This privacy notice is for your information. It sets out how Northern POS Inc. (“Northern”) collects and uses personal information in connection with the Order On The Go service (the “Service”). The Service is described in a separate Subscriber Agreement made between Northern and the subscriber identified in that Agreement (the “Subscriber”). The Agreement addresses how Northern deals with personal information about the Subscriber’s end users (“End Users”) as well as the Subscriber’s customers.
Northern operates and makes available Order On The Go, a restaurant software or mobile app that enables restaurants to receive or manage orders from In-Store POS or Online Website/Mobile App and semi-integration with payment processors and/or payment terminals. While providing for a secure channel to permit the transmission of information between systems, Order On The Go is not a payment tool, and does not allow for the transmission or storage of any payment-related information. Order On The Go, nor its employees, provide food delivery services and are not liable for any form fulfilment of the services offered by the restaurants to clients, but provide order tracking mechanism for the restaurants and the restaurant’s customers.
Northern may use analysis service providers to: (i) analyse how users use the Service; (ii) evaluate how the Service is used; (iii) compile statistics relating to Service activities; (iv) conduct market research; and (v) further develop the Service. Northern maintains a list of the analysis service providers in use at www.northernpos.com.
Personal information – what is collected and how Northern uses it
General purposes (applicable to all personal information collected) – In addition to any other uses set out in this notice, Northern uses the personal information that it collects to: (i) operate and provide the Service, including making improvements to the Service from time to time; (ii) maintain system security for the Service; (iii) respond to inquiries from users; and (iv) establish, exercise or defend its legal rights.
Becoming a Subscriber – Contact information (name, email address, address and phone number) and banking/payment information may be collected by Northern as part of a subscription to the Service. This information may include certain personal information about the Subscriber or one or more End Users. However, in accordance with the information set out in “Background”, no payment information about the Subscriber’s customers is collected or processed as part of the Service.
Other collections – The Service may allow End Users to provide, on a voluntary basis, certain personal information about themselves or other persons, including customers of the Subscriber. In such circumstances, the Subscriber is responsible for identifying the purposes for which the information is collected, and for obtaining all consents required under applicable law to use the information for such purposes. If Northern proposes to collect any personal information in circumstances other than as described in this Privacy Notice, it will disclose the purposes and seek express consent to that collection.
Sharing personal information
Representatives– Northern may share personal information that it has collected about its employees, agents, officers, directors and contract workers (collectively, “Representatives”) who need to use that information in connection with one or more of the purposes for which that personal information was collected. Northern will enter into agreements and will otherwise take reasonable steps to cause its Representatives to abide by the terms of this Privacy Notice.
Service providers – From time to time, Northern may engage service providers to provide certain services in connection with the Service provided by Northern. Northern will limit the personal information provided to these service providers, consistent with the services for which they are responsible. These service providers, in turn, may share certain personal information with their own service providers. Northern will require, through contractual means, the service providers that they retain to safeguard any information that is provided to them, maintain its confidentiality and not to use or disclose that information for any purpose other than to provide the services for which they were retained. A list of the service providers and their locations is available at: www.northernpos.com.
Please note: For the Service and the related data, Northern uses a cloud-based hosting service that relies on servers located around the world. The hosting service used by Northern is part of the list of service providers identified in the preceding paragraph. Personal information may be stored and processed using any of those servers in any of those locations. Those jurisdictions may not have the same data protection laws as the country in which the subscriber carries on business.
Note that in addition to the list of service providers referred to in the link set out above, Northern may work with other businesses that provide products or services that are to be used in conjunction with the Service. Some of these other businesses are set out in the list set out at this link: www.northernpos.com. Unless any entity is expressly identified as a service provider to Northern, these other entities are independent suppliers of their own products and services. Northern is not responsible for the collection or use of any information by these other providers, whether their products or services are used in conjunction with the Service or otherwise.
Required by law – Northern may access and/or disclose any personal information which it has collected if required or permitted to do so by law (for example, to comply with a legal requirement including but not limited to one imposed by a warrant, subpoena, court order or like instrument served on Northern or in urgent circumstances to protect the life, health or security of any person).
Assignment – Please be aware that Northern may disclose your Personal Information to its successor or any assignee of its assets relating to the Service.
Other Third Parties – Before disclosing personal information relating to a user to a third party other than as set out in this Privacy Notice, Northern will obtain the affected user’s consent to the disclosure.
Subject to the limits arising from the scope of the Service, Northern is committed to ensuring that your personal data is secure. In order to prevent unauthorized access or disclosure, Northern has put in place physical, technical and organisational measures to safeguard and secure the personal information that it holds or transmits. For example, Northern uses encryption to safeguard certain types of personal information when they are being transmitted over the Internet. However, no data transmission over the internet can be guaranteed to be completely secure. Northern is also not responsible for ensuring the security of any system (including any restaurant management system or POS system) used by the Subscriber in conjunction with the Service, or the interfaces between any such system and the Service. Consequently, Northern expressly disclaims all representations, warranties and conditions (whether express or implied) that any information transmitted by means of the Service will be completely secure.
For a more detailed description of the security measures used by Northern, see: www.northernpos.com.
Northern may aggregate and depersonalize any information about the Subscriber’s use of the Service provided to Northern. Aggregated and depersonalized information is used for purposes of making improvements to the Service and providing reports to the Subscriber concerning its use of the Service. Subscribers can opt-out from the email list by sending a request to email@example.com.
If there are any changes to this notice, Northern will post the changes to www.northernpos.com at least thirty (30) days in advance of when they become effective. Northern may notify users of changes to this notice by email sent to the email address included in the user’s contact information, but Northern is not required to do so.
Acknowledgement concerning GDPR
The Subscriber acknowledges that in certain circumstances, the Subscriber may act in the role of a data controller within the meaning of the EU General Data Protection Regulation and any laws and regulations enacted thereunder (collectively the “GDPR”). The Subscriber will be responsible for determining the circumstances in which it may be required to comply with the GDPR and for determining any additional measures (such as obtaining additional consents) that it should implement in order to ensure such compliance. To the extent applicable, the Subscriber may act in the role of a data processor with respect to certain information transmitted through the Subscriber’s use of the Service, but such role shall be limited in accordance with the limited scope of the Service provided by Northern.
When Northern receives a written complaint regarding its use of personal information, Northern complies with lawful requests or demands by any relevant authorities investigating the potential misuse, in addition to conducting its own investigation.
To file a compliant regarding Northern’s use of personal information, send an email setting out your complaint to: firstname.lastname@example.org.
Northern reviews this notice at least once every 18 months.
Questions and access to personal information requests
Subject to applicable law, any user of the Service may request access to and receive details about the personal information Northern maintains about him or her, update and correct inaccuracies in that personal information, and have the information blocked or deleted, as appropriate. The right to access personal information may be limited in some circumstances by local law requirements. Northern will take reasonable steps to verify identity before granting access or making corrections. To exercise any of these rights or to ask questions regarding this notice, contact Northern’s Privacy Officer: email@example.com
Relationship to the Subscriber Agreement
Subscriber acknowledges the following commitments made in the Subscriber Agreement.
(1) Subscriber’s acceptance of this Privacy Notice (in its entirety) is a condition of Northern’s provision of Services pursuant to the Subscriber Agreement. Subscriber is required to terminate the Subscriber Agreement immediately if Subscriber does not agree with the terms of this Privacy Notice.
(2) Subscriber has agreed to obtain any necessary consent prior to using the Service in conjunction with an individual’s Personal Information (including obtaining the consent of a parent or guardian when the individual is too young to or unable to understand the request for consent and give consent on his or her own behalf) and provide copies of all consents to Northern upon request.