OrderUp Privacy Statement and Data Policies (“Privacy Statement”)
Updated January 1, 2021
- Contact Trace services “Contact Trace,”
- Digital Menu services “Digital Menu,”
- Contactless Payment services “Contactless Payment,”
or any combination of services accessible through a mobile web browser or any white-labelled websites that are created or powered by OrderUp applications provided for Establishments and our website —www.orderup.ai—including the online products or services which may be accessed therein, any Account you use to access any of the above, (collectively, the “Service”), all of which are offered by OrderUp Technologies Inc., a federally incorporated Canadian company with an office address at 263 Adelaide Street W. #410, Toronto ON M5H 3G2 (“OrderUp”, “we”, “our” or “us”).
All references to “user”, “you”, “your” mean the Establishment or Patron, as applicable that access and use the Service in any manner, with “Patron” being an individual, end-user, customer, and “Establishment” being the restaurant, stadium, bar, venue or business.
This Privacy Statement applies to Personal Information (as defined below) collected by or on behalf of OrderUp, through or in conjunction with the Service, by email, phone or any other offline interactions and anywhere else we post or display this Privacy Statement. By accessing or using the Service, you accept and agree to the terms of this Privacy Statement in effect at the time of your use. Any individual user acting on behalf of an Establishment hereby confirms that such user has all necessary and legal authority to bind the Establishment. Acceptance of this Privacy Statement by such user will be deemed acceptance by the Establishment of this Privacy Statement. Any terms capitalized herein but not defined will have the meanings ascribed to them in the Terms.
Please note that Establishments are independent third parties that maintain their own business practices and policies outside of their relationship with OrderUp and their use of the Services. As a result, unless provided otherwise in this Statement, we are not responsible for the privacy policies or data practices of our Establishments, who may maintain separate policies and practices.
By using the Services and/or providing us with your Personal Information, you acknowledge that your personal information will be processed and used in the manner set out in this Privacy Statement. We may amend this Statement from time to time in line with the “Updates to this Privacy Statement” section below. To the extent permitted by law, your continued use of the Services and Websites constitutes your acceptance to those amendments and the updated Statement.
You must be at least eighteen (18) years old to use the Service. We desire to protect any personal and financial information you choose to provide us as described in this Privacy Statement.
INFORMATION WE COLLECT
“Personal Information” is information that directly or indirectly identifies you or can be used to identify you as an individual. The following are categories of Personal Information we may collect about you and how we collect it:
Registration, Payment and Personal Information from Patrons. As a Patron, the Service may require you to enter information including your name, phone number, e-mail address, passwords and security question responses etc., and payment information such as your credit card number, expiration date and billing address (“Payment Information”) to use and access the Service, including to settle, pay for or close (“Settle”) a check, bill, tab, owed payment or other transaction (each a “Transaction”) with Establishments, including but not limited to restaurants, bars or stadiums. Should you choose to create an Account via a social media account, we may obtain the name, user name, profile picture, e-mail address, and other disclosed demographics associated with that account. Additionally, when users are requesting and performing various activities on the Service, you may provide us Personal Information that will facilitate our effective response to those requests, including items such as dietary information, food allergies and preferences.
Registration Information from Establishments. As an Establishment, we will require you to enter information including your company name, address, point-of-sale type, logo, and phone number.
Technical Information. When you access the Service, the Service may automatically record information transmitted, including access times, Internet Protocol (IP) addresses and browser used. We may also use “cookies” or “web beacons” (certain small data files stored on your computer that collect information about visits and usage, retain user preferences and account settings, and may improve the customization and efficiency of your recurring experience with the Service). However, we do not permit third parties to track your online activities over time and across other websites based on your use of the Website. You can adjust your browser to not accept cookies; however, your experience with the Website might accordingly be different and less efficient or you may be unable to access all features of the Website. We may also obtain technical information from your device, including your unique device identifiers, hardware model, operating system and version, mobile network information, and information about the device’s interaction with our Service. We may also identify other software running on the device for anti-fraud and malware-prevention purposes, but will not collect any content from that other software.
The “Technical Information” described in this paragraph is non-demographic and typically is not, in and of itself, personally identifiable and remains in aggregate form. We therefore consider it Blind Data, as that term is defined below. We may use this Technical Information to, for example, improve users’ experience of the Service or block users who violate this Privacy Statement or the Terms. If Technical Information or a combination thereof does identify you as an individual, we will treat the information as Personal Information.
Location-Based Information. We and our service providers may collect certain location-based information (“LBI”) from you, such as identifying locations where you activate the Service, check into an Establishment, or make a OrderUp transaction. We will collect this information only when you provide consent; we may directly and explicitly request your consent or the Service may check your device settings regarding location sharing. We may use LBI to provide the Services to you, such as listings of nearby Establishments, targeted coupons, and special offers. Certain aspects of the Service may be dependent on LBI, and your withholding of LBI may prevent or materially limit the Service’s functionality. You can discontinue LBI tracking or withdraw your consent at any time by: contacting us using the contact details at the bottom of this Privacy Statement, changing the preferences on your mobile device, or following the standard uninstall process to remove the applicable instances of the Service from your device.
Transaction Data. We may (and you authorize us to) access, use, process, and transmit data related to your use of the Service, including Transactions enabled by the Service and related Transaction information, including item descriptions, price, tax and tip amounts (“Transaction Data”). If you are a Patron, Transaction Data may include Establishments you patronize and information about the other users with whom you go to Establishments or use the Service. We may (and you authorize us to) obtain Transaction Data directly from you, the other parties engaged in the Transaction, and/or indirectly, such as via an Establishment’s point-of-sale system.
Sources. We collect the information listed above from the following categories of sources:
- Direct interaction with the Service – While interacting with the Service, you may be asked directly to provide personal information. For example, you may enter your name and address when registering for an account.
- Indirectly through your interaction with the Service – The Service may indirectly and automatically collect information associated to your account. For example, the Service may create access logs or other Technical Information as described above.
- Third parties engaged with the Service – Third parties such as an Establishment’s point-of-sale system may indirectly provide additional information related to a transaction.
USE OF INFORMATION
Permitted Uses. Personal Information, Technical Information, LBI and Transaction Data are collectively referred to as “Information.” We only collect and process Information submitted to us through the Service for the purposes described in this Privacy Statement or the Terms, including:
- Authentication purposes – to verify your identity and to protect our rights, your rights and the rights of other users.
- Providing the Service – to perform functions to Settle and process Transactions, provide receipts, or otherwise provide the Service.
- Security – to detect and prevent fraud and abuse and to provision technical notices, security alerts and support and administrative messages.
- Improving the Service – to research and analyze usage of the Service for the development of new services or contests, to improve the Services offered and to solicit feedback.
Information includes data we collect through the Service, even if you have not signed up for an Account or downloaded the App.
Blind Data. We may use the Information to create aggregated, anonymized general information (“Blind Data”) to monitor and improve the Service, create usage statistics, or for any other lawful business purpose. Blind Data does not and cannot be used to identify you as an individual. You hereby grant to us a non-exclusive, transferable, sublicenseable, royalty-free license to use Information we collect from you to generate Blind Data. If we collect or generate Blind Data, it will be owned by us and we may use it for any lawful business purpose without further consideration.
YOUR RIGHTS AND CHOICES
Contact. To exercise any of your rights outlined in this section, or to learn more about our privacy practices, please contact us by email at email@example.com.
Making a Request. You may make a request personally or through an authorized agent. We may ask for supporting information (such as details of a recent transaction) to verify your identity before fulfilling a request. We will use commercially reasonable efforts to respond to all verifiable request within 45 days of its receipt, and will inform you in writing if we require more time.
Access and Deletion. You may request access to and deletion of Information about yourself and your Organization by contacting us directly.
Correction. You may update or correct Information about yourself or your Organization by logging into your Account at any time or by contacting us directly.
Non-Discrimination. We will not discriminate against you for exercising the rights outlined in this section, and your use of the Service will be limited and altered only to the extent permitted by law or as a direct and foreseeable consequence of the exercise of your rights.
Exceptions. We may retain archived copies of information about you and your transactions for a period of time that is consistent with applicable law.
- Unless we have your consent or as stated in this Privacy Statement, we do not share any of your Information.
- We may share Patron Information with Establishments, including certain Personal Information, LBI and Transaction Data (but excluding Payment Information), to improve their products and services.
- We may also provide Information to our agents, technology vendors and other service providers on a “need-to-know” basis for the purpose of providing the Service and operating our business. For example, business analytics platforms, marketing vendors, fraud detection and prevention firms and other vendors that help us improve our products and services and protect against fraud or misuse of the Service. These service providers are required to keep the Information confidential, and may not use it for any purpose other than to perform services for us or as otherwise required by law.
- We may submit any Information we have regarding an alleged violation of law involving the Service to law enforcement, or to other governmental or regulatory entities (including pursuant to a subpoena, court order, or other legal process; or upon reasonable belief that a violation of applicable law has occurred). We may also submit such Information as is required to establish our legal rights or defend against legal claims.
- We may share your Information with an affiliate or assign and transfer the Information to a third-party successor-in-interest in connection with, or in negotiation of: a merger, acquisition, sale of substantially all our assets or stock, or similar change-in-control transaction; a financing event; or a bankruptcy or dissolution proceeding.
NOTICE TO CALIFORNIA RESIDENTS
The information in this section applies to residents of California with regard to Personal Information subject to this Privacy Statement. If you have any questions about this Privacy Statement or would like to receive a printed copy, please contact us at firstname.lastname@example.org
How We Collect and Use Personal Information. In accordance with the California Consumer Privacy Act of 2018 (“CCPA”), this section describes the personal information (as defined by the CCPA) we collected about California residents in the last 12 months, the sources of that information, our business or commercial purposes for collecting the information, and the third parties with whom we shared that information. Please refer to the corresponding sections of this Statement above for details on the following:
- Information We Collect: This section describes the categories of personal information we collected and the categories of sources from which the information was collected.
- Use of Information: This section describes the business or commercial purposes for which we collected the information.
- Information Sharing: This section lists the categories of third parties with whom we shared personal information.
Your Rights and How to Exercise Them. Under the CCPA, California residents have certain rights with regard to their personal information. Those rights may only apply in certain circumstances and may be subject to limitations or exceptions. A summary of those rights is provided below as well as information on how to exercise your rights. Please note that we will require certain identifying information about you as necessary for us to verify your request in accordance with applicable law.
- Right to Know: You may request us to disclose the categories of personal information we collected about you, the purposes for which we collected, sold or disclosed that information, and the categories of third parties to whom we disclosed the information in the last 12 months. To exercise this right, please email your request to email@example.com and include “Disclosure Request” in the subject line of your message.
- Right to Access: You have the right to request access to the personal information specific to you individually, that we collected, used, disclosed and/or sold about you in the last 12 months. To exercise this right, please email your request to firstname.lastname@example.org and include “Access Request” in the subject line of your message.
- Right to Delete: You have the right to request us to delete the personal information we have collected or maintain about you. Please note that certain exceptions may apply to your right to delete information, such as when we must retain personal information as required or permitted by law and we will also maintain a record of your deletion request. We will notify you if any such exceptions apply to your request. To exercise this right, email us at email@example.com and include “Deletion Request” in the subject line of your message.
We will not discriminate against you for exercising the rights outlined in this section, and your use of the Service will be limited and altered only to the extent permitted by law or as a direct and foreseeable consequence of the exercise of your rights. We may also offer certain financial incentives, charge reasonable fees related to your requests, or deny your right to know, right to access or right to deletion in accordance with applicable law.
You can exercise these rights yourself or you can designate an authorized agent to make a request on your behalf. If you would like an authorized agent to submit a request on your behalf, please send us an email at firstname.lastname@example.org for instructions and details on proof and information required for use of an authorized agent.
How We Disclose Information. We disclosed personal information to third parties for business purposes during the last 12 months. For more information on the categories of information we disclosed and to whom it was disclosed, see the Information Sharing section above. We do not sell your personal information or the personal information of minors under age 16.
Third-Party Marketing Disclosure. Under California Civil Code § 1798.83, California residents with whom we have a business relationship can request information about the types of personal information, if any, we shared with third parties for the direct marketing purposes of the third parties and the identities of the third parties with whom we shared such information in the last 12 months. We do not share your personal information with third parties in this manner and have not done so in the last 12 months. You may request more information by contacting us using the contact information at the bottom of this Privacy Statement.
The Website does not currently respond to browser based “Do-Not-Track” signals. For information on how to enable this setting, if available your device, please refer to https://allaboutdnt.com.
We use commercially reasonable efforts designed to protect Information via maintenance of standard physical, electronic, and procedural safeguards. Despite our actions and precautions, no Internet data transmissions are completely secure, and they are subject to theft, fraud, destruction, alteration, disclosure, unauthorized access and other misuse.
The security of your Account and Personal Information depends on you performing your responsibility to control access to your devices and applications, including maintaining physical possession of your device, and keeping your passwords and PINs confidential and not sharing them with anyone. It is also your responsibility to alert us if you believe the security of information in any part of the Service has been compromised.
You agree that there is risk involved in your transmission of Information to us, some of which is unavoidable and may be (a) incurred via occurrences out of our control, or (b) inherent in all like Internet transmissions. To the greatest extent permissible under applicable law, we are not responsible for the security or privacy of any Information you choose to submit to us.
THIRD-PARTY WEBSITES AND TECHNOLOGIES
RETENTION AND DISPOSAL OF PERSONAL INFORMATION
We retain Information to provide, maintain, and augment the Service, and to comply with legal requirements and standard business practices. We retain Information for as long as (a) we have a business need, or (b) applicable laws, regulations, or government orders require. When we dispose of Information, we use reasonable procedures to erase or render it unreadable (for example, shredding documents and wiping electronic media). We may retain Blind Data for so long as it is relevant to our business model, in our discretion.
PRIVACY OF CHILDREN
We do not knowingly collect Personal Information from children under the age of 13. If we learn that we have inadvertently done so, we will take commercially reasonable steps to delete that Personal Information.
OrderUp Technologies Inc. and its affiliated companies are located in Canada and the United States. The Service is not targeted at individuals outside Canada and the United States. If you are visiting the Website or using the Service from outside Canada and the United States, please note that information collected through the Service will be stored and processed in Canada or the United States or any other country (“Transfer Country”) in which we, or our affiliates, subsidiaries, agents or service providers, maintain facilities, where the data protection laws may differ from those in the country where you are located. By using the Service, you consent to any such foreign transmission, including an express consent to your Personal Information being transferred, to, stored, in and accessed from a Transfer Country that differs from the country where you reside and/or utilize the Service.
UPDATES TO THIS PRIVACY STATEMENT
This Privacy Statement will change from time to time to maintain compliance with applicable law and regulations. We reserve the right to modify this Privacy Statement at any time in our sole discretion by posting the most recent version (which shall supersede any other version and become effective as of the last updated date indicated) on the Website. Your continued use of the Service following posting of these changes constitutes acceptance of the terms as they exist at the time of your usage.
For any questions regarding this Privacy Statement, please contact us at email@example.com.