Privacy Policy of Round 2 POS, Inc.

Download PDF

Introduction and Overview

Round 2 POS, Inc. (“R2” or “we”) cares about your privacy as much as it cares about its own. For those concerned, this privacy policy (“Privacy Policy”) delineates how R2 and its affiliates collect and use the sensitive and/or personally identifiable information of its merchants, merchant employees, customers, end users, resellers, applicants, third-party partners, and other visitors to our websites or users of our website or online ordering services. Personally identifiable information (“PII”) is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. What follows should provide insight for those interested in what and how we collect, use, protect or otherwise handle your PII in accordance with our website. This Privacy Policy does not apply to any use of your information by a merchant unless provided otherwise in this policy. This Privacy Policy is referenced by and incorporated into our user terms and conditions. Please review this Privacy Policy before using any Round 2 services, software, website or social media. 

What personal information does R2 collect from users of its services and/or visitors to its website?

When ordering products or services, using customer or support services, creating an account with us, registering or downloading information on our site, as appropriate, you may be asked to enter your name, email address, mailing address, phone number, billing and payment information, candidate information (for job applicants), date of birth, social security number, and other details about you that could directly or indirectly identify you.

When do we collect information?

We collect information when you place an order, enter information on our website, use our customer or support services, apply for a job, sign up for our newsletter, respond to a survey or marketing communication, surf our website, or use our website’s features. You will provide most of the information we collect about you. And by providing this information to us, you consent to our collection of your information in compliance with all applicable laws.

How do we use you information?

We may use the information we collect about you for the following purposes:

• Operating, evaluating, maintaining, improving, and providing the features and functionality of our products and services 
• Fulfilling a payment or return transactions initiated by you 
• Delivering electronic receipts to consumers who request them via email or text message Managing our relationship with you or your company 
• Carrying out our obligations, and exercising our rights, under our agreement with you or your company
• Communicating with you regarding your account with us, if you have one, including by sending you service-related emails or messages (e.g., messages regarding account verification, changes or updates to the functionality of our products or services, technical and security notices and alerts, and support and administrative messages)
• Facilitating communications between resellers and merchants and merchants and merchants’ customers regarding marketing messages and preferences 
• Personalizing the manner in which we provide our products and services 
• Maintaining records for merchants regarding their personnel’s interaction with and use of the R2 POS (e.g., clock-in and clock-out time) 
• Maintaining records for merchants of their customers’ purchase activity and history
• Checking for fraud or money laundering and/or managing either our or a merchant’s risk Administering and protecting our business 
• Providing support and maintenance for our products and services, including responding to your service-related requests, questions, and feedback 
• Responding to queries regarding customer and support services 
• Answering questions sent to us via email or through our website 
• Developing and creating analytics and related reporting, such as regarding merchant, reseller, industry and fraud trends 
• Research, developing, analyzing and improving our services, products and business 
• To comply with legal and regulatory obligations 
• Provider information to fulfill order obligations 

Point of Sale:

• Depending on how our merchants set up our point-of-sale system, your email address, phone number, preference to receive marketing information, physical address (if you request delivery for online ordering), feedback or other information you choose to offer.
• We collect information related to your transaction(s), which may include PII, and other information such as the payment card used, name associated with the payment card, electronic signature, name, and location of the merchant at which the transaction occurred, date and time of the transaction, transaction amount, and information about the goods or services purchased in the transaction. Round 2 uses third party service providers to process and transmit payment. Round 2 does not itself store or transmit your cardholder data.
• Special Note on Online Orders: We may collect additional information on consumers that are ordering through a merchant’s website to process a transaction including name, phone number and address for delivery or carry-out services. We may also collect additional location and device information on our order check-out pages as part of our fraud prevention efforts.

Social Media Pages

• Round 2 may also collect information from social media platforms for which it maintains pages, such as LinkedIn, Facebook, Twitter, YouTube, and Instagram. If you interact with our pages on those third-party platforms, the third-party’s privacy policy will govern your interactions on the relevant platform. If the third-party platform provides us with information about our pages on those platforms or your interactions with them (e.g., for lead generation purposes), we will treat that information in accordance with this Privacy Policy.

How do we protect your information?

• Your personal information is contained behind secured networks and is only accessible by a limited number of people who have special access rights to such systems and (i) are required to access the information to fulfill a business purpose and (ii) are required to keep the information confidential. In addition, all sensitive/credit information you supply (if any) is encrypted via Secure Socket Layer (SSL) technology.
• We implement a variety of security measures when a user places an order to maintain the safety of your personal information. 
• All transactions are processed through a gateway provider and are not stored or processed on our servers.

 Do you anonymize data?

We may create anonymized (or de-identified) data from your and other individuals’ personal information we collect. If we create anonymized data, we do so by removing the information that makes the data personally identifiable to you, and use that anonymized data only for our lawful business purposes.

Do we use cookies and other tracking devices?

Yes.

Cookies. Our website and online ordering services may send a “cookie” to your computer. A cookie is a small file placed on your device’s hard drive that allows your device to be recognized by a site (such as ours) or its service provider. A cookie does not provide access to your device or any information about you, other than the data you choose to share with us. For instance, we use cookies to help us remember and process the items in your shopping cart. We also use them to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. All this allows information enables us to provide you with more relevant product offerings, a better experience on our websites and mobile applications, and to collect, analyze and improve the performance of our services. We may also collect your location (IP address) so that we can personalize our services. If you want to disable cookies, seek out the policies and terms of your internet web browser to manage your browsing privacy preferences. By blocking cookies, some aspects and/or features of our website may be unavailable. You may also continue to receive generic ads even if you choose to “opt out.”

Replay Technologies. We also use third party software that uses software coded to record users’ interaction with our website in a manner that allows us to watch video-like replays of user sessions. These replays include users’ clicks, mouse movements, scrolls, and keystrokes/key touches during those sessions. These replays help us diagnose usability problems and identify areas for improvement. You can opt-out of session recording by notifying us at help@r2pos.com.

Web Beacons. Web beacons, also known as pixel tags or clear GIFs, are used to demonstrate that a webpage or email address was accessed or opened, or that certain content was viewed or clicked.

Local Storage Technologies. Local storage technologies like HTML5 and Flash provide cookie-equivalent functionality but can store larger amounts of data on your device outside of your browser in connection with specific applications.

Do we receive additional data from third parties?

Additional information about you may be received from other sources, including publicly available databases or third parties from whom we have purchased data, in which case we may combine this data with information we already have about you so that we can update, expand and analyze the accuracy of our records, assess the qualifications of a candidate for employment, identify new customers, and provide products and services that may be of interest to you. If you provide us personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us. Any third parties (and any subcontractors they may be permitted to use) that may receive your information to assist us in operating our business have agreed not to share, use or retain your personal information for any purpose other than as necessary for the provision of the requisite products and services.

De we sell, trade or transfer personal data to third parties?

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information unless we provide you with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep your personally identifiable information confidential. We may also release your information when we believe it is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.

However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses. 

We will also disclose your information to third parties:

• if we sell or buy any business or assets (whether a result of liquidation, bankruptcy or otherwise), in which case we will disclose your data to the prospective seller or buyer of such business or assets; or 
• if we sell, buy, merge, are acquired by, or partner with other companies or businesses, or sell some or all of our assets. In such transactions, your information may be among the transferred assets. 

We may share your personal data with the following parties

• We may disclose your personal data to our subsidiaries and corporate affiliates for purposes consistent with this Privacy Notice. 
• We may use third parties to administer and provide services on our behalf (such as companies that provide customer support, companies that we engage to host, manage, maintain, and develop our website, mobile applications, and IT systems, and companies that help us process payments). These third parties may use your information only as directed by R2 and in a manner consistent with this Privacy Policy and they are prohibited from using or disclosing your information for any other purpose.
• Third-party applications that a merchant has installed on a R2 compatible device may instruct R2 to transfer personal data. For example, an application may direct R2 to export data or reports to a third-party cloud storage system. Merchants are responsible for their use of third-party applications, the directions that the application provides to R2, and R2’s reliance on those directions. R2 is not responsible for the privacy policy or practices of any third-party application. 
• When R2 provides services for its merchants, it may share personal data with those merchants. For example, R2 may collect information about a merchant’s customers from or on behalf of the merchant, such as when R2 processes payment transactions, and R2 may provide personal data about those customers back to the merchant. We not responsible for the privacy practices of the merchants using our services. 
• R2 shares personal data with businesses involved with processing a payment transaction, such as merchants, banks or other card issuers, card associations, debit network operators and their members. 
• R2 shares personal data with credit reference, fraud protection, risk management, and identity verification agencies to help guard against, detect, and respond to fraud or money laundering, and/or manage our or our merchants’ risk, and to comply with contractual, legal, or regulatory requirements. 
• We may disclose your personal data to our professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us. 
• R2 may disclose information about you to government or law enforcement officials (including tax authorities) or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to: 
  • Comply with applicable laws, lawful requests, and legal processes, such as to respond to subpoenas or requests from government authorities; 
  • Enforce the terms and conditions that govern our products and services; 
  • (iii) Protect our rights, privacy, safety or property, and/or that of you or others; and
  •  Protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
• R2 may transfer your personal data to any third party who is not otherwise covered by the other listed categories above where you have given us permission to do so, or with whom you have entered into a contract when we need to transfer your personal data to that party in order to fulfil that contract.

Do we share any analytics with third parties?

Round 2 may use third party analytics service providers to assist with the performance of our online ordering system and website performance, such as Google Analytics or Facebook. These analytics service providers use technologies such as cookies, web beacons, and web server logs to help us analyze how you use our online services and website. We may disclose your site-use information (including IP address) to these analytics providers, and other service providers who use the information to help us figure out how you and others use our online services.

We may also collect transaction information on behalf of our restaurant merchants to provide insight into their business performance and consumer relations with certain goods and services.

• To learn more about how Google Analytics collects and processes data, and how to opt out, please visit www.google.com/policies/privacy/partners or https://support.google.com/analytics/answer/181881?hl=en
• To learn more about how Facebook uses your data please visit https://www.facebook.com/help/325807937506242/ or log on to your Facebook account and access your settings. To understand more about Facebook advertising please see here https://www.facebook.com/about/ads.

Do you have third party links on your websites?

Occasionally, at our discretion, we may include or offer third party products or services on our website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites. We also encourage you to review the privacy policies of the linked sites so you know how these sites collect and use your PII.

How do you communicate with us?

We may contact you directly or through a third-party service provider regarding products or services you have signed up or purchased from us, such as necessary to deliver transactional or service-related communications. We may also contact you with offers for additional services we think you’ll find valuable if you give us consent, or when allowed based upon legitimate interests. You don’t need to provide consent as a condition to purchase our goods or services. These contacts may include:  

• Email
• Text (SMS) messages
• Telephone calls
• Messenger applications (e.g., WhatsApp, etc.)
• Automated phone calls or text messages. 

You may also update your subscription preferences with respect to receiving communications from us and/or our partners by signing into your account and visiting “Business Settings” page.

If we collect information from you in connection with a co-branded offer, it will be clear at the point of collection who is collecting the information and whose privacy policy applies. In addition, it will describe any choice options you have in regards to the use and/or sharing of your personal information with a co-branded partner, as well as how to exercise those options. We are not responsible for the privacy practices or the content of third-party sites. Please read the privacy policy of any website you visit. I

f you make use of a service that allows you to import contacts (ex. using email marketing services to send emails on your behalf), we will only use the contacts and any other personal information for the requested service. If you believe that anyone has provided us with your personal information and you would like to request that it be removed from our database, please contact us at privacy@Poynt.com.

What is COPPA (Children Online Privacy Protection Act)?

When it comes to the collection of personal information from children under 13, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under 13.

What are the Fair Information Practices? 

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information. In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:

We will notify the users via email within 7 business days.

We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.

Do we provide ‘Do Not Track’ notifications?

Some browsers allow you to automatically notify websites you visit not to track you using a “Do Not Track” signal. There is no consensus among industry participants as to what “Do Not Track” means in this context. Like many websites and online services, we currently do not alter our practices when we receive a “Do Not Track” signal from a visitor’s browser. To find out more about “Do Not Track,” you may wish to visit www.allaboutdnt.com.

If you exercise your privacy rights, will you be discriminated against?

We will not discriminate against you for exercising any of your privacy rights. Unless permitted under applicable laws, we will not:

• Deny you goods or services. 
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties. 
• Provide you a different level or quality of goods or services. 
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services. 

How may we change this policy.

We reserve the right to modify this Privacy Policy at any time. If we decide to change our Privacy Policy, we will post those changes to this Privacy Policy and any other places we deem appropriate, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If we make material changes to this Privacy Policy, we will notify you here, by email, or by means of a notice on our home page, at least thirty (30) days before the implementation of the changes.

How may you contact us?

If there are any questions regarding this Privacy Policy you may contact us using the information below.

Email: legal@r2pos.com or

Phone: 412-213-8610

How may I stop tracking devices?

Some Internet browsers may send "Do Not Track" signals to the online services that you visit. We currently do not respond to do not track signals. To find out more about "Do Not Track," please visit http://www.allaboutdnt.com.

How do I choose not to send my personal data?

Where we request personal data directly from you, you do not have to provide it to us. If you decide not to provide the requested information, in some circumstances we, or merchants who use R2 services and software, may be unable to provide products or services to you. For example, we may be unable to process your purchase transaction without certain personal data.

How may I access, modify or delete my information?

In some jurisdictions, applicable law may provide a right for individuals to access, modify, or delete their personal data. You may contact us directly to request access to, or modification or deletion of, your information. We may not be able to provide access to, or modify or delete, your information in all circumstances.

What can I do if I have any complaints?

If you have a complaint about our handling of your personal data, you may contact our data protection officer using the contact information below. We request that a complaint be made in writing. Please provide details about your concern or complaint so that our data protection officer can investigate it. We will take appropriate action in response to your complaint, which may include conducting internal discussions with relevant business representatives. We may contact you for additional details or clarification about your concern or complaint. We will contact you to inform you of our response to your complaint. You also may have a right to file a complaint with a national or local regulatory agency.

I’m a California Resident; what are my specific rights?

The information provided in this “Information for California Residents” section only applies to California residents. This notice describes how we collect, use and share your Personal Information (as defined in the California Consumer Privacy Act of 2018, or “CCPA”), and your rights with respect to that Personal Information.

If I’m a California resident, what are my privacy rights?

As a California resident, you have the rights listed below. However, these rights are not absolute, and we may decline your request as permitted by the CCPA.

• Information. You may request the following information about how we have collected and used your Personal Information during the past 12 months: 
  • The categories of Personal Information that we have collected.
  • The categories of sources from which we collected Personal Information. 
  • The business or commercial purpose for collecting and/or selling Personal Information.
  • The categories of third parties with whom we share Personal Information.
  • Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of recipient.
  • Whether we’ve sold your Personal Information; and, if so, the categories of Personal Information received by each category of recipient.
• Access. You may request a copy of the Personal Information that we maintain about you.
• Deletion. You may ask us to delete the Personal Information that we maintain about you.
• Nondiscrimination. You may exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as by denying you goods or services, increasing the price/rate of goods or services, decreasing the service quality, or suggesting that we may penalize you as described above for exercising your rights. However, the CCPA allows us to charge you a different price or provide a different service quality if that difference is reasonably related to the value of the Personal Information, we are unable to use.

How may exercise my rights?

You may exercise your California privacy rights as follows: You may request to exercise your information, access and deletion rights in the following ways:

• Access our online CCPA form here 
• Call 1-855-968-5569  
• Identity verification. The CCPA requires us to verify the identity of the individual submitting the request before providing a substantive response to the request. A request must be provided with sufficient detail to allow us to understand, evaluate and respond. The requester must provide sufficient information to allow us to reasonably verify that the individual is the person about whom we collected information. A request may also be made on behalf of your child under 13.
• Authorized agents. California residents can empower an “authorized agent” to submit requests on their behalf. We will require the authorized agent to have a written authorization confirming that authority.

Do you sell my Personal Information?

We do not sell, as defined under CCPA, your Personal Information to third parties.

What Personal information do you collect, use and share?

The chart below summarizes our collection, use and sharing of Personal Information during the last 12 months before the effective date of this Privacy Notice. We describe the sources through which we collect your Personal Information in section above titled The Personal Data We Collect, and describe the purposes for which we collect, use, sell and share this information in section above titled How We Use Your Personal Data and The Parties with Whom We Share Your Personal Data.

GLOSSARY