Barcode.al

Effective date: July 18, 2023

This privacy policy describes how Barcode.al works and our affiliates, which, as of the effective date of this revision, include Merchant-Link. Personal information received from you when you apply for, sign up for, or use any of our payment processing, payment gateway, point-of-sale services, or our various other products (collectively, “Services”).

For EU individuals and clients, please refer to our EU privacy policy.

Please read this Policy carefully. By accessing, browsing, or using our website or services, you confirm that you have read, understood, and agreed to the terms of this privacy policy.

As used in this privacy policy, “personal information” means information and data that identifies you or makes you identifiable as a natural person, such as name, age, home address, phone number, date of birth, Social Security number, and personal e-mail address. “Personal Information” covers all information defined as “personal data” under Art. 4(1) of the European Union’s (EU) General Data Protection Regulation (GDPR) or the UK General Data Protection Regulation (UK GDPR).

This privacy policy is designed to apply to our website visitors, users of our services, prospective users of our services, and our authorized distributors, wherever they are located. As a result, the Privacy Policy will include provisions applicable globally as well as provisions that are only required in particular jurisdictions.

Barcode.al may update this privacy policy from time to time. Updates will be reflected on our website, located at Terms and conditions. When we change the policy in a material way, a notice will be posted on our website along with the updated Privacy Policy.

WHAT INFORMATION DO WE COLLECT?

Information provided by you.

We collect information you provide when you apply or sign up for our services, go through our identity or account verification process, authenticate into your account, communicate with us for support, or otherwise use our services. When you are applying for or signing up for our services, the information we collect can include:

Identification Information. Your name, email address, mailing address, phone number, photograph, birthdate, passport, driver’s license, Social Security, taxpayer identification, or other government-issued identification when you apply or sign up for an account or other services, signature, and authentication credentials (for example, information you use to login to your account), including your IP address.
Financial Information. Information such as bank accounts, payment card numbers, credit reports, and other publicly available information.
Transaction Information. When you use our services to make, accept, request, or record payments, we collect information about when and where the transactions occur, the names of the transacting parties, a description of the transactions, the payment or transfer amounts, billing and shipping information, and the devices and payment methods used to complete the transactions.
Other information you provide. Information that you voluntarily provide to us, which can include survey responses; participation in contests, promotions, or other prospective seller marketing forms or devices; suggestions for improvements; referrals; or any other actions performed on the Services,.

INFORMATION WE AUTOMATICALLY COLLECT ABOUT YOU FROM YOUR USE OF OUR SERVICES

We also automatically collect information about you from your use of our services. The information that we can collect includes:

Device Information. Information about your device, including your hardware model, operating system and version, device name, unique device identifier, mobile network information, and information about the device's interaction with our services.
Use Information. Information about how you use our Services, including your access time, "log-in" and "log-out" information, browser type and language, country and language setting on your device, Internet Protocol ("IP") address, the domain name of your Internet service provider, other attributes about your browser, mobile device, and operating system, any specific page you visit on our platform, content you view, features you use, the date and time of your visit to or use of the Services, your search terms, the website you visited before you visited or used the Services, data about how you interact with our Services, and other clickstream data.
Business Information. Information about products and services you sell (including inventory, pricing, and other data) and other information you provide about you or your business (including appointment, staffing availability, employee, payroll, and contact data). This also includes the features of your unique point-of-sale system configuration.
Employee Information. Information provided to a merchant using our services.
Customer Information. Information you collect from your customers, such as their email address, phone number, and payment card information,.

INFORMATION WE CAN COLLECT FROM OTHER SOURCES

As a user or prospective user of our services, or as a distributor or prospective distributor, we may also collect information about you from third parties, including:

Identification Verification. Information from third-party verification services, credit bureaus, financial institutions, mailing list providers, and publicly available sources. In some circumstances, where lawful, this information may include your government-issued identification number.
Credit, compliance, and fraud. Information about you from third parties in connection with any credit investigation, credit eligibility, identity or account verification process, fraud detection process, or collection procedure. This may include, where applicable, credit-related information with credit reporting agencies.

HOW WILL WE USE YOUR information?

The following sections describe different ways we may use your information. We may use information about you for a number of purposes, including:

Providing, Improving, and Developing our Services

Processing or recording payment transactions;
Displaying your historical transaction or other historical data;
Providing, maintaining and improving our Services;
Developing new products and services;
Delivering the information and support you request or that you may require, including technical notices, security alerts, and support and administrative messages, which may be used to resolve disputes, collect fees, or provide assistance for problems with our Services or your account;
Personalizing and facilitating your use of our Services;
Measuring, tracking, and analyzing trends and usage in connection with your use or the performance of our Services.

Communicating with You About our Services

Sending you information that we think you may find useful or that you have requested from us about our Services;
Conducting surveys and collecting feedback about our Services.

Protecting our Services and Maintaining a Trusted Environment

Investigating, detecting, preventing, or reporting fraud, misrepresentations, security breaches or incidents, other potentially prohibited or illegal activities, or to otherwise help protect your account, including to dispute chargebacks on your behalf;
Protecting our, our customers’, or your customers’ rights or property, or the security or integrity of our Services;
Enforcing our Terms of Service or other applicable agreements or policies;
Verifying your identity or determining your creditworthiness
Complying with any applicable laws or regulations, or in response to lawful requests for information from the government or through legal process;
Fulfilling any other purpose disclosed to you in connection with our Services;
We will contact you to resolve disputes, collect fees, and provide assistance with our Services.

Advertising and Marketing

Marketing of our Service;
We are communicating with you about opportunities, products, services, contests, promotions, discounts, incentives, surveys, and rewards offered by us and select partners.

How do we share your information?

We may share information about you as follows:

With Other Users of our Services with Whom You Interact

With other users of our Services with whom you interact through your own use of our Services when such sharing is expressly indicated in product documentation as an element of the Services (e.g., when using universal tokens).

Among our Affiliates

Information supplied to any one affiliate of Barcode.al may be shared with and used by any other affiliate of Barcode.al for any purpose permitted by this policy, unless otherwise expressly and in writing agreed in a particular instance.

With Third Parties

With third parties to provide, maintain, and improve our Services, including service providers who access information about you to perform services on our behalf (e.g., fraud prevention, identity verification, and fee collection services), as well as financial institutions, payment networks, payment card associations, credit bureaus, partners providing services on our behalf, and other entities in connection with the Services;
With third parties that run advertising campaigns, contests, special offers, or other events or activities on our behalf or in connection with our Services.

Service Providers

Barcode.al shares Personal Information with companies that provide services such as information processing, extending credit, fulfilling customer orders, delivering Services to you, managing and enhancing customer data, providing customer service, assessing your interest in our Services, and conducting customer research or satisfaction surveys

Business Transfers and Corporate Changes

To a subsequent owner, co-owner, or operator of one or more of the Services; or
In connection with (including, without limitation, during the negotiation or due diligence process of) a corporate merger, consolidation, or restructuring; the sale of substantially all of our stock or assets; financing, acquisition, divestiture, or dissolution of all or a portion of our business; or other corporate change.

Safety and Compliance with Law

If we believe that disclosure is reasonably necessary (i) to comply with any applicable law, regulation, legal process, or governmental request; (ii) to enforce or comply with our Terms of Service or other applicable agreements or policies; (iii) to protect our or our customers' rights or property, or the security or integrity of our Services; or (iv) to protect us, users of our Services or the public from harm, fraud, or potentially prohibited or illegal activities.

With Your Consent With your consent. For example:

At your direction or as described at the time you agree to share,
When you authorize a third-party application or website to access your information,.

Aggregated and De-Identified Information

We also may share (within our group of companies or with third parties) aggregated and de-identified information.

How will we store your information?

Barcode.al security stores your personal information as follows:

Barcode.alonline services such as the Barcode.alMarketplace and the Lighthouse Transaction Manager protect your personal information during transit using encryption technologies required by law and by the PCI Data Security Standard. When your personal data is stored by Barcode.al, we use computer systems with limited access housed in facilities using physical security measures. However, when you use some Barcode.al services or post on a Barcode.al forum, the personal information and content you share are visible to other users and can be read, collected, or used by them. You are responsible for the personal information you choose to share or submit in these instances. For example, if you list your name and email address in a forum posting, that information is public. Please take care when using these features.

HOW LONG DO WE RETAIN YOUR INFORMATION?

We generally retain your information as long as it is reasonably necessary to provide you the Services or to comply with applicable law or relevant industry standards.

However, even after you deactivate your account, we retain copies of information about you and any transactions or Services in which you may have participated for a period of time that is (a) authorized under the agreements we have made with you or under applicable law, (b) reasonably necessary for us to comply with applicable law, regulation, legal process, or governmental request, or (c) reasonably necessary for us to detect or prevent fraud, to collect fees owed, to resolve disputes, to address problems with our Services, to assist with investigations, to enforce our Terms of Service or other applicable agreements or policies, or to take any other actions permitted under applicable law.

In addition, for UK or EU citizens or residents, Personal Information processed by Barcode.al as a data processor will be removed in accordance with the instructions of the applicable data controller, not to exceed two years, except where required to be retained for longer than that by applicable law, and except in the context of a legal dispute in which the particular data is relevant

WHAT ARE YOUR DATA PROTECTION RIGHTS (EU CITIZENS AND RESIDENTS)?

As a UK or EU citizen or resident, you are entitled to the following:

The right to access: You have the right to request copies of your personal information.
The right to rectification: You have the right to request that any personal information you believe is inaccurate be corrected and that any incomplete personal information be completed.
The right to erasure: You have the right to request that your personal information be erased under certain conditions.
The right to restrict processing: You have the right to request that the processing of your personal information be restricted under certain conditions.
The right to object to processing: You have the right to object to the processing of your personal information being restricted under certain conditions.
The right to data portability: You have the right to request that your personal information be transferred to another organization or directly to you under certain conditions.

As a data processor, Barcode.al collects and processes personal data on behalf of our clients when we provide them with services including but not limited to: IT, HBR, Lighthouse BMS, Conecto, lead management, table reservations, and/or training services. As a data processor, Barcode.al processes personal data on behalf of our clients or customers, in accordance with their instructions and requirements. We do not control the purposes for which personal data is collected or the legal basis for such processing, as determined by our clients or customers who act as data controllers. We process personal data solely for the purpose of providing the services requested by our clients or customers, and we do not use the data for any other purposes. It is the responsibility of our clients or customers, as data controllers, to ensure that the processing of personal data complies with applicable data protection laws, including obtaining appropriate consent, providing necessary notices, and fulfilling other obligations as data controllers. We do not bear any responsibility for the legality, accuracy, completeness, or appropriateness of the personal data provided to us by our clients or customers for processing.

Barcode.al is happy to work with its clients to effectuate the protections above. Contact information for our Data Protection Officer and our Article 27 Representative may be obtained by sending an email request for such information to security@barcode.al.

Transfers of Personal Information from the EU to the U.S.

Barcode.al complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. Barcode.al has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program and to view our certification, please visit https://www.dataprivacyframework.gov/.

Further, Barcode.al is responsible for the processing of Personal Information it receives from the European Union, including any subsequent transfers to a third party acting as an agent on behalf of Barcode.al . Barcode.al complies with the legislation for all onward transfers of personal data from the EU, including the onward transfer liability provisions.

In the course of our operations, we may need to transfer personal data to third countries located outside the European Economic Area (EEA) or other jurisdictions that may have different data protection laws. Such transfers are subject to strict compliance with applicable data protection regulations, including the implementation of robust safeguards to ensure the privacy and security of personal data during the transfer process. By using the Services, you hereby consent to the transfer of Personal Information to third countries located outside the EU.

These safeguards may include the use of standard contractual clauses approved by the European Commission, certification mechanisms (if applicable), binding corporate rules, or other appropriate legal mechanisms as required by applicable data protection laws. These measures are designed to provide an adequate level of protection for personal data and to ensure that any data transfers to third countries are carried out in accordance with the principles of data protection, including the necessity, proportionality, and lawfulness of such transfers.

It is important to note that the data protection laws in some countries may not offer the same level of protection as those within the EEA or other jurisdictions with comprehensive data protection regulations. However, we will take reasonable steps to ensure that any transfers of personal data to such countries are conducted in compliance with applicable data protection laws and with appropriate safeguards in place to protect the privacy and security of personal data.

Barcode.al is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Barcode.al may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

What are your privacy rights (U.S. residents)?

Barcode.al conducts business throughout the United States and complies with applicable state privacy laws, including the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act, Colorado Privacy Act, Utah Consumer Privacy Act, and Connecticut Data Privacy Act.

This Policy complies with the requirements of these privacy laws by informing you of the categories of Personal Information we collect and your privacy rights under those laws. If you are a resident of California, Colorado, Connecticut, Utah, or Virginia, you have the right to:

Request information about what Personal Information we collect and maintain about you and how we use that information and obtain a copy of your personal information (a “Request to Know”);
Request that Barcode.al delete your Personal Information (“Request to Delete”) or correct any inaccuracies; and
Request to opt out of sharing, selling, or otherwise disclosing your data with third-parties (“Request to Opt-Out”) (Barcode.al does not sell your data to third-parties.)

You may submit any of the above Requests by contacting us by phone, email, or physical address indicated below in this Privacy Policy for Privacy Questions. When you submit any of the above requests, we may ask you to provide certain pieces of information in order to verify your identity. Upon receiving your request, Barcode.al will take reasonable steps to verify your identity and respond to a request by: (a) providing the requested information; or (b) explaining why Barcode.al is not required to provide the requested information or take the requested action. We will not discriminate against you for exercising your privacy rights.

If you are resident of Nevada, you may submit a verified request to us that we not make any sale (as defined under Nevada Revised Statute 603A.333) of any covered information that we have collected or will collect about you. However, please note that Barcode.al does not sell your Personal Information.

CCPA/CPRA PRIVACY NOTICE (CALIFORNIA RESIDENTS)

All terms used in this section pertaining to the privacy rights of California residents have the definitions given to them in the California Consumer Privacy Act of 2018 (“CCPA”) and the California Privacy Rights Act of 2020 ("CPRA"), unless otherwise clearly indicated. For purposes of this section, the terms “Personal Information” and “Sensitive Personal Information” have the same meanings as defined under Cal. Civ. Code 1798.140.

Barcode.al does not sell the personal information of California residents. Barcode.al does not share the personal information of California Residents with third parties for purposes of cross-context behavioral advertising. Barcode.al does not use or share Sensitive Personal Information of California Residents other than for an authorized business purpose under Section 1798.140(e). Barcode.al honors “do not track” signals and does not track, use cookies, or use advertising when a “do not track” mechanism is in place. Barcode.al does not authorize the collection of personally identifiable information from our users for third-party use through advertising technologies.

Barcode.al's status under the CPRA/CCPA is normally that of a “service provider.” Accordingly, Barcode.al confirms that it currently complies and will continue to comply with applicable provisions of the statute with respect to its function as a service provider. Specifically, Barcode.al confirms that when it receives Personal Information from its merchant customers or authorized distributors, Barcode.al processes that information only for authorized business purposes in accordance with the contracts it has with those businesses, and Barcode.al does not sell or otherwise use the Personal Information so received for any purpose other than providing the services to its customers or distributors pursuant to the contracts it has with those businesses. Barcode.al will take such actions and provide information as its customers and distributors may reasonably request to assist those businesses in complying with their relevant obligations under the statute.

To the extent that Barcode.al otherwise receives Personal Information directly from a consumer, Barcode.al states that:

Barcode.al has identified the categories of Personal Information that it collects and the business or commercial purposes for which the Personal Information will be used (for the past twelve months preceding the date this Policy was last updated) in Section 1 and Section 2 of this Policy, and these Sections serve as our Notice at Collection.
Barcode.al has and will maintain reasonable administrative, technical, and physical safeguards to ensure the data's confidentiality, integrity, and availability that are designed in accordance with applicable industry standards to prevent unauthorized or inappropriate access or use by, or disclosure to, third parties;
Barcode.al has and will maintain security measures appropriate to (i) protect data against accidental or unlawful destruction or loss, unauthorized alteration, unauthorized disclosure or access, in particular where the handling of or access to data involves the transmission of data over a network, and against all other unlawful forms of processing, and (ii) ensure a level of security appropriate to the risks presented by the services and the nature of the data to be protected, having regard to the state of the art and the cost of implementation;
Barcode.al has processes to receive and timely response to consumer requests to access, correct, modify, delete, or opt out of the sale of their Personal information and will comply with its statutory obligations with respect thereto.
Barcode.al will not sell, share, or otherwise disclose or use Personal Information received from a consumer other than as necessary to fulfill the specific purposes for which it was supplied to Barcode.al. Barcode.al does provide certain information, such as IP addresses, to third parties, which you can read more about below under “Cookies.”

As a California resident, you have the right to:

Request that we delete your Personal information.
Opt-out of the sale of your Personal Information (Barcode.al does not sell Personal Information of California residents);
Request that we limit our use or disclosure of Sensitive Personal Information (Barcode.al does not use or disclose Sensitive Personal Information other than for authorized business purposes).
Request information about (i) the categories of Personal Information we have collected about you; (ii) the categories of sources from which we have collected your Personal Information; (iii) the business or commercial purpose for collecting or selling your Personal Information; and (iv) the categories of third parties with whom we have shared your Personal Information.

To request access, correction, modification, deletion, or opt-out, you can use the phone, email, or physical address indicated below in this policy for Privacy Questions. Upon receiving a request, we will take reasonable steps to verify your identity and respond to a request by: (a) providing the requested information; or (b) explaining why the CCPA or CPRA does not require us to provide the requested information or take the requested action. Barcode.al may deny a request (but comply to the greatest extent that it can) if the consumer is unable or unwilling to verify his/her identity in conjunction with making such a request. We will not discriminate against California residents for exercising their rights under the CCPA or CPRA.

HOW TO ENSURE INTEGRITY AND ACCESS TO YOUR INFORMATION.

You can help ensure that your contact information and preferences are accurate, complete, and up-to-date by contacting us at privacy@barcode.al. For other personal information we hold, we will provide you with access (including a copy) for any purpose, including to request that we correct the data if it is inaccurate or delete the data if Barcode.al is not required to retain it by law or for legitimate business purposes. We may decline to process requests that are frivolous/vexatious, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by applicable law.

You may also contact us at privacy@barcode.al if you would like Barcode.al to delete the information that we have retained. However, in some circumstances, we may not be able to continue to provide you with some services if some kinds of information are deleted. Also, if we send you marketing emails, each email will contain instructions permitting you to opt out of receiving future marketing or other communications.

WHAT ARE COOKIES AND PLUGINS, AND HOW DO WE USE THEM?

Barcode.al online services, interactive applications, email messages, and advertisements may use "cookies" and other technologies, such as pixel tags and web beacons. These technologies help us better understand user behavior, tell us which parts of our websites people have visited, and facilitate and measure the effectiveness of advertisements and web searches. We treat information collected by cookies, IP addresses, or similar identifiers as personal information to the extent that such information can be linked to an individual. Similarly, to the extent that non-personal information is combined with personal information, we treat the combined information as personal information for the purposes of this privacy policy.

We may use different types of cookies, including functional, analytical, and tracking cookies. Functional cookies are necessary for the website to function properly and provide basic features. Analytical cookies help us analyze website traffic and improve our website's performance. Tracking cookies are used for targeted advertising and tracking user behavior on our website.

Ads that are delivered by the Barcode.al advertising platform may appear on the Barcode.al website, the websites of our affiliates, and in the Barcode.al Marketplace. You may see ads in third-party environments based on context, like your search query or the channel you are reading. In third-party apps, you may see ads based on other information. This reflects that cookies and similar data from web usage are used to generate and select advertising visible to the user.

Barcode.al and our partners also use cookies and other technologies to remember personal information when you use our website, online services, and applications. Our goal in these cases is to make your experience with Barcode.al more convenient and personal.

If you want to disable cookies, seek out the policies and terms of your internet web browser to manage your browsing privacy preferences. Please note that certain features of the Barcode.al website will not be available once cookies are disabled.

As is true of most internet services, we gather some information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exiting websites and applications, operating system, date/time stamp, and clickstream data.

We use this information to understand and analyze trends, to administer the site, to learn about user behavior on the site, to improve our products and services, and to gather demographic information about our user base as a whole. Barcode.al may use this information in our marketing and advertising services.

In some of our email messages, we use a "click-through URL" linked to content on the Barcode.al website. When customers click one of these URLs, they pass through a separate web server before arriving at the destination page on our website. We track this click-through data to help us determine interest in particular topics and measure the effectiveness of our customer communications. If you prefer not to be tracked in this way, you should not click text or graphic links in the email messages.

Pixel tags enable us to send email messages in a format that customers can read, and they tell us whether mail has been opened. We may use this information to reduce or eliminate messages sent to customers.

The period of retention of personal data depends on the specific cookie used to collect the data, but in all cases, the retention period shall not exceed 2 years.

PLUGINS

The websites managed by Barcode.al utilize social plugins for various functionalities. These plugins are installed on the website to facilitate user redirection to the Barcode.al social media accounts or communication windows on communication platforms.

Upon clicking on the plugin icons, users are directed to the respective plugin manager's page, where information such as the originating page of the request, request time, and date may be shared with the plugin manager. Notably, these plugins can be identified by the distinct logos of "Facebook," "Twitter," and "LinkedIn."

It is important to note that any information provided by individuals on the plugin manager's page or obtained through the links to the plugins on the Barcode.al website is subject to the control and privacy policies of the respective plugin managers. These privacy policies encompass critical aspects such as the collection and storage of personal data, legal bases for data processing, retention periods, and the technical and organizational security measures in place.

For any further inquiries or concerns regarding the handling of personal data through these plugins, users are encouraged to review the privacy notices of the respective plugin managers.

CHILDREN’S POLICY.

We do not knowingly collect or solicit any information from anyone under the age of 18 on or through the services. If we learn that we have nevertheless collected personal information from a child under the age 18 without parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from a child under 18 without parental consent, please contact us using the contact details listed below at the end of this privacy policy.

THIRD-PARTY SITES AND SERVICES

Barcode.al websites, products, applications, and services may contain links to third-party websites, products, and services. Our products and services may also use or offer products or services from third parties.

Information collected by third parties is governed by their privacy practices. We encourage you to learn about the privacy practices of those third parties.

If you purchase a subscription in a third-party app, we create an identifier that is unique to you and the developer or publisher that we use to provide reports to the developer or publisher that include information about the subscription you purchased and other pertinent information. This information is provided to developers so that they can understand the performance of their subscriptions.

If contests or promotions are made available, the applicable contest or promotion rules may include additional rules regarding the collection, use, and disclosure of personal information. To the extent that those specific rules conflict with this Privacy Policy, the contest or promotion rules will supersede this Privacy Policy with respect to the conflicting terms and the non-conflicting terms of this Privacy Policy, and our Terms of Use will continue to apply. Silence shall not be deemed a conflict.

SOCIAL MEDIA ACCOUNTS

We have set up and manage our accounts on social media (LinkedIn, Facebook, and Instagram), but the information provided by you using social media (including messages, the use of “like” and “follow” thumbnails, and other communication) or received when you visit social media accounts managed by us or read entries posted by us is controlled by the operators of the social media.

As the administrators of the social media accounts, we shall select appropriate settings, taking into account our target audience and the aims of managing and promoting our activities, but the operators of social media may restrict our ability to change certain key settings. As a result, we are unable to influence the type of information the social media operators collect about you after we create our account.

The scope of the data received by us as the administrator of social media accounts depends on the account settings selected by us, agreements with the social media operators for additional services, and the cookies used by the social media.

Privacy Policy