We believe the data collected through the Poynt Smart Terminal and Poynt Platform will revolutionize how merchants run their business. We are committed to being transparent and open about how that data is used, and this document outlines our core privacy principles, how data is used, and what control merchants have over their information.
We define “your data” as 1) identifying information provided by customers, 2) non-sensitive payment data collected during a transaction, and 3) other information provided by the merchant about their business through the Poynt Platform or on the Poynt Smart Terminal.
Privacy and Data Usage Principles
- Merchants own their data
Merchants will always be able to access and download historical transactions and orders data. No more printing reports for the sake of archiving information before it is lost, or not even being able to access it.
- Merchants control how their data is used
Poynt and developer applications on the Poynt Platform are forbidden to share or sell data, unless the merchant provides permission. Merchants will also have transparency into which applications have been given access to their data.
- Data is portable across applications
For example, inventory in a POS application can be connected to an accounting application or an order-ahead system. Merchants have this ability and control which applications have access to particular pieces of data. No more being locked in to an application because the data can’t be exported.
- Security is a top priority
Poynt protects merchants and their customers by always handling sensitive payment data with state-of-the-art security and encryption standards. Importantly, no sensitive payment data is ever stored on the Smart Terminal.
- Limited data collection
Poynt is the custodian of data processed through the Poynt Platform and owns a copy of all data collected. We only collect data that can provide value to our merchants, and will never collect data purely for the sake of it.
- Use anonymized data when possible
To further protect merchants and their customers, when practical we use aggregated or anonymized data for analysis, insights and building new products for our ecosystem.
- Developers on the Poynt Platform will abide by the above principles
Only Trusted Developers who have met Poynt’s security and privacy standards will be able to handle sensitive payment data. Other developers will be able to deploy their applications in a Poynt-approved environment.
Effective date: May 24, 2018
Remember that your use of Poynt’s Services is at all times subject to the EULA. Any terms we use in this Policy without defining them have the definitions given to them in the EULA.
As noted in the EULA we do not knowingly collect or solicit Personal Information from children with specific ages determined by jurisdiction. If you are under 13, please do not attempt to register for the Services or send any Personal Information about yourself to us. If we learn that we have collected Personal Information from a child under age 13, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us personal information, please contact us at firstname.lastname@example.org.
2. What information does Poynt collect?
Information you provide to us that we use for our purposes
We receive and store any information you knowingly provide to us. For example, through the registration process on our Websites and/or through your account settings, we may collect Personal Information such as your name, email address, phone number and address. Certain information may be required to register with us or to take advantage of some of our features.
We may communicate with you if you’ve provided us the means to do so. For example, if you’ve given us your email address or mobile number, we may send you information about our Services, and with your consent, promotional email offers on behalf of other businesses, or contact you about your use of the Services. Generally speaking we use this information to provide you a better experience of or information on our Services. For merchants we may use this information to provide Level 2 customer support if required. Also, we may receive a confirmation when you open an email from us. This confirmation helps us make our communications with you more interesting and improve our Services. If you do not want to receive communications from us, please indicate your preference by clicking the appropriate unsubscribe link contained within the email or amending your options in your Preference Center / emailing us with such a request at email@example.com.
Whether you are an individual or a business, we collect and store information about you that you knowingly provide when you express interest in acquiring a Poynt device, through our website.
We also collect information that you knowingly provide when you apply for jobs on our career's page.
Information you provide to us that we process on behalf of others
We receive, store and process any information you knowingly provide to us whilst using the Terminals, for example, through the registration process on our Terminals, your account settings, when you use our Terminals to pay for a transaction and/or when you use of our Level 2 support services.
If you are a consumer and use our Terminals for payments, we may collect and process consumer Personal Information such as your name, email address, phone number and address for manually entered cards as well as transaction data, such as purchases, purchase amount, date of purchase, payment method and signature.
Whilst for merchants, we may collect and process store owner's name, store address, MCC and contact information from your transaction processor, acquiring bank and/or reseller.
In addition, we store images and /or videos the merchants choose to upload or display on the Poynt Terminal. Some of this information may be required to register with us or to take advantage of some of our features.
Information Collected Automatically
We may use this data to customize content for you that we think you might like, based on your usage patterns. We may also use it to improve the Services – for example, this data can tell us how often users use a particular feature of the Services, and we can use that knowledge to make the Services interesting to as many users as possible.
Information collected from third parties
From time to time, we may receive Personal Information about you from third party sources (including your address and contact information from your processor).
If you are a merchant using our platform, we receive information from your merchant bank for purposes of activating your merchant account on the Poynt device. This data includes your name, business name, business or store address, email address and phone number. This information may be stored privately with access controls. Poynt is not always a data controller and making its own independent decisions about how to process and use this this information. Depending on our business model and our contractual arrangements, Poynt may occasionally be acting as a data processor acting on behalf of our partners and pursuant to their contractual instructions in respect of this information.
From time to time, we may receive personal information about you from third party sources through our recruiting team, referred by existing employees, or recommended by account representatives for each respective site):
• vettery.com • hired.com • linkedin.com • indeed.com
3. General Information
Legal basis for processing Personal Information (EEA visitors only)
If you are located in the European Economic Area ("EEA") and visit our Websites, Poynt Co., is the data controller of your Personal Information. Poynt's privacy team can be contacted at firstname.lastname@example.org.
Our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it. However, we will normally collect Personal Information from you only where we have your consent to do so, where we need the Personal Information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Information from you.
If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not (as well as the possible consequences if you do not provide your personal information). Similarly, if we collect and use your Personal Information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests. Further information on the legal basis of processing your Personal Information will be provided to you on request.
Will Poynt share any of the Personal Information it receives?
We may share your Personal Information with third parties as described in this section:
Poynt's group companies
We may share Personal Information in the future with entities worldwide that we control, are controlled by us, or are under our common control, to provide our Services. Poynt Co. is the party responsible for overall management and use of the Personal Information by other Poynt group companies.
In the future we may allow advertisers and/or merchant partners (“Advertiser(s)”) to choose the demographic information of users who will see their advertisements and/or promotional offers and we may provide any of the information we have collected from you in personally identifiable form to an Advertiser, in order for that Advertiser to select the appropriate audience for those advertisements and/or offers. For example, we might use the fact you are located in San Francisco to show you ads or offers for San Francisco businesses, but we will not tell such businesses who you are.
We employ other companies and people to perform tasks on our behalf and need to share your information with them to provide products or services to you; for example, we use a payment processing company to receive and process your credit card transactions for us. Unless we tell you differently, our agents do not have any right to use the Personal Information we share with them beyond what is necessary to assist us. A list of our current Agents can be found here
• Amazon Web Services (AWS) are used to host data on our behalf. • Zendesk and Ubiquity are used for Poynt customer service. • Stripe is used to process payments for apps, developer kits, and terminal accessories. • Freshsales is used to track merchant and reseller leads and inquiries. • Boomtown is used only in the US to provide support for certain merchants.
User Profiles and Submissions
Certain user profile information, including your name, location, and any video or image content that such user has uploaded to the Services, may be displayed to other users to facilitate user interaction within the Services or address your request for our services. In the future Poynt may enable a merchant message board to address inquiries and sharing of best practices. Please remember that any content you upload to your public user profile, along with any Personal Information or content that you voluntarily disclose online in a manner other users can view (on discussion boards, in messages and chat areas, etc.) becomes publicly available, and can be collected and used by anyone. Your user name may also be displayed to other users if and when you send messages or comments or upload images or videos through the Services and other users can contact you through messages and comments.
Protection of Poynt and others
We reserve the right to access, read, preserve, and disclose any information that we believe is necessary to comply with law or court order; enforce or apply our EULA and other agreements; or protect the rights, property, or safety of Poynt, our employees, our users, or others.
Is Personal Information about me secure?
Your account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
We use appropriate technical and organizational measures to protect the Personal Information that we collect and process about you and your customers. The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Information. Specific measures we use include storing the data in a secure data environment with restricted access control and unique log-ins. We also work with your payment processor, acquirer or reseller to ensure your payment information is encrypted at the Poynt Terminal. While we endeavor to protect the privacy of your account and other Personal Information we hold in our records, unfortunately, we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
International transfers of Personal Information
Your Personal Information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country and, in some cases, may not be as protective.
Specifically, our data is hosted in the United States and the EEA, and our Poynt group companies, Advertisers, Affiliate Businesses and Agents operate globally including in the United States, Brazil and the EEA. This means that when we collect your Personal Information we may process it in any of these countries.
Our Standard Contractual Clauses documentation can be provided on request. We have implemented similar appropriate safeguards with our Advertisers, Affiliate Businesses and Agents and further details can be provided upon request.
What Personal Information can I access?
Non-EEA Privacy Rights
Through your account settings, you may access, and, in some cases, edit or delete the information you’ve provided to us.
The information you can view, update, and delete may change as the Services change. If you have any questions about viewing or updating information we have on file about you, please contact us at email@example.com.
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of Personal Information which we share with our Affiliates and/or other third parties for marketing purposes, and providing contact information for such Affiliates and/or other third parties. If you are a California resident and would like a copy of this notice, please submit a written request to firstname.lastname@example.org.
EEA Privacy Rights
If you are a resident of the EEA you have the following data protection rights:
• If you wish to access, correct, update or request deletion of your Personal Information, you can do so at any time by amending your account settings or contacting us using the details set out below. • You can object to processing of your Personal Information, ask us to restrict processing of your Personal Information or request portability of your Personal Information. • If we have collected and processed your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent. • You have the right to complain to a data protection authority about our collection and use of your Personal Information. Contact details for data protection authorities in the EEA are available here.
If you wish to exercise any of these rights or want further information please contact email@example.com.
What choices do I have?
You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us, use our Services or take advantage of some of our features.
You may be able to add, update, or delete information as explained above. When you update information, however, we may maintain a copy of the unrevised information in our records. Some information may remain in our records after your deletion of such information from your account. We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, but not in a manner that would identify you personally.
Data retention and deletion
We retain Personal Information we collect from you where we have an ongoing legitimate business need to do so, (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements) in line with our retention policy. We can provide further information on applicable retention period upon request. When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible. More information on our retention and deletion practices is available on request.
What if I have questions about this Policy?
Attn: Privacy Department
4151 Middlefield Road
Palo Alto, CA 94303
For EEA residents:
Attn: Privacy Department
4151 Middlefield Road
Palo Alto, CA 94303
United States of America