GDPR Compliance

1. Overview

360TMD POS is committed to protecting your personal data and respecting your privacy rights. This GDPR compliance page explains how we collect, use, and protect your personal information in accordance with the General Data Protection Regulation (GDPR).

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all companies that process personal data of individuals residing in the European Union, regardless of where the company is located.

2. Data Collection

We collect personal data in the following ways:

Information You Provide Directly

• Account registration information (name, email, phone number)
• Business information (restaurant name, address, business type)
• Payment information (processed securely through third-party providers)
• Communication data (support tickets, feedback, reviews)
• Marketing preferences and consent records

Information Collected Automatically

• Usage data (how you interact with our platform)
• Device information (IP address, browser type, operating system)
• Log data (access times, pages viewed, actions taken)
• Cookies and similar tracking technologies

Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract: To provide our POS services and fulfill our contractual obligations
• Legitimate Interest: To improve our services, prevent fraud, and ensure security
• Consent: For marketing communications and non-essential cookies
• Legal Obligation: To comply with applicable laws and regulations

3. Data Usage

We use your personal data for the following purposes:

Service Provision

• Operating and maintaining the 360TMD POS platform
• Processing transactions and managing orders
• Providing customer support and technical assistance
• Managing user accounts and authentication

Business Operations

• Analyzing usage patterns to improve our services
• Conducting research and development
• Generating analytics and business intelligence
• Ensuring platform security and preventing fraud

Communication

• Sending service-related notifications and updates
• Providing marketing communications (with your consent)
• Responding to inquiries and support requests
• Collecting feedback and reviews

4. Data Sharing

We may share your personal data in the following circumstances:

Service Providers

We work with trusted third-party service providers who assist us in operating our platform. These providers are contractually bound to protect your data and use it only for specified purposes:

• Cloud hosting and infrastructure providers
• Payment processing companies
• Customer support platforms
• Analytics and marketing tools

Legal Requirements

We may disclose your personal data when required by law or to:

• Comply with legal obligations and court orders
• Protect our rights, property, or safety
• Prevent fraud or illegal activities
• Cooperate with law enforcement agencies

International Transfers: When we transfer personal data outside the EU, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions. This GDPR page is governed by Delaware state law.

5. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

Right of Access

You have the right to request a copy of the personal data we hold about you, along with information about how we process it.

Right to Rectification

You can request that we correct any inaccurate or incomplete personal data we have about you.

Right to Erasure (Right to be Forgotten)

In certain circumstances, you can request that we delete your personal data. This right applies when:

• The data is no longer necessary for the original purpose
• You withdraw consent and there's no other legal basis for processing
• The data has been unlawfully processed
• Erasure is required for compliance with legal obligations

Right to Restrict Processing

You can request that we limit how we use your personal data in certain situations, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and to transmit it to another controller.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

Technical Safeguards

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security assessments and penetration testing
• Automated backup and disaster recovery systems

Organizational Measures

• Staff training on data protection and privacy
• Data processing agreements with third parties
• Privacy by design and by default principles
• Regular review and update of security policies

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, or resolve disputes. Specific retention periods vary depending on the type of data and applicable legal requirements.

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay.

7. Contact Information

If you have any questions about our GDPR compliance or wish to exercise your rights, please contact us: