CRISP END-USER PRIVACY TERMS AND CONDITIONS
Version 1.2 – Updated April 1, 2023
​
These End User Privacy Terms and Conditions (these “Privacy Terms”) govern the use of information collected in connection with the provision of certain Services by Baskt, Inc. (doing business as Crisp), a Delaware corporation headquartered in Provo, Utah (“Crisp”), pursuant to a Services Agreement (as defined below), entered into with the Client named in such Services Agreement.
By accessing the Services to which these Privacy Terms are linked, an End User agrees to these Privacy Terms. By executing the Services Agreement, which references and incorporates these Privacy Terms as well as certain other terms and conditions (the “Terms and Conditions,” as defined in the Services Agreement), Client agrees to these Privacy Terms as if they were set forth directly in the executed Services Agreement, as follows:
AGREEMENT
-
Definition. In addition to other capitalized terms defined throughout the Agreement, the following capitalized terms shall have the meanings set forth below. Any capitalized terms used but not otherwise defined herein shall have the meanings given such terms elsewhere in the Agreement.
-
“Agreement” shall have the meaning given such term in the Services Agreement.
-
“Aggregated Data” means de-identified information collected from or about many parties where no individual data can be linked to or associated with any specific party.
-
“Authorized User(s)” means individuals who are authorized by Client to use the Crisp Software, or that use the Services. Authorized Users may include but are not limited to Client and Client’s employees, consultants, contractors, agents, suppliers, partners, and/or other third parties with whom Client transacts business, who Client has authorized to access and/or use any Crisp Software or Services.
-
“Client” refers to the individual or entity identified as the “Client” in the Services Agreement.
-
“Client Connected Services” means any services or products that are sold or provided by Client that are an application of, interface with, rely on, are powered by, or are connected to any Crisp Software or any Services provided by Crisp to Client.
-
“Consumer Data” means all electronic data or information about an individual or entity that is not Personal Information, including information that tracks behavior and actions.
-
“Crisp Software” means any software, applications, websites, code, or programs (including web-based software) that are provided, created and/or operated by Crisp in connection with the provision of the Services to the Client, including the Crisp Restaurant Operating System Platform.
-
"End User(s)" means individuals who consume or interact with information or interfaces made available via the Client Connected Services, including Authorized User(s), third parties with whom Client transacts business, Client customers and clients, and persons from the general public who engage with any Client Connected Services.
-
"Parties" shall mean both Client and Crisp; "Party" shall mean either Client or Crisp, according to the context of its usage.
-
“Personal Information” means any information that is considered to be “personally-identifiable,” “personal data,” or information that may be used to identify an individual, as defined in each context herein by the Privacy Law(s) applicable to such information, including without limitation name, birth date, address, username/password, email, age, gender, etc.
-
“Privacy Laws” means all data protection and privacy laws to the extent applicable to the collection, use, storage, or disclosure, or processing of the User Information hereunder, including without limitation:
-
All United States Federal Trade Commission (“FTC”) rules, regulations and guidance relating to the collection, use, disclosure and processing of User Information;
-
The Children’s Online Privacy Protection Act of 1998 (“COPPA”), including any regulations and guidance issued thereunder; and
-
The Payment Card Industry Data Security Standard v3.2 or any successor standard thereto which has been in effect for at least 1 year (“PCI”).
-
-
“Services” refers to the services and products to be provided to the Client by Crisp as outlined in the Services Agreement.​
-
“Services Agreement” means a contract in which these Privacy Terms are attached or referenced, which conveys the terms and conditions of an agreement between the Parties for the purchase of one or more Services and/or other associated services and/or products from Crisp.
-
“TCPA” means Telephone Consumer Protection Act, as amended.
-
“User Information” means all Personal Information, Consumer Data, and Aggregated Data that is collected or derived with respect to an End User through use of any Client Connected Services or Crisp Software.
-
-
Agreement:
-
Crisp receives User Information with respect to the End Users as Client provide products and services to the End Users using any of the Client Connected Services or Crisp Software. Client consent to the collection, transfer, manipulation, retention, storage, disclosure and other uses of User Information for all purposes permitted under the Privacy Laws. Irrespective of which country an End User resides in or creates information from, User Information may be used by Crisp in the United States or any other country where Crisp operates.
-
Any End User who accesses the Services shall be deemed to agree to, and acknowledges receipt and understanding of, these Privacy Terms.
-
To the extent any End User agrees to participate in any loyalty program administered, managed or facilitated by Crisp through the Services, such End User, by providing their phone number and signing-up for such program, consents to Crisp contacting such End User at the phone number provided by such End User, via phone and/or text message or through a mobile application, using automated dialing technology, for marketing and advertising purposes. Such consent is given in compliance with TCPA. The End User shall be permitted to opt out of any such loyalty program at any time.
-
The Services are not targeted or directed at children under the age of 13 and Crisp does not knowingly collect or store any User Information from children under the age of 13. If Crisp learns that it has collected User Information from a child under age 13, Crisp will delete that information as quickly as possible.​​
-
-
Client Covenants and Obligations.
-
Ownership. For avoidance of doubt, as between Crisp and Client, Crisp is the sole and exclusive owner of all User Information and shall have the exclusive right to reproduce, perform, display, and create derivative works of all User Information. Client hereby assigns all right, title and interest in any User Information to Crisp.
-
License. Crisp hereby grants Client the right, during the Term of the Agreement, to access, collect, use, copy, assemble, compile, analyze, modify, transform, receive and transmit User Information for the purpose of providing services and products to the End User, including through the Client Connected Services or otherwise.
-
End User Privacy Policies. Client agrees that any privacy policies or terms of service provided to or entered into with the End Users by Client will be consistent with and reflect these Privacy Terms.
-
Client Data Privacy Obligations. Client shall: (a) not provide Crisp with any User Information subject to HIPAA, and promptly notify Crisp if Client discovers that it has done so; (b) comply, and require compliance by its licensors (where applicable), with all Privacy Laws regarding the collection, use, handling, processing, access, security, and disclosure of User Information; and (c) obtain, or require its licensors to obtain, any and all consents from individuals, or in the case of a minors or where required by law, of any parent or legal guardian which are or may be required by the Privacy Laws applicable to the User Information.
-
Client Representation and Warranty. Client represents and warrants to Crisp that (i) Client has all rights, title, and interest necessary to provide any User Information to Crisp; (ii) Client has provided all necessary notices and obtained all necessary consents from End Users which are required to assign or grant the rights or licenses in any User Information to Crisp; (iii) Client has complied with all Privacy Laws; (iv) User Information does not infringe any data, privacy, publicity or similar rights of any third party, nor has any claim (whether or not embodied in an action, past or present) of such infringement been threatened or asserted, and no such claim is pending against Client or, to the best of Client’s knowledge, against any entity from which Client has obtained such rights; and (v) Client has taken steps to ensure the accuracy of all User Information collected from End Users and has received adequate representations from the End Users regarding the accuracy of any User Information collected and transmitted to Crisp.
-
Child Protection Laws. Crisp may provide optional Services to Client that facilitate the collection of information by Client and Crisp. Given that child protection and privacy laws vary by jurisdiction, Client agrees not to enable or use any information gathering functionality in Crisp Software to collect information from children unless Client verifies that such functionality complies with local, state (or provincial), and national laws, including COPPA. Client agrees that it is responsible for the content of any surveys, polls, and/or input prompts that Client (or Authorized Users) create and/or conduct through Crisp Software, including making sure Client’s use of information-collecting functionality complies with applicable Privacy Laws. Client agree that any information collected by via any Client Connected Services is done so on Client’s behalf, to Client’s benefit, and under Client’s supervision, in accordance with COPPA. Client agrees to not enable or utilize any user feedback and/or information gathering functionality that is not compliant with any applicable Privacy Laws, or that Client deems to be inappropriate.
-
Passive Data Collection. Client acknowledges and authorizes that the Crisp Software may passively collect Personal Information, Consumer Data, and Aggregated Data from End Users for various purposes as outlined below.
-
-
​End User Information; Collection, Use and Protection.
-
How User Information is Collected. When an End User uses any Client Connected Services, Crisp uses various technologies to collect certain information about that End User. Some of the ways that Crisp collects this User Information are as follows (except where prohibited by applicable Privacy Laws):
-
Some User Information is automatically recorded by the Crisp Software as the End User inputs it directly into a Client Connected Service or as Client uses the Crisp Software, either on location in a restaurant or in the mobile app or through the website, described as the Client Connected Services.
-
Some User Information may be collected by sending cookies to their device. Cookies are small data files that are stored on the End User’s hard drive or in their device memory when they visit a website or view a message. Among other things, cookies support the integrity of the Crisp registration process, retain End User preferences and account settings, and help evaluate and compile aggregated statistics about End User activity. Crisp may use both session cookies and persistent cookies. A session cookie disappears after an End User closes their browser. A persistent cookie remains after the End User closes their browser and may be used by the browser on subsequent visits to merchants that use the Crisp platform. Crisp may link the information Crisp stores in cookies to any User Information submitted while using a Client Connected Service or the Crisp Software.
-
Some Information may be collected by using web beacons. Web beacons are electronic images that may be used in connection with the Services or emails. Crisp may use web beacons to deliver cookies, track the number of visits to the Crisp website or Client’s website or mobile apps, understand usage and campaign effectiveness, and determine whether an email has been opened and acted upon.
-
Crisp also collect User Information from third parties, including third-party verification services, credit bureaus, mailing list providers, and publicly available sources. In some circumstances, where lawful, this User Information may include an End User’s government-issued identification number.
-
Crisp may also use third-party service providers to collect User Information. These third parties may use cookies, web beacons, and other technologies to collect User Information. This Privacy Policy does not apply to, and Crisp is not responsible for, third-party cookies, web beacons, or other tracking technologies, which are covered by such third parties’ privacy policies. Crisp continually evaluates analytics services to use in addition to those mentioned, and Crisp may update this policy in the future to reflect Crisp ongoing use of said services.
-
-
What User Information Is Collected. Crisp may collect any User Information that is not otherwise prohibited by applicable Privacy Laws. User Information that Crisp collects may include, but is not limited to, the following (except where prohibited by applicable Privacy Laws):
-
Any Personal Information an End User provides in connection with any Client Connected Services, including, without limitation: an End User’s name, email address, mailing address, delivery address, phone number, photograph, birthdate, passport, driver’s license, government-issued identification numbers, and other similar information provided with respect to an End User’s business or its employees, officers, representatives or affiliates.
-
Historical, contact, and demographic Personal Information about an End User.
-
Personal Information about an End User’s device when an End User accesses any Client Connected Services, including hardware model, operating system and version, unique device identifier, mobile network information, and information about the device’s interaction with the Client Connected Services.
-
Personal Information and Consumer Data about the location of an End User’s device when using any Client Connected Services.
-
Personal Information or Consumer Data provided in connection with an End User making, accepting, requesting or recording payments, credits or money transfers through any Client Connected Services, including without limitation: payment card numbers, bank accounts information, when and where the transactions occur, the names of the transacting parties, a description of the transactions, the payment or transfer amounts, billing and shipping Information, and the devices and payment methods used to complete the transactions.
-
Personal Information or Consumer Data regarding an End User’s tax information, including withholding allowances and tax filing status.
-
Consumer Data about products and services an End User purchases through the Client Connected Services or any other historical purchase information or preferences, including products and services purchased, amounts paid, frequency of purchases, location of purchases, and similar information.
-
Accessing Contacts on End User’s device, after separate permission is granted through the Connected Client Services.
-
Consumer Data about how an End User uses the Client Connected Services, including access time, Services accessed, browser type and language, Internet Protocol (“IP”) address, other applications on the End User’s device, webpages and applications viewed and used, time spent on webpages and applications, links clicked, and conversion information (e.g., transactions entered into).
-
Any Aggregated Data about an End User or their use of the Client Connected Services, or any other aggregated form of Personal Information or Consumer Data that is collected from End Users.​
-
-
How Collected User Information Is Used. Crisp may use, publish, store, duplicate, manipulate and share User Information in any way not otherwise prohibited by applicable Privacy Laws. Ways that Crisp may use User Information include, but are not limited to, the following (except where prohibited by applicable Privacy Laws):
-
To operate, provide, maintain, enhance, personalize, tailor and facilitate an End User’s use of Client Connected Services.
-
To deliver Client Connected Services and support End User requests, including technical notices, security alerts, support messages, administrative notices and alerts, and communications relevant to an End User’s use of the Client Connected Service.
-
To provide optimization, statistical analysis, and product improvement with respect to the Crisp Software and Services.
-
To verify an End User’s identity.
-
To process or record payment transactions or money transfers.
-
To display and track historical transaction or appointment information.
-
To communicate with End Users about products, services, contests, promotions, discounts, incentives, gift cards, loyalty programs, and rewards, based on End User communication preferences and applicable Privacy Laws.
-
To deliver marketing and advertising materials and messages, in compliance with the Telephone Consumer Protection Act, as amended (the “TCPA”), including any regulations and guidance issued thereunder.
-
To provide, manage, administer and operate loyalty programs on behalf of Clients and facilitate the participation therein by End Users.
-
To develop new products and services.
-
To comply with applicable laws and regulations, including the Privacy Laws, the TCPA and anti-money laundering laws.
-
To alert End Users to software compatibility issues, send news or information, conduct surveys and collect feedback.
-
To improve web design and functionality.
-
To better understand how the End User interacts with the Client and the Client Connected Services.
-
To monitor aggregate usage by all End Users and web traffic routing on Client Connected Services.
-
To generate aggregated statistics about purchasing behavior of a population an End User is a part of, in order for Client and other Crisp customers to provide better and more targeted services.
-
To deliver, or allow trusted third-party partners to deliver, targeted and non-targeted third-party content and advertisements in connection with Client Connected Services as well as un-related services, websites and applications.
-
To allow Crisp trusted third-party service providers, affiliates and partners (each of which are bound by confidentiality and privacy obligations similar to those contained herein) to provide third-party services and functions necessary to the delivery and performance of the Client Connected Services, as well as the Crisp Services to the Client, such as anonymous site metrics, analytics services, product support and maintenance, and other features or services included in or necessary for the Client Connected Services or the Crisp Services to the Client.
-
To resolve disputes, collect fees, and provide assistance with problems with Client Connected Services.
-
To protect Crisp rights or property, or the security or integrity of the Client Connected Services or Crisp Services.
-
To enforce the terms and conditions that govern use of the Client Connected Services.
-
To investigate, detect and prevent fraud, security breaches, and other potentially prohibited or illegal activities.
-
To sell anonymized Aggregated Data Crisp collects to third-parties without End User consent, in accordance with applicable Privacy Laws.
-
To sell User Information and Consumer Data to third-parties without End User consent, in accordance with applicable Privacy Laws.
-
To allow fulfillment vendors to ship or deliver products to End Users.
-
For any other lawful purpose in connection with the provisions of the Services.
-
-
How Collected User Information Is Protected.
-
Protective Measures. Crisp takes commercially reasonable measures, including administrative, technical, and physical safeguards, to (i) protect User Information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction, (ii) ensure the security, confidentiality, and integrity of the User Information, (iii) protect against any anticipated threats or hazards to the security or integrity of the User Information, (iv) protect against unauthorized access to, or unauthorized use or disclosure of, the User Information, and (v) take such security measures required by any applicable Privacy Laws.
-
Third Party Partners and Employees. Crisp may itself, or it may use third-party service providers to, hold, process and store User Information, including in the United States, Japan, the European Union and other countries. Crisp restricts access to User Information to those employees, contractors, and agents who need to know that information for purposes of performing their obligations to Crisp or the Client, and who are subject to contractual confidentiality obligations, and who may be disciplined or terminated if they fail to meet these obligations. Crisp third-party service providers store and transmit User Information in compliance with appropriate confidentiality and security measures.
-
Security Breach. Crisp cannot guarantee that unauthorized third parties will never be able to defeat Crisp security measures or use User Information for improper purposes. In the event that any User Information in Crisp’s possession or under Crisp’s control is compromised as a result of a security breach, Crisp shall give prompt notice to Client, with full particulars, and shall immediately commence a thorough investigation of any such incident. If applicable laws require notice to authorities or individuals, or other remedial action, or Client determines that notices or other remedial actions are warranted, then Crisp shall undertake remedial action which may be necessary in Crisp’s reasonable discretion. If any notices are to be sent to individuals or other parties, Client shall have the right, at its option, to either send the notices itself, or to approve the text of the notices to be sent by Crisp.
-
-
Assignment of Information. In the event that Crisp is acquired by or merged with a third-party entity, Client hereby consent to transfer or assign the User Information that Crisp has collected from Client, Authorized Users and End Users as part of that merger, acquisition, sale or other change of control, to the extent permitted by applicable Privacy Laws, so that such entity may continue to provide the Crisp Services without disruption.
-