Last Revision. Version 2.0. Dated August 1st, 2019
1. Our Policy:
Welcome to the web site (the “Site”) of RetailCP. (“RetailCP”, “we”, “us” and/or “our”).
As used in this Agreement, “RetailCP” means Ambient Displays Ltd, trading as ‘RetailCP’.
Trading address: Annaverna, Ravensdale, Dundalk, Co Louth, A91V052, Ireland.
This Site is operated by ‘RetailCP’ and has been created to provide information about our company and the software applications and services provided under the name ‘RetailCP’ and related technologies.
2. RetailCP ‘Software’ (the ‘RetailCP Software’)
The RetailCP software includes, and is not limited to the Apps : ‘Payments-Debits-Invoices’, ‘Charge to Invoice’, ‘Payment On Account’, Restaurant Live Orders display’ ‘Fast Food Orders display’, ‘Restaurant Orders display’, and ‘ XLS Customer Uploader’ to import Customer details into a merchant’s account.
4. Information We Collect:
4-1, RetailCP ‘software’
The RetailCP software applications enables POS-till merchants to collect details related to their end-customers, including Name, Address, Email addresses, Landline and Mobile phone numbers, Month & Day of birth, credit & debit card numbers, for the sole purpose that the POS-till merchants can interact with their end-customers and to process POS till orders, online payments, and to provide order & accounts status information to end-customers.
4-2, Personal Data That You Provide Through the Services:
· Personal Information
This refers to information about you, the POS merchant, that can be used to contact or identify you personally. “Personal Information” includes, but is not limited to “Name”, “Telephone number”, “Email addresses”, “Home postal addresses”, “Unique device identifiers”, “Internet Protocol (IP) address”.
· Business non-personal information.
We may ask you to provide information about your business such as your “Business name”, “Business postal address”, “Business telephone number”.
Why we need to collect this information?
RetailCP collects personal information in orderto provide certain services and to manage our relationship with you. Our lawful bases for processing include:
· Where you have given your consent.
· Where it is necessary to enter into and perform a contract with you.
· Where it is necessary to comply with legal obligations.
· For Legitimate Business Interests.
4-3, Choosing to provide or not to provide your personal data
POS merchants. Where we request personal data directly from you, the POS merchants, you do not have to provide it to us. If you decide not to provide the requested information, in some circumstances we may be unable to provide products or services to you, the POS merchants. For example, we may be unable to process your application transactions.
RetailCP staff will only use your contact details to send or give you useful information regarding the RetailCP app, such as changes and improvements to our Apps that we believe you should be made aware of.
4-4, End-customers of POS merchants.
Where RetailCP apps request personal data directly from you, the end-customer of POS merchant, you do not have to provide it to the app. If you decide not to provide the requested information, in most circumstances, the app may be unable to provide products or services to you For example, the app may be unable to process your application transactions.
4-5, Data retention practices.
Data saved into our App database by merchants about their end-customers.
4-6, Individuals can withdraw consent.
When an end-customer (consumer) of a POS merchant requests to withdraw consent to use the end-customers data, the merchant only has access to their POS online dashboard to remove that customer record from POS Customer database. That process is out-of-the scope of RetailCP.
Some of RetailCP apps including ‘invoicing-accounting-Web-apps’ will store end-customers data in Web-app database. For those web-apps, RetailCP will respond promptly & positively to any requests from POS merchants on behalf of merchant’s end-customers, to remove end-customer data records from RetailCP web-app database.
4-7, Non-Identifiable Data:
When you interact with RetailCP through the Services, we receive and store certain personally non-identifiable information. Such information, which is collected passively using various technologies, cannot presently be used to specifically identify you. RetailCP may store such information itself or such information may be included in databases owned and maintained by RetailCP affiliates, agents or service providers. The Services may use such information and pool it with other information to track, for example, the total number of visitors to our Site, the number of visitors to each page of our Site, and the domain names of our visitors’ Internet service providers. It is important to note that no Personal Data is available or used in this process.
4-8, Aggregated Personal Data:
To better understand and serve the users of the Services, RetailCP may conduct research on its customer demographics, interests and behaviour based on the Personal Data and other information provided to us. This research may be compiled and analysed on an aggregate basis, and RetailCP may share this aggregate data with its affiliates, agents and business partners. This aggregate information does not identify you personally. RetailCP may also disclose aggregated user statistics in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.
4-9, Our Disclosure of Your Personal Data and Other Information:
RetailCP is not in the business of selling your information. We consider this information to be a vital part of our relationship with you. There are certain circumstances in which we may share your Personal Data with certain third parties without further notice to you, as set forth below:
4-10, Business Transfers:
As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Data may be part of the transferred assets.
Agents, Consultants and Related Third Parties: RetailCP, like many businesses, sometimes hires other companies to perform certain business-related functions. Examples of such functions include writing software, mailing information, maintaining databases and processing payments. When we employ another entity to perform a function of this nature, we only provide them with the information that they need to perform their specific functions.
4-11, Legal Requirements:
RetailCP may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of RetailCP, (iii) act in urgent circumstances to protect the personal safety of users of the Services or the public, or (iv) protect against legal liability.
5. Data Protection
This policy applies to all personal data processed by the company and includes personal data held in paper and electronic format.
The policy applies to any person employed or engaged by the company who process personal data in the course of their duties for the company. It also applies to all locations from which company data is accessed, including remote access.
Principles of Data Protection
The following outlines the principles of the General Data Protection Regulation. The company is required to adhere to these principles:
1. Personal Data must be collected in a transparent, fair and lawful manner.
The Data Subject will be clearly informed about how their data is being processed at the time it is being captured and who their data is shared with. The Data Subject’s data will not be shared with or disclosed to a third party other than to a party contracted to the company and operating on its behalf.
2. Collected for specific, explicit and lawful purposes.
Personal Datawill be collected for a specific purpose, and this purpose will be made clear to the data subject at the time it is collected. It will not be processed for any other purpose without the data subjects prior notice.
3. Adequate, relevant and limited to what is necessary.
Any data obtained from the data subject will be adequate and relevant to the purpose(s) for which it is being processed. No unnecessary or additional data will be collected and processed.
4. Data must be accurate and, where necessary, kept up-to-date.
Every effort is made by the company to ensure data is accurate. Where the company is notified of inaccurate or incomplete information, it will be rectified immediately. Any data that is out of date or where there is no compelling reason to retain the data, the company will delete or destroy it securely.
5. Personal Data should be retained for no longer than is necessary
Data will be retained for no longer than is necessary for the purposes for which that data was originally collected and processed.
6. Integrity and Confidentiality
All data will be processed safely and securely, to prevent unlawful or unauthorised processing, accidental or unlawful destruction, or accidental loss or damage to the data.
The GDPR requires that the data controller shall be responsible for and be able to demonstrate compliance with the above principles (“accountability”). As a Data Controller and where we act as a Data Processor the company always takes responsibility to adhere to the above principles during the course of its business. Records will be kept of all personal data collected, held or processed.
These records include:
· The name and contact details of the Controller/Processor
· The purposes of the processing
· Categories of data subjects and personal data
· Categories of recipients/third parties with whom the data will be shared
· Retention periods for each category of data
· Transfers of data to other countries
· Details of the technical/security measures in place
Data Protection Manager
The company Data Protection Manager is Gerry Dunne and is responsible for the implementation and monitoring of all data protection related matters.
Gerry’s contact details are as follows:
Business Address: Annaverna, Ravensdale, Dundalk. A91V052. Co Louth, Ireland.
Email Addresses: email@example.com
6. Do Not Track
RetailCP software does not respond to signals submitted by web browsers.
There are no ‘Third Parties’ who perform tracking of users of RetailCP websites.
7. RetailCP software apps do not connect to "Third Party" websites as a rule.
The one exception will be, when a RetailCP app is requested to perform a card payment online, with the consent of the end-customer of our POS merchant. Only then will a RetailCP app connect with the third party authorised First Data merchant payment gateway platform to request approval of a credit or debit card for the end-customer of our POS merchant. Even then, RetailCP web-app will not store full card details on any RetailCP app database. Future online card authorisations will only be performed by the authorised First Data merchant payment gateway platform when we send the platform a payment token already encrypted by the authorised First Data merchant payment gateway.
RetailCP takes reasonable steps to protect the Personal Data provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. Email sent to or from the Services may not be secure. Therefore, you should take special care in deciding what information you send to us via email. Please keep this in mind when disclosing any Personal Data to RetailCP via the Internet.
10. Access to Information; Contacting RetailCP:
11. Right to lodge a complaint with a data protection authority:
POS merchant and their employees and end-customers have the right to lodge a complaint with the Irish data protection supervisory authority, the Data Protection Commissioner:
Making a complaint to the Data Protection Commission Under Article 77 of the GDPR, you have the right to lodge a complaint with the Data Protection Commission if you consider that processing of your personal data is contrary to the GDPR. Under Article 78 of the GDPR, you have a right to an effective judicial remedy where the Data Protection Commission does not handle your complaint or does not inform you within three months on the progress or outcome of your complaint. Under Article 80, you may authorise certain third parties to make a complaint on your behalf. From 25th May 2018, there will be a new mechanism for lodging complaints to the Data Protection Commission. Complaints should be submitted via the online form available at www.dataprotection.ie. In the meantime, complaints to the Commission can be made in writing and addressed to: firstname.lastname@example.org or The Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois, Ireland.