RetailCP ‘Software’: Privacy Policy

Last Revision. Version 2.0. Dated August 1st, 2019

1. Our Policy:

Welcome to the web site (the “Site”) of RetailCP. (“RetailCP”, “we”, “us” and/or “our”).

As used in this Agreement, “RetailCP” means Ambient Displays Ltd, trading as ‘RetailCP’.

Trading address: Annaverna, Ravensdale, Dundalk, Co Louth, A91V052, Ireland.

This Site is operated by ‘RetailCP’ and has been created to provide information about our company and the software applications and services provided under the name ‘RetailCP’ and related technologies.

This Privacy Policy sets forth ‘RetailCP’ policy with respect to information including personally identifiable data (“Personal Data”) and other information that is collected from visitors to the Site and Services, and data which is collected by RetailCP apps in the application databases.

2. RetailCP ‘Software’ (the ‘RetailCP Software’)

The RetailCP software includes, and is not limited to the Apps : ‘Payments-Debits-Invoices’, ‘Charge to Invoice’, ‘Payment On Account’, Restaurant Live Orders display’ ‘Fast Food Orders display’, ‘Restaurant Orders display’, and ‘ XLS Customer Uploader’ to import Customer details into a merchant’s account.

3. We do not use cookies across Retail CP websites and Apps.

Cookies Information. Cookies are text files containing small amounts of information, which your computer or mobile device downloads when you visit a website. When you return to websites - or visit websites that use the same cookies - they recognise these cookies and therefore your browsing device. Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences and generally improving your browsing experience. We do not use Cookies.

4. Information We Collect:

4-1, RetailCP ‘software’

The RetailCP software applications enables POS-till merchants to collect details related to their end-customers, including Name, Address, Email addresses, Landline and Mobile phone numbers, Month & Day of birth, credit & debit card numbers, for the sole purpose that the POS-till merchants can interact with their end-customers and to process POS till orders, online payments, and to provide order & accounts status information to end-customers.

4-2, Personal Data That You Provide Through the Services:

We collect Personal Data from you, the POS-till merchants, when you voluntarily provide such information such as when you contact us with inquiries, respond to one of our surveys, register for access to the Services or use certain Services. Wherever RetailCP collects Personal Data we try to provide a link to this Privacy Policy.

· Personal Information

This refers to information about you, the POS merchant, that can be used to contact or identify you personally. “Personal Information” includes, but is not limited to “Name”, “Telephone number”, “Email addresses”, “Home postal addresses”, “Unique device identifiers”, “Internet Protocol (IP) address”.

· Business non-personal information.

We may ask you to provide information about your business such as your “Business name”, “Business postal address”, “Business telephone number”.

Why we need to collect this information?

RetailCP collects personal information in orderto provide certain services and to manage our relationship with you. Our lawful bases for processing include:

· Where you have given your consent.

· Where it is necessary to enter into and perform a contract with you.

· Where it is necessary to comply with legal obligations.

· For Legitimate Business Interests.


4-3, Choosing to provide or not to provide your personal data

POS merchants. Where we request personal data directly from you, the POS merchants, you do not have to provide it to us. If you decide not to provide the requested information, in some circumstances we may be unable to provide products or services to you, the POS merchants. For example, we may be unable to process your application transactions.

By voluntarily providing us with Personal Data, you are consenting to our use of it in accordance with this Privacy Policy. If you provide Personal Data to the Services, you acknowledge and agree that such Personal Data may be transferred from your current location to the offices and servers of RetailCP.

RetailCP staff will only use your contact details to send or give you useful information regarding the RetailCP app, such as changes and improvements to our Apps that we believe you should be made aware of.

4-4, End-customers of POS merchants.

Where RetailCP apps request personal data directly from you, the end-customer of POS merchant, you do not have to provide it to the app. If you decide not to provide the requested information, in most circumstances, the app may be unable to provide products or services to you For example, the app may be unable to process your application transactions.

4-5, Data retention practices.

Data saved into our App database by merchants about their end-customers.

A merchant may choose to install RetailCP applications on its Clover POS. RetailCP may receive personal data about merchant’s customers, or merchant’s personnel as a result of the merchant’s use of our RetailCP app, such as when the app performs services related to the customer data and returns information to the merchant’s app database. We are not responsible for the privacy practices of the merchants; however, we will treat the data stored in RetailCP’s app database in accordance with this Privacy Policy.


4-6, Individuals can withdraw consent.

When an end-customer (consumer) of a POS merchant requests to withdraw consent to use the end-customers data, the merchant only has access to their POS online dashboard to remove that customer record from POS Customer database. That process is out-of-the scope of RetailCP.

Some of RetailCP apps including ‘invoicing-accounting-Web-apps’ will store end-customers data in Web-app database. For those web-apps, RetailCP will respond promptly & positively to any requests from POS merchants on behalf of merchant’s end-customers, to remove end-customer data records from RetailCP web-app database.

4-7, Non-Identifiable Data:

When you interact with RetailCP through the Services, we receive and store certain personally non-identifiable information. Such information, which is collected passively using various technologies, cannot presently be used to specifically identify you. RetailCP may store such information itself or such information may be included in databases owned and maintained by RetailCP affiliates, agents or service providers. The Services may use such information and pool it with other information to track, for example, the total number of visitors to our Site, the number of visitors to each page of our Site, and the domain names of our visitors’ Internet service providers. It is important to note that no Personal Data is available or used in this process.

4-8, Aggregated Personal Data:

To better understand and serve the users of the Services, RetailCP may conduct research on its customer demographics, interests and behaviour based on the Personal Data and other information provided to us. This research may be compiled and analysed on an aggregate basis, and RetailCP may share this aggregate data with its affiliates, agents and business partners. This aggregate information does not identify you personally. RetailCP may also disclose aggregated user statistics in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.


4-9, Our Disclosure of Your Personal Data and Other Information:

RetailCP is not in the business of selling your information. We consider this information to be a vital part of our relationship with you. There are certain circumstances in which we may share your Personal Data with certain third parties without further notice to you, as set forth below:

4-10, Business Transfers:

As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Data may be part of the transferred assets.
Related Companies: We may also share your Personal Data with our Related Companies for purposes consistent with this Privacy Policy.
Agents, Consultants and Related Third Parties: RetailCP, like many businesses, sometimes hires other companies to perform certain business-related functions. Examples of such functions include writing software, mailing information, maintaining databases and processing payments. When we employ another entity to perform a function of this nature, we only provide them with the information that they need to perform their specific functions.

4-11, Legal Requirements:

RetailCP may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of RetailCP, (iii) act in urgent circumstances to protect the personal safety of users of the Services or the public, or (iv) protect against legal liability.

4-12, Exclusions:

This Privacy Policy does not apply to any Personal Data collected by RetailCP other than Personal Data collected through the Services. This Privacy Policy shall not apply to any unsolicited information you provide to RetailCP through the Services or through any other means. This includes, but is not limited to, information posted to any public areas of the Services, such as forums, any ideas for new products or modifications to existing products, and other unsolicited submissions (collectively, “Unsolicited Information”). All Unsolicited Information shall be deemed to be non-confidential and RetailCP shall be free to reproduce, use, disclose, and distribute such Unsolicited Information to others without limitation or attribution.


4-13, Children:

RetailCP does not knowingly collect Personal Data from children under the age of 13. If you are under the age of 13, please do not submit any Personal Data through the Services. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Data on the Services without their permission. If you have reason to believe that a child under the age of 13 has provided Personal Data to RetailCP through the Services, please contact us, and we will endeavour to delete that information from our databases.

5. Data Protection

Scope

This policy applies to all personal data processed by the company and includes personal data held in paper and electronic format.

The policy applies to any person employed or engaged by the company who process personal data in the course of their duties for the company. It also applies to all locations from which company data is accessed, including remote access.

Principles of Data Protection

The following outlines the principles of the General Data Protection Regulation. The company is required to adhere to these principles:

1. Personal Data must be collected in a transparent, fair and lawful manner.

The Data Subject will be clearly informed about how their data is being processed at the time it is being captured and who their data is shared with. The Data Subject’s data will not be shared with or disclosed to a third party other than to a party contracted to the company and operating on its behalf.

2. Collected for specific, explicit and lawful purposes.

Personal Datawill be collected for a specific purpose, and this purpose will be made clear to the data subject at the time it is collected. It will not be processed for any other purpose without the data subjects prior notice.

3. Adequate, relevant and limited to what is necessary.

Any data obtained from the data subject will be adequate and relevant to the purpose(s) for which it is being processed. No unnecessary or additional data will be collected and processed.

4. Data must be accurate and, where necessary, kept up-to-date.

Every effort is made by the company to ensure data is accurate. Where the company is notified of inaccurate or incomplete information, it will be rectified immediately. Any data that is out of date or where there is no compelling reason to retain the data, the company will delete or destroy it securely.

5. Personal Data should be retained for no longer than is necessary

Data will be retained for no longer than is necessary for the purposes for which that data was originally collected and processed.

6. Integrity and Confidentiality

All data will be processed safely and securely, to prevent unlawful or unauthorised processing, accidental or unlawful destruction, or accidental loss or damage to the data.

The GDPR requires that the data controller shall be responsible for and be able to demonstrate compliance with the above principles (“accountability”). As a Data Controller and where we act as a Data Processor the company always takes responsibility to adhere to the above principles during the course of its business. Records will be kept of all personal data collected, held or processed.

These records include:

· The name and contact details of the Controller/Processor

· The purposes of the processing

· Categories of data subjects and personal data

· Categories of recipients/third parties with whom the data will be shared

· Retention periods for each category of data

· Transfers of data to other countries

· Details of the technical/security measures in place

Data Protection Manager

The company Data Protection Manager is Gerry Dunne and is responsible for the implementation and monitoring of all data protection related matters.

Gerry’s contact details are as follows:

Business Address: Annaverna, Ravensdale, Dundalk. A91V052. Co Louth, Ireland.
Email Addresses: gerry@retailcp.ie

6. Do Not Track

RetailCP software does not respond to signals submitted by web browsers.

There are no ‘Third Parties’ who perform tracking of users of RetailCP websites.

7. RetailCP software apps do not connect to "Third Party" websites as a rule.

The one exception will be, when a RetailCP app is requested to perform a card payment online, with the consent of the end-customer of our POS merchant. Only then will a RetailCP app connect with the third party authorised First Data merchant payment gateway platform to request approval of a credit or debit card for the end-customer of our POS merchant. Even then, RetailCP web-app will not store full card details on any RetailCP app database. Future online card authorisations will only be performed by the authorised First Data merchant payment gateway platform when we send the platform a payment token already encrypted by the authorised First Data merchant payment gateway.

8. Security:

RetailCP takes reasonable steps to protect the Personal Data provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. Email sent to or from the Services may not be secure. Therefore, you should take special care in deciding what information you send to us via email. Please keep this in mind when disclosing any Personal Data to RetailCP via the Internet.

9. Changes to RetailCP’ Privacy Policy:

The Services and our business may change from time to time. As a result, at times it may be necessary for RetailCP to make changes to this Privacy Policy. RetailCP reserves the right to update or modify this Privacy Policy at any time and from time to time without prior notice. Please review this policy periodically, and especially before you provide any Personal Data. This Privacy Policy was last updated on the date indicated above. Your continued use of the Services after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy.

10. Access to Information; Contacting RetailCP:

In order to maintain your Personal Data as accurate, current, and complete, and if you have any questions regarding RetailCP Privacy Policy or information practices, you may contact RetailCP by emailing to App@retailcp.ie.

11. Right to lodge a complaint with a data protection authority:

POS merchant and their employees and end-customers have the right to lodge a complaint with the Irish data protection supervisory authority, the Data Protection Commissioner:

Making a complaint to the Data Protection Commission Under Article 77 of the GDPR, you have the right to lodge a complaint with the Data Protection Commission if you consider that processing of your personal data is contrary to the GDPR. Under Article 78 of the GDPR, you have a right to an effective judicial remedy where the Data Protection Commission does not handle your complaint or does not inform you within three months on the progress or outcome of your complaint. Under Article 80, you may authorise certain third parties to make a complaint on your behalf. From 25th May 2018, there will be a new mechanism for lodging complaints to the Data Protection Commission. Complaints should be submitted via the online form available at www.dataprotection.ie. In the meantime, complaints to the Commission can be made in writing and addressed to: info@dataprotection.ie or The Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois, Ireland.