Last Revision. Version 2.0. Dated August 1st, 2019
1. Our Policy:
Welcome to the web site (the “Site”) of RetailCP. (“RetailCP”, “we”, “us” and/or “our”).
As used in this Agreement, “RetailCP” means Ambient Displays Ltd, trading as ‘RetailCP’.
Trading address: Annaverna, Ravensdale, Dundalk, Co Louth, A91V052, Ireland.
This Site is operated by ‘RetailCP’ and has been created to provide information about our company and the
software applications and services provided under the name ‘RetailCP’ and related technologies.
identifiable data (“Personal Data”) and other information that is collected from visitors to the Site
Services, and data which is collected by RetailCP apps in the application databases.
2. RetailCP ‘Software’ (the ‘RetailCP Software’)
The RetailCP software includes, and is not limited to the Apps : ‘Payments-Debits-Invoices’, ‘Charge to
Invoice’, ‘Payment On Account’, Restaurant Live Orders display’ ‘Fast Food Orders display’, ‘Restaurant
Orders display’, and ‘ XLS Customer Uploader’ to import Customer details into a merchant’s account.
Cookies Information. Cookies are text files containing small amounts of information, which your
computer or mobile device downloads when you visit a website. When you return to websites - or visit
websites that use the same cookies - they recognise these cookies and therefore your browsing device.
Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your
4. Information We Collect:
4-1, RetailCP ‘software’
The RetailCP software applications enables POS-till merchants to collect details related to their
end-customers, including Name, Address, Email addresses, Landline and Mobile phone numbers, Month &
of birth, credit & debit card numbers, for the sole purpose that the POS-till merchants can interact
with their end-customers and to process POS till orders, online payments, and to provide order &
accounts status information to end-customers.
4-2, Personal Data That You Provide Through the Services:
We collect Personal Data from you, the POS-till merchants, when you voluntarily provide such information
as when you contact us with inquiries, respond to one of our surveys, register for access to the
use certain Services. Wherever RetailCP collects Personal Data we try to provide a link to this Privacy
· Personal Information
This refers to information about you, the POS merchant, that can be used to contact or identify you
personally. “Personal Information” includes, but is not limited to “Name”, “Telephone number”, “Email
addresses”, “Home postal addresses”, “Unique device identifiers”, “Internet Protocol (IP) address”.
· Business non-personal information.
We may ask you to provide information about your business such as your “Business name”, “Business postal
address”, “Business telephone number”.
Why we need to collect this information?
RetailCP collects personal information in orderto provide certain services and to
our relationship with you. Our lawful bases for processing include:
· Where you have given your consent.
· Where it is necessary to enter into and perform a contract with you.
· Where it is necessary to comply with legal obligations.
· For Legitimate Business Interests.
4-3, Choosing to provide or not to provide your personal data
POS merchants. Where we request personal data directly from you, the POS merchants, you do not
provide it to us. If you decide not to provide the requested information, in some circumstances we may
unable to provide products or services to you, the POS merchants. For example, we may be unable to
your application transactions.
By voluntarily providing us with Personal Data, you are consenting to our use of it in accordance with
Data may be transferred from your current location to the offices and servers of RetailCP.
RetailCP staff will only use your contact details to send or give you useful information regarding the
RetailCP app, such as changes and improvements to our Apps that we believe you should be made aware of.
4-4, End-customers of POS merchants.
Where RetailCP apps request personal data directly from you, the end-customer of POS merchant, you do not
have to provide it to the app. If you decide not to provide the requested information, in most
circumstances, the app may be unable to provide products or services to you For example, the app may be
unable to process your application transactions.
4-5, Data retention practices.
Data saved into our App database by merchants about their end-customers.
A merchant may choose to install RetailCP applications on its Clover POS. RetailCP may receive personal
about merchant’s customers, or merchant’s personnel as a result of the merchant’s use of our RetailCP
such as when the app performs services related to the customer data and returns information to the
merchant’s app database. We are not responsible for the privacy practices of the merchants; however, we
4-6, Individuals can withdraw consent.
When an end-customer (consumer) of a POS merchant requests to withdraw consent to use the end-customers
the merchant only has access to their POS online dashboard to remove that customer record from POS
database. That process is out-of-the scope of RetailCP.
Some of RetailCP apps including ‘invoicing-accounting-Web-apps’ will store end-customers data in Web-app
database. For those web-apps, RetailCP will respond promptly & positively to any requests from POS
merchants on behalf of merchant’s end-customers, to remove end-customer data records from RetailCP
4-7, Non-Identifiable Data:
When you interact with RetailCP through the Services, we receive and store certain personally
non-identifiable information. Such information, which is collected passively using various technologies,
cannot presently be used to specifically identify you. RetailCP may store such information itself or
information may be included in databases owned and maintained by RetailCP affiliates, agents or service
providers. The Services may use such information and pool it with other information to track, for
the total number of visitors to our Site, the number of visitors to each page of our Site, and the
names of our visitors’ Internet service providers. It is important to note that no Personal Data is
available or used in this process.
4-8, Aggregated Personal Data:
To better understand and serve the users of the Services, RetailCP may conduct research on its customer
demographics, interests and behaviour based on the Personal Data and other information provided to us.
research may be compiled and analysed on an aggregate basis, and RetailCP may share this aggregate data
its affiliates, agents and business partners. This aggregate information does not identify you
RetailCP may also disclose aggregated user statistics in order to describe our services to current and
prospective business partners, and to other third parties for other lawful purposes.
4-9, Our Disclosure of Your Personal Data and Other Information:
RetailCP is not in the business of selling your information. We consider this information to be a vital
of our relationship with you. There are certain circumstances in which we may share your Personal Data
certain third parties without further notice to you, as set forth below:
4-10, Business Transfers:
As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale,
merger, reorganization, dissolution or similar event, Personal Data may be part of the transferred
Related Companies: We may also share your Personal Data with our Related Companies for purposes
Agents, Consultants and Related Third Parties: RetailCP, like many businesses, sometimes hires other
companies to perform certain business-related functions. Examples of such functions include writing
software, mailing information, maintaining databases and processing payments. When we employ another
to perform a function of this nature, we only provide them with the information that they need to
their specific functions.
4-11, Legal Requirements:
RetailCP may disclose your Personal Data if required to do so by law or in the good faith belief that
action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or
RetailCP, (iii) act in urgent circumstances to protect the personal safety of users of the Services or
public, or (iv) protect against legal liability.
provide to RetailCP through the Services or through any other means. This includes, but is not limited
information posted to any public areas of the Services, such as forums, any ideas for new products or
modifications to existing products, and other unsolicited submissions (collectively, “Unsolicited
Information”). All Unsolicited Information shall be deemed to be non-confidential and RetailCP shall be
to reproduce, use, disclose, and distribute such Unsolicited Information to others without limitation or
RetailCP does not knowingly collect Personal Data from children under the age of 13. If you are under the
of 13, please do not submit any Personal Data through the Services. We encourage parents and legal
children never to provide Personal Data on the Services without their permission. If you have reason to
believe that a child under the age of 13 has provided Personal Data to RetailCP through the Services,
contact us, and we will endeavour to delete that information from our databases.
5. Data Protection
This policy applies to all personal data processed by the company and includes personal data held in
and electronic format.
The policy applies to any person employed or engaged by the company who process personal data in the
of their duties for the company. It also applies to all locations from which company data is accessed,
including remote access.
Principles of Data Protection
The following outlines the principles of the General Data Protection Regulation. The company is required
adhere to these principles:
1. Personal Data must be collected in a transparent, fair and lawful manner.
The Data Subject will be clearly informed about how their data is being processed at the time it is being
captured and who their data is shared with. The Data Subject’s data will not be shared with or disclosed
a third party other than to a party contracted to the company and operating on its behalf.
2. Collected for specific, explicit and lawful purposes.
Personal Datawill be collected for a specific purpose, and this purpose will be made clear to the data
subject at the time it is collected. It will not be processed for any other purpose without the data
subjects prior notice.
3. Adequate, relevant and limited to what is necessary.
Any data obtained from the data subject will be adequate and relevant to the purpose(s) for which it is
processed. No unnecessary or additional data will be collected and processed.
4. Data must be accurate and, where necessary, kept up-to-date.
Every effort is made by the company to ensure data is accurate. Where the company is notified of
or incomplete information, it will be rectified immediately. Any data that is out of date or where there
no compelling reason to retain the data, the company will delete or destroy it securely.
5. Personal Data should be retained for no longer than is necessary
Data will be retained for no longer than is necessary for the purposes for which that data was originally
collected and processed.
6. Integrity and Confidentiality
All data will be processed safely and securely, to prevent unlawful or unauthorised processing,
unlawful destruction, or accidental loss or damage to the data.
The GDPR requires that the data controller shall be responsible for and be able to demonstrate compliance
with the above principles (“accountability”). As a Data Controller and where we act as a Data Processor
company always takes responsibility to adhere to the above principles during the course of its business.
Records will be kept of all personal data collected, held or processed.
These records include:
· The name and contact details of the Controller/Processor
· The purposes of the processing
· Categories of data subjects and personal data
· Categories of recipients/third parties with whom the data will be shared
· Retention periods for each category of data
· Transfers of data to other countries
· Details of the technical/security measures in place
Data Protection Manager
The company Data Protection Manager is Gerry Dunne and is responsible for the implementation and
of all data protection related matters.
Gerry’s contact details are as follows:
Business Address: Annaverna, Ravensdale, Dundalk. A91V052. Co Louth, Ireland.
Email Addresses: firstname.lastname@example.org
6. Do Not Track
RetailCP software does not respond to signals submitted by web browsers.
There are no ‘Third Parties’ who perform tracking of users of RetailCP websites.
7. RetailCP software apps do not connect to "Third Party" websites as a rule.
The one exception will be, when a RetailCP app is requested to perform a card payment online, with
consent of the end-customer of our POS merchant. Only then will a RetailCP app connect with the third
authorised First Data merchant payment gateway platform to request approval of a credit or debit card
the end-customer of our POS merchant. Even then, RetailCP web-app will not store full card details on
RetailCP app database. Future online card authorisations will only be performed by the authorised First
merchant payment gateway platform when we send the platform a payment token already encrypted by the
authorised First Data merchant payment gateway.
RetailCP takes reasonable steps to protect the Personal Data provided via the Services from loss, misuse,
unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission
ever fully secure or error free. Email sent to or from the Services may not be secure. Therefore, you
take special care in deciding what information you send to us via email. Please keep this in mind when
disclosing any Personal Data to RetailCP via the Internet.
The Services and our business may change from time to time. As a result, at times it may be necessary for
the date indicated above. Your continued use of the Services after any changes or revisions to this
10. Access to Information; Contacting RetailCP:
In order to maintain your Personal Data as accurate, current, and complete, and if you have any questions
11. Right to lodge a complaint with a data protection authority:
POS merchant and their employees and end-customers have the right to lodge a complaint with the Irish
protection supervisory authority, the Data Protection Commissioner:
Making a complaint to the Data Protection Commission Under Article 77 of the GDPR, you have the right to
lodge a complaint with the Data Protection Commission if you consider that processing of your personal
is contrary to the GDPR. Under Article 78 of the GDPR, you have a right to an effective judicial remedy
where the Data Protection Commission does not handle your complaint or does not inform you within three
months on the progress or outcome of your complaint. Under Article 80, you may authorise certain third
parties to make a complaint on your behalf. From 25th May 2018, there will be a new mechanism for
complaints to the Data Protection Commission. Complaints should be submitted via the online form
at www.dataprotection.ie. In the meantime, complaints to the
Commission can be made in writing and addressed to: email@example.com or The Data Protection Commissioner,
Canal House, Station Road, Portarlington, Co. Laois, Ireland.