Privacy Policy
We regularly update this Privacy Notice to ensure that you are always accurately informed about how we collect, hold, and manage your Personal Information. Please read this Privacy Notice together with our Terms of Use and any other documents referred to in it to help you make informed decisions about providing EPOS NOW with your Personal Information.
“Personal Information” “Personal Data”, “Data” or “Non-public personal information (or NPI)” in this Privacy Policy all relate to the personal information of identifiable living individuals and the terms may be used interchangeably.
This Privacy Policy relates to any living individual providing Personal Information to Epos Now. We will for that purpose use the term “You” or “you” in this policy.
Who are Epos Now?
Epos Now is a leader in providing cloud POS. We act as the “data controller” for our customers, employees, and partners. For Data Subjects using the POS systems we provide to our customers, we are a “data processor”.
If you are in countries other than Australia, Canada, Mexico, Spain, USA and New Zealand references in this policy to Epos Now are to EPOS NOW (UK) LIMITED which is a company registered in England and Wales (company no. 07666961) and with its registered address at 2 Whiting Road, Norwich Business Park, Norwich, NR4 6DJ, England, United Kingdom.
For customers in the USA and Mexico references to Epos Now are to Epos Now LLC, The Chase Plaza, 121-189 S. Orange Avenue, FL 32801, United States. For US customers, please read our section on GLBA compliance and NPI opt-outs below.
For customers in Australia and New Zealand, references to Epos Now are to Epos Systems Pty Limited of PO Box 621, Buddina, Queensland, QLD 4575, Australia, which is also registered as a foreign company in New Zealand.
In Canada references to Epos Now are to Epos Now Limited of 1881 Steeles Ave., W., C/o Cbes 406, Toronto, Ontario, Canada, M3H 0A1.
In Spain references to Epos Now are to Epos Now S.L.U. of Calle Vallehermoso 82, 28015 Madrid, España.
For the purposes of the Data Protection Act 2018 and the European General Data Protection Regulation (EU 2016/679) (“GDPR”) and any other applicable data protection and privacy laws and regulations (collectively "Data Protection Legislation"), Epos Now is the data controller for all Personal Information and we determine the means and purpose of processing. Epos Now has registered with the UK Information Commissioners Office (ICO) under registration number ZA201586 and we have a Data Protection Officer.
Our registration with the ICO and all of our data protection practices are aimed at ensuring we provide all of the protection required under Data Protection Legislation to your Personal Information. This Privacy Notice is designed to inform you how we do that in a clear and concise fashion. If you have any questions about our data handling practices or require assistance in understanding this notice, please contact us via the details given in the "how you can contact us" section below.
What personal data do we collect from or about you?
As a general summary, we collect personal information to enable us to provide You with the services we offer and to contact you about other products, promotions, services, offers and advice we think you will like. We will contact you with updates about your order and enquiries and we will also send you surveys from time to time to help us improve the service we offer.
Specifically, we collect information as follows:
When using our Website
Whilst you can use the Website without giving out Your personal data, once You contact us via the Website or upload user information, Epos Now collects information about you, which may include:
- Your name;
- Address;
- Email address; and
- Telephone numbers (including mobile)
We may also collect technical information about you when you visit the Website. This information may include:
- the Internet protocol (IP) address used to connect your computer to the Internet;
- Your browser type and version;
- time zone setting; and
- operating system and platform, and browser plug-in types and versions
- Information about your visit(s) to the Website may also be collected. The collected information is used to provide an overview of how people are accessing and using the Website. It is not used for any additional purpose, such as to profile those who access the Website
We assume that when using our Website, you will enter via our homepage which contains links to our various policies and procedures.
When you have registered interest in our services
If you have provided Your request for further information about our services to one of our trusted partners, we will seek sufficient personal information about You to allow us to contact you and reply to Your inquiry, such as:
- Your name;
- email address;
- business or home address;
- telephone number; and
- Social Handles
You always have the right to opt-out of receiving marketing information from Epos Now at any time. If you have chosen to subscribe to our marketing information, we will collect the minimum contact information required to provide you with our newsletter, offers, and updates including:
- Your name
- email address; and
- telephone number
- Free Trial User - Analysis
When You purchase our POS system services
We may need to collect and use your personal information to create an account for the business requesting our services. This will always be collected directly from You and may include:
- Your name;
- Postal address;
- Invoicing details/address;
- Information regarding the services You request;
- Supplementary information You provide us about Yourself when contacting us;
- Email address; and
- Telephone numbers (including mobile)
When you use our Products
When using our products, you may need to log in to our back office. We use cookies to establish how you use the system. These cookies allow us to establish which device is using our system and provides functionality. If you disable cookies, as explained in our cookies policy, you will be able only to experience basic functionality limited to being able to log in and out.
When you contact our customer support
During Your customer support interactions we may collect the following information from You:
- Account Number;
- Your name;
- Work contact details (email address and telephone number);
- Professional information (business role and responsibilities); and
- Information regarding the services you request
as well as any additional information you choose to volunteer to us. We will only retain the information required to provide you with the support you request.
Where a remote service is provided to resolve a service issue, we will record the session for internal use only, so we have a record for further support or to use it as the basis of further resolution.
When you sign up to Epos Now Payments
Epos Now Payments has its own onboarding procedures, where you will be required to provide such personal and business information that allows us to operate our payments systems, undertake money-laundering compliance and comply with the requirements of scheme owners such as VISA and Mastercard. Epos Now Payments has its own terms and conditions with links to the requirements of the scheme owners and the requirements of the bank that we use to facilitate and host the service. We will process your information in order to carry out the legal requirements compliance requirements above and, once onboarding is complete, in order to fulfil the contractual obligations which we and you have to each other. Personal Information will be deleted 6 years after you cease to use Epos Now Payments.
Please note that Epos Now is not a bank and our Payments solution is provided by a third party facilitating bank (Adyen N.V.).
Marketing our products and services to you
Once you sign up to our services, we will primarily communicate with you by email. In relation to marketing emails, you will be asked to pre-approve us sending these and you may unsubscribe at any time by clicking the “unsubscribe” button or by emailing us at the address below.
We occasionally run postal marketing promotions in relation to products and services from ourselves or trusted partners that we think will be of interest to your business. We will use a professional mailing organisation for such promotions and will pass them your business contact details. You may opt out of such marketing information by emailing us at the address below.
You are not under any obligation to opt-in to any marketing communications and You can opt-out of any of these data uses at any time by emailing info@eposnow.com. We will only keep your information for as long as reasonably required
Recording of telephone calls
We routinely record telephone calls as our sales are often undertaken by telephone and we need to record so we and you can establish the contents of any contractual arrangements we have made with you. We will also record calls with customer support so we can show whether we have dealt with any issues raised and for training and quality purposes. Call recordings are automatically deleted from our system after a rolling 365 days.
If you fail to provide us with Personal Information
You always reserve the right to withhold Your personal information, but this may considerably affect and limit how we provide our services
Where we need to collect personal data by law, or under the terms of a contract we have with You and You fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service You have with us but we will notify you if this is the case.
What do we do with the information we collect
We will only ever use your personal information when allowed to by law and always under a documented lawful basis for processing.
We may use your personal information:
- to assess Your suitability for any particular service;
- to create an account for our services;
- to manage service cases as and when they arise;
- to process order requests for our services;
- to process repeat payments for services You have purchased;
- to give you information that You request from us and to improve our services;
- to notify you about changes to our services;
- to allow us to operate the Website efficiently;
- to comply with the requirements of payment scheme owners such as VISA and Mastercard;
- any relevant troubleshooting, testing or statistical analysis as appropriate; and
to keep the Website secure
We may, where we have obtained your permission, also use the information collected to:
- Provide you with information about our services that we offer via promotional emails;
- keep you up to date with features on the Website; and
- permit selected third parties to provide you with information about goods or services we feel may interest You (a list of such third parties are available on request).
Lawful basis of processing
We always ensure that a lawful basis (as defined in the UK Data Protection Act 2018 and GDPR) exists for all the Personal Information we process at Epos Now.
We will only process your information for as long as we have a relevant lawful basis to do so. This is usually in order to provide you with the contractual services you have requested from Epos Now or if you have provided us with adequate consent to process your information for other purposes.
If we choose to process your information under the lawful basis of legitimate interests, we will always inform you of our legitimate business interest and your right to object.
If you choose to access your Personal Information under the rights afforded to you by Data Protection Legislation, we will always inform you of the lawful basis under which we process your information.
How do we protect your personal data
We take our security obligations very seriously and constantly monitor for breaches and potential weaknesses.
When we collect information about you, we also make sure that our information is protected from unauthorised access, loss, manipulation, falsification, destruction, or unauthorised disclosure. This is done through appropriate technical measures. We use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we authorise access to Personal Information only for those employees who require it to fulfil their job responsibilities. Our staff are subject to obligations of confidentiality in their contracts of employment.
However, you should be aware that providing information over the internet can never be guaranteed as being completely safe and if you choose to send such information to us via the internet, you do so at your own risk.
Cross-border data transfers
If we are required to store or process your data outside of the European Economic Area and/or UK, we will comply with the provisions of the Data Protection Act 2018 and GDPR and any other guidance issued by the EU for data transfers from the EU to the UK. In July 2021 it has been confirmed that the UK has an adequacy ruling and that data can flow between the UK and EEA for the next 4 years.
We shall not transfer any Personal Information to any country outside of the UK or European Economic Area unless we ensure that such Personal Information is subject to an adequate level of protection and appropriate legal safeguards in accordance with Data Protection Legislation. If You wish to access your Personal Information, we will inform you of the transfers we make (if any) and the legal safeguards we have employed to ensure the ongoing security and protection of Your data.
EU/USA data-sharing governance: As the result of the decision of the European Court in July 2020 in the Schrems II case which affected the use of Privacy Shield, Epos Now will ensure that transfers of data from the UK/EEA to the USA will be covered by Standard Contract Clauses as approved by the European Commission, by agreements between our companies or such other guidance issued by the ICO following the UK’s withdrawal from the EU.
Sharing Your information with others
We take our responsibilities for sharing data seriously. The following situations are those when we may share Your data:
- to staff members in order to facilitate the provision of goods or services to you;
- to third party companies in order to facilitate the provision or delivery to you of goods or services or apps or payment services;
- to our affiliated entities to support internal administration;
- IT software providers that host our website and store data on our behalf;
- Mailing companies when we run postal marketing campaigns (save where you have opted out);
- analytics and search engine providers that assist us in the improvement and optimisation of the Website
- professional advisers including consultants, lawyers, bankers and insurers who provide us with consultancy, banking, legal, insurance and accounting services;
- To debt collection agencies in the event that we have a business need to recover unpaid invoices;
- HM Revenue and Customs, regulators and other authorities in your local jurisdiction who require reporting of processing activities in certain circumstances;
- In response to subpoenas for information;
- if Epos Now is acquired by a third party, in which case Personal Information held by it about its customers will be one of the transferred assets. We would process Your Personal Information for this purpose because we have a legitimate interest to ensure our business can be continued by the buyer. If You object to our use of Your Personal Information in this way, the relevant seller or buyer of our business may not be able to provide services to You.
- We may disclose personal data to the police, regulatory bodies, legal advisors or similar third parties including scheme owners such as VISA and Mastercard where we are under a legal duty to disclose or share personal data in order to comply with any legal obligation (whether statutory or by court subpoena), or in order to enforce or apply our website terms and conditions and other agreements; or to protect our rights, property, or safety of our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- To card payment providers in order to deal with any queries raised by you directly to those providers concerning any purchases from Epos Now, including refunds and chargebacks.
If and when we share your data with third parties on a commercial basis, we always do so under a written agreement governing how your data must be processed and protected.
Our obligations under Data Protection Law and your options to control your Personal Information
If you are an individual (as opposed to a Limited Company) you have rights in relation to any Personal Information that we hold about you. If You wish to access your Personal Information you may make a formal subject access request by contacting Epos Now. We will respond within the prescribed period of 30 days unless we meet the grounds for an extension.
The information you request must relate to you or another individual in relation to whom you have the authority to act on their behalf. Epos Now will require confirmation of your ID prior to providing any information about the data we hold. If You are unable to provide sufficient information to prove your ID, Epos Now reserves the right to refuse your request for access to Personal Information.
The rights you have in relation to the Personal Information we hold regarding you are:
- the right to rectify any inaccuracies in the information we hold;
- the right to the erasure of information in specific circumstances;
- the right to request the transfer of your information to another controller; and
- the right to object to or restrict processing in specified circumstances.
If you have provided us with consent to process your personal information and we process on the lawful basis of that consent only, you always reserve the right to withdraw this consent via the method detailed in the paragraph below. We are committed to ensuring that your wishes are respected and upon notification that you wish to withdraw your consent, Epos Now will immediately cease processing the information in question.
You can withdraw your consent or access any information we hold on your behalf by contacting us at info@eposnow.com. We will always process your request within one month.
Changes to this Privacy Policy: We may change this Privacy Notice at any time to ensure it always accurately reflects the way we collect, use, and safeguard Your Personal Information.
Please check this notice from time to time to ensure you are aware of any updates we may have made to our Personal Information handling practices. The date of the changes will be listed in the 'Last updated' section below. We will endeavour to notify all of our current clients of any updates to this notice via email and we will post the relevant announcement on our website homepage.
We recommend that You print a copy of this page for Your reference.
The Gramm-Leach-Bliley Act (GLBA) (US customers only)
We do not consider ourselves a financial institution and the financial products that we market are provided by other organizations. Nonetheless, our data protection standards meet the criteria set by GLBA and we aim to meet its obligations. In particular:
- we safeguard and monitor customer records and information.
- we create and maintain effective risk assessments.
- We identify, implement and audit specific internal security controls that protect this data.
We will typically share your NPI as set out elsewhere in this privacy policy. Particularly with affiliated payment services providers (so that you can make payments through using our hardware) or companies with which we have a specific contractual relationship with. These are limited to a small number and we consider they add to the overall service options for You.
You may at any time opt-out of us providing your NPI to non-affiliates. Please contact us as set out below.
How do we use cookies?
This Website uses cookies to help us recognize different users of the Website and to provide users of the Website with a good experience when using it. Please see our Cookie Policy for further information.
Further information about cookies is also available from https://allaboutcookies.org/
It is possible to block cookies from websites you visit by setting your internet browser to not accept them or to remove them entirely. The websites aboutcookies.org and allaboutcookies.org provide instructions on how to do this.
How can you make a complaint?
Please note that if You are not satisfied with the processing of Your Personal Information as set out in this Privacy Policy, please contact us at data.requests@eposnow.com.
If you live in the UK you have the right to issue a complaint directly with the Information Commissioners Office (https://ico.org.uk/concerns/)
In compliance with the Privacy Shield Principles, Epos Now commits to resolve complaints about our collection or use of Your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact data.requests@eposnow.com.
Epos Now has further committed to cooperate with the panel established by the EU data protection authorities with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship.
How can you contact us?
Please contact us at info@eposnow.com if You have any questions, comments, or requests regarding this Privacy Policy.
You may also write to us at the following address:
Data Protection Officer,
3 Whiting Road,
Norwich Business Park,
Norwich,
NR4 6DJ,
England.
Last updated January 2023
Version 1.4