Privacy Policy for RoadCube

Effective Date: October 27, 2023

1. Introduction

RoadCube ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, and share your personal information when you participate in loyalty programs created by RoadCube for our partner stores.

2. Information We Collect

We collect personal data from customers who visit and make transactions at our partner stores, as well as information about the stores themselves. This data is collected to facilitate the loyalty programs created by RoadCube for our partner stores. The data collected includes:

Customer Data:

• Name (First and Last)
• Contact Information (Phone Number and Email Address)
• Location and Demographic Information (Address, Birthday)
• Transaction-Specific Information (Custom Information related to purchases)

Store Information:

• Legal Name
• Owner Name
• VAT Number and other business identification numbers
• Store Locations or Website
• Margin and Product Information
• Transaction Information with User Data
• Payment Information (e.g., bank account or card details for automatic payments)

Data Collection Methods:

We collect data through RoadCube loyalty systems, including:

• Mobile apps
• Websites
• Tablet devices placed or provided by our partner stores

We also collect payment information from partner stores to facilitate automatic payments (e.g., via card or bank transfer) for their participation in the loyalty programs. This payment information is processed securely and used solely for billing and financial reconciliation purposes.

3. How We Use Your Information

We use the collected customer data, including store information, to:

• Create and manage loyalty programs for partner stores, including sending personalized communications and rewards. (Legal basis: Consent)
• Communicate with customers regarding rewards, updates, and customer support. (Legal basis: Consent)
• Provide location-based and age-specific rewards and offers. (Legal basis: Consent)
• Tailor loyalty programs to customer preferences based on transaction data, including store-specific preferences. (Legal basis: Contract Performance)
• Ensure the correct operation of loyalty programs for each store, including managing store-specific rewards, tracking transactions, and analyzing store performance within the program. (Legal basis: Contract Performance)
• Process payments from partner stores for their participation in the loyalty programs, including automatic card or bank transfers. (Legal basis: Contract Performance)
• Analyze usage data, troubleshoot issues, and enhance our Services. (Legal basis: Legitimate Interest)
• Send marketing and promotional materials (with customer consent, where required). (Legal basis: Consent)
• Protect against fraud, security risks, and unauthorized access. (Legal basis: Legitimate Interest)
• Comply with legal obligations and enforce our policies. (Legal basis: Legal Obligation)

RoadCube is the sole owner of the data collected for the loyalty programs. Where we rely on consent, you may withdraw that consent at any time.

4. Sharing Your Information

We may share customer data, including store information, with:

• Partner Stores: To facilitate the loyalty programs and to provide information about customer activity related to the program. (Purpose: To support the loyalty program. Data processing agreements are in place.)
• Service Providers: Third-party vendors who assist us with payment processing, data analysis, marketing, and other services. (Purpose: To support our services. Data processing agreements are in place.)
• Legal Authorities: When required by law or to protect our rights. (Purpose: To comply with legal obligations.)
• Business Transfers: In connection with a merger, acquisition, or sale of assets. (Purpose: To facilitate business transactions.)
• With Your Consent: When you authorize us to share your information. (Purpose: As directed by you.)

These third parties are contractually obligated to use the data only for the purposes we specify. Partner stores are obligated to use the data only for the provision of the loyalty programs, and in accordance with our instructions.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing and usage patterns.

• Essential Cookies: These cookies are necessary for the operation of our Services.
• Analytics Cookies: These cookies help us understand how users interact with our Services.
• Marketing Cookies: These cookies are used to deliver targeted advertisements.

You can manage your cookie preferences through your browser settings.

6. Your Rights

You have various rights regarding your personal information, including:

• Access: You can request access to your personal data.
• Correction: You can correct inaccuracies in your data.
• Deletion: You can request the deletion of your data.
• Objection: You can object to the processing of your data.
• Restriction: You can restrict the processing of your data.
• Withdraw Consent: You can withdraw your consent at any time (where applicable).
• CCPA Rights (California Residents): California residents have additional rights, including the right to opt-out of the sale of their personal information.

Exercising Your Rights:

To exercise any of these rights, please contact us at:

• Email: info@roadcube.com

We will respond to your request within 3-7 business days.

Identity Verification:

To protect your privacy and security, we may need to verify your identity before processing your request. We may contact you via phone or email to confirm that you are the legitimate owner of the personal data in question.

7. Data Security

We implement industry-standard security measures to protect your personal data from unauthorized access, use, or disclosure. These measures include:

• Encryption (both in transit and at rest) to protect sensitive data.
• Firewalls and intrusion detection systems to prevent unauthorized access.
• Restricted access to personal data to authorized personnel only.
• Regular security vulnerability assessments and penetration testing.
• Access control lists and role-based access control.

We have a documented data breach response plan to address and mitigate the impact of any security incidents. However, no method of transmission over the internet or electronic storage is completely secure.

8. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this policy or as required by law. Specific retention periods may vary depending on the type of data and its use.

9. Data Breach Notifications

In the event of a personal data breach, we will notify the relevant supervisory authority without undue delay, and where feasible, not later than 72 hours after having become aware of the breach, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will communicate the personal data breach to the data subject without undue delay.

Our notifications will include, where possible, a description of the nature of the personal data breach, the categories and approximate number of data subjects concerned, the categories and approximate number of personal data records concerned, the likely consequences of the breach, and the measures taken or proposed to be taken to address the breach.

We will maintain records of all personal data breaches, including their facts, effects, and remedial action taken, ensuring we can demonstrate compliance with this section.

We will follow all other legal requirements, that pertain to data breach notification, as set out by the GDPR.

10. Children's Privacy

Our Services are not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If a child aged 13 or older engages in transactions, we use their data solely for the purposes of the loyalty programs.

11. Changes to This Privacy Policy

We may update this policy periodically. We will notify you of any significant changes via email. We will maintain a version history of the privacy policy.

12. Contact Us

If you have any questions or concerns, please contact us at:

• Email: info@roadcube.com

Our Data Protection Officer can also be contacted at the above email address.

13. Definitions

• Personal Data: Any information relating to an identified or identifiable natural person.
• Data Controller: The natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data.
• Data Processor: A natural or legal person which processes personal data on behalf of the controller.
• Consent: Any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
• Legitimate Interest: The processing is necessary for legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
• Contract Performance: The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• Legal Obligation: The processing is necessary for compliance with a legal obligation to which the controller is subject.