Search PAR

Privacy Policy 2023

Latest Version:  February 2023


ParTech, Inc. and its subsidiaries, PAR Payment Services, LLC and AccSys, LLC d\b\a Restaurant Magic and their affiliates, PAR Government Systems Corporation, and Rome Research Corporation (collectively referred to as “PAR”, “us”, “we”, or “our” as the context may require) respect your privacy and are committed to protecting your personal data. The websites,,,  (the “Sites”), are owned by PAR. This Privacy Policy (the “Privacy Policy”) applies only to information collected through the Sites or offline by PAR in our provision of products and services to you and does not cover any information collected at any other website or offline by another company (unless specifically stated). Please note further, as described in this Privacy Policy, that some components of the Sites are operated by third parties and are therefore subject to additional terms found in the policies of those third parties. In such cases, there generally will be a link to the privacy policies of the third party, as described later in this Privacy Policy.  By accessing or using the Sites, you are accepting the terms described in this Privacy Policy.  The Privacy Policy may change from time to time, as set forth below. Your continued use of the Sites after we make changes is deemed to be acceptance of those changes, so please check the Privacy Policy periodically for updates.



This Privacy Policy provides you with information on how PAR collects and processes your personal data through your use of the Sites, including any data you may provide through the Sites when you:

  • contact us for information on our products and services
  • purchase products or services from us
  • join one of our online communities (e.g. PAR Brink POS User Community)
  • connect with us via social media (e.g. Facebook)
  • become a partner of PAR (e.g. integrate to PAR’s products)
  • supply us with goods or services

If you are in the European Union, or if your personal data otherwise may be subject to the requirements of the General Data Protection Regulation, (Regulation (EU) 2016/679, or the “GDPR“) and other applicable regulations, this Privacy Policy provides you with information on how PAR collects and processes your personal data in accordance with these laws.

It is important that you read this Privacy Policy together with any other Privacy Policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements other notices and privacy policies and is not intended to override them.


We keep our Privacy Policy under regular review. We reserve the right to alter, modify, update, add to, subtract from or otherwise change this Privacy Policy at any time. We will use your Personal Information in a manner consistent with the Privacy Policy in effect at the time. You are responsible for periodically visiting the Sites and this Privacy Policy to check for any changes.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by contacting us (contact information provided below).


The Sites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Sites, we encourage you to read the privacy policy of any website you may visit.


Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you in connection with the purposes stated in Section 1 as follows:

  • Identity Data includes first name, last name, username or similar identifier, title, employer identification number.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Financial Data includes account information, income, and payment card details.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us or products and services purchased by us from you.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Sites.
  • Profile Data includes your username and password, purchases or orders made by you, number of locations, feedback and survey responses.
  • Usage Data includes information about how you use our Sites, products and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data under applicable laws as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature of our Sites. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity (except as required for affirmative action compliance), religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.


We use different methods to collect data from and about you including through:

  • Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by mail, phone, email or otherwise. This includes personal data you provide when you:
    • apply for a position with us;
    • inquire about or purchase our products or services;
    • register for one of our communities;
    • request marketing to be sent to you;
    • connect with us via social media;
    • participate in a promotion or survey; or
    • give us feedback or contact us.
  • Automated technologies or interactions. As you interact with our Sites, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We may use third party analytics services like Google Analytics to provide us with a clearer picture of how you use the Sites, including when you view specific pages or take specific actions on the Sites. For more information about Google Analytics or to opt-out of Google Analytics, please go to Google Analytics Opt-Out Settings page here. If you wish to learn more about our data collection process, please contact us (contact information provided below). Additionally, please see our cookie policy for further details.
  • Third parties or publicly available sources. We will receive personal data about you from various third parties as set out below:
    • Technical Data from  analytics providers, such as Google, Hotjar and Moz, based outside the EU.
    • Identity, Contact and Financial Data from search information providers, such as Dun & Bradstreet, based outside the EU.
    • Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as banks and credit bureaus inside and outside the EU.
    • Identity and Contact Data from data brokers or aggregators, such as Techonomic Ignite, based outside the EU.
    • Identity and Contact Data from publicly available sources, such as government and administrative bodies (Companies House (UK), Secretary of State (US)), based inside and outside the EU.


We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to process your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract. For example:
    • establish you as a new customer or supplier;
    • process and deliver your order or invoice, including manage payments, fees and charges;
    • manage our relationship with you, including contacting you about the timing of the performance of certain services; and
    • enable you to participate in surveys.
  • Where it is necessary for our legitimate interests (or those of a third party) of our business in conducting and managing our business to enable us to give you the best products/services and your interests and fundamental rights do not override those interests. For example:
    • collect and recover money owed to us;
    • asking you to participate in or complete a survey;
    • providing ongoing service to you in connection with the products and services purchased by you;
    • to administer and protect our business and the Sites (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data);
    • to deliver relevant content to you on the Sites and advertisements to you and measure or understand the effectiveness of the advertising to you;
    • to use data analytics to improve the Sites, products/services, marketing, customer relationships and experiences; and
    • to make suggestions and recommendations to you about goods or services that may be of interest to you.

You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

  • Where we need to process your personal data where it is necessary for compliance with a legal obligation that we are subject to.
    • Notifying you as required and performing our obligations under any contract that we have with you.

Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.


We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following ways for you to control your personal data that you have shared with us:


We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you. You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and you have not opted out of receiving that marketing.


You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time. Where you opt-out of receiving these marketing messages, this will not apply to personal data collected by us as a result of any of the other methods specified in Section 3.


You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Sites may become inaccessible or not function properly. For more information about the cookies we use, please see the cookie policy.


We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us (contact information provided below). If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.


Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products/services). In this case, we may have to cancel a product/ service you have with us but we will notify you if this is the case at the time.


We may share your personal data with the parties set out below for the purposes set out above.

  • Internal Third Parties such as PAR Technology Corporation, our parent company, acting as a joint controller and processor, which is also based in the United States and provides PAR with IT and system administration services and undertakes leadership reporting.
  • External Third Parties as follows:
    • Service providers acting as processors based in the United States, Canada, or in the EU who provide: (a) IT and system administration services (e.g. hosting); (b) human resource services (e.g. recruiting); (c) financing for the purchase of our products/services; or (d) installation or on-site remedial maintenance in connection with our products/services.
    • Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in the United States, Canada, or in the EU who provide consultancy, banking, legal, insurance and accounting services.
  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.


We share your personal data with our parent company, PAR Technology Corporation. This will involve transferring your data outside the European Economic Area (EEA).

Many of our external third parties are based outside the EEA so their processing of your personal data will involve a transfer of data outside the EEA.

Privacy Shield Policy

PAR complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States and adheres to the Privacy Shield Principles. PAR has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit You can view our certification at

PAR is subject to investigatory and enforcement powers of the U.S. Federal Trade Commission and may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

EU and Swiss Persons may have the option to select binding arbitration under the Privacy Shield Panel for the resolution of your complaint under certain circumstances. For further information, please see the Privacy Shield website. To learn more about the Privacy Shield Framework at

Accountability for Onward Transfer:

Pursuant to the Privacy Shield Principles, PAR remains accountable for personal data that it receives under the Privacy Shield and subsequently transfers to a third-party agent. In particular, PAR remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Privacy Shield Principles, unless PAR proves that it is not responsible for the event giving rise to the damage.

Recourse Mechanism

In compliance with the Privacy Shield Principles, PAR commits to resolve complaints about our collection or use of your personal information.  EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact PAR at

PAR has further committed to refer unresolved Privacy Shield complaints to PAR’s Independent Resource Mechanism, the International Centre for Dispute Resolution/American Arbitration Association (ICDR/AAA) an alternative dispute resolution provider. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit ICDR/AA at. for more information or to file a complaint.  The services of IDCR/AAA are provided at no cost to you.


We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.



We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for seven years after they cease being customers for tax purposes.




PAR processes Personal Data as a “processor,” “joint controller,” and as a “controller” under the European Union’s GDPR. A “controller” is an entity that determines the purposes for which and the manner in which any personal information is processed. Any third parties that act as our service providers are “data processors” that handle your personal information in accordance with our instructions. With respect to your personal data that you enter or that is received through our Sites, PAR is the controller. Please do not hesitate to contact us if you have questions (contact information provided below);

If you are in the EEA, United Kingdom or Switzerland, you have the following rights (where applicable):

  • Access. You have the right to request a copy of the information we are processing about you;
  • Rectification. You have the right to have incomplete or inaccurate information that we process about you rectified;
  • Deletion. You have the right to request that we delete information that we process about you, except we are not obliged to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise, or defend legal claims;
  • Restriction. You have the right to restrict our processing of your information where you believe such data to be inaccurate; our processing is unlawful; or that we no longer need to process such data for a particular purpose unless we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it;
  • Portability. You have the right to obtain information we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) information which you have provided to us, and (b) if we are processing that data on the basis of your consent or to perform a contract with you;
  • Objection. Where the legal basis for processing your information is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests, or if we need to continue to process the data for the establishment, exercise, or defense of a legal claim;
  • Withdrawing Consent. If you have consented to our processing of your information, you have the right to withdraw your consent at any time, free of charge. This includes where you wish to opt out from marketing messages.

You can make a request to exercise any of these rights in relation to your information by contacting us via the methods listed below within the Contact Information section.  For your own privacy and security, at our discretion, we may require you to prove your identity before providing the requested information. Please note that we may take up to 30 days to fulfill such request. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

You also have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws. A list of local data protection authorities in European countries is available here at

Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.


Under California’s “Shine the Light” law, California residents who provide personal information in obtaining products/services for personal, family, or household use are entitled to request and obtain from us once a calendar year information about the customer information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year (e.g., requests made in 2019 will receive information regarding 2018 sharing activities).

To obtain this information please send an email message to with “Request for California Privacy Information” on the subject line and in the body of your message. We will provide the requested applicable information to you at your e-mail address in response subject to any need to verify whether these rights apply to you.

Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing will be included in our response.

California Consumer Privacy Act Rights. Under the California Consumer Privacy Act (“CCPA”) California residents have certain rights regarding their personally identifiable information. If you would like to exercise these rights on or after January 1, 2020, please contact us using the email address, toll free phone number, or physical mailing address listed within the “Contact Information” section below. If sending an email, please send an email message to with “Request for California Privacy Information” on the subject line and in the body of your message. For your own privacy and security, at our discretion, we may require you to prove your identity before providing the requested information. It may take us some time to respond to your request, but we will do so within the requirements of the CCPA.

This Policy discloses to you the personal information we collect from you and the purposes for doing so. Please see “How We Use Your Personal Data” above. The CCPA grants you specific rights, including the following:

  • Right to request disclosure as to personal information PAR has collected about you:
    • Upon a verifiable request, made through one of the methods provided within the “Contact Information” section below, we will disclose to you the items listed below, one or more of which may be provided by reference to this Policy:
    • The categories of personal information we have collected about you.
    • The categories of sources from which the personal information was collected.
    • The business purpose behind collecting the personal information.
    • The categories of third parties with whom PAR has shared the information.
    • The specific pieces of personal information PAR has collected about you.
  • Right to opt out of the sale of your information: To exercise this right, please visit here.
  • Right to request deletion: upon a verifiable request, made through one of the methods provided within the “Contact Information” section below, we will delete personal information we have regarding you and direct our service providers to delete your personal information from their records, to the extent provided by the CCPA.
  • Right to be free from discrimination: PAR will not discriminate against you for exercising any of your rights under the CCPA. Please keep in mind that under certain circumstances, we may charge you a different price or rate, or provide a different level or quality of products/services, if that difference is reasonably related to the value provided to you by your personal information.

11. SPECIAL INFORMATION FOR USERS OF PARTECH, INC.’S BRINK POS SUBSCRIPTION SOFTWARE SERVICES. ParTech, Inc.’s customers may use certain equipment (finger scanners) made by other companies that obtain information from a scan of a user’s finger in connection with subscription software services sold by ParTech. The scan reads certain characteristics of the user’s finger, and a hexadecimal string of random letters and numbers (token) is generated and retained within ParTech’s subscription software services on behalf of ParTech’s customers. ParTech’s subscription software services do not retain any fingerprints or the characteristics of the user’s finger. ParTech’s customer has the ability to remove this token when a user is no longer employed by the customer. When ParTech’s customer provides notice that the employee should be deleted from the subscription software services, ParTech’s policy is to delete the employee’s information, including the token, promptly upon receipt of that notice. In no event will the token be kept for more than one month from ParTech’s receipt of notice from the customer that the employee should be deleted from the subscription software services.

Contact Information:

PAR can be reached by telephone at: (315) 738-0600 or 1-800-448-6505; by facsimile at: (315) 735-4191; by email at: or by mail at ParTech, Inc., PAR Technology Park, 8383 Seneca Turnpike, New Hartford, New York, 13413 USA, Attention: Privacy Compliance.


We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.


We try to respond to all legitimate requests within one month, unless a shorter time period is specified by the law, including the CCPA. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Tiffany Disher, General Manager, MENU North America

Tiffany Disher

General Manager, MENU North America

Tiffany Disher, General Manager, MENU North America, an omni-channel ordering solution to futureproof restaurant’s growing digital sales needs. Before taking on this new role in January 2023, she was an integral part of Punchh’s growth story. She has advised hundreds of customers over the past eight years on their loyalty strategies both from a base program standpoint as well as ongoing marketing strategies. Before Punchh, Tiffany worked for Schlotzsky’s where she supported the brand marketing team by leading loyalty, eClub, R&D, Franchise advisory council and marketing analytics. Tiffany has her Bachelor’s of Science in Economics from University of Oregon and Master’s in Business with a specialty in Marketing from Baylor University. An avid golfer, hiker and mom of two small children, Tiffany spends her limited free time entering into baking competitions.