Skip to content
KIT POS

Privacy Policy

1. The personal data we collect

We collect personal data about individuals from various sources described below. Where applicable, we indicate whether and why individuals must provide us with personal data, as well as the consequences of failing to do so.

A. Information that we collect when a merchant's customer interacts with a KIT POS or other KIT payment Apps and Method

(i) Information that we collect when individuals make a payment

When you make a transaction at a merchant location using a KIT Point of Sale system (“KIT POS”), the KIT Payment Gateway, the KIT Merchant App, the KIT Stock App, or any other related App that KIT makes available, we collect information about the transaction, which may include personal data. Information about transactions includes the payment card used, name associated with the payment card, electronic signature, name and location of the merchant at which the transaction occurred, date and time of the transaction, transaction amount, and information about the goods or services purchased in the transaction.

(ii) Additional information merchants' customers may provide through the KIT POS

We may collect additional information, depending on how a merchant configures its KIT POS. This information may include:

  • Your email address or phone number, for example, if you choose to receive an electronic receipt or opt-in to receive marketing communications
  • Your marketing preferences, such as whether you wish to receive marketing communications or newsletters
  • Information about your participation in a merchant's loyalty program, if offered and if you choose to participate
  • Other information you choose to enter into the KIT POS, such as your birthdate, interests or preferences, reviews, and feedback.

(iii) Additional information you may provide through the KIT POS App and KIT Merchant and Stock Apps

  • When you use the KIT POS App, KIT Merchant and KIT Stock App or other KIT branded applications, you may provide your name, email address, phone number, account password, bank account information, payment card information, billing address, or other information you may choose to provide, such as your birth date, in order to collect rewards or set up an account.

B. Information that we collect from merchants about their customers

Our merchants may provide us with information about their customers. This information may include uploaded email addresses, phone numbers, and purchase history, for instance when we manage promotions or marketing communications or perform other services on behalf of a merchant.

2. How we use your personal data

We use your personal data for the purposes of:

A. Providing our products and services, which includes:

  • Operating, evaluating, maintaining, improving, and providing the features and functionality of our products and services
  • Fulfilling a payment or return transaction initiated by you
  • Delivering electronic receipts to consumers who request them via email or text message
  • Managing our relationship with you or your company
  • Carrying out our obligations, and exercising our rights, under our agreement with you or your company
  • Communicating with you regarding your account with us, if you have one, including by sending you service-related emails or messages (e.g., messages regarding account verification, changes or updates to the functionality of our products or services, technical and security notices and alerts, and support and administrative messages)
  • Facilitating communications between merchants' customers and merchants regarding marketing messages and preferences
  • Personalizing the manner in which we provide our products and services
  • Maintaining records for merchants regarding their personnel's interaction with and use of the KIT POS (e.g., clock-in and clock-out time)
  • Maintaining records for merchants of their customers' purchase activity and history
  • Checking for fraud or money laundering and/or managing either our or merchants' risk
  • Administering and protecting our business
  • Providing support and maintenance for our products and services, including responding to your service-related requests, questions, and feedback
  • In connection with the food delivery ordering services described above, including to process and fulfill your food orders, to communicate with you and the merchant regarding your orders and respond to your inquiries.

B. For research and development

We use the information we collect for our own research and development purposes, which include:

  • Developing or improving our products and services
  • Developing and creating analytics and related reporting, such as regarding industry and fraud trends

C. Marketing

We may use your personal data to form a view on what products or services we think you may want or need, or what may be of interest to you.

We may present opportunities when you use a KIT POS to provide your personal data to KIT and merchants to facilitate marketing communications between you and the merchant, and we will send such marketing communication if you agree to receive them.

We may contact merchants and merchant's personnel with marketing communications using the personal data that the merchant provided to us if the merchant actively expresses interest in making a purchase of KIT products or services or have made a purchase from us and, in any case, have not opted out of receiving that marketing, to the extent permitted by applicable law.

Where required by law, we will get your express opt-in consent before we share your personal data with any company outside the KIT and TSYS groups for marketing purposes.

You can ask us to stop sending you marketing messages at any time by contacting us using the details in the Contact us section or clicking on the opt-out link included in each marketing message.

Should you choose to opt out of receiving our marketing messages, we will continue to carry out our other relevant activities using your personal data, including sending non-marketing messages.

D. Complying with law

We use your personal data as we believe necessary or appropriate to comply with applicable laws, regulations, lawful requests and legal processes, such as to respond to subpoenas or requests from government authorities.

E. Compliance, fraud prevention and safety

We use your personal data as we believe necessary or appropriate to (a) enforce the terms and conditions that govern our products and services; (b) protect our rights, privacy, safety or property, and/or that of you or others; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

3. The parties with whom we share your personal data

A. Companies within TSYS Inc.

We may disclose your personal data to our subsidiaries and corporate affiliates - including those in the TSYS group of companies - for purposes consistent with this Privacy Notice.

B. Service providers

We employ third party companies and individuals to administer and provide services on our behalf (such as companies that provide customer support, companies that we engage to host, manage, maintain, and develop our website, mobile applications, and IT systems, companies that help us process payments, companies that assist with food delivery on behalf of our Merchants, and companies that help us analyze your usage of our services for product improvement purposes). These third parties may use your information only as directed by KIT in a manner consistent with this Privacy Notice and are prohibited from using or disclosing your information for any other purpose.

C. Merchants and Applications that run on the KIT POS Used by Merchants

When KIT performs services for merchants, it may share personal data with those merchants. For example, KIT may collect information about a merchant's customers from or on behalf of the merchant, such as when KIT processes payment transactions, and KIT may provide personal data about those customers back to the merchant.

D. Participants in the transaction processing chain

KIT shares personal data with companies in the transaction processing chain in connection with processing a payment transaction, such as merchants, banks or other card issuers, card associations, debit network operators and their members.

E. Credit reference, fraud protection, risk management, and identity verification agencies

KIT shares personal data with credit reference, fraud protection, risk management, and identity verification agencies to help guard against, detect, and respond to fraud or money laundering, and/or manage our or merchants' risk, and ensure we comply with contractual, legal, or regulatory requirements.

F. Professional advisors

We may disclose your personal data to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.

G. To comply with laws and law enforcement; protection and safety

KIT may disclose information about you to government or law enforcement officials (including tax authorities) or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to:

(i) Comply with applicable laws, lawful requests, and legal processes, such as to respond to subpoenas or requests from government authorities;

(ii) Enforce the terms and conditions that govern our products and services;

(iii) Protect our rights, privacy, safety or property, and/or that of you or others; and

(iv) Protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

H. Business transfers

KIT may sell or transfer some or all of its business or assets, including your personal data, in connection with a business transaction (or potential business transaction) such as a merger, consolidation, acquisition, reorganization or sale of assets or in the event of bankruptcy, in which case we will make reasonable efforts to require the recipient to honor this Privacy Notice.

I. To other parties with your permission or to fulfill a contract they have with you

KIT may transfer your personal data to any third party who is not otherwise covered by the other listed categories above where you have given us permission to do so, or with whom you have entered into a contract when we need to transfer your personal data to that party in order to fulfill that contract.

4. Your rights and choices

In this section, we describe the rights and choices available to all users. Users subject to additional jurisdiction-specific disclosures may read additional information about their rights below.

A. Marketing communications

You can ask us to stop sending you marketing messages at any time by contacting us or clicking on the opt-out link included in each marketing message. You may continue to receive service-related and other non-marketing messages. You may unsubscribe from a specific merchants’ communications sent to you via KIT’s technology by clicking “Unfollow” (or a similarly-titled opt-out link). Where we request personal data directly from you, you do not have to provide it to us. If you decide not to provide the requested information, in some circumstances we, or merchants who use KIT, may be unable to provide products or services to you. For example, we may be unable to process your transaction.

B. Accessing, modifying or deleting your information

In some jurisdictions, applicable law may provide a right for individuals to access, modify, or delete their personal data. You may contact us directly to request access to, or modification or deletion of, your information. We may not be able to provide access to, or modify or delete, your information in all circumstances.

C. Complaints

If you have a complaint about our handling of your personal data, you may contact our data protection officer using the contact information below. We request that a complaint be made in writing. Please provide details about your concern or complaint so that our data protection officer can investigate it. We will take appropriate action in response to your complaint, which may include conducting internal discussions with relevant business representatives. We may contact you for additional details or clarification about your concern or complaint. We will contact you to inform you of our response to your complaint. You also may have a right to file a complaint with a national or local regulatory agency.

5. How we keep your data safe

IWe have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We maintain annual compliance with TSYS Card Industry Data Security Standard (PCI DSS) adopted by the payment card brands for all companies that process, store or transmit cardholder data.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

6. How long will you use my personal data

We will use your personal data for as long as necessary based on why we collected it and what we use it for. This may include our need to satisfy a legal, regulatory, accounting, or reporting requirement.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In general terms, we will retain your personal data for as long as is necessary for the purposes identified in this Privacy Notice, including to provide our Services, to comply with legal obligations, to enforce and prevent violations of our Terms, to protect against fraudulent activity, and to defend our legal rights, property and users.

7. Information for California Residents

The information provided in this "Information for California Residents" section only applies to California residents. This notice describes how we collect, use and disclose your Personal Information (as defined in the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act, or "CCPA"), and your rights with respect to that Personal Information. Your California privacy rights

As a California resident, you have the rights listed in the section above titled Accessing, correcting or deleting your information. However, these rights are not absolute, and we may decline your request as permitted by the CCPA.

You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as by denying you goods or services, increasing the price/rate of goods or services, decreasing the service quality, or suggesting that we may penalize you as described above for exercising your rights

How to exercise your rights

If you are a California resident, you may exercise your access, correction, and deletion rights as follows:

  • Call 1-510-354-4353
  • Identity verification. The CCPA requires us to verify the identity of the individual submitting the request before providing a substantive response to the request. A request must be provided with sufficient detail to allow us to understand, evaluate and respond. The requester must provide sufficient information to allow us to reasonably verify that the individual is the person about whom we collected information. A request may also be made on behalf of your child under 13.
  • Authorized agents. California residents can empower an "authorized agent" to submit requests on their behalf. We will require the authorized agent to have a written authorization confirming that authority.

Sensitive Personal Information

We do not use or disclose Sensitive Personal Information except for purposes for which you do not have a right to limit the use and disclosure of Sensitive Personal Information under the CCPA. For example, we may use Sensitive Personal Information to provide you products or services you have requested.

8. Information for Residents of Virginia

The information provided in this "Information for Virginia Residents" section only applies to residents of the Commonwealth of Virginia acting in an individual or household context. It does not apply to the data or Virginia residents acting in a commercial or employment context. This notice describes the rights you may have with respect to your personal data under the Virginia Consumer Data Protection Act, or "VCDPA". We describe the categories of personal data that we process and disclose to third parties, the purposes for which we process personal data, and the categories of third parties that we disclose personal data to in the sections above titled The Personal Data We Collect, How We Use Your Personal Data, The Parties With Whom We Share Your Personal Data, and the Personal information that we collect, use and share sub-section of the Information for California Residents section.

As a Virginia resident, you may have the rights listed in the section above titled Accessing, correcting or deleting your information. However, these rights are not absolute, and we may decline your request as permitted by the VCDPA.

How to exercise your rights

If you are a Virginia resident, you may exercise your access, correction and deletion rights as follows, by:

  • Calling 1-510-345-4353

You can also appeal by email to info@kit-pos.com

9. Changes to this Privacy Notice

We reserve the right to modify this Privacy Notice at any time. We encourage you to periodically review this page for the latest information on our privacy practices. If we make material changes to this Privacy Notice, we will notify you by updating the date of this Privacy Notice and posting it on our website and in app stores where our mobile applications covered by this Privacy Notice are available for download. We may (and, where required by law, will) also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail (if you have an account where we have your contact information) or another manner through our website or mobile applications.

Any modifications to this Privacy Notice will be effective upon our posting of the new terms and/or upon implementation of the new changes (or as otherwise indicated at the time of posting). In all cases, your continued use of our products or services after the posting of any modified Privacy Notice indicates your acceptance of the terms of the modified Privacy Notice.

10. Contact us

If you have any questions, concerns, or complaints about this Privacy Notice or our privacy practices, or to request access to your personal data, you may contact our Data Protection Officer at info@kit-pos.com.

We also maintain a Data Privacy Hotline, which is available 24 hours per day from the United States, at +1 510-868-8088. The Hotline is the most appropriate contact for an urgent concern, such as to report a suspected data breach regarding your personal data; or, if you are a merchant, data of your customers.

For questions about your credit or debit card or your purchase, please contact the financial institution that issued your card or the merchant.

Contact Us