Who are BearCAD?
BearCAD is a leader in providing cloud POS. We act as the “data controller” for our customers, employees, and partners. For Data Subjects using the POS systems we provide to our customers, we are a “data processor”.
If you are in countries other than the Australia, Mexico, USA and New Zealand references in this policy to BearCAD are to BearCAD LIMITED which is a company.
For customers in the USA and Mexico references to BearCAD are to BearCAD LLC.
For customers in Australia and New Zealand, references to BearCAD are to Epos Systems Pty Limited of PO Box 621, Buddina, Queensland, QLD 4575, Australia.
For the purposes of the Data Protection Act 2018 and the European General Data Protection Regulation (EU 2016/679) (“GDPR”) and any other applicable data protection and privacy laws and regulations (collectively "Data Protection Legislation"), BearCAD is the data controller for all Personal Information and we determine the means and purpose of processing. BearCAD has registered with the UK Information Commissioners Office (ICO) under registration number ZA201586 and we have a Data Protection Officer.
Our registration with the ICO and all of our data protection practices are aimed at ensuring we provide all of the protection required under Data Protection Legislation to your Personal Information. This Privacy Notice is designed to inform you how we do that in a clear and concise fashion. If you have any questions about our data handling practices or require assistance in understanding this notice, please contact us via the details given in the "how you can contact us" section below.
What personal data do we collect from or about you?
We may collect Personal Information about you in the following circumstances to enable us to provide You with the services we offer.
When using our Website
Whilst you can use the Website without giving out Your personal data, once You contact us via the Website or upload user information, BearCAD collects information about you, which may include:
- Your name;
- Email address; and
- Telephone numbers (including mobile)
We may also collect technical information about you when you visit the Website. This information may include:
- the Internet protocol (IP) address used to connect your computer to the Internet;
- Your browser type and version;
- time zone setting; and
- operating system and platform, and browser plug-in types and versions
- Information about your visit(s) to the Website may also be collected. The collected information is used to provide an overview of how people are accessing and using the Website. It is not used for any additional purpose, such as to profile those who access the Website
When you have registered interest in our services
If you have provided Your request for further information about our services to one of our trusted partners, we will seek sufficient personal information about You to allow us to contact you and reply to Your inquiry, such as:
- Your name;
- email address;
- business or home address;
- telephone number; and
- Social Handles
You always have the right to opt-out of receiving marketing information from BearCAD at any time. If you have chosen to subscribe to our marketing information we will collect the minimum contact information required to provide you with our newsletter, offers, and updates including:
- Your name
- email address; and
- telephone number
- Free Trial User - Analysis
When You purchase our POS system services
We may need to collect and use your personal information to create an account for the business requesting our services. This will always be collected directly from You and may include:
- Your name;
- Postal address;
- Invoicing details/address;
- Information regarding the services You request;
- Supplementary information You provide us about Yourself when contacting us;
- Email address; and
- Telephone numbers (including mobile)
When you contact our customer support
During Your customer support interactions we may collect the following information from You:
- Account Number;
- Your name;
- Work contact details (email address and telephone number);
- Professional information (business role and responsibilities); and
- Information regarding the services you request
as well as any additional information you choose to volunteer to us. We will only retain the information required to provide you with the support you request.
Where a remote service is provided to resolve a service issue, we will record the session for internal use only, so we have a record for further support or to use it as the basis of further resolution.
Recording of telephone calls
We routinely record telephone calls as our sales are often undertaken by telephone and we need to record so we can establish the contents of any contractual arrangements we have made with you. We will also record calls with customer support so we can show whether we have dealt with any issues raised and for training and quality purposes. Call recordings are deleted after 12 months.
If you fail to provide us with Personal Information
You always reserve the right to withhold Your personal information, but this may considerably affect and limit how we provide our services
Where we need to collect personal data by law, or under the terms of a contract we have with You and You fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service You have with us but we will notify you if this is the case.
What do we do with the information we collect
We will only ever use your personal information when allowed to by law and always under a documented lawful basis for processing.
We may use your personal information:
- to assess Your suitability for any particular service;
- to create an account for our services;
- to manage service cases as and when they arise;
- to process order requests for our services;
- to process repeat payments for services You have purchased;
- to give you information that You request from us and to improve our services;
- to notify you about changes to our services;
- to allow us to operate the Website efficiently;
- any relevant troubleshooting, testing or statistical analysis as appropriate; and
to keep the Website secure
We may, where we have obtained your express permission, also use the information collected to:
- Provide you with information about our services that we offer via promotional emails;
- keep you up to date with features on the Website; and
- permit selected third parties to provide you with information about goods or services they feel may interest You (a list of such third parties are available on request).
You are not under any obligation to opt-in to any marketing communications and You can opt-out of any of these data uses at any time by emailing email@example.com. We will only keep your information for as long as reasonably required.
Lawful basis of processing
We always ensure that a lawful basis (as defined in the UK Data Protection Act 2018 and GDPR) exists for all the Personal Information we process at BearCAD.
We will only process your information for as long as we have a relevant lawful basis to do so. This is usually in order to provide you with the contractual services you have requested from BearCAD or if you have provided us with adequate consent to process your information for other purposes.
If we choose to process your information under the lawful basis of legitimate interests, we will always inform you of our legitimate business interest and your right to object.
If you choose to access your Personal Information under the rights afforded to you by Data Protection Legislation, we will always inform you of the lawful basis under which we process your information.
How do we protect your personal data
We take our security obligations very seriously and constantly monitor for breaches and potential weaknesses.
When we collect information about you, we also make sure thayt our information is protected from unauthorised access, loss, manipulation, falsification, destruction, or unauthorised disclosure. This is done through appropriate technical measures. We use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we authorise access to Personal Information only for those employees who require it to fulfil their job responsibilities.
However, you should be aware that providing information over the internet can never be guaranteed as being completely safe and if you choose to send such information to us via the internet, you do so at your own risk.
Cross-border data transfers
If we are required to store or process your data outside of the European Economic Area and/or UK, we will comply with the provisions of the Data Protection Act 2018 and GDPR and any other guidance issued by the EU for data transfers from the EU to the UK.
We shall not transfer any Personal Information to any country outside of the UK or European Economic Area unless we ensure that such Personal Information is subject to an adequate level of protection and appropriate legal safeguards in accordance with Data Protection Legislation. If You wish to access your Personal Information, we will inform you of the transfers we make (if any) and the legal safeguards we have employed to ensure the ongoing security and protection of Your data.
Update to Privacy Shield: As the result of the decision of the European Court in July 2020 in the Schrems II case which affected the use of Privacy Shield, BearCAD will ensure that transfers of data from the UK/EEA to the USA will be covered by Standard Contract Clauses as approved by the European Commission or such other guidance issued by the ICO following the UK’s withdrawal from the EU.
Sharing Your information with others
We take our responsibilities for sharing data seriously. The following situations are those when we may share Your data:
- to staff members in order to facilitate the provision of goods or services to you;
- to third party companies in order to facilitate the provision or delivery to you of goods or services or apps or payment services;
- to our affiliated entities to support internal administration;
- IT software providers that host our website and store data on our behalf;
- analytics and search engine providers that assist us in the improvement and optimisation of the Website
- professional advisers including consultants, lawyers, bankers and insurers who provide us with consultancy, banking, legal, insurance and accounting services;
- HM Revenue and Customs, regulators and other authorities who require reporting of processing activities in certain circumstances;
- if BearCAD is acquired by a third party, in which case Personal Information held by it about its customers will be one of the transferred assets. We would process Your Personal Information for this purpose because we have a legitimate interest to ensure our business can be continued by the buyer. If You object to our use of Your Personal Information in this way, the relevant seller or buyer of our business may not be able to provide services to You.
- We may disclose personal data to the police, regulatory bodies, legal advisors or similar third parties where we are under a legal duty to disclose or share personal data in order to comply with any legal obligation, or in order to enforce or apply our website terms and conditions and other agreements; or to protect our rights, property, or safety of our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- To card payment providers in order to deal with any queries raised by you directly to those providers concerning and purchases from BearCAD.
If and when we share your data with third parties on a commercial basis, we always do so under a written agreement governing how your data must be processed and protected.
Our obligations under Data Protection Law and your options to control your Personal Information
If you are an individual (as opposed to a Limited Company) you have rights in relation to any Personal Information that we hold about you. If You wish to access your Personal Information you may make a formal subject access request by contacting BearCAD. We will respond within the prescribed period of 30 days unless we meet the grounds for an extension.
The information you request must relate to you or another individual in relation to whom you have the authority to act on their behalf. BearCAD will require confirmation of your ID prior to providing any information about the data we hold. If You are unable to provide sufficient information to prove your ID, BearCAD reserves the right to refuse your request for access to Personal Information.
The rights you have in relation to the Personal Information we hold regarding you are:
- the right to rectify any inaccuracies in the information we hold;
- the right to the erasure of information in specific circumstances;
- the right to request the transfer of your information to another controller; and
- the right to object to or restrict processing in specified circumstances.
If you have provided us with consent to process your personal information and we process on the lawful basis of that consent only, you always reserve the right to withdraw this consent via the method detailed in the paragraph below. We are committed to ensuring that your wishes are respected and upon notification that you wish to withdraw your consent, BearCAD will immediately cease processing the information in question.
You can withdraw your consent or access any information we hold on your behalf by contacting us at firstname.lastname@example.org. We will always process your request within one month.
Please check this notice from time to time to ensure you are aware of any updates we may have made to our Personal Information handling practices. The date of the changes will be listed in the 'Last updated' section below. We will endeavour to notify all of our current clients of any updates to this notice via email and we will post the relevant announcement on our website homepage.
We recommend that You print a copy of this page for Your reference.
How can you make a complaint?
If you live in the UK you have the right to issue a complaint directly with the Information Commissioners Office (https://ico.org.uk/concerns/)
In compliance with the Privacy Shield Principles, BearCAD commits to resolve complaints about our collection or use of Your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact email@example.com.
BearCAD has further committed to cooperate with the panel established by the EU data protection authorities with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship.
How can you contact us?
Last updated November 2020