PRIVACY POLICY

1. Controller and contact details

DTiQ Technologies, Inc, 111 Speen Street #550, Framingham, MA 01701 is responsible for this platform and the controller of the personal data collected during your use of the website.
You can reach our data protection officer by sending an email to dpo@dtiq.com.

For residents of the EU and UK, the representative of DTiQ pursuant to Art. 27 of the GDPR is: DAPR sp. z o.o., ul. Zurawia 47, 00-680, Warsaw, Poland. Mikolaj Otmianowski; kontakt@dapr.pl

If you have any questions regarding this Privacy Policy or the processing of your personal data, you are welcome to contact our data protection officer by e-mail under the subject matter “Data protection”.

2. Definitions

• “personal data” means any information reasonably relating to an identified or identifiable natural person or household; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors, including but not limited to “personal data” as defined by the GDPR and “personal information” as defined by the CCPA;
• “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3. Processing of personal data when using https://www.dtiq.com/ (“Website”) for informational purposes

As far as you visit the Website for informational purposes without providing personal data via the registration, Contact us or Book a Demo function, your internet connection data provided from your browser to our server are processed. This information consists only to a limited extent of personal data. When accessing our Website, we process the following categories of data:

• (a) IP address
• (b) Date and time of visit
• (d) URLs of pages visited
• (e) Number of pages visited
• (f) Last activity date and time
• (g) Referral website and information
• (h) Type, language, and version of browser
• (i) Device ID

This information is processed to allow the use of our website (e.g. by adapting our website to the requirements of your device). The legal basis for data processing is Art. 6 (1) 1 (b) GDPR as we require the automatically-collected data for an effective provision of our website and Art. 6 (1) 1 (f) GDPR as the recording of the data serves our legitimate interest in ensuring the stability and security of the website.

4. Processing of personal data when contacting us

If you contact us, we process the data provided by you in the process, for example, your name, last name, e-mail address, address (depending on the respective inquiry) and telephone number, country, and ZIP code as well as the company name in order to handle your inquiry, for example when you require support services or store stickers or if you have specific questions concerning our services, to reply to your inquiry, in accordance with Art. 6 (1) 1 (b) GDPR. The provision of data is voluntary, however, the failure to do so may prevent us from accurately responding to your questions, depending on the respective inquiry.

Personal data provided by you on our Website via our contact form, or an email address provided for our Newsletter subscription service, will be stored in our service database and retained for the period necessary to fulfill the business or contractual obligations to you in accordance with Art. 6 (1) (b) of the GDPR, unless a longer retention period is required by law.

As of the date of this Privacy Policy, DTiQ processes personal data when you Book a Demo, Book a Consultation, subscribe to our Newsletter or contact us for additional information. By submitting a form through DTiQ’s website to Book a Demo, Book a Consultation, sign-up for additional information subscribe to our Newsletter or any other purpose, you are consenting to the terms and conditions of DTiQ’s Privacy Policy and the storing and processing of your personal data for the purposes of satisfying your request in accordance with the terms of this Privacy Policy.

If you are our client and have subscribed to our Newsletter, this information may be combined with other data processed under section 5 below for the purposes of improving our services.

5. Processing of personal data when providing services to our business subscribers

DTiQ also provides video surveillance and analytics tools to our business subscribers. In doing so, DTiQ processes video recordings from restaurants, retail stores, and other locations (“video data”) based on our business subscribers’ placement and use of video cameras. We process video data by providing our business subscribers with platforms where they can review and replay those video recordings and by providing certain data analytics to improve business subscriber performance, including verifying transactions, enforcing cash handling processes, ensuring prompt speed-of-service, enforcing food handling policies, and ensuring that emergency exits remain unobstructed. While video data capture images, DTiQ does not use video data to identify individuals and does not analyze or store biometric information. DTiQ’s subscribers are responsible for making any disclosures or obtaining any necessary consent before using DTiQ services to collect video data.

Video data will be stored in our service platform and retained for the period necessary to fulfill the business or contractual obligations to our subscribers in accordance with Art. 6 (1) (b) of the GDPR, unless a longer retention period is required by law.

6. Cookies

We use cookies on our website. Cookies are text files that are saved on your browser. These text files can be read by websites and help to identify your preferences or your device and are mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience.Some cookies serve to store preferences and are deleted again after the end of the browser session, i.e. after closing the browser, so-called session cookies. Other cookies serve to better adapt the website to user needs and remain on the end device, so-called permanent or persistent cookies. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

When you are on our website, a cookie consent banner will appear that will allow you to consent to or opt out of one or more categories of cookies. In addition, you can set your browser settings to allow cookies only in individual cases, limit the acceptance of cookies to certain cases or generally exclude them and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

If you want to delete any cookies already on your computer, please refer to your browser vendor’s instructions by clicking “Help” in your browser menu. You can also find out more about cookies and how to delete and control them on www.aboutcookies.org or click “Help” in your browser menu.

Below is an explanation of various categories of cookies we use as of the date of this privacy policy:

Strictly Necessary Cookies

Strictly necessary cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in, or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

Performance cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.

Functional Cookies

Functional cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Targeting Cookies

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social Media Cookies

Social Media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

7. Social plugins

Our Website uses social media plugins from Facebook, Twitter, and LinkedIn (“Plugins”). The providers of these services can communicate with you via Plugins and collect information about your visit to our Website. This processing is based on Art. 6 (1) 1 lit. a GDPR.

In order to increase the protection of your data when visiting our website, the Plugins are integrated into the website by means of the so-called “2-click solution”. This integration ensures that when you visit a site on our website that contains Plugins, no connection is established with the Facebook, Twitter and LinkedIn servers. Your browser only establishes a direct connection to the servers of Facebook, Twitter, and LinkedIn when you activate the Plugins and thus give your consent to the data transfer. The content of the respective Plugin is then transmitted directly to your browser by the respective provider and integrated into the Website. If you are already registered with one of the social networks, the transmission takes place on Facebook without another window. On Twitter, a pop-up window appears in which you can edit the text of the tweet.

7.1 Facebook

Our website uses Plugins of the social network facebook.com, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The Plugins are marked with a white “f” on a tile. The list and appearance of the Facebook Social Plugin can be viewed here: https://developers.facebook.com/docs/plugins/?locale=en_US#page-plugin.

If you activate the Facebook Plugin, the content of the Facebook Plugin is transmitted directly to your browser and integrated into the website by it. We have no influence on the amount of data that Facebook collects with the help of this Plugin and therefore inform you according to our state of knowledge: https://www.facebook.com/help/186325668085084.

By integrating the Plugins, Facebook receives the information that a user has called the corresponding website of the offer. If the user is logged in to Facebook, Facebook can assign the visit to his Facebook account. When users interact with the Plugins the corresponding information is transferred directly from your browser to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to find out his IP address and save it.

The data processing is carried out in the interest of an appealing presentation and simplification of the use of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 (1) 1 lit. f GDPR.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the related rights and setting options to protect the privacy of users can be found in Facebook’s data protection information: https://www.facebook.com/about/privacy/.

7.2 Twitter

On our Website, functions of the Twitter service are integrated. These functions are offered by Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “Re-Tweet” function, the Website you visit is linked to your Twitter account and made known to other users. Data is also transferred to Twitter.

The data processing is carried out in the interest of an appealing presentation and simplification of the use of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 (1) 1 lit. f GDPR.

Please note that as the provider of this Website, we have no influence on the amount of transmitted data or its use by Twitter and therefore inform you according to our state of knowledge. Further information on this can be found in Twitter’s privacy policy at http://twitter.com/privacy.
You can change your Twitter privacy settings in your account settings at http://twitter.com/account/settings

7.3 LinkedIn

We use components of the LinkedIn network on our Website. LinkedIn is a service of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you visit our Website that is equipped with such a component, that component will cause the browser you are using to download an appropriate representation of the LinkedIn component.

This process tells LinkedIn which specific web page of our Website is currently being visited. If you click the LinkedIn “Recommend button” while logged into your LinkedIn account, you can link the content of our Website to your LinkedIn profile. This enables LinkedIn to assign the visit to our Website to your LinkedIn user account.
The data processing is carried out in the interest of an appealing presentation and simplification of the use of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 (1) 1 lit. f GDPR.

We have no influence on the data that LinkedIn collects through this, nor on the extent of this data collected by LinkedIn and therefore inform you according to our state of knowledge. Details about the data collection by LinkedIn as well as about your rights and settings can be found in the privacy policy of LinkedIn. You can find this information at http://www.linkedin.com/legal/privacy-policy.

8. Transfer of personal data to third parties

Except in the cases mentioned in this Privacy Policy, your personal data will not be disclosed to third parties. Personal data may be disclosed to third parties who act on our behalf to process the personal data in accordance with its original purposes, such as hosting our platform, fulfilling the services offered, evaluating the user behavior of our Website, or technical support. These third parties are contractually obligated by us under statutorily designated agreements to use personal data only for the agreed purpose or not to disclose your personal data to other parties without permission unless required by law. If other categories of recipients of personal data arise as a result of future data collection, we will inform you of this at the time this information is collected for this purpose.

It is sometimes necessary to transfer your personal data described above to countries outside the EU and the EEA (so-called third countries), e.g. the USA.
Please note that data processed in third countries may be subject to foreign laws and are accessible to local governments, courts and law enforcement and supervisory authorities. However, when your personal data is transferred to third countries, we will take appropriate measures to secure your data appropriately.

8.1 Cloud provider

We use the cloud provider Salesforce.com, Inc., 415 Mission St., 3rd Floor, San Francisco, CA 94105, USA as a contract processor for hosting data.
The provider Salesforce.com, Inc. is certified under the EU-US Privacy Shield, so that the legal prerequisites for the adequacy of the data protection level pursuant to Art. 45 GDPR are met. The legal basis for the transfer is Art. 28 GDPR in conjunction with the respective data processing agreement.

8.2 Marketing service provider

(a) We use Pardot, provided by Salesforce.com, Inc., 415 Mission St., 3rd Floor, San Francisco, CA 94105, USA for Advertisement, Promotions and Newsletter services as well as for the provision of other customer and prospective customer incentives services and notifications on the Website.
The provider Salesforce.com, Inc. is certified under the EU-US Privacy Shield, so that the legal prerequisites for the adequacy of the data protection level pursuant to Art. 45 GDPR are met. The legal basis for the transfer is Art. 28 GDPR in conjunction with the respective data processing agreement.

The transfer is protected by the application of the so-called EU standard contractual clauses (see https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32010D0087). For a copy of the respective safeguards or further details, please contact us under the contact information provided above.

9. Data security

Taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing as well as the different probability of occurrence and severity of the risk for your rights and freedoms, we take appropriate technical and organizational measures in accordance with Art. 32 GDPR to ensure a level of protection appropriate to the risk.

10. Your rights – European Union

You have the following rights:

• the right of access regarding personal data concerning you being processed by us;
• the right to rectification of inaccurate personal data;
• the right to the erasure of personal data concerning you (‘right to be forgotten’);
• the right to restriction of processing of personal data;
• the right to receive the personal data concerning you in a structured, commonly used and machine-readable format where the processing is based on consent or with regard to a contractual relationship with you (‘right to data portability’);
• the right not to be subject to a decision based solely on automated processing;
• the right to lodge a complaint with the competent supervisory authority.

Right to object

Furthermore, you have the right to object to the processing of personal data concerning you

• where personal data are processed for direct marketing purposes; or
• where the processing of personal data is based on Art. 6 (1) 1 (f) GDPR on grounds relating to your particular situation.

You can exercise these rights by e-mail to our data protection or by post to the address listed above.

11. Your rights – Nevada residents

Nevada residents have the right to submit a verified request directing us not to sell their personal data. If you are a Nevada resident and would like to submit such a request, please send your request to dpo@dtiq.com.

12. Your rights – California residents

NO SALE OF PERSONAL DATA

DTiQ has not sold personal data in the preceding twelve (12) months.

ACCESS TO SPECIFIC INFORMATION AND DATA PORTABILITY RIGHTS

You have the right, subject to certain exceptions defined in the CCPA and other applicable laws and regulations, to request that companies disclose certain information to you about their collection and use of your personal data over the past 12 months. This right of access includes information about:

• The categories of personal data we collected about you.
• The categories of sources for the personal data we collected about you.
• Our business or commercial purpose for collecting that personal data.
• The categories of third parties with whom we share that personal data.
• The categories of personal data that each recipient received.
• The specific pieces of personal data we collected about you.

DELETION REQUEST RIGHTS

You have the right, subject to certain exceptions defined in the CCPA and other applicable laws and regulations, to request that a company delete any of your personal data that it has collected from you and retained, subject to certain exceptions.

DTiQ IS A SERVICE PROVIDER UNDER THE CCPA

When providing video surveillance technology to its clients, DTiQ is acting as a service provider as defined by the CCPA because DTiQ collects your personal data on behalf of one of DTiQ’s clients. Any request for such video surveillance information should be made directly to the company that operates the restaurant, retail location, or other facility that uses DTiQ technology. If you submit a verified consumer request to DTiQ for such information, we will direct you to make that request directly to our client. If DTiQ has collected your personal data outside of its role as a service provider, DTiQ will respond to your verified consumer request accordingly.

EXERCISING ACCESS, DATA PORTABILITY, AND DELETION RIGHTS

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by emailing us at dpo@dtiq.com.
The verifiable consumer request must:

Provide sufficient information that allows us to verify, to a reasonably high degree of certainty, that you are the person about whom we collected personal data. This may include requesting that you provide us with at least two or more pieces of personal data to match against personal data about you that we may or may not maintain and which we have determined to be reliable for the purpose of verification.

Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request and confirm the personal data relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal data provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period.

AUTHORIZED AGENT

Only you, or a person you have designated in writing as your authorized agent, or who is registered with the California Secretary of State to act on your behalf, or to whom you have provided power of attorney pursuant to California Probate Code sections 4000 to 4465, (“Authorized Agent”), may make a verifiable consumer request related to your personal data. You may also make a verifiable consumer request on behalf of your minor child.

If you wish to have an Authorized Agent make a verifiable consumer request on your behalf, they will need to provide us with sufficient written proof that you have designated them as your Authorized Agent and we will still require you to provide sufficient information to allow us to reasonably verify that you are the person about whom we collected personal data.

NON-DISCRIMINATION

You have the right not to receive discriminatory treatment for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

• Deny your services.
• Charge you different prices or rates for services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of services.
• Suggest that you may receive a different price or rate for services or a different level or quality of services.

OTHER CALIFORNIA PRIVACY RIGHTS

Websites operated by DTiQ currently do not respond to “do not track” signals or similar mechanisms.
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website and Services that are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please send an email to dpo@dtiq.com or write us to the address listed below.

13. Children

Our website is not directed to children. We do not knowingly collect or solicit personal data from children under the age of 13 (or other relevant age, as applicable, pursuant to relevant law) through our website. If we become aware that we have collected personal data from a child under such age, we will promptly delete the information from our records. If you become aware that your child or any child under your care has provided us with personal data without your consent, please contact us at dpo@dtiq.com.

14. Changes to this Privacy Policy

This Privacy Policy may be updated from time to time and without prior notice to you, and any changes will be effective immediately upon the posting of the revised Privacy Policy. However, if we make any revisions that materially change the ways in which we use or share the Personal Data we have about you, we will provide notice before the change goes into effect and obtain your consent to any such changes as may be required by law.

This Privacy Policy was last updated in January 2021.