This “Privacy Policy” explains how CloudServices (“Company” or “we”) collects, uses, discloses, and otherwise processes personal data on behalf of our customers – typically, merchants (any, a “Merchant”) – in connection with our application, Vertico, which runs on or communicates with the Clover Point of Sale system (“Clover POS”). This Privacy Policy does not apply to Company’s privacy practices in any other context.
Company’s processing of personal data in connection with our application is governed by this Privacy Policy and our agreements with Merchants. In the event of any conflict between this Privacy Policy and a customer agreement, the customer agreement will control to the extent permitted by applicable law.
This Privacy Policy is not a substitute for any privacy policy that a Merchant may be required to provide to their customers, personnel, or other individuals.
Information We Collect
We may collect personal data from or on behalf of Merchants. Merchants determine the scope of the personal data transferred to us or that we collect, and the information we receive may vary by Merchant. Typically, the information we collect on behalf of Merchants includes the categories described below.
Information that we collect when a customer for a Merchant makes a payment
When a customer makes a payment via a Clover POS, we collect information about the transaction, which may include personal data. Information about transactions may include the payment card used, name associated with the payment card, the location of the merchant’s store, date and time of the transaction, transaction amount, and information about the goods or services purchased in the transaction.
In addition, we collect transaction routing and payment integration data needed to operate Vertico, including merchant ID, location ID, Clover terminal ID, POS/register ID, request ID, invoice number, transaction type, subtotal amount, tax amount, tip amount, total/final amount, currency, order ID, payment ID, refund ID, void status, authorization number, card type, first six and last four digits of the payment card where returned by Clover, cardholder name where returned by Clover, transaction status, error messages, timestamps, and technical logs. Vertico does not intentionally collect full payment card numbers, CVV/CVC codes, PINs, or magnetic stripe/chip data.
Additional information that customers of the Merchant provide through the Clover POS ancillary to a payment
We may collect additional information ancillary to the payment. This information may include:
- Customers’ email address or phone number, such as when the customer chooses to receive an electronic receipt.
- Customers’ marketing preferences, such as whether the customer wishes to receive marketing communications or newsletters.
- Information about participating customers’ activity in a merchant loyalty program.
- Customers’ physical address, where needed for delivery of goods or services.
- Other information the customer provides, such as birthdate, interests or preferences, reviews, and feedback.
In addition, we collect only the additional information that a Merchant, the Merchant’s POS system, or Clover provides to Vertico for payment routing, refund, void, transaction lookup, receipt, reconciliation, reporting, support, or troubleshooting purposes. This may include invoice notes, refund reason, original terminal ID, transaction reference numbers, and other transaction-related metadata. Vertico does not require customers to enter email address, phone number, physical address, birthdate, marketing preferences, loyalty information, reviews, or feedback directly into Vertico unless a Merchant’s POS system provides that information to Vertico.
Information that we collect about personnel of a Merchant
We may collect information about Merchants’ personnel and interactions with the Clover POS, such as clock-in and clock-out time and tips earned only if the Merchant, Clover, or the Merchant’s POS system provides such information to Vertico. Vertico’s primary function is payment routing and transaction result communication. Vertico may collect technical identifiers related to merchant personnel or POS usage, such as POS/register ID, terminal ID, device name, cashier/user identifier if provided by the POS, transaction timestamps, transaction status, and support logs.
Additional information that Merchants provide to us about their customers or personnel
Merchants may provide us with additional information directly, via access they grant to us, or otherwise. The types of information that merchants may provide to us about their customers include email addresses, phone numbers, and purchase history if such information is included in transaction data, POS data, support requests, logs, or integration configuration provided to Vertico.
The types of information that merchants may provide to us about their personnel include email addresses, phone numbers, shifts, and sales history if such information is provided by the Merchant, Clover, or the Merchant’s POS system. Merchants may also provide merchant business name, merchant ID, location ID, Clover terminal IDs, device names, POS/register IDs, API or WebSocket configuration, transaction records, payment/refund/void data, and support information.
How We Use the Information We Collect
We use the personal data we collect for or on behalf of Merchants to provide our services and the functionality of our application.
Vertico is a payment bridge and semi-integration application that enables POS systems to send payment, refund, and void requests to approved Clover terminals and receive transaction results back from Clover. We use personal data and transaction data to route requests to the correct Clover terminal, process transaction messages, return payment/refund/void results to the POS, support Quebec Bill-72 pre-tax tip calculation configuration where applicable, prevent duplicate or unauthorized terminal use, maintain merchant and terminal registration controls, provide support and troubleshooting, maintain logs, improve reliability, and support reconciliation and reporting.
We may also use personal data for related internal purposes, including:
- To provide information about the application, such as important updates or changes to the application and security alerts.
- To measure performance of and improve the application.
- To respond to inquiries, complaints, and requests for customer support.
In addition, Company may use personal data as we believe necessary or appropriate to comply with applicable laws and lawful requests and legal processes; enforce the terms and conditions that govern our application; protect our rights, privacy, safety or property, and/or that of you or others; and protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
How We Share Information
We may share personal data that we collect with:
- The Merchant from whom or on whose behalf we collected the personal data.
- The platform on which our application runs or communicates with, the Clover POS.
- Third parties as a Merchant may direct.
- Third party service providers that help us manage, host, secure, support, and improve the application.
- Company subsidiaries and corporate affiliates for the purposes described in this Privacy Policy or in our agreement with a Merchant.
Company may disclose personal data to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to comply with applicable laws and lawful requests and legal processes; enforce the terms and conditions that govern our application; protect our rights, privacy, safety or property, and/or that of you or others; and protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
Company may sell or transfer some or all of its business or assets, including personal data, in connection with a business transaction or potential business transaction such as a merger, consolidation, acquisition, reorganization or sale of assets or in the event of bankruptcy, in which case we will make reasonable efforts to require the recipient to honor this Privacy Policy.
Your Rights and Choices
Data subject rights
To the extent that applicable law provides individuals with rights pertaining to their personal information, such as to review and request changes to their personal information, individuals should contact the Merchant with any requests pertaining to the Merchant’s use of our application.
To the extent that Clover is responsible for responding to data subject rights requests under applicable law, individuals may contact Clover with applicable requests as explained in Clover’s Privacy Notice.
Company will assist a Merchant, or Clover, as applicable, in responding to such requests subject to our contract with a Merchant or Clover.
Complaints
If you have a complaint about our handling of personal data, you may contact us via the contact information provided below.
Updates
We reserve the right to modify this Privacy Policy at any time. We will notify you of updates by updating the date of this Privacy Policy.
Contact Us
You may contact us with any questions, comments, or complaints about this Privacy Policy or our privacy practices via:
Attention: Privacy
Website: https://getvertico.com
Email: privacy@getvertico.com
Phone: 1-888-220-8060
Additional Information for Merchants Located in Europe
Controller
CloudServices has not appointed a Data Protection Officer or EU representative at this time. If this changes, we will update this Privacy Policy with the relevant contact details.
Company is a data processor acting for and on behalf of the Merchant that has installed or uses our application with their Clover POS. That Merchant is the controller of personal data that we process on its behalf. Clover is also a controller of personal data in some circumstances.
Legal basis for processing
Company processes personal data as directed or permitted by the Merchant that uses our application. The Merchant is responsible for establishing a legal basis for our processing of personal data for or on behalf of the Merchant.
Cross border data transfer
When we transfer personal data outside of Europe or the UK to countries not deemed by the European Commission to provide an adequate level of protection for personal data, we make the transfer pursuant to one of the following transfer mechanisms:
- A contract approved by the European Commission, sometimes called “Model Clauses” or “Standard Contractual Clauses”.
- The recipient’s Binding Corporate Rules.
- The consent of the individual to whom the personal data relates.
- Other mechanisms or legal grounds as may be permitted under applicable European law.
You may contact us with questions about our transfer mechanism.
Data retention
Subject to our agreement with a Merchant, Company retains personal data for as long as necessary to provide our products and services; comply with legal obligations; resolve disputes; and enforce the terms of any agreement we may have with a Merchant. You may contact us for additional information about our data retention practices in connection with the application.
Data subject rights
Under certain circumstances, data subjects in Europe and the UK have certain rights relating to their personal data, which include the rights to request from the Controller access to the data subject’s personal data; correction of incomplete or inaccurate personal data; erasure of personal data; restriction of processing concerning the data subject; and that the controller provide a copy of the data subject’s personal data that the data subject provided to the controller in a structured, commonly used and machine-readable format.
Data subjects may also object to a controller’s processing of personal data under certain circumstances. Where processing is based on a data subject’s consent, the data subject has the right to withdraw consent at any time; however, the withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. Data subjects may also file a complaint with a supervisory authority. Data subjects in Europe or the UK should direct any rights request to the appropriate Controller.
Your California Privacy Rights
As a California resident, you have the rights listed below. However, these rights are not absolute, and we may decline your request as permitted by the CCPA.
Information
You can request the following information about how we have collected and used your Personal Information during the past 12 months:
- The categories of Personal Information that we have collected.
- The categories of sources from which we collected Personal Information.
- The business or commercial purpose for collecting and/or selling Personal Information.
- The categories of third parties with whom we share Personal Information.
- Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of recipient.
- Whether we’ve sold your Personal Information; and, if so, the categories of Personal Information received by each category of recipient.
Access
You can request a copy of the Personal Information that we maintain about you.
Deletion
You can ask us to delete the Personal Information that we maintain about you.
Nondiscrimination
You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as denying you goods or services, increasing the price or rate of goods or services, decreasing the service quality, or suggesting that we may penalize you as described above for exercising your rights.
How to exercise your rights
You may request to exercise your information, access, and deletion rights in the following ways:
- Call 1-888-220-8060
- Email privacy@getvertico.com
- Website: https://getvertico.com
Identity verification
The CCPA requires us to verify the identity of the individual submitting the request before providing a substantive response to the request. A request must be provided with sufficient detail to allow us to understand, evaluate and respond. The requester must provide sufficient information to allow us to reasonably verify that the individual is the person about whom we collected information. A request may also be made on behalf of your child under 13.
Authorized agents
California residents can empower an “authorized agent” to submit requests on their behalf. We may require the authorized agent to have a written authorization confirming that authority.
Sale of personal information
We do not sell, as defined under CCPA, your Personal Information to third parties.
In the preceding twelve (12) months, we have not sold any personal information.
Personal Information That We Collect, Use and Share
| Category | Do we collect this information? | Do we share this information for business purposes? |
|---|---|---|
| Identifiers | Yes | Yes |
| Online Identifiers | Yes | Yes |
| Protected Classification Characteristics | No | No |
| Commercial Information | Yes | Yes |
| Biometric Information | No | No |
| Internet or Network Information | Yes | Yes |
| Geolocation Data | No | No |
| Sensory Information | No | No |
| Professional or Employment Information | No, unless provided by a Merchant or POS system | Yes, only if provided and needed to provide the service |
| Education Information | No | No |
| Inferences | No | No |
| Financial Information | Yes, limited transaction/payment-related information only | Yes |
| Medical Information | No | No |
Glossary
| Category | Definition |
|---|---|
| Biometric Information | An individual’s physiological, biological or behavioral characteristics, including DNA, that can be used, singly or in combination with each other or with other identifying data, to establish an individual’s identity. |
| Transaction History | Products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
| Financial Information | Bank account number, debit or credit card numbers, insurance policy number, and other financial information. Vertico does not intentionally collect full card numbers, CVV/CVC codes, PINs, or magnetic stripe/chip data. |
| Geolocation Data | Precise location, e.g., derived from GPS coordinates or telemetry data. |
| Identifiers | Real name, alias, postal address, unique personal identifier, customer number, email address, account name or other similar identifiers. |
| Government-issued ID | Social security number, driver’s license, passport, or other government-issued ID, including an ID number or image. |
| Medical Information | Personal information about an individual’s health or healthcare, including health insurance information. |
| Internet or Network Information | Browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement. |
| Online Identifiers | An online identifier or other persistent identifier that can be used to recognize a person, family or device, over time and across different services, including but not limited to a device identifier, Internet Protocol address, cookies, beacons, pixel tags, mobile ad identifiers, customer number, unique pseudonym, user alias, telephone numbers, or other forms of persistent or probabilistic identifiers. |
| Physical Description | An individual’s physical characteristics or description, such as hair color, eye color, height, or weight. |
| Professional or Employment Information | Information relating to a person’s current, past or prospective employment or professional experience, such as job history or performance evaluations, and educational background. |
| Protected Classification Characteristics | Age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex, gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions, sexual orientation, veteran or military status, genetic information. |
| Sensory Information | Audio, electronic, visual, thermal, olfactory, or similar information. |
Contact Information
Attention: Privacy
Website: https://getvertico.com
Email: privacy@getvertico.com
Phone: 1-888-220-8060