Privacy Policy

Latest Version:  October 2023

INTRODUCTION

ParTech, Inc. and its subsidiaries PAR Payment Services, LLC, AccSys, LLC, Punchh, Inc., and Stuzo, LLC, (collectively referred to as “PAR,” “us,” “we,” or “our” as the context may require) respect your privacy and are committed to protecting your personal data. This Privacy Policy (the “Privacy Policy“) applies to information collected through the websites and mobile applications that we operate (collectively, the “Sites“) or online and offline in our provision of hardware, software, software as a service, and data services to the restaurant and retail industries (collectively, the “Products and Services“) and does not cover any information collected by third parties (unless specifically stated). Please note further, as described in this Privacy Policy, that some components of the Sites are operated by third parties and are therefore subject to additional terms found in the policies of those third parties. In such cases, there generally will be a link to the privacy policies of the third party, as described later in this Privacy Policy. By accessing or using the Sites or using our Products and Services, you are acknowledging the disclosures made in this Privacy Policy. The Privacy Policy may change from time to time, as set forth below. Your continued use of the Sites or our Products and Services after we make changes is deemed to be your acknowledgment of those changes, so please check the Privacy Policy periodically for updates.

For purposes of this Privacy Policy, “personal data” or “personal information” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. It does not include information that cannot reasonably be used to infer information about, or otherwise be linked to, a particular consumer, such as deidentified or aggregated data.  We reserve the right to convert, or permit others to convert, your personal data into deidentified data or aggregate data, and may elect not to treat publicly available information as personal data, to the extent permitted by applicable law. We will not attempt to reidentify data that we maintain as aggregated or deidentified.

1. IMPORTANT INFORMATION AND WHO WE ARE 

PURPOSE OF THIS PRIVACY POLICY

This Privacy Policy provides you with information on how PAR collects and processes your personal data, including any data provided to us by customers who use and operate our Products and Services (our “Business Customers“) or that you may provide directly to us when you:

  • contact us for information on our Products and Services;
  • purchase products from our Business Customers;
  • purchase Products or Services from us;
  • join one of our online communities (e.g., PAR Brink POS User Community); and
  • connect with us via social media (e.g., Facebook).

If you are in the European Union (the “EU”), or if your personal data otherwise may be subject to the requirements of the General Data Protection Regulation (Regulation (EU) 2016/679, or “GDPR“), and other applicable regulations, see “Your Legal Rights- European Economic Area, United Kingdom or Switzerland,” below, for information on how PAR collects and processes your personal data in accordance with these laws.

You may have certain privacy rights under applicable U.S. state laws, including the California Consumer Privacy Act, as amended (including, by the California Privacy Rights Act) (together, the “CCPA“),  the Colorado Privacy Act, the Virginia Consumer Data Protection Act, Chapter 603A of the Nevada Revised Statutes, and all laws implementing, supplementing or amending the foregoing, including regulations promulgated thereunder (collectively, “U.S. Privacy Laws“).

If you are a resident of California, Colorado, or Virginia, please see “Your State Law Privacy Rights” below for more specific information about your privacy rights under U.S. Privacy Laws.

In most cases, we collect and process personal information solely in our capacity as a service provider (or “processor” for purposes of the GDPR and certain U.S. Privacy Laws) to our Business Customers. In that context, we receive personal information about you from a Business Customer or collect information from you on behalf of a Business Customer for the business purpose of providing Products and Services to such Business Customer and other legally permitted uses. If you are a customer of one of our Business Customers on whose behalf we have collected or processed your personal information, the rights described below do not apply to personal information collected and processed on behalf of such Business Customer. If you have questions or wish to exercise your rights relating to such personal information, please contact that Business Customer directly.

This Privacy Policy does not apply to our job applicants, current employees, former employees, or independent contractors (collectively, “Personnel“); however, our California-based Personnel may obtain a separate privacy notice that applies to them by contacting our human resources department through the PAR Hub or via email at par_benefits@partech.com.

It is important that you read this Privacy Policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your personal data.

CHANGES TO THE PRIVACY POLICY AND YOUR DUTY TO INFORM US OF CHANGES

We regularly review our Privacy Policy. We reserve the right to alter, modify, update, add to, subtract from or otherwise change this Privacy Policy at any time. We will use your personal information in a manner consistent with the Privacy Policy in effect at the time we collected your personal information. You are responsible for periodically visiting the Sites and this Privacy Policy to check for any changes.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by contacting us (see “Contact Information,” below).

THIRD-PARTY WEBSITES

The Sites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave our Sites, we encourage you to read the privacy policy of any website you may visit.

2. THE PERSONAL DATA WE COLLECT ABOUT YOU 

The categories of personal data we have collected about you in the previous 12 months and the purposes for which we used such personal data are as follows. The numbers listed under the column “Purposes for Collection” correspond to the purposes described in Section 4 below.

Category of InformationDescriptionPurposes for Collection
IdentifiersFirst name, last name, social security number, username or similar identifier, password, date of birth, title, address, email address and telephone numbers.1, 2, 3, 4, 5, 6, 7 and 8
Financial InformationAccount information, payment preference and payment and gift card details.1, 2, 3, 4, 5 and 7
Commercial InformationInformation about payments to and from you and other details of Products and Services you have purchased from us, and your preferences in receiving marketing from us and our third parties and your communication preferences.1, 3, 4, 5, 6, and 8
Internet Usage InformationInformation such as internet protocol (IP) address, your login data, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Sites or our Products and Services.1, 2, 3, 4, 5, 7 and 8
Geolocation informationInformation such as longitude and latitude from your IP address or mobile device when using our mobile apps or mobile apps developed by us for our Business Customers that may provide location of the device you are using.2
Sensory Data (Audio, electronic, visual, or similar information)Profile pictures, customer testimonials, videos, meetings with customers or potential customers.2 and 8
Professional or Employment InformationJob title, business address, or other professional information.1, 3, 5, 6, 7 and 8
Inferences from PI CollectedInformation drawn from any of the above-referenced personal information to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.2
Sensitive Personal InformationWe also collect the following categories of sensitive information, referred to herein collectively as “Sensitive Personal Information”:
Social security numbers.1 and 2
Biometric information used for uniquely identifying a consumer or employee of our Business Customer through the use of our Products and Services.2

The length of time for which we retain each category of personal data described above depends on the purposes for which we collected and use it and our requirements to retain it in order to comply with applicable laws. We keep your personal data for no longer than reasonably necessary to achieve the purposes for which it was collected or processed, including to comply with our legal obligations, resolve disputes, enforce our agreements, and other legitimate and lawful business purposes. The criteria used to determine the period of time we retain such personal data includes the nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of the personal data, as well as on the basis of applicable legal, regulatory, tax, accounting or other requirements (such as applicable statutes of limitation).

As permitted by U.S. Privacy Laws, we also collect, use and share “Aggregated Data” such as statistical or demographic data for any legal purpose. Aggregated Data could be derived from your personal data but is not considered personal data under applicable laws, as this data will not directly or indirectly reveal your identity. For example, we may aggregate your personal data to calculate the percentage of users accessing a specific feature of our Sites, Products or Services, or as a consumer of one of our Business Customers through our Products or Services to provide certain data analytics to our Business Customers. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data that will be used in accordance with this Privacy Policy.

3. THE SOURCES FROM WHICH WE COLLECT YOUR PERSONAL DATA   We use different sources and methods to collect personal data from and about you, including through:

  • Direct interactions. You may give us personal data in our capacity as a service provider or processor to our Business Customers or for our own permitted purposes, by filling in forms or by corresponding with us by mail, phone, email or otherwise. This includes personal data you provide when you:
    • inquire about, purchase or request support for our Products or Services;
    • register for one of our communities;
    • request marketing to be sent to you;
    • connect with us via social media;
    • participate in a promotion or survey; or
    • give us feedback or contact us.
  • Interactions with our Business Customers. We may collect personal data that you provide to our Business Customers, in our capacity as a service provider or processor, when you:
    • place orders for food and drink;
    • purchase or redeem a gift card;
    • sign up for a Business Customer’s loyalty or online ordering program; or
    • work as an employee of our Business Customer, including scanning your finger on a point of sale device that we have provided to our Business Customer.
  • Automated technologies or interactions. As you interact with our Sites or our Products and Services, we will automatically collect personal data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We may use third party analytics services like Google Analytics to provide us with a clearer picture of how you use the Sites or our Products and Services, including when you view specific pages or take specific actions on the Sites or use certain features or functionality within our Products and Services. If you wish to learn more about our data collection process, please contact us; see “Contact Information” section below. Additionally, please see our Cookie Statement for further details.
  • Affiliates, third parties or publicly available sources. We may receive personal data about you from our affiliates and various third parties, either in our capacity as a service provider or processor to our Business Customers or for our own permitted purposes, as set out below:
    • from affiliated companies controlled by, controlling or under common control with PAR;
    • from analytics providers;
    • from search information providers;
    • from providers of technical, payment and delivery services such as banks;
    • from third-party service providers or processors of our Business Customers that integrate with our Products and Services on behalf of our Business Customers;
    • from data brokers, event sponsors (e.g., tradeshows) or aggregators; and
    • from publicly available sources, such as government and administrative bodies.

4. HOW WE USE YOUR PERSONAL DATA 

We will only use your personal data in accordance with applicable U.S. Privacy Laws and as directed by our Business Customers, where we are acting as a service provider or processor. We will use your personal data for the following purposes:

  1. to provide the Products and Services and to register and administer accounts for Business Customers for use of our Sites and our Products and Services;
  2. to register and administer accounts for you as a customer of our Business Customer;
  3. to provide support; diagnose, repair and track service and quality issues with our Products and Services; authenticate your identity; verify eligibility for certain programs offered by our Business Customers; respond to requests, complaints, and inquiries; and otherwise facilitate your relationship with our Business Customers;
  4. for our own internal business purposes, such as to evaluate or audit the usage and performance of the Products and Services; evaluate and improve the quality of the Products and Services and design new products and services; internal research and analytics purposes; catalog your responses to surveys or questionnaires; or maintain internal business records;
  5. to administer and protect the Sites (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data); to deliver relevant content to you on the Sites; to use data analytics to improve the Sites and experiences;
  6. to make suggestions and recommendations to you about third party products or services that may be of interest to the Business Customer you represent;
  7. to prevent fraud, such as using personal information about you obtained through our Products and Services and from our Business Customers, and for identity verification services to confirm your identity and to detect, prevent, and respond to security incidents or other malicious, deceptive, fraudulent, or illegal activity; and
  8. for marketing, such as for contextual ad customization or to market the Products and Services or the services of our affiliates, Business Customers, or other third parties. We may use personal information we collect to send you newsletters, surveys, questionnaires, promotions, or information about events.

Marketing and Advertising

We may process personal information for relationship management and marketing, either as a service provider or processor for Business Customers or on our own behalf. This purpose includes sending marketing and promotional communications to individuals who have not objected to receiving such messages as may be appropriate given the nature of the relationship (or who have opted into such messages in those jurisdictions where opt-in consent is required), such as Product and Service marketing, investor communications, Business Customer communications (e.g., product updates, training opportunities and invitations to Company events), customer satisfaction surveys, supplier communications (e.g., requests for proposals), corporate communications, and Company news. We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following ways for you to control your personal data that you have shared with us:

  • Promotional Offers from Us. You will receive marketing communications from us if you have requested information from us or purchased Products or Services from us and you have not opted out of receiving that marketing.
  • Marketing Messages. You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time. Where you opt-out of receiving these marketing messages, this will not apply to personal data collected by us from any of the other sources specified in Section 3.
  • You can set your browser to refuse all or some browser cookies, or to alert you when our Sites set or access cookies. If you disable or refuse cookies, please note that some parts of the Sites may become inaccessible or not function properly. For more information, please see our Cookie Statement.

Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us (See “Contact Information,” below). If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so, to the extent required under applicable law.

Please note that we may process your personal data without your knowledge or consent, in compliance with this Privacy Policy, where this is required or permitted by law.

Children’s Privacy

We recognize the importance of children’s safety and privacy on the Internet. For this reason, we do not knowingly sell or share (as “share” is defined by the CCPA) any information, including personal information, from children under 16 years of age. If you think we may have unknowingly collected personal information of an individual under 16 years old, please contact us (See “Contact Information,” below).

5. DISCLOSURES OF YOUR PERSONAL DATA 

We may share your personal data with the parties set out below for the purposes set out in Section 4 above.

  • Affiliates” includes parents, subsidiaries, business units, and other companies that share common ownership with us.
  • Service providers. Third parties acting as processors who provide services to us, including: (a) IT and system administration services (e.g., hosting); (b) marketing and advertising services; (c) financing for the purchase of our Products and Services; or (d) support, equipment installation or maintenance in connection with our Products and Services and third-party service providers or processors of our Business Customers that integrate with our Products and Services on behalf of our Business Customers.
  • Business Customers. Our customers, for which we act as a service provider or processor in connection with providing the Products and Services. Examples of Business Customers to whom we may disclose Personal Information are restaurants, retailers, and their franchisees (including their respective service providers and processors).
  • Business Partners. Resellers of our Products and Services to Business Customers (“Business Partners“).
  • Professional advisers. Third parties acting as processors or joint controllers, including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
  • Parties to a corporate transaction. In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we may share personal information with third parties in connection with such transaction. Any other entity which buys us or part of our business will have the right to continue to use your personal information, but only in the manner set out in this Privacy Policy unless you agree otherwise.
  • Law enforcement and other government agencies. We may share information with third parties such as law enforcement or other government agencies to comply with law or legal requirements; to enforce or apply our Website Terms of Use and other agreements; and to protect our, our users,’ or third parties’ rights, data, property or safety.

6. DATA SECURITY 

We have put in place reasonable security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your personal information, we cannot guarantee absolute security. If you have reason to believe that your personal information is no longer secure (for example, if you feel that the security of your account has been compromised), please contact us immediately at privacy@partech.com.

7. YOUR LEGAL RIGHTS – EUROPEAN ECONOMIC AREA (EEA), UNITED KINGDOM OR SWITZERLAND. 

THIS SECTION ONLY APPLIES TO PURCHASERS OF OUR PRODUCTS/SERVICES THAT ARE LOCATED IN THE EUROPEAN ECONOMIC AREA, UNITED KINGDOM OR SWITZERLAND AT THE TIME OF DATA COLLECTION. WE MAY ASK YOU TO IDENTIFY WHICH COUNTRY YOU ARE LOCATED IN WHEN YOU PURCHASE SOME OF OUR PRODUCTS/SERVICES, OR WE MAY RELY ON YOUR IP ADDRESS TO IDENTIFY YOUR COUNTRY LOCATION.

We process personal data as a “processor,” “joint controller,” and as a “controller” under the EU GDPR. A “controller” is an entity that determines the purposes for which and the manner in which any personal information is processed. Any third parties that act as our service providers are “data processors” that handle your personal information in accordance with our instructions. With respect to your personal data that you enter or that is received through our Sites, PAR is the controller. Please do not hesitate to contact us if you have questions (contact information provided below).

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity (except as required for affirmative action compliance), religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

If you are in the EEA, United Kingdom or Switzerland, you have the following rights (where applicable):

Access. You have the right to request a copy of the information we are processing about you;

Rectification. You have the right to have incomplete or inaccurate information that we process about you rectified;

Deletion. You have the right to request that we delete information that we process about you, except we are not obliged to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise, or defend legal claims;

Restriction. You have the right to restrict our processing of your information where you believe such data to be inaccurate; our processing is unlawful; or that we no longer need to process such data for a particular purpose unless we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it;

Portability. You have the right to obtain information we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) information which you have provided to us, and (b) if we are processing that data on the basis of your consent or to perform a contract with you;

Objection. Where the legal basis for processing your information is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests, or if we need to continue to process the data for the establishment, exercise, or defense of a legal claim;

Withdrawing Consent. If you have consented to our processing of your information, you have the right to withdraw your consent at any time, free of charge. This includes where you wish to opt out from marketing messages.

You can make a request to exercise any of these rights in relation to your information by contacting us; (See “Contact Information,” below). For your own privacy and security, at our discretion, we may require you to prove your identity before providing the requested information. Please note that we may take up to 30 days to fulfill such request. We reserve the right to charge a fee when permitted by law, for instance if your request is manifestly unfounded or excessive. We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

You also have the right to lodge a complaint with the local data protection authority (“DPA”) if you believe that we have not complied with applicable data protection laws. A list of local DPAs in European countries is available here.

Legal Basis for Processing 

Processing ActivityLegal basis
1. Provide the Products and Services and to register and administer accounts for Business Customers for use of our Sites and our Products and Services;Our legitimate interests (allowing us to fulfill our contractual obligations with our Business Customers).
2. Provide support; diagnose, repair and track service and quality issues with our Products and Services; authenticate your identity; verify eligibility for certain Business Customer programs; respond to requests, complaints, and inquiries; and otherwise facilitate your relationship with our Business Customers;Our legitimate interests (allowing us to fulfill our contractual obligations with our Business Customers). Our legitimate interests (improving our products and services, ensuring security and increasing our sales).
3. For our own internal business purposes, such as to evaluate or audit the usage and performance of the Products and Services; evaluate and improve the quality of the Products and Services and design new products and services; internal research and analytics purposes; catalog your responses to surveys or questionnaires; or maintain internal business records;Our legitimate interests (design new products and services in line with customer preferences to increase our sales).
4. To administer and protect the Sites (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data); to deliver relevant content to you on the Sites; to use data analytics to improve the Sites and experiences;Our legitimate interests (to protect our company and customers against fraud and any other illicit activities and to design products and services in line with customer preferences to increase our sales).
5. To make suggestions and recommendations to you about third-party products or services that may be of interest to the Business Customer you represent;Consent.
6. To enable you to participate in surveys;The execution of a contract.
7. To prevent fraud, such as using personal information about you obtained through our Products and Services and from our Business Customers, and for identity verification services to confirm your identity and detect, prevent, and respond to security incidents or other malicious, deceptive, fraudulent, or illegal activity; andOur legitimate interests (to protect our company and customers against fraud and any other illicit activities and ensure the security of our products and services).
8. For marketing, such as for contextual ad customization or to market the Products and Services or the services of our affiliates, Business Customers, or other third parties. We may use personal information we collect to send you newsletters, surveys, questionnaires, promotions, or information about events.Our legitimate interests (to promote our brand and increase our sales). Consent.
9. Disclose your personal information to other group companies and Service Providers.Our legitimate interests (to organize our business in line with our commercial and economic interests and to design new products and services in line with customer preferences to increase our sales). Consent.
10.   Disclose your personal information to third parties in connection with the sale, purchase, merger, reorganization, liquidation, or dissolution of the company, or under similar circumstances.Our legitimate interests (to organize our business in line with our commercial and economic interests).
11.   Disclose your personal information to Law enforcement and other government agencies.To comply with legal obligations.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.

You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Generally (please see above), we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.

International Transfers

We share your personal data with our parent company, PAR Technology Corporation, our Affiliates, and with our IT, development, consulting, hosting and other services providers within the U.S. and other countries. This will involve transferring your data outside the European Economic Area (the “EEA“) to territories which do not provide a level of privacy protection equivalent to that which exists in the EEA. This transfer will be made taking into account all necessary legal safeguards and following a privacy impact assessment of the transfer in question (such safeguards will generally include the conclusion of standard contractual clauses approved by the European Commission and, where necessary, the implementation of additional, usually technical, protection measures, such as encryption of the data). To obtain a copy of the safeguards or for further details about international data transfers, please contact us (See “Contact Information,” below).

No other transfers of personal data will be made to recipients in jurisdictions that do not provide a level of data protection equivalent to that in the EEA, unless expressly stated otherwise in the specific privacy notice applicable to that transfer.

EU-U.S. Data Privacy Framework

PAR complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF and Swiss-U.S. Data Privacy Framework (collectively, the “Framework“), as set forth by the U.S. Department of Commerce (the “Department“) regarding the collection, use, and retention of personal information transferred from the European Union, Switzerland and the United Kingdom (and Gibraltar) to the United States, whether that information is collected through our website or through other means. We have certified to the Department that we adhere to the EU-U.S. Data Privacy Framework Principles (the “Principles“) with regard to the processing of personal data received from the EU in reliance on the Framework and from the United Kingdom in reliance on the UK Extension to the Framework. We have certified to the Department that we adhere to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the Principles, the Principles shall govern. To learn more about the Framework, and to view our certification, please visit www.dataprivacyframework.gov.

PAR is subject to investigatory and enforcement powers of the U.S. Federal Trade Commission and may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Accountability for Onward Transfer:

Pursuant to the Principles, PAR remains accountable for personal data that it receives under the Framework and subsequently transfers to a third-party agent. In particular, PAR remains responsible and liable under the Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless PAR proves that it is not responsible for the event giving rise to the damage.

Recourse Mechanism

In compliance with the Framework, PAR commits to resolve Principles-related complaints about our collection or use of your personal information. EU, UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the Framework should first contact PAR at
privacy@partech.com. We will work to resolve your issue and respond no later than 45 days after receipt.

In compliance with the Framework, PAR commits to refer unresolved complaints concerning our handling of personal data received in reliance on the Framework to the International Centre for Dispute Resolution/American Arbitration Association (ICDR/AAA) an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit ICDR/AA at http://go.adr.org/privacyshield.html for more information or to file a complaint. The services of IDCR/AAA are provided at no cost to you.

EU, UK and Swiss individuals have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Framework compliance not resolved by any of the other mechanisms described above For additional information, see https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

8. YOUR STATE LAW PRIVACY RIGHTS 

This section generally applies to residents of California, Colorado, and Virginia whose personal information is subject to U.S. Privacy Laws and certain exceptions within such laws, as applicable. If you are not a resident of the above-mentioned states, the rights described in this section do not apply to you.

In most cases, we collect and process personal information solely in our capacity as a service provider or processor to our Business Customers. In that context, we receive personal information from a Business Customer or collect information from you on behalf of a Business Customer for the business purpose of providing Products and Services to such Business Customer and other legally permitted uses. If you are a customer of one of our Business Customers on whose behalf we have collected or processed your personal information, the rights described below do not apply to personal information collected and processed on behalf of such Business Customer. If you have questions or wish to exercise your rights relating to such personal information, please contact that Business Customer directly.

This Privacy Policy describes the personal information we collect from you, the sources of such personal information, and the purposes for which we use your personal information. Please see the discussion above under “The Personal Data We Collect About You,” “The Sources from Which We Collect Your Personal Data,” and “How We Use Your Personal Data,” respectively, for more information.

Summary of Personal Information We Have Sold or Shared

Although we do not “sell” your personal information for money, the CCPA has defined “sale” to include many of the routine ways that businesses share data. As a result, some of our data sharing practices with Affiliates and Business Partners would be considered a “sale,” as defined under the CCPA. Below is a summary of the categories of personal information we have collected from consumers in the previous 12 months and the categories of third parties to whom we have shared your personal information.

Category of Personal InformationCategories of Third Parties to Whom We Sold Personal Information
IdentifiersBusiness Partners and other third parties within the restaurant and retail industry; Affiliates.
Commercial informationBusiness Partners and other third parties within the restaurant and retail industry; Affiliates.
Internet usage informationMarketing partners; Affiliates.

Summary of Personal Information We Have Disclosed for a Business Purpose 

Below is a summary of the categories of personal information we have collected in the previous 12 months and the categories of third parties with whom we have shared such personal information for business purposes.

Category of Personal InformationCategories of Third Parties to Whom We Disclosed Personal Information for a Business Purposes
IdentifiersService providers, such as providers of accounting services, audit services, IT services, financing/due diligence for the purchase of our Products and Services and equipment installation,  maintenance or support services; andBusiness Customers in connection with the provision of Products and Services and requested transactions;Business Partners in connection with the provision of Products and Services and requested transactions; andEntities involved in a corporate reorganization, merger, or acquisition and their representatives.
Financial informationService providers, such as providers of payment processing services, and financing/due diligence for the purchase of our Products and Services.
Commercial informationService providers, such as providers of accounting services, audit services, IT services, payment processing services, financing for the purchase of our Products and Services and equipment installation, maintenance or support services.
Internet activity informationService providers, such as providers of marketing services; and Business Customers in connection with the provision of Products and Services and requested transactions.
Geolocation informationService providers, such as providers of IT services; and Business Customers in connection with the provision of Products and Services and requested transactions.
Sensory Data (Audio, electronic, visual, or similar information)Service providers, such as providers of marketing services; andBusiness Customers in connection with the provision of Products and Services and requested transactions.
Professional or Employment InformationAffiliates, Business Customers, and Business Partners; andService providers, such as providers of marketing services and IT services.
Inferences from PI CollectedService providers, such as providers of marketing services and IT services; andBusiness Customers in connection with the provision of Products and Services.
Sensitive Personal Information
Social security numbers.Service providers, such as providers of IT services; andAffiliates and Business Customers.
Biometric information used for uniquely identifying a consumer or employee of our Business Customer through the use of our Products and Services.Service providers, such as providers of IT services; andAffiliates and Business Customers.

Sensitive Personal Information  

We do not use or disclose Sensitive Personal Information for purposes other than the following:

  • To detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of stored or transmitted personal information;
  • To resist malicious, deceptive, fraudulent or illegal actions; and
  • To provide Products and Services on behalf of our Business Customers, such as providing storage, or providing similar services on behalf of our Business Customers.

Your Privacy Rights

U.S. Privacy Laws grant you specific rights, subject to certain exceptions, including the following:

  • Right to Access Personal Information. Upon a verifiable request, made through one of the methods provided in the Contact Information section below, we will disclose to you the items listed below:
    • The categories of personal information we have collected about you;
    • The categories of sources from which the personal information was collected;
    • The business purpose behind collecting the personal information;
    • The categories of third parties with whom we have shared the information; and
    • The specific personal information we have collected about you.
  • Right to Opt Out of Sale or Sharing. You have the right to opt out of any sales of your personal information (as sale is defined by U.S. Privacy Laws).

Online Selling or Sharing. Third-party digital businesses (Third-Party Digital Businesses) may associate cookies and other tracking technologies that collect personal information about you on our Sites, or otherwise collect and process personal information that we make available about you, including digital activity information. These Third-Party Digital Businesses use this information for several purposes, including to track activity across websites, to infer information about visitors, and to provide visitors with personalized content. The CCPA also allows California residents to opt-out of the use of personal information from different businesses or services to provide targeted advertisements, which the CCPA defines as sharing.

If you want to opt-out of the sale or sharing of such personal information, exercise a separate opt-out request on our consent management platform (CMPhere.  Our CMP enables you to exercise such an opt-out request and enable certain cookie preferences on your device. You must exercise your preferences on each of our Sites you visit, from each browser you use, and on each device that you use. Because your browser opt-out is designated by a cookie, if you clear or block cookies, your preferences will no longer be effective and you will need to enable them again via our CMP. Please also refer to our Cookie Statement for other ways to exercise preferences regarding Third-Party Digital Businesses. Beware that if you use ad-blocking software, our cookie banner may not appear when you visit our Sites and you may have to use the link above to access the CMP.

Under the CCPA, opt-out preference signals (OOPS) are signals sent by a platform, technology, or mechanism, enabled by individuals on their devices or browsers, that communicate the individual’s choice to opt-out of the sale and sharing of personal information. To use an OOPS, you can download an internet browser or a plugin to use on your current internet browser and follow the settings to enable the OOPS. We have configured the settings of our CMP to receive and process OOPS on our Sites. We process OOPS with respect to sales and sharing that may occur in the context of collection of personal information by tracking technologies online by Third-Party Digital Businesses, discussed above, and apply it to the specific browser on which you enable OOPS. We currently do not, due to technical limitations, process OOPS for opt-outs from sales and sharing in other contexts (e.g., non-cookie personal information).

Offline Selling or Sharing. With respect to our sale or sharing of personal information other than that collected by cookies and other tracking technology, we will, upon a verifiable request made through one of the methods provided in the Contact Information section below, not allow your personal information to be sold or shared, as those terms are defined by applicable U.S. Privacy Laws.

  • Right to Delete. Upon a verifiable request, made through one of the methods provided in the Contact Information section below, we will delete personal information we have collected from you and direct our service providers and processors to delete your personal information from their records. Note that California residents only have the right to request that we delete personal information that we have collected directly from the consumer.
  • Right to Correct. Upon a verifiable request, made through one of the methods provided in the Contact Information section below, we will correct inaccurate personal information that we maintain about you.

We will not discriminate against you for exercising any of your privacy rights.

How to Exercise Your Privacy Rights

You may exercise your privacy rights by any of the methods described below in Contact Information.   You may also designate an authorized agent to exercise these rights on your behalf by following the process described in Authorized Agents, below.

You may request access to your personal information twice in any 12-month period, measured from the date we receive your first request. If you submit a request to obtain your personal information more than twice in any 12-month period, we will either: (i) proceed with honoring your request; or (ii) deny your request in writing.

Consistent with applicable U.S. Privacy Laws and our interest in the security of your personal information, we will not deliver to you your Social Security number or other government-issued ID number, financial account number, biometric information, or an account password together with security questions or answers in response to a privacy rights request.

Verification

In order for you to exercise your privacy rights, we will need to obtain certain information from you to verify your identity.

For a report of the specific personal information we have collected about you, you must provide us with three of the following pieces of information in order for us to verify your identity:

  • full name;
  • email address;
  • loyalty club number with our Business Customer;
  • zip code; or
  • mobile telephone number.

You also must provide us with a signed declaration, under penalty of perjury, that you are who you say you are.

For a report of the categories of personal information we have collected about you, for a request to delete your personal information, or for a request to opt out of the sale of your personal information, you must provide us with two of the above-referenced pieces of information in order for us to verify your identity.

Where necessary, we may request additional information about you so that we can verify your identity. Where we did not already hold that information, we will use it only for the purpose of verifying your identity and to process your request.

Authorized Agents

You may use an authorized agent to exercise your privacy rights on your behalf. Authorized agents may demonstrate that the agent has authority to exercise rights on the requesting consumer’s behalf by submitting supporting documentation to privacy@partech.com. At a minimum, we will require evidence of the agent’s identity (via passport or driver’s license submission), and at least one of the following evidencing proof of your legal authority to act on the behalf of the individual who is the subject of this request:

  • Written authorization signed by the consumer;
  • Certified copy of a Power of Attorney; or
  • Evidence of parental responsibility.

Whenever you interact with us on behalf of another individual or entity, such as by providing or accessing personal information about another individual, you represent that your interactions and exchanges comply with applicable laws. You shall have sole responsibility for any violation of applicable laws as a result of a failure to obtain any necessary consent from such individual.

Timing 

We will respond to requests to delete and requests to access your personal information within 45 calendar days, unless we need more time, in which case we will notify you and may take up to 90 calendar days total to respond to your request.  We will respond to requests to opt out of the sale of your personal information within 15 business days.

Appeals

Residents of Virginia and Colorado may appeal our decision regarding a request by contacting us using one of the methods described in Contact Information below.

California Shine the Light Law

Under California’s Shine the Light law, California residents who provide personal information in obtaining products/services for personal, family, or household use are entitled to request and obtain from us once a calendar year information about the consumer information we shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of consumer information and the names and addresses of those businesses with which we shared consumer information for the immediately prior calendar year (e.g., requests made in 2024 will receive information regarding 2023 sharing activities).

To obtain this information please send an email message to privacy@partech.com with Request for California Privacy Information on the subject line and in the body of your message. We will provide the requested applicable information to you at your e-mail address in response subject to any need to verify whether these rights apply to you.

Please be aware that not all information sharing is covered by the Shine the Light requirements and only information on covered sharing will be included in our response.

Additional Information for Nevada Residents 

Nevada residents have the right to instruct us not to sell covered information as those terms are defined by Chapter 603A of the Nevada Revised Statutes. Although we do not currently sell covered information of Nevada residents, as those terms are defined under that law, you may contact us at privacy@partech.com and provide your name, Nevada address, and email address to be verified and exercise your opt-out rights in the event we do sell covered information under that law in the future. If you change your email address or other contact information, contact us in the same manner to update your contact information to help facilitate your opt-out. Changing your contact information elsewhere (e.g., informational requests, account information, etc.) will not update your Nevada opt-out information and we will only use the information provided to our opt-out program for managing opt-outs. It is your responsibility to keep your opt-out information current. If after opting-out you direct us to share your covered information with others, we will do so regardless of your prior opt-out.

9. COLLECTION AND USE OF BIOMETRIC INFORMATION. 

Our Business Customers may use certain equipment (finger scanners) made by other companies that obtain information from a scan of a user’s finger in connection with our subscription software services. The scan reads certain characteristics of the user’s finger, and a hexadecimal string of random letters and numbers (token) is generated and retained within ParTech’s subscription software services on behalf of our Business Customers. Our subscription software services do not retain any fingerprints or the characteristics of the user’s finger. Our Business Customer has the ability to remove this token when a user is no longer employed by the Business Customer. When our Business Customer provides notice that the user should be deleted from the subscription software services, our policy is to delete the user’s information, including the token, promptly upon receipt of that notice. In no event will the token be kept beyond the earlier of:  (a) one (1) month from our receipt of notice from the Business Customer that the user should be deleted from the subscription software services; and (b) three (3) years since the user’s last use of the token.

10. CONTACT INFORMATION 

For general questions or comments, we can be reached by telephone at: (315) 738-0600 or 1-800-448-6505, option #5; by facsimile at: (315) 735-4191; by email at: privacy@partech.com or by mail at ParTech, Inc., PAR Technology Park, 8383 Seneca Turnpike, New Hartford, New York, 13413 USA, Attention: Privacy Compliance.

If you are seeking to exercise your privacy rights under U.S. Privacy Laws, you may call us at 1-800-448-6505, option #5 or by visiting the Your Privacy Choices webpage here.

If you are having trouble viewing or accessing this Privacy Policy or need it made available to you in an alternative format, please contact us at privacy@partech.com.