Privacy Policy for cHooZ® FLOW
Effective Date: 03/17/2024
This “Privacy Policy” explains how cHooZ LLC (“Company” or “we”)collects, uses, discloses, and otherwise processes personal data on behalf ofour customers – typically, merchants (any, a “Merchant”) – in connection withour application, cHooZ® FLOW. cHooZ Flow Business Mastercard® is issued byPatriot Bank, N.A., pursuant to a license by Mastercard InternationalIncorporated and can be used everywhere Mastercard is accepted. Mastercard andthe circles design are registered trademarks of Mastercard InternationalIncorporated.
The company’s processing of personal data in connection with ourapplication is governed by this Privacy Policy and our agreements withMerchants. In the event of any conflict between this Privacy Policy and acustomer agreement, the customer agreement will control to the extent permittedby applicable law. This Privacy Policy is not a substitute for any privacy policythat a Merchant may be required to provide to their customers, personnel, orother individuals.
USE OF COOKIES
A “cookie” is a string ofinformation that assigns you a unique identifier that we store on yourcomputer. Your browser then provides that unique identifier to use each timeyou submit a query to the Site. We use cookies on the Site to, among otherthings, keep track of services you have used, record registration information,record your user preferences, keep you logged into the Site, facilitatepurchase procedures, and track the pages you visit. Cookies help us understandhow the Site is being used and improve your user experience. We do not collectdata on minors.
Information we Collect
We may collect personal data from or on behalf of Merchants.Merchants determine the scope of the personal data transferred to us or that wecollect, and the information we receive may vary by Merchant. Typically, theinformation we collect on behalf of Merchants includes:
Information that we collect when a Merchant’s customers make apayment when a customer makes a payment via a POS, we collect information aboutthe transaction, which may include personal data. Information abouttransactions includes the payment card used, a name associated with the paymentcard, the location of the merchant’s store, the date and time of thetransaction, the transaction amount, and information about the goods orservices purchased in the transaction.
Additional information Merchants’ customers provide through thePOS ancillary to payments.
We may collect additional information ancillary to the payment.This information may include:
· Customers’ email address or phone number, such as when thecustomer chooses to receive an electronic receipt
· Customers’ marketing preferences, such as whether the customerwishes to receive marketing communications or newsletters
· Information about participating customers’ activity in a merchantloyalty program
· Customers’ physical address, where needed for delivery of goods orservices
· Other information the customer provides, such as birthdate,interests or preferences, reviews, and feedback
In addition, we collect: [describe additional data collected, ifany, after payment is made.
Information that we collect about Merchants’ personnel
We may collect information about Merchants’ personnel andinteractions with the POS, such as clock-in and clock-out time and tips earned
Additional information that Merchants provide to us about theircustomers or personnel merchants may provide us with additional informationdirectly, via access they grant to us, or otherwise. The types of informationthat merchants may provide to us about their customers include email addresses,phone numbers, and purchase history [describe any other applicableinformation]. The types of information that merchants may provide to us abouttheir personnel include email addresses, phone numbers, shifts, and saleshistory.
How We Use the Information we Collect
We use the personal data we collect for or on behalf of Merchants,to provide our services and the functionality of our application:
We may also use personal data for related internal purposes,including:
· To provide information about the application, such as importantupdates or changes to the application and security alerts
· To measure the performance of and improve the application
· To respond to inquiries, complaints, and requests for customersupport
In addition, the Company may use personal data as we believenecessary or appropriate to (a) comply with applicable laws and lawful requestsand legal processes, such as to respond to subpoenas or requests from governmentauthorities; (b) enforce the terms and conditions that govern our application;(d) protect our rights, privacy, safety or property, and/or that of you orothers; and (e) protect, investigate and deter against fraudulent, harmful,unauthorized, unethical or illegal activity.
How We Share Information
We may share personal data that we collect with:
· The Merchant from whom or on whose behalf we collected thepersonal data
· The platform on which our application runs
· With third parties as a Merchant may direct
· With third-party service providers that help us manage and improvethe application
· With Company subsidiaries and corporate affiliates for thepurposes described in this Privacy Policy or in our agreement with a Merchant
The company may disclose personal data to government or lawenforcement officials or private parties as required by law and disclose anduse such information as we believe necessary or appropriate to (a) comply withapplicable laws and lawful requests and legal processes, such as to respond tosubpoenas or requests from government authorities; (b) enforce the terms and conditionsthat govern our application; (d) protect our rights, privacy, safety orproperty, and/or that of you or others; and (e) protect, investigate and deteragainst fraudulent, harmful, unauthorized, unethical or illegal activity.
Company may sell or transfer some or all of itsbusiness or assets, including your personal data, in connection with a businesstransaction (or potential business transaction) such as a merger,consolidation, acquisition, reorganization, or sale of assets or in the eventof bankruptcy, in which case we will make reasonable efforts to require therecipient to honor this Privacy Policy.
Your Rights and Choices
Data Subject Rights
To the extent that applicable law provides individuals with rightspertaining to their personal information, such as to review and request changesto their personal information, individuals should contact the Merchant with anyrequests pertaining to the Merchant’s use of our application. To the extentthat POS is responsible for responding to data subject rights requests underapplicable law. The company will assist a Merchant, or POS, as applicable, inresponding to such requests subject to our contract with a Merchant or POS.
Complaints
If you have a complaint about our handling of personal data, youmay contact us via the contact information provided below.
Updates
We reserve the right to modify this Privacy Policy at any time. Wewill notify you of updates by updating the date of this Privacy Policy.
Contact Us
You may contact us with any questions, comments, or complaints,about this Privacy Policy or our privacy practices via info@choozflow.com
Additional Information for Merchants Located in Europe
Controller
The company is a data processor acting for and on behalf of theMerchant that has installed our application on their POS. That Merchant is thecontroller of personal data that we process on its behalf.
Legal Bases for Processing
The company processes personal data as directed or permitted bythe Merchant that uses our application. The Merchant is responsible forestablishing a legal basis for our processing of personal data for or on behalfof the Merchant.
Cross Border Data Transfer
When we transfer personal data outside of Europe to countries notdeemed by the European Commission to provide an adequate level of protectionfor personal data, we make the transfer pursuant to one of the followingtransfer mechanisms:
· A contract approved by the European Commission (sometimes called“Model Clauses” or “Standard Contractual Clauses”);
· The EU-US Privacy Shield;
· The recipient’s Binding Corporate Rules;
· The consent of the individual to whom the personal data relates; or
· Other mechanisms or legal grounds as may be permitted underapplicable European law.
You may contact us with questions about our transfer mechanism.
Data Retention
Subject to our agreement with a Merchant, Company retains personaldata for as long as necessary to (a) provide our products and services; (b)comply with legal obligations; (c) resolve disputes, and (d) enforce the termsof any agreement we may have with a Merchant. You may contact us for additionalinformation about our data retention practices in connection with theapplication.
Data Subject Rights
Under certain circumstances, data subjects in Europe have certainrights relating to their personal data, which include the rights to requestfrom the Controller (a) access to the data subject’s personal data; (b) correctionof incomplete or inaccurate personal data; (c) erasure of personal data; (d)restriction of processing concerning the data subject; and (e) that thecontroller provides a copy of the data subject’s personal data that the datasubject provided to the controller in a structured, commonly used andmachine-readable format. Data subjects may also object to a controller’sprocessing of personal data under certain circumstances. Where the processingis based on a data subject’s consent, the data subject has the right towithdraw consent at any time; however, the withdrawal of consent will notaffect the lawfulness of processing based on consent before its withdrawal.Data subjects may also file a complaint with a supervisory authority. You mayview contact information for supervisory authorities at https://edpb.europa.eu/about-edpb/board/members_en.Data subjects in Europe should direct any rights request to the appropriateController.