Privacy Policy

This Privacy Policy explains how Cavius International Limited (“Cavius”, “us”, “we” or “our”) and its affiliates collect, use, disclose, transfer, protect, store and otherwise process your information when using our Services. Cavius International Limited is committed to the privacy and secure processing of the personal data it maintains for its Customers in an open and transparent manner. It is also committed to the collection and processing of the personal data in full compliance with the General Regulation on the Protection of Personal Data of the European Union (Regulation 2016/679) (hereafter referred to as "the Regulation") and the legislation in force in Cyprus that governs the collection and processing of Personal Data of individuals.

This Privacy Policy was updated on 27 August 2021.

 

Definitions

‘’Services’’ means Loyverse point of sale and inventory management products and services, and any features, technologies or functionality provided by those products or services, offered by us from time to time, including the Loyverse POS, Loyverse Dashboard, Loyverse KDS and Loyverse CDS applications ("Apps") and loyverse.com ("Website")

"Customer” or “Merchant’’ means the person or entity who registers to use the Service by creating a Loyverse account. If you are creating an account or using the Services on behalf of a business, you agree that you are accepting these Terms and have the authority to enter into these Terms, on behalf of the business, which will be deemed to be the Customer, and will be bound by these Terms.

"You" means the Customer and (where the context permits) includes any Authorised Users.

 

Identifying the Data Controller and Data Processor

For the purposes of EU Privacy Law, depending on the category of Personal Data described in this Privacy Policy, we are operating as a Controller or as a Processor.

In general, Cavius is the Controller for Customer (Merchant) Information and Processor for Consumer and Employee Information where the Controller is the Customer (Merchant).

For questions regarding the processing of personal data and the exercise of your rights by virtue of the GDPR, you may contact us via the email address privacy@loyverse.com.

 

Types of Personal Data collected

We collect and use several types of data for the individuals we cooperate with, including information by which subjects may be identified ("Personal Data" means any Data relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person), such as your first and last name, identity number, e-mail address, address and province and telephone number.


We are committed to protecting the privacy of the individuals on our websites, mobile applications, products and services. By registering for using our Services you acknowledge the collection, transfer, processing, storage, disclosure and other uses of your information.


  • Customer information, being personal information relating to our Customers/Merchants (where applicable). We collect this information so that we can provide our Services to those Customers.
  • Consumer information, being personal information relating to consumers with whom our Customers interact (such as consumers of their products or services) including their email address, phone number or other information.
  • Employee information, being personal information relating to employees of our Customers, including email address, phone number or other information.
  • Guests, being personal information relating to the visitors of our webpages and participants at Loyverse. Town and/or any other blogs or interactive platforms we have or may lunch.


Our customers are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as all privacy policies, agreements or other obligations, relating to the collection of personal data in connection with the use of our Services by individuals with whom our Customers interact.

We collect information under the direction of our Customers and have no direct relationship with individuals whose personal data we process in connection with the use of our Services. If you are a Customer providing information (including personal data) about someone else, you must have the legal ability to do so and, if necessary, inform them about how their personal data will be used (as described in this Privacy Policy).

If you are an individual who interacts with a Customer using our Services - for instance if you’re an employee or consumer of a retail store – that Customer is the controller of your personal data and you should contact them directly (e.g. - the owner or manager of the retail store) – for assistance with any requests or questions relating to your personal data.

Guests are solely responsible for the personal data they provide on the blogs or other interactive media and that we do not collect for providing the blog capability, such as the blog content.

 

How and what information we collect

We collect information about you when you provide it to us or when you use our Services.

The ways and what we collect, it can be broadly categorized into the following:

1. Information You Directly Provide to Us:

Account and profile information. We collect information about you when you register for an account, create or modify your profile, set preferences, sign-up for or make purchases through the Services (Contact information such as name, email address and country, profile information such as business phone number and preferences information such as notification and marketing preferences).

Operational data. We store information you upload to or send through our Services, ( Information about products and services the Customer sells (including inventory, pricing, sale, transaction, tax, and other data and Information about the Customer or the Customer’s business (employees, consumers and suppliers).

Information for Support. When you contact our customer support, where you may choose to submit information regarding a problem you are experiencing with a Service. (contact information, problem summary, any documentation, screenshots or information that would be helpful in resolving the issue).

Payment Information. We collect certain payment and billing information when you subscribe for certain paid Services. You might also provide payment information, such as payment card details, which we collect via secure payment processing services.

Contribution to a discussion. You might contribute to an online discussion at Loyverse. Town or any other interactive media or blog about the Service we are providing to you. The content of the discussion might include personal data you input.

Other submissions. We ask your consent to collect personal information from you when you submit web forms on our websites or when you participate in any interactive features of our Services, participate in a survey, promotion, activity or event, request customer support, communicate with us via third party social media sites, or otherwise communicate with us.

2. Information We Collect Automatically When You Use Our Services:

Access log: We gather certain information and store it in log files when you interact with our websites and Services. This information includes Internet protocol (IP) addresses as well as browser type, URLs of referring/exit pages, operating system, language and location preferences, time/date stamp, search history, device identification numbers and system configuration information. Occasionally, we connect personal information to information gathered in our log files as is necessary to improve our Services. If we do this, we will treat the combined information in accordance with this Privacy Policy.

Cookies: Cookies are used our organization and by our third-party partners (for example, our analytics partners) to collect information. A cookie is a small text file that is stored on your hard drive or in device memory for record keeping purposes. We use cookies to give you a better and more personalized use of the Services, to save you logging in every time and to count the number of visits. Please refer to our Cookies Policy for more information.

3. Information We Receive from Other Sources

We collect information from other sources, such as our business partners. We do not control, supervise, or respond for how the third parties providing your information process your personal data, and any information request regarding the disclosure of your personal information to us should be directed to such third parties.

 

Legal Basis for processing

We collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where:

  • It is necessary to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services.
  • It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests.
  • We need to process your data to comply with a legal obligation; or
  • You give us consent to do so for a specific purpose

If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place.

 

How we use your personal information

We are continually striving to improve Services. We may use information about you for purposes such as:

  • Enabling you to access and use our Services
  • Displaying historical sale information
  • Sending you marketing, advertising, educational content and promotional messages and other information that may be of interest to you, including information about us, our Services, or general promotions for business partner campaigns and services and only if you consented to. You can unsubscribe or opt-out from receiving these communications at any time
  • Measuring, customizing and improving the Services and developing new products
  • Sending to you service, support and administrative messages, reminders, technical notices, updates, security alerts and information requested by you
  • Investigating and preventing fraudulent transactions, unauthorized access to Services, and other illegal activities
  • Providing the capability for online discussion with other customers and/or users.
  • With your consent, we may use information about you for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Services, with your permission.

 

Sharing & disclosure of your information

When you use the Services, we may share your information only as described below:

Service Providers, Business Partners and Others

We use and work with third party service providers and our trusted Business Partners to provide application development, hosting, website, infrastructure, maintenance, backup, payment processing, customer relationship management, marketing, accounting, human resources, business intelligence and analytics, data enrichment, customer support and other services for us. These service providers may have access to or process your information for the purpose of providing those services for us. Some of our pages use white-labelling techniques to serve content from our service providers while providing the look and feel of our site. Please note that you are providing your information to these third parties acting on our behalf. These third parties are located in countries which may be outside of your location.

We also share your contact information with select trusted Business Partners, such as our partners who integrate with Services, to enable them to contact you about their services (as they relate to your Services).

Compliance with Laws and Protection of Rights

In certain situations, we may be required to use and disclose your information (including personal information) to a third party if we believe the disclosure is reasonably necessary:

  • To comply with any applicable law, legal process (for example, subpoenas and warrants) or governmental request
  • To enforce and administer our agreements, policies and terms of use
  • To protect the property, rights, and our safety of, our Customers or the public from harm or illegal activities
  • For fraud prevention, risk assessment, investigation, customer support, product development or debugging purposes
  • To protect the rights, property or our personal safety, its users or members of the public
  • To establish or exercise our legal rights or defend ourselves against any third-party claims or allegations


Business Transfers

If we undertake or are involved in any merger, acquisition, reorganization, sale of assets or bankruptcy or insolvency event, then we may transfer or share some or all our assets, including your personal information. In this event, we will notify you before your personal information is transferred and becomes subject to a different privacy policy.

Non-Identifying or Aggregated Data

We may share aggregated or other non-personal information that does not directly identify you with third parties in order to improve our Services.

 

Your privacy rights

Subject to the provisions of the General Data Protection Regulation, you have the following rights in regard to your Personal Data: (Please note, these rights are not absolute and, in some cases, they are subjected to conditions as defined by law)

  • Right of Access: You have the right to access your own Personal Information through the platform, as well as the right to request a copy of your personal information that is maintained and processed by us.
  • Right to Erasure: You have the right to request the deletion of Personal Data only if one of the following reasons is true:
  1. Personal Data are no longer necessary in relation to the purposes for which they were collected or processed.
  2. If the processing is based on your consent and you have withdrawn this consent (on which processing is based) in accordance with Articles 6.1.a and 9.2.a of the Regulation and if no other legal basis for processing applies.
  3. If you object to processing in accordance with Article 21.1 of the Regulation and there are no compelling and legitimate reasons for processing.
  4. If Personal Data has been processed illegally.
  5. If Personal Data should be deleted in compliance with a legal obligation under Union law to which our company is subject to.
  6. If the Personal Data have been collected in relation to the provision referred to in Article 8.1 of the Regulation.
  • Right to Object: Object to the processing of your Personal Data for marketing purposes or on grounds relating to your situation.
  • Right to Restriction of Processing: Request the restriction of the processing of your Personal Data in specific cases.
  • Right to Data Portability: Receive your Personal Data in a machine-readable format and send it to another controller (‘data portability’);
  • Right to Object and Automated Individual Decision-Making (Including Profiling): Request that decisions based on automated processing concerning you or significantly affecting you and based on your Personal Data are made by natural persons, not only by computers. You also have the right in this case to express your point of view and to contest the decision.

If you are an individual who interacts with a Customer using our Services - for instance if you’re an employee or consumer – that Customer is the controller of your information. If this is the case, please direct your data privacy request and questions to that controller,

You can request to exercise these rights by emailing privacy@loyverse.com.

 

Our global operations (including transfers of data from your home country to another)

To bring you Services, we operate globally. In order to do so, your personal information may be transferred to, and processed in countries other than the country you live in, outside of your home country, including the United States. These countries may have laws different to what you’re used to. Rest assured, where we disclose personal data to a third party in another country, we put safeguards in place to ensure your personal data remains protected.

Specifically, Cavius hosts data with Amazon Web Services in the Germany. If you are a non-EU resident, this means that your personal information will be transferred to the EU. The servers on which personal information is stored are kept in a controlled environment.

European Economic Area (EEA) users: This means that your information may be transferred outside of the EEA. Where your personal information is transferred outside the EEA, it will only be transferred to countries that have been deemed to provide adequate protection for EEA information, or to a third party where we have approved transfer mechanisms in place to protect your personal information – i.e. European Commission’s Standard Contractual Clauses.

 

How long we retain your information

We generally retain your information only as long as reasonably necessary to provide you the Services or to comply with applicable law.

However, even after you cancel your account, we can retain copies of information about you and any transactions or Services in which you may have participated for a period of time that is consistent with applicable law, applicable statute of limitations or as we believe is reasonably necessary to comply with applicable law, regulation, legal process, or governmental request, to resolve disputes, to address problems with our Services, to assist with investigations, to enforce our Terms of use or other applicable agreements or policies, or to take any other actions consistent with applicable law.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it.

 

Children’s use of the services

Services are not directed to individuals under 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact us at the email dpo@loyverse.com.

 

Security

We take appropriate security technical and organisational measures (including physical, electronic and procedural measures) to safeguard your Personal Information from unauthorized access, unlawful use, intervention, modification or disclosure under the requirements of the Regulation.

Where data is transferred over the Internet as part of the Services, the data is encrypted using industry standard TLS (HTTPS).

 

Updates to our privacy policy

We reserve the right to change this Privacy Policy from time to time, and if we do we will post any changes on this webpage. If you disagree with these changes, you can cancel your account at any time and/or stop your use of our Services. Your continued use of the Services after any changes to the Privacy Policy constitutes your acceptance of such changes.

 

More information

If you have any questions about this Privacy Policy or Cavius privacy practices, please contact us at dpo@loyverse.com or at our mailing address below:


Cavius International Limited

Archiepiskopou Leontiou A, 187, 4th floor

Limassol, 3020, Cyprus

 

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the office of the Commissioner for the Protection of Private Data. You can be provided the complaint forms for the Commissioner’s office here.