Data Privacy Notice for applications available on the Apple App Store

ICRTouch is committed to the security of our users’ data and provides multiple layers of protection for the personal and business process information you trust to ICRTouch. Security processes are in place to protect data relevant to the EU GDPR and UK Data Protection Bill.

Applications covered by the privacy notice include:

TouchTakeaway
ByTable
PocketTouch

TouchTakeaway / ByTable

The following data may be requested:

Name (This is used to link the order to yourself).

Telephone number (This will be used for contact by the store in the event that any issues arise or there are any queries with your order).

Email address (This will be used to send order confirmation, order status notifications and receipt for payment).

Physical address (This will be used if there is a need to arrange delivery).

If using a 3rd party payment gateway, the above information may be passed on to speed up the checkout process.

Some personal data, such as names, may be collected by the user of the application, which could be stored within the user’s own EPoS system. The collection and storage of this information is determined by the user and is therefore covered by the user’s own data privacy notice.

Payment card information can be saved for quicker payments on repeat purchases. In this instance, a unique identifier token is created and stored on the end users device and is passed on to the payment gateway at checkout. This information is stored on the ICRTouch servers and can only be used for the merchant it was stored against. ICRTouch will store the last four digits of the card’s PAN number and expiry date to display to the end user as a means of identification of multiple cards. End users can remove their stored cards at any time. This will remove the stored information on the ICRTouch servers. A “last used” date is stored against the card tokens and ICRTouch will delete tokens that fall outside our defined expiry period on a periodic basis.

Other information may optionally be stored on the end user’s device to facilitate subsequent orders and can be removed via the “forget me” feature.

Permissions
The app only requires internet access. No other access permissions are required.

PocketTouch

The application does not collect, store or transmit personal data to ICRTouch (IOW) Ltd or its servers.

Some personal data, such as names, may be collected by the user of the application, which could be stored within the user’s own EPoS system. The collection and storage of this information is determined by the user and is therefore covered by the user’s own data privacy notice.

Permissions
The application does not collect, store or transmit user usage data. The application does not access contacts or photos or other APIs within the device. The device’s camera is used to read barcodes, the photo is not stored and the device file system or gallery is not accessed to retrieve or display the photo.

General Terms

Contracting entity
For all services you are contracting with an ICRTouch Authorised Partner and are subject to their contract terms.

Analysis and statistics
ICRTouch May use the data it collects about you for analysis and statistical purposes, for example, to analyse how many users place orders at a particular time, food and drink splits etc.

Phishing and malicious emails
ICRTouch does not charge end users directly for services, and we would never send an email requesting that you provide us with banking or payment information. We may occasionally contact you regarding service announcements, any information that we do send you will come from our registered domain @icrtouch.com.

If you would like to query or report a suspicious-looking email that appears to originate from ICRTouch, email phishing@icrtouch.com

Request for information
Individuals have a right to request the information that ICRTouch (IOW) Ltd holds about them.

Individuals will normally request information from the merchant, who will then ask the Authorised Partner. However, individuals can also pose information requests directly to ICRTouch.

A form will need to be completed to verify the identity of the person requesting the information. There will also be an admin fee payable to cover the costs involved. RFI requests should be sent in writing to: Information requests, ICRTouch, Embassy Way, Sandown, Isle of Wight, PO36 0JP