Effective: October 1, 2018
Toast offers an integrated restaurant point of sale and management system (collectively with its related APIs and applications, the “POS System”) consisting of a suite of integrated hardware, software, tools and services that help our Customers understand their Patrons and offer personalized products and services to them.
“Customers” are businesses that have purchased our products or services for use in their establishments.
“Patrons” are those individuals who complete transactions with our Customers.
“Personal Information” is: (i) information that directly identifies you as an individual, like your name or your email address, or (ii) a combination of pieces of information that do not identify you on their own, but could identify you when combined using reasonable effort.
We may also obtain information, including Personal Information, from publicly available sources or third parties, and combine this information with the Personal Information you provide to us.
Personal Information Collected through the Site
When you visit our Site, create an account, request information or evaluation tools (e.g., a product demo), communicate with customer service, or subscribe to email lists we may collect some, or all, of the following Personal Information from you:
Personal Information Collected Through The Services
If you are a Toast Customer we will collect Personal Information from you in connection with your service agreement and use of the Services, including, as applicable, your name, address, birth date, tax ID and/or passport number, Social Security Number, drivers’ license number, and banking or other payment information.
If you are a Customer employee we may collect Personal Information from you in connection with your use of the Services, including your name, address, birthdate, and other information such as wage rates, salaries, and hours worked.
If you are a Patron who placed an order with, made a purchase from, or otherwise completed a transaction with one of our Customers, we may collect or receive the following Personal Information from you through your interaction with the Services during the course of such transaction:
- Last four digits of card number and expiry
- Transaction Details (e.g. amount, goods/services ordered, date, customer location, payment method and amount of payment)
- Phone Number
Personal Information Obtained from Publicly Available/Third Party Sources
We may also collect information about you (whether as a Customer, Patron or Site visitor) from third parties and/or our business partners, such as publicly available sources, contact/mailing list providers, identity verification services, credit bureaus (if applicable), credit card companies and/or our business partners with whom Toast has a business relationship.
Automatically Collected Information
When you visit the Site we will automatically collect information about you through cookies and similar technologies.
- A cookie is a small, unique piece of information placed and saved in your browser when you access our Customers’ websites, services, content or ads. Cookies help us collect information about your use of the Services over time. Most web and mobile device browsers are set to automatically accept cookies by default. However, you can change your browser settings to prevent automatic acceptance of cookies, or to notify you each time a cookie is set.
- You also can learn more about cookies by visitinghttp://www.allaboutcookies.org, which includes additional useful information on cookies and how to block cookies on different types of browsers and mobile devices. Additionally, on most web browsers, you will find a “help” section on the toolbar. Please use this help section for information on how to request a notification when you receive a new cookie and how to limit, block or delete cookies. Please note, however, that by blocking or deleting cookies used in the Services, you may not be able to use, or take full advantage of the Services.
- Log Files and Device Information
- Log files include information such as your IP address, browser type, the referring domain, pages visited, and search terms. We may also collect information about the device you use to connect to our services, including your device type (e.g., mobile, tablet, desktop/laptop), browser, and operating system.
- Google Analytics
How We Use Personal Information
We may use Personal Information to:
- Provide, operate, maintain, test, and improve the Services, including:
- Provide and create documentation, training, and professional services related to the Services;
- Process transactions;
- Use transaction data to create user order histories and profiles.
- To Secure and Protect Our Networks and Systems, including:
- Implementing controls to ensure that users of the Services with accounts are limited in their data access and viewing rights only as authorized;
- Monitor our systems to ensure that they are working as intended and to detect and fix errors;
- Access log information to investigate problems or unauthorized use.
- Create and deliver analytics and data aggregation, including de-identified comparative analytics for our own, or our customer’s sales and quality improvement purpose
- Fulfill our legal and contractual obligations
- Respond to requests for information about the Services
- Marketing. We may contact you, or we may engage a third-party to contact you, via e-mail to send you marketing or promotional information, or requests to complete surveys and provide feedback. If you subscribe to our newsletter we will use your name and email address to send you the newsletter. If you do not wish to receive marketing or promotional emails from us you may follow the unsubscribe instructions included in each such message, or contact us at firstname.lastname@example.org
- Digital Receipts. During your use of the Services, you may also choose to receive receipts and/or other communications from Toast and our Customers via text message through the Services. You always have the option of opting out of automated email or text messages by emailing email@example.com. Standard message and data rates may apply.
- Financing. If you apply for financing, including for a merchant capital advance, or are otherwise a Customer applying for use of the Services, we will request a credit report to determine your eligibility for such financing and/or recommend financing providers based on your credit profile, as applicable.
Information We Share
We may share the Personal Information as follows:
- With any of our parent, subsidiary, or affiliate companies, agents, and business partners for the purposes outlined above;
- With third parties to provide, maintain, and improve our Services, including service providers who access information about you to perform services on our behalf, such as:
- hosting and database services,
- payment processors,
- identity verification services,
- mail, e-mail, and text messaging services,
- providers of analytics, data processing, order fulfillment, product delivery, user data management, and customer support services, and
- marketing, research, and survey services.
- In connection with, or during the negotiation of, any merger, sale of company stock or assets, financing, acquisition, divestiture, or dissolution of all or a portion of our business;
- If we believe it is necessary to:
- protect our rights or property, or the security or integrity of our Services;
- enforce the terms of the Terms of Service or other applicable agreements or policies;
- protect us, users of our Services, or the public from harm or potentially prohibited or illegal activities.
- investigate, detect, and prevent fraud, security breaches; or
- comply with any applicable law, regulation, legal process, or governmental request.
We also may share aggregated and/or anonymized information that does not directly identify you, including device information and information derived from cookies and log files, to third parties.
Your Account and Personal Information
We generally retain Personal Information as long as reasonably necessary to provide the Services. We may retain archived copies of information about users of our Services for a period of time that is consistent with our data retention policy, applicable law, or as we believe is reasonably necessary to:
- comply with applicable law, regulation, legal process, or governmental request;
- prevent fraud;
- collect fees owed;
- resolve disputes;
- address problems with our Services;
- assist with investigations;
- enforce our Terms of Service or other applicable agreements or policies; or
- take any other actions consistent with applicable law.
As a Customer with an account, you may access, change, or correct your personal account information at any time by logging into your account.
As a Patron or visitor to the Site, if you believe that we have information about you that should be changed or corrected, you may make the request to us at firstname.lastname@example.org . We may need to verify your identity before changing or correcting your information.
Please note, however, that due to legal, contractual, and technical restrictions, we may not be able to make the requested change or correction. For example,
- If we received the information about you from one of our Customers, we may be legally and contractually required to refer your request to that customer;
- In the event of legal action or dispute, we may be prohibited from altering any information; or
- We maintain regular backups and archives of our data, and changing archived data may be impracticable.
Opt-Out of Communications From Us
We will endeavor to include instructions on how to "opt-out" of receiving future marketing in e-mail or text communications we send you. In addition, if at any time you wish not to receive any future communications, or you wish to have your name deleted from our mailing lists, please contact us at email@example.com . Please note that you may still receive transaction-specific communications after opting-out of marketing communications, if applicable.
Do Not Track
State Privacy Rights
Some state laws may provide additional rights and protections for your information and privacy. For example, California law permits residents of California to request certain details about information we disclose to third parties for direct marketing purposes. If you are a California resident and would like to request this information, please contact us at the address listed below.
We implement commercially reasonable administrative, technical, and physical safeguards, designed to protect your information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction.
Nevertheless, we cannot guarantee that internet, text or e-mail transmissions are fully secure or error free, or that any Personal Information in our possession is fully protected from all loss, misuse and unauthorized access, disclosure, alteration, or destruction. In particular, e-mail or messages sent to or from our Services may not be secure. Therefore, you should take special care in deciding what information you send to us.
Links to Other Services
- Our social media sites;
- Our Customer’s websites;
- Partner websites; or;
- A third-party authentication site (for example, if you use Google, Facebook, or an OAuth service to log into our Services).
We are not responsible for the privacy practices and policies of those Third-Party Sites. If you use or visit those Third-Party Sites, you are responsible for reviewing and understanding their terms and conditions and privacy policies. The inclusion of any website link does not imply our approval, endorsement, or recommendation, and we expressly disclaim any liability for these third party services. Please contact those sites directly for information on their privacy practices and policies.
Publicly Posted Information
401 Park Drive, Suite 801 Boston, MA 02215