Latest Version: February 2023
1. IMPORTANT INFORMATION AND WHO WE ARE
- contact us for information on our products and services
- purchase products or services from us
- join one of our online communities (e.g. PAR Brink POS User Community)
- connect with us via social media (e.g. Facebook)
- become a partner of PAR (e.g. integrate to PAR’s products)
- supply us with goods or services
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by contacting us (contact information provided below).
2. THE DATA WE COLLECT ABOUT YOU
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you in connection with the purposes stated in Section 1 as follows:
- Identity Data includes first name, last name, username or similar identifier, title, employer identification number.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes account information, income, and payment card details.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us or products and services purchased by us from you.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Sites.
- Profile Data includes your username and password, purchases or orders made by you, number of locations, feedback and survey responses.
- Usage Data includes information about how you use our Sites, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity (except as required for affirmative action compliance), religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
3. HOW IS YOUR PERSONAL DATA COLLECTED?
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by mail, phone, email or otherwise. This includes personal data you provide when you:
- apply for a position with us;
- inquire about or purchase our products or services;
- register for one of our communities;
- request marketing to be sent to you;
- connect with us via social media;
- participate in a promotion or survey; or
- give us feedback or contact us.
- Third parties or publicly available sources. We will receive personal data about you from various third parties as set out below:
- Technical Data from analytics providers, such as Google, Hotjar and Moz, based outside the EU.
- Identity, Contact and Financial Data from search information providers, such as Dun & Bradstreet, based outside the EU.
- Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as banks and credit bureaus inside and outside the EU.
- Identity and Contact Data from data brokers or aggregators, such as Techonomic Ignite, based outside the EU.
- Identity and Contact Data from publicly available sources, such as government and administrative bodies (Companies House (UK), Secretary of State (US)), based inside and outside the EU.
4. HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to process your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract. For example:
- establish you as a new customer or supplier;
- process and deliver your order or invoice, including manage payments, fees and charges;
- manage our relationship with you, including contacting you about the timing of the performance of certain services; and
- enable you to participate in surveys.
- Where it is necessary for our legitimate interests (or those of a third party) of our business in conducting and managing our business to enable us to give you the best products/services and your interests and fundamental rights do not override those interests. For example:
- collect and recover money owed to us;
- asking you to participate in or complete a survey;
- providing ongoing service to you in connection with the products and services purchased by you;
- to administer and protect our business and the Sites (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data);
- to deliver relevant content to you on the Sites and advertisements to you and measure or understand the effectiveness of the advertising to you;
- to use data analytics to improve the Sites, products/services, marketing, customer relationships and experiences; and
- to make suggestions and recommendations to you about goods or services that may be of interest to you.
You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
- Where we need to process your personal data where it is necessary for compliance with a legal obligation that we are subject to.
- Notifying you as required and performing our obligations under any contract that we have with you.
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following ways for you to control your personal data that you have shared with us:
PROMOTIONAL OFFERS FROM US
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you. You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and you have not opted out of receiving that marketing.
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time. Where you opt-out of receiving these marketing messages, this will not apply to personal data collected by us as a result of any of the other methods specified in Section 3.
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us (contact information provided below). If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products/services). In this case, we may have to cancel a product/ service you have with us but we will notify you if this is the case at the time.
5. DISCLOSURES OF YOUR PERSONAL DATA
We may share your personal data with the parties set out below for the purposes set out above.
- Internal Third Parties such as PAR Technology Corporation, our parent company, acting as a joint controller and processor, which is also based in the United States and provides PAR with IT and system administration services and undertakes leadership reporting.
- External Third Parties as follows:
- Service providers acting as processors based in the United States, Canada, or in the EU who provide: (a) IT and system administration services (e.g. hosting); (b) human resource services (e.g. recruiting); (c) financing for the purchase of our products/services; or (d) installation or on-site remedial maintenance in connection with our products/services.
- Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in the United States, Canada, or in the EU who provide consultancy, banking, legal, insurance and accounting services.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
6. INTERNATIONAL TRANSFERS
We share your personal data with our parent company, PAR Technology Corporation. This will involve transferring your data outside the European Economic Area (EEA).
Many of our external third parties are based outside the EEA so their processing of your personal data will involve a transfer of data outside the EEA.
Privacy Shield Policy
PAR is subject to investigatory and enforcement powers of the U.S. Federal Trade Commission and may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
EU and Swiss Persons may have the option to select binding arbitration under the Privacy Shield Panel for the resolution of your complaint under certain circumstances. For further information, please see the Privacy Shield website. To learn more about the Privacy Shield Framework at https://www.privacyshield.gov.
Accountability for Onward Transfer:
Pursuant to the Privacy Shield Principles, PAR remains accountable for personal data that it receives under the Privacy Shield and subsequently transfers to a third-party agent. In particular, PAR remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Privacy Shield Principles, unless PAR proves that it is not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, PAR commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact PAR at email@example.com.
PAR has further committed to refer unresolved Privacy Shield complaints to PAR’s Independent Resource Mechanism, the International Centre for Dispute Resolution/American Arbitration Association (ICDR/AAA) an alternative dispute resolution provider. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit ICDR/AA at. http://go.adr.org/privacyshield.html for more information or to file a complaint. The services of IDCR/AAA are provided at no cost to you.
7. DATA SECURITY
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. DATA RETENTION
HOW LONG WILL YOU USE MY PERSONAL DATA FOR?
We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for seven years after they cease being customers for tax purposes.
9. YOUR LEGAL RIGHTS
IF YOU ARE LOCATED IN THE EUROPEAN ECONOMIC AREA (EEA), UNITED KINGDOM OR SWITZERLAND.
THIS SECTION ONLY APPLIES TO PURCHASERS OF OUR PRODUCTS/SERVICES THAT ARE LOCATED IN THE EUROPEAN ECONOMIC AREA, UNITED KINGDOM OR SWITZERLAND AT THE TIME OF DATA COLLECTION. WE MAY ASK YOU TO IDENTIFY WHICH COUNTRY YOU ARE LOCATED IN WHEN YOU PURCHASE SOME OF OUR PRODUCTS/SERVICES, OR WE MAY RELY ON YOUR IP ADDRESS TO IDENTIFY YOUR COUNTRY LOCATION.
PAR processes Personal Data as a “processor,” “joint controller,” and as a “controller” under the European Union’s GDPR. A “controller” is an entity that determines the purposes for which and the manner in which any personal information is processed. Any third parties that act as our service providers are “data processors” that handle your personal information in accordance with our instructions. With respect to your personal data that you enter or that is received through our Sites, PAR is the controller. Please do not hesitate to contact us if you have questions (contact information provided below);
If you are in the EEA, United Kingdom or Switzerland, you have the following rights (where applicable):
- Access. You have the right to request a copy of the information we are processing about you;
- Rectification. You have the right to have incomplete or inaccurate information that we process about you rectified;
- Deletion. You have the right to request that we delete information that we process about you, except we are not obliged to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise, or defend legal claims;
- Restriction. You have the right to restrict our processing of your information where you believe such data to be inaccurate; our processing is unlawful; or that we no longer need to process such data for a particular purpose unless we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it;
- Portability. You have the right to obtain information we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) information which you have provided to us, and (b) if we are processing that data on the basis of your consent or to perform a contract with you;
- Objection. Where the legal basis for processing your information is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests, or if we need to continue to process the data for the establishment, exercise, or defense of a legal claim;
- Withdrawing Consent. If you have consented to our processing of your information, you have the right to withdraw your consent at any time, free of charge. This includes where you wish to opt out from marketing messages.
You can make a request to exercise any of these rights in relation to your information by contacting us via the methods listed below within the Contact Information section. For your own privacy and security, at our discretion, we may require you to prove your identity before providing the requested information. Please note that we may take up to 30 days to fulfill such request. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
You also have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws. A list of local data protection authorities in European countries is available here at https://edpb.europa.eu/about-edpb/board/members_en.
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
10. SPECIAL INFORMATION FOR CALIFORNIA RESIDENTS
Under California’s “Shine the Light” law, California residents who provide personal information in obtaining products/services for personal, family, or household use are entitled to request and obtain from us once a calendar year information about the customer information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year (e.g., requests made in 2019 will receive information regarding 2018 sharing activities).
To obtain this information please send an email message to firstname.lastname@example.org with “Request for California Privacy Information” on the subject line and in the body of your message. We will provide the requested applicable information to you at your e-mail address in response subject to any need to verify whether these rights apply to you.
Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing will be included in our response.
California Consumer Privacy Act Rights. Under the California Consumer Privacy Act (“CCPA”) California residents have certain rights regarding their personally identifiable information. If you would like to exercise these rights on or after January 1, 2020, please contact us using the email address, toll free phone number, or physical mailing address listed within the “Contact Information” section below. If sending an email, please send an email message to email@example.com with “Request for California Privacy Information” on the subject line and in the body of your message. For your own privacy and security, at our discretion, we may require you to prove your identity before providing the requested information. It may take us some time to respond to your request, but we will do so within the requirements of the CCPA.
This Policy discloses to you the personal information we collect from you and the purposes for doing so. Please see “How We Use Your Personal Data” above. The CCPA grants you specific rights, including the following:
- Right to request disclosure as to personal information PAR has collected about you:
- Upon a verifiable request, made through one of the methods provided within the “Contact Information” section below, we will disclose to you the items listed below, one or more of which may be provided by reference to this Policy:
- The categories of personal information we have collected about you.
- The categories of sources from which the personal information was collected.
- The business purpose behind collecting the personal information.
- The categories of third parties with whom PAR has shared the information.
- The specific pieces of personal information PAR has collected about you.
- Right to opt out of the sale of your information: To exercise this right, please visit here.
- Right to request deletion: upon a verifiable request, made through one of the methods provided within the “Contact Information” section below, we will delete personal information we have regarding you and direct our service providers to delete your personal information from their records, to the extent provided by the CCPA.
- Right to be free from discrimination: PAR will not discriminate against you for exercising any of your rights under the CCPA. Please keep in mind that under certain circumstances, we may charge you a different price or rate, or provide a different level or quality of products/services, if that difference is reasonably related to the value provided to you by your personal information.
11. SPECIAL INFORMATION FOR USERS OF PARTECH, INC.’S BRINK POS SUBSCRIPTION SOFTWARE SERVICES. ParTech, Inc.’s customers may use certain equipment (finger scanners) made by other companies that obtain information from a scan of a user’s finger in connection with subscription software services sold by ParTech. The scan reads certain characteristics of the user’s finger, and a hexadecimal string of random letters and numbers (token) is generated and retained within ParTech’s subscription software services on behalf of ParTech’s customers. ParTech’s subscription software services do not retain any fingerprints or the characteristics of the user’s finger. ParTech’s customer has the ability to remove this token when a user is no longer employed by the customer. When ParTech’s customer provides notice that the employee should be deleted from the subscription software services, ParTech’s policy is to delete the employee’s information, including the token, promptly upon receipt of that notice. In no event will the token be kept for more than one month from ParTech’s receipt of notice from the customer that the employee should be deleted from the subscription software services.
PAR can be reached by telephone at: (315) 738-0600 or 1-800-448-6505; by facsimile at: (315) 735-4191; by email at: firstname.lastname@example.org or by mail at ParTech, Inc., PAR Technology Park, 8383 Seneca Turnpike, New Hartford, New York, 13413 USA, Attention: Privacy Compliance.
WHAT WE MAY NEED FROM YOU
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
TIME LIMIT TO RESPOND
We try to respond to all legitimate requests within one month, unless a shorter time period is specified by the law, including the CCPA. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.