Effective: June 1, 2019
Introduction and Scope
- “Merchants” are businesses that have purchased the Services for use in their establishments.
“Merchant Employees” are employees of our Merchants.
“Diners” are individuals who use the Services, whether for transactional purposes with our Merchants or otherwise.
“Personal Information” is: (i) information that directly identifies you as an individual, like your name or email address, or (ii) a combination of pieces of information that do not identify you on their own, but could identify you when combined using reasonable effort.
“POS System” refers to the restaurant point of sale and management system offered to our Merchants that includes a suite of integrated hardware and software as well as various applications, application programming interfaces, tools and services (as offered from time to time).
“You” and/or “your” is a Merchant, a Merchant Employee, a Diner or a visitor to one of our websites.
Information we Collect
Personal Information Collected through our Websites
When you visit our websites, request information or evaluation tools (e.g., a product demo), communicate with customer service or subscribe to our blog or email lists, we may collect some, or all, of the following Personal Information from you:
Certain information may also be collected automatically when you visit our websites. For more information, please see the section of this Policy entitled “Information Collected Automatically”.
Personal Information Collected through the Services
If you are a Merchant we will collect Personal Information from you in connection with your service agreement and use of the Services, including, as applicable, your name, address, date of birth, tax identification number and/or passport number, Social Security Number, drivers’ license number and banking or other payment information.
If you are an employee of a Merchant, we also collect information about you through your use of the Services. In these instances, Personal Information we collect may include your name, email, phone number, employee identification number, address and date of birth. We also collect information relating to your role, such as your job title, wage rates and salary and hours worked.
We collect information from you through your use of the Services (as provided and developed by us from time to time), which includes your registration and use of our online ordering feature, our mobile application and other related products. We also may collect and/or receive your information when you place an order with, make a purchase from (including gift cards), or otherwise complete a transaction with our Merchants or participate in their respective loyalty programs.
Depending on which Service you have used, Personal Information collected may include:
Contact details such as your phone number and email;
Your address and other location details;
Your payment card information, such as the brand, card number, security code and expiration date;
Transaction information and details (e.g. history of goods/services ordered, date, payment method and amount of payment);
Your date of birth if you choose to provide it;
Account and profile information such as your username and password; and
If you are a member of a Merchant’s loyalty program, information in relation to your points balance and redemptions.
In certain cases, if you elect to provide it, your feedback in relation to your experience at our Merchants’ establishments may also be collected.
Personal Information Obtained from other Sources
Depending on whether you are a Merchant, a Diner or a visitor to one of our websites, we may also collect information about you from third parties including our business partners, contact/mailing list providers, identity verification services, credit bureaus (if applicable) and credit card companies. We may also collect information from you that is publicly available. For example, if you interact with us through various social media channels.
Automatically Collected Information
When you visit our websites, we will automatically collect information about you through cookies and similar technologies.
How We Use Personal Information
We use Personal Information to:
Provide, operate, maintain, test, and improve the Services, including to:
Process transactions and payments completed through the Services;
Enable our Merchants and our Merchant’s Employees to access and use the Services;
Provide and create documentation, training, and professional services related to the Services;
Communicate with you in relation to your use of the Services or your requests, such as sending you a notification that your order is ready or responding to your feedback; and
Use transaction data to create user order histories and profiles.
Secure and protect our networks and systems, including to:
Implement controls to ensure that users of the Services with accounts are limited in their data access and viewing rights only as authorized;
Monitor our systems to ensure that they are working as intended and to detect and fix errors; and
Access log information to investigate problems or unauthorized use.
Create and deliver analytics, including de-identified comparative analytics for our own, or our Merchants’ sales and quality improvement purpose.
Fulfill our legal and contractual obligations.
Provide customer support and respond to other user requests relating to the Services.
For marketing purposes. Pursuant to the applicable law or with your consent, Toast and its Merchants may contact you, or we may engage a third-party to contact you in relation to our Services as well as other promotions and offers that you have requested or we believe might interest you. If you subscribe to our newsletter, we will use your name and email address to send you the newsletter. If you do not wish to receive marketing or promotional emails from us you may follow the unsubscribe instructions included in each such message, or contact us at firstname.lastname@example.org.
To send you digital receipts. During your use of the Services, you may also choose to receive receipts and/or other communications from Toast and our Merchants via email or text message through the Services. You always have the option of opting out of automated email or text messages by emailing email@example.com. Standard message and data rates may apply.
For financing purposes. If you apply for financing, including for a merchant capital advance, or are otherwise a Merchant applying for use of the Services, we will request a credit report to determine your eligibility for such financing and/or recommend financing providers based on your credit profile, as applicable.
Information We Share
We may share Personal Information as follows:
With our Merchants and our Merchant’s Employees for the purposes of providing the Services to you and fulfilling your requests;
With our business partners (including our integration partners) in order to provide, maintain and improve our Services;
With our parent, subsidiary, or affiliate companies, agents (if any) for the purposes outlined above;
With third parties to provide, maintain, and improve our Services, including service providers who access information about you to perform services on our behalf, such as:
hosting and database services,
identity verification services,
mail, e-mail, and text messaging services,
providers of analytics, data processing, order fulfillment, product delivery, user data management, and customer support services,
credit bureaus and other related third parties (if applicable based on your status and the Services provided), and
marketing, research, and survey services.
In connection with, or during the negotiation of, any merger, sale of company stock or assets, financing, acquisition, divestiture, or dissolution of all or a portion of our business; and
If we believe it is necessary to:
protect our rights or property, or the security or integrity of our Services;
enforce the terms of the Terms of Service or other applicable agreements or policies;
protect us, users of our Services, or the public from harm or potentially prohibited or illegal activities.
investigate, detect, and prevent fraud, security breaches; or
comply with any applicable law, regulation, legal process, or governmental request.
We may also share aggregated and/or anonymized information derived from the Services that does not directly identify you, including device information and information derived from cookies and log files with third parties.
Your Account and our Retention of Personal Information
We generally retain Personal Information as long as reasonably necessary to provide the Services or carry out the purposes described in this Policy. We may retain archived copies of information about users of our Services for a period of time that is consistent with our data retention policy, applicable law, or as we believe is reasonably necessary to:
comply with applicable law, regulation, legal process, or governmental request;
collect fees owed;
address problems with our Services;
assist with investigations;
enforce our Terms of Service or other applicable agreements or policies; or
take any other actions consistent with applicable law.
As a Merchant with an account, for certain Services, you may access, change, or correct your personal account information at any time by logging into your account.
As a Diner or a website visitor, if you believe that we have information about you that should be changed or corrected, you may make the request to us at firstname.lastname@example.org. We may need to verify your identity before changing or correcting your information. Depending on the Services you are using, you may also be able to access, change or correct your personal account information by logging into your account.
Please note, however, that due to legal, contractual, and technical restrictions, we may not be able to make the requested change or correction. For example,
If we received the information about you from one of our Merchants or the request relates to something that the Merchant oversees, we may be legally and contractually required to refer your request to that Merchant;
In the event of legal action or dispute, we may be prohibited from altering any information; or
We maintain regular backups and archives of our data and changing archived data may be impracticable.
Opt-Out of Marketing Communications from Us
We will endeavor to include instructions on how to "opt-out" of any marketing communications we send you. In addition, if at any time you wish not to receive any future communications, or you wish to have your name removed from our mailing lists, please contact us at email@example.com. Please note that you may still receive transaction-specific communications after opting-out of marketing communications, if applicable.
Do Not Track
State Privacy Rights
Some state laws may provide additional rights and protections for your information and privacy. For example, California law permits residents of California to request certain details about information we disclose to third parties for direct marketing purposes. If you are a California resident and would like to request this information, please contact us at the address listed below.
We implement commercially reasonable administrative, technical, and physical safeguards, designed to protect your information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction.
Nevertheless, we cannot guarantee that internet, text or e-mail transmissions are fully secure or error free, or that any Personal Information in our possession is fully protected from all loss, misuse and unauthorized access, disclosure, alteration, or destruction. In particular, email or messages sent to or from our Services may not be secure. Therefore, you should take special care in deciding what information you send to us.
Links to Other Services
Our social media sites;
Our Merchant’s websites;
Business partner websites; or
A third-party authentication site (for example, if you use Google, Facebook, or an OAuth service to log into our Services).
We are not responsible for the privacy practices and policies of those Third-Party Sites. If you use or visit those Third-Party Sites, you are responsible for reviewing and understanding their terms and conditions and privacy policies. The inclusion of any website link does not imply our approval, endorsement, or recommendation, and we expressly disclaim any liability for these third party services. Please contact those sites directly for information on their privacy practices and policies.
Publicly Posted Information
Attn: Toast Privacy Office
401 Park Drive, Suite 801 Boston, MA 02215