This privacy notice is for your information. It sets out how NorthernPOS Inc.(“Northern”) collects and uses personal information in connection with the Gift Easy service (the “Service”). The Service is described in a separate Subscriber Agreement made between Northern and the subscriber identified in that Agreement (the “Subscriber”).The Agreement addresses how Northern deals with personal information about the Subscriber’s end users (“End Users”) as well as the Subscriber’s customers.
Northern operates and makes available Gift Easy, a digital gift card software or mobile app that provides gift cards program software infrastructure to businesses and allows to issue, reload or redeem gift cards to their customers. While providing for a secure channel to permit the transmission of information between systems, Gift Easy is not a payment tool, and does not allow for the transmission or storage of any payment-related information.
Northern may use analysis service providers to: (i) analyse how users use the Service; (ii) evaluate how the Service is used; (iii) compile statistics relating to Service activities; (iv) conduct market research; and (v) further develop the Service. Northern maintains a list of the analysis service providers in use at www.northernpos.com.
– In addition to any other uses set out in this notice, Northern uses the personal information that it collects to: (i) operate and provide the Service, including making improvements to the Service from time to time; (ii) maintain system security for the Service; (iii) respond to inquiries from users; and (iv) establish, exercise or defend its legal rights.
– Contact information (name, email address, address and phone number) and banking/payment informationmay be collected by Northernas part of a subscription to the Service. This information may include certain personal information about the Subscriber or one or more End Users. However, in accordance with the information set out in “Background”, no payment information about the Subscriber’s customers is collected or processed as part of the Service.
– The Service may allow End Users to provide, on a voluntary basis, certain personal information about themselves or other persons, including customers of the Subscriber. In such circumstances, the Subscriber is responsible for identifying the purposes for which the information is collected, and for obtaining all consents required under applicable law to use the information for such purposes. If Northernproposes to collect any personal informationin circumstances other than as described in this Privacy Notice, it will disclose the purposes and seek express consent to that collection.
– Northern may share personal information that it has collected about its employees, agents, officers, directors and contract workers (collectively, “Representatives”) who need to use that information in connection with one or more of the purposes for which that personal information was collected. Northern will enter into agreements and will otherwise take reasonable steps to cause its Representatives to abide by the terms of this Privacy Notice.
– From time to time, Northern may engage service providers to provide certain services in connection with the Service provided by Northern. Northern will limit the personal information provided to these service providers, consistent with the services for which they are responsible. These service providers, in turn, may share certain personal information with their own service providers. Northern will require,through contractual means, the service providers that they retain to safeguard any information that is provided to them, maintain its confidentiality and not to use or disclose that information for any purpose other than to provide the services for which they were retained. A list of the service providers and their locations is available at: www.northernpos.com.
Please note: For the Service and the related data, Northern uses a cloud-based hosting service that relies on servers located around the world. The hosting service used by Northern is part of the list of service providers identified in the preceding paragraph. Personal information may be stored and processed using any of those servers in any of those locations. Those jurisdictions may not have the same data protection laws as the country in which the subscriber carries on business.
Note that in addition to the list of service providers referred to in the link set out above, Northern may work with other businesses that provide products or services that are to be used in conjunction with the Service. Some of these other businesses are set out in the list set out at this link: www.northernpos.com.Unless any entity is expressly identified as a service provider to Northern, these other entities are independent suppliers of their own products and services. Northern is not responsible for the collection or use of any information by these other providers, whether their products or services are used in conjunction with the Service or otherwise.
– Northern may access and/or disclose any personal information which it has collected if required or permitted to do so by law (for example, to comply with a legal requirement including but not limited to one imposed by a warrant, subpoena, court order or like instrument served on Northern or in urgent circumstances to protect the life, health or security of any person).
– Please be aware that Northern may disclose your Personal Information to its successor or any assignee of its assets relating to the Service.
– Before disclosing personal information relating to a user to a third party other than as set out in this Privacy Notice, Northern will obtain the affected user’s consent to the disclosure.
Subject to the limits arising from the scope of the Service,Northern is committed to ensuring that your personal data is secure. In order to prevent unauthorized access or disclosure, Northern has put in place physical, technical and organisational measures to safeguard and secure the personal information that it holds or transmits.For example, Northern uses encryption to safeguard certain types of personal information when they are being transmitted over the Internet. However, no data transmission over the internet can be guaranteed to be completely secure. Northern is also not responsible for ensuring the security of any system (including any restaurant management system or POS system) used by the Subscriber in conjunction with the Service, or the interfaces between any such system and the Service. Consequently, Northern expressly disclaims all representations, warranties and conditions (whether express or implied) that any information transmitted by means of the Service will be completely secure.
For a more detailed description of the security measures used by Northern, see: www.northernpos.com.
Northern may aggregate and depersonalize any information about the Subscriber’s use of the Service provided to Northern. Aggregated and depersonalized information is used for purposes of making improvements to the Service and providing reports to the Subscriber concerning its use of the Service.
If there are any changes to this notice, Northernwill post the changes to www.northernpos.comat least thirty (30) days in advance of when they become effective. Northern may notify usersof changes to this notice by email sent to the email address included in the user’scontact information, but Northern is not required to do so.
The Subscriber acknowledges that in certain circumstances, the Subscriber may act in the role of a data controller within the meaning of the EU General Data Protection Regulation and any laws and regulations enacted thereunder (collectively the ). The Subscriber will be responsible for determining the circumstances in which it may be required to comply with the GDPR and for determining any additional measures (such as obtaining additional consents) that it should implement in order to ensure such compliance. To the extent applicable, the Subscriber may act in the role of a data processor with respect to certain information transmitted through the Subscriber’s use of the Service, but such role shall be limited in accordance with the limited scope of the Service provided by Northern.
When Northern receives a written complaint regarding its use of personal information, Northerncomplies with lawful requests or demands by any relevant authorities investigating the potential misuse, in addition to conducting its own investigation.
To file a compliant regarding Northern’s use of personal information, send an email setting out your complaint to: email@example.com.
Northern reviews this notice at least once every 18 months.
Subject to applicable law, any user of the Service may request access to and receive details about the personal information Northern maintains about him or her, update and correct inaccuracies in that personal information, and have the information blocked or deleted, as appropriate. The right to access personal information may be limited in some circumstances by local law requirements. Northern will take reasonable steps to verify identity before granting access or making corrections. To exercise any of these rights or to ask questions regarding this notice, contact Northern’s Privacy Officer:firstname.lastname@example.org.