cookies. Performance/analytical cookies allow us to understand how visitors use our Site and Services such as by collecting information about the number of visitors to the Site, what pages visitors view on our Site, and how long visitors are viewing pages on the Site. Performance/analytical cookies also help us measure the performance of our advertising campaigns in order to help us improve our campaigns and the Services’ content for those who engage with our advertising.
Retargeting/Advertising Cookies. Retargeting/advertising cookies collect data about your online activity and identify your interests so that we can provide advertising that we believe is relevant to you.
Most browsers automatically accept cookies but have an option for blocking or deleting cookies, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new cookie in a variety of ways. You can usually access these options through the “Settings” or similar menu in your browser. For more information about cookies, including how to see what cookies have been set and how to manage and delete cookies, visit www.aboutcookies.org or www.allaboutcookies.org. Please note that if you block or delete cookies, some portions of the Services may not work properly. In some cases, cookies may enable us to aggregate certain information with other Personal Data we collect and hold about you.
We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others, as further described below. In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such Personal Data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection. From time to time, we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.
We collect Personal Data about you when you provide such Personal Data directly to us, when third parties such as our business partners or service providers provide us with Personal Data about you, or when Personal Data about you is automatically collected in connection with your use of our Services.
Other uses of Personal Data: In addition to the uses set forth above, we may also process the Personal Data we collect on the basis of the following legitimate business interests.
We retain Personal Data about you for as long as you have an open account with us or as otherwise necessary to provide the Services to you and improve the Services for all users generally. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. Afterwards, we retain some information in a depersonalized or aggregated form but not in a way that would identify you personally.
We seek to protect Personal Data using appropriate technical and organizational measures based on the type of Personal Data and applicable processing activity.
We do not knowingly collect or solicit Personal Data from anyone in the EU, United Kingdom, Lichtenstein, Norway, or Iceland under the age of 16. If you are under 16, please do not attempt to register for the Services or send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a child under age 16, we will delete that information as quickly as possible. If you believe that a child under 16 may have provided us Personal Data, please contact us at email@example.com.
We also share Personal Data when necessary to complete a transaction initiated or authorized by you or provide you with a product or service you have requested. In addition to those set forth above, these parties also include:
We also share Personal Data when we believe it is necessary to:
We also share Personal Data with third parties when you give us consent to do so.
We also use social buttons provided by services like Twitter, Google+, LinkedIn and Facebook. Your use of these third party services is entirely optional. We are not responsible for the privacy policies and/or practices of these third party services, and you are responsible for reading and understanding those third party services’ privacy policies.
We employ and contract with people and other entities that perform certain tasks on our behalf and who are under our control (our “Agents”). We may need to share personal information with our Agents in order to provide products or services to you. Unless we tell you differently, our Agents do not have any right to use Personal Information or other information we share with them beyond what is necessary to assist us. You hereby consent to our sharing of Personal Information with our Agents.
We may choose to buy or sell assets. In these types of transactions, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your personal information as set forth in this policy.
Furthermore, if we choose to buy or sell assets, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party, and we would share Personal Data with the party that is acquiring our assets based on our legitimate business interest of being able to provide you with continued services. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your Personal Information as set forth in this policy.
We may share personal data that we collect with:
You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request, please email firstname.lastname@example.org. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need to you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.
Access: You can request more information about the Personal Data we hold about you and request a copy of such Personal Data. You can also access certain of your Personal Data by emailing us at email@example.com.
Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement Personal Data by emailing us at firstname.lastname@example.org.
Erasure: You can request that we erase some or all of your Personal Data from our systems.
Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
Portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
Objection: You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for direct marketing purposes.
Restriction of Processing: You can ask us to restrict further processing of your Personal Data.
Right to File Complaint: You have the right to lodge a complaint about our practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.
Data Subject Rights
If you have a complaint about our handling of personal data, you may contact us via the contact information provided below.
VM - Office of Tech Operations - 500 Lake Park Avenue Oakland, CA 94610 USS
Company processes personal data as directed or permitted by the Merchant that uses our application. The Merchant is responsible for establishing a legal basis for our processing of personal data for or on behalf of the Merchant.
When we transfer personal data outside of United States to countries not deemed by the Federal Data Protection and Information Commissioner to provide an adequate level of protection for personal data, we make the transfer pursuant to one of the following transfer mechanisms:
A contract approved by the Federal Data Protection and Information Commissioner (sometimes called “Model Clauses” or “Standard Contractual Clauses”);
The EU-US Privacy Shield;
The recipient’s Binding Corporate Rules;
The consent of the individual to whom the personal data relates;
Other mechanisms or legal grounds as may be permitted under applicable United States law.
You may contact us with questions about our transfer mechanism.
Subject to our agreement with a Merchant, Company retains personal data for as long as necessary to (a) provide our products and services; (b) comply with legal obligations; (c) resolve disputes; and (d) enforce the terms of any agreement we may have with a Merchant. You may contact us for additional information about our data retention practices in connection with the application.
Under certain circumstances, data subjects in United States have certain rights relating to their personal data, which include the rights to request from the Controller (a) access to the data subject’s personal data; (b) correction of incomplete or inaccurate personal data; (c) erasure of personal data; (d) restriction of processing concerning the data subject; and (e) that the controller provide a copy of the data subject’s personal data that the data subject provided to the controller in a structured, commonly used and machine-readable format. Data subjects may also object to a controller’s processing of personal data under certain circumstances. Where processing is based on a data subject’s consent, the data subject has the right to withdraw consent at any time; however, the withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. Data subjects may also file a complaint with a supervisory authority. You may view contact information for supervisory authorities at https://www.privacyshield.gov/data-protection-authorities. Data subjects in United States should direct any rights request to the appropriate Controller.
If you are located in the European Union (“EU”), United Kingdom, Lichtenstein, Norway, or Iceland, you may have additional rights under the EU General Data Protection Regulation (the “GDPR”) with respect to your Personal Data, as outlined below.
For this GDPR Privacy Notice, we use the terms “Personal Data” and “processing” as they are defined in the GDPR, but “Personal Data” generally means information that can be used to individually identify a person, and “processing” generally covers actions that can be performed in connection with data, such as collection, use, storage and disclosure. Online Restaurant, Inc. (“Online Restaurant”) will be the controller of your Personal Data processed in connection with the Services, except that we may also process Personal Data of our customers’ end users or employees in connection with our provision of services to such customers, in which case we are the processor of Personal Data and the customer is the controller. For more information about your data rights and processing activities where we are the controller, please contact us at email@example.com. Clover is also a controller of personal data in some circumstances. Clover’s Privacy Notice is available at https://www.clover.com/privacy-policy. For more information about your data rights and processing activities where we are the processor, please contact the controller party in the first instance.
Company is a data processor acting for and on behalf of the Merchant that has installed our application on their Clover POS. That Merchant is the controller of personal data that we process on its behalf.
When we transfer personal data outside of Europe to countries not deemed by the European Commission to provide an adequate level of protection for personal data, we make the transfer pursuant to one of the following transfer mechanisms:
You may contact us with questions about our transfer mechanism.
This PRIVACY NOTICE FOR CALIFORNIA RESIDENTS supplements the information contained in the Privacy Statement of Online Restaurant and its subsidiaries (collectively, “we,” “us,” or “our”) and applies solely to visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this notice.
Effective Date: December 1st, 2020
Last Updated: December 1st, 2020
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver`s license number, passport number, or other similar identifiers. YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver`s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. YES
C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). NO
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. YES
E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. NO
F. Internet or other similar network activity. Browsing history, search history, information on a consumer`s interaction with a website, application, or advertisement. NO
G. Geolocation data. Physical location or movements. YES
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. NO
I. Professional or employment-related information. Current or past job history or performance evaluations. NO
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. NO
K. Inferences drawn from other personal information. Profile reflecting a person`s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. NO
Information excluded from the CCPA`s scope, like:
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
Category A: Identifiers.
Category B: California Customer Records personal information categories.
Category C: Protected classification characteristics under California or federal law.
Category I: Professional or employment-related information.
We disclose your personal information for a business purpose to the following categories of third parties:
In the preceding twelve (12) months, we have not sold any personal information.
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either: Phone number, email, or website (must have at least two ways to contact)
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor`s identity or authority to make the request.
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request`s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will notify you by email or through a notice on our website homepage.
If you have any questions or comments about this notice, our Privacy Statement, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
VM - Office of Tech Operations - 500 Lake Park Avenue Oakland, CA 94610 US