This Privacy Policy provides insight into our GDPR, FTC Act, CCPA and GLBA compliance, and will outline how our company handles personal data we collect from you to facilitate payments with our restaurant clients. Below you will find details on what data we collect, how we collect data, how data will be used, how data is stored, what your data protection rights are, how to manage your data with CheckPlease, and how to contact us if you have a question or data request.
CheckPlease, depending on the method of payment, may receive a restaurant guest’s credit card number, zip code, and expiration date when guest’s provide it to pay their check, otherwise known as a bill, via CheckPlease software. The guest’s credit card information is encrypted and sent to the restaurant’s credit card handling system to facilitate the transaction, and is not stored on CheckPlease software.
The restaurant’s credit card handling system, which generally includes the point of sale (POS) system, processor, and gateway, will use the credit card information provided by the guest to charge the guest credit card on behalf of the restaurant.
If a restaurant guest pays a check using CheckPlease software, but instead uses Apple Pay, Google Pay, or Samsung Pay, CheckPlease is provided an encrypted token and does not receive the credit card information of the restaurant guest at any time.
CheckPlease may also receive personal information that includes, but is not limited to the guest’s name, phone number, IP address, information sent to CheckPlease from the guest’s mobile device like device ID’s, browser details, digital signature images, as well as the date and time of when the guest has interacted with CheckPlease software. If a restaurant is provided permission by the guest to send them a text to pay for their check or bill, CheckPlease will store the name and phone number of the guest. See more information for Texting Opt-In below. If a restaurant guest provided their email address to CheckPlease, which is needed in order to send a guest an email copy of their receipt, then CheckPlease will store their email address. This helps CheckPlease ensure multiple emails are not sent to the same guest for the same check receipt. If a restaurant guest provides feedback via a feedback form at the end of a transaction or elsewhere, CheckPlease will collect this information as well. This information is shared with the restaurant so that they can continue to optimize their daily operations.
Any and all information is used to optimize the dining experience and facilitate a restaurant guest’s payment as securely and efficiently as feasible by CheckPlease at the time of the guest’s transaction. This generally includes sharing payment related and personal Information with third party systems that are part of the restaurant’s daily operation, such as the Point of Sale system and the Payment /Gateway Processor. Information may, from time to time, be used or shared to verify a credible transaction in case of a payment dispute that a customer may have with a restaurant. Personal information is not transferred internationally, outside of the United States and Canada.
CheckPlease may internally use information for customer support, data analysis, to improve business to consumer marketing efforts for our clients, system improvements and overall customer relationship management. Personal data will NOT be shared with or sold to third parties/affiliates for marketing or promotional purposes.
The CheckPlease Text-to-Pay product requires a verbal opt-in by the guest of the F&B revenue center to receive an SMS text message. The F&B revenue center will educate the guest upon checking in at the host(ess) station, or over the phone, that if they wish to use the contactless payment option, that they must verbally say Yes and provide their phone number. They continue to explain that by providing the phone number, they consent to opt-in to receive a one-time text sent by CheckPlease that will include an embedded link with access to their live check. Below is a script of the process and how the verbal consent to opt-in happens.
Server/Host(ess): Welcome to Restaurant XYZ. Before I take you to your table, would you like to opt-in to our contactless payment solution? It will allow us to send a one-time text message to your phone with a link to your check, so you can check out whenever you are ready. This service is a one-time text and will not be used for Marketing purposes. Message and data rates may apply. If so, we will just need a verbal Yes and your phone number to opt-in.
Guest: Yes.
Server/Hostess: Great! Can you please provide me with your cellphone number? Guest: My cellphone number is (xxx) xxx-xxxx.
CheckPlease does not store credit card information. Other Personal Information as noted in the previous section is stored on CheckPlease secure servers and/or the servers and systems of any third-party service providers to CheckPlease, or the restaurant related to any checks accessed or paid through CheckPlease software. We may elect to dispose your personal data upon the cancellation of a client (restaurant) contract.
For any of the below, you must email support@checkpls.io. You have the right to request copies of your personal data from CheckPlease. CheckPlease may, hold the right to, charge a small fee to fulfill this request. You have the right to request that we rectify any incomplete or incorrect personal data of yours that we store. You have the right to request that CheckPlease erase your personal data. You have the right to request that CheckPlease restrict further processing of your personal data. If a request is submitted, our typical turnaround time is within thirty (30) days. Individuals can act on their rights, if they feel there was a breach of this Privacy Policy by:
United States – File a complaint with the Federal Trade Commission.
Canada – Fill out the Privacy Act Material Breach Report Form.
Europe (GDPR) – File a complaint with the European Data Protection Board Directory.
Our security program is based on configuring and monitoring various security measures within Azure, such as firewalls, encryption, authentication, authorization, etc. These security measures are put in place both for detection as well as prevention of security incidents and to minimize the risk of an incident occurring. As we add new services and features to our platform, we continuously monitor the security measures we have in place, as well as monitor all proactive notifications from Microsoft when new security features are released by them.
Data in transit is protected using TLS (version 1.2) as well as firewall rules limiting access to services. Data at rest is protected using SQL authentication to limit access to databases. We do not store any sensitive/privacy related data, so we are not encrypting any data in our database.
CheckPlease from time to time will make updates to this Privacy Policy to assess and adhere to new data management compliance, like GDPR for example. This Privacy Policy was last updated on June 26th, 2024.
If you have any questions or concerns about this Privacy Policy, please contact us at support@checkpls.io.