This policy was last updated and takes effect on: 11/11/2019
This Privacy Notice describes how we collect, process, and share your Personal Data. We also describe Users’ rights and choices with respect to how we process your Personal Data and other important information. Please read this Privacy Notice carefully.
Click on one of the links below to jump to the listed section:
EU-U.S. Privacy Shield
Scope of this Privacy Notice
This is the Privacy Notice of E la Carte, Inc. dba Presto (“Presto,” “us,” “our,” or “we”), a Delaware corporation with offices at 810 Hamilton St., Redwood City, CA 94063. You can contact us here.
This Privacy Notice applies to our “Service” which includes:
- our website at Presto.com and other sites that link to/post this Privacy Notice, (including any subdomains or mobile versions the “Corporate Site(s)”) and
- our PRESTO Tablets and Kiosks (“PRESTOs”), our Presto order and guest management SaaS platform, and any related software applications used to access the Presto SaaS platform (collectively, the “Platform”).
Your use of our Service indicates your acknowledgement of the practices described in this Privacy Notice.
Our Clients and other Third Parties
Our Service is a platform that allows restaurant guests (“Guest Users”) and restaurant staff (“Client Users”) to interact, read restaurant menus, submit orders, pay, play games, and submit feedback to our restaurant and food service clients (our “Clients”).
This Privacy Notice only addresses how Presto processes Personal Data. This Privacy Notice does not apply to our Clients, or describe how our Clients process Personal Data, including the Personal Data we collect on their behalf as a service provider. Our Clients may process your Personal Data (including in connection with the use of our Platform) in ways that are not described in, or that are different from, the practices described in this Privacy Notice.
Sources and Categories of Personal Data
Categories of Personal Data we Process
We may process the following categories of data that relate to identified or identifiable individuals (“Personal Data”) (note, specific Personal Data elements listed in each category are only examples and may change):
|Identity Data:||Personal Data relating to an individual’s identity or representing that individual, such as your name, ID/driver’s license number, gender, date of birth, photo/avatar, username, persistent user identifiers/ID numbers, and biographical information.|
|Contact Data:||Personal Data used to contact an individual, e.g. email address(es), physical address(es), phone number(s), or usernames.|
|Transaction Data:||Personal Data we create in relation to orders you place, or similar transactions made through our Service, e.g. item description, price, quantity, or other description of the product/service purchased.|
|Payment Data:||Personal Data relating to payment accounts or services, e.g. a credit card or other payment account number, security code, authentication data, and other similar information you provide in connection with a payment transaction.|
|Device/Network Data:||Personal Data relating to use of a device, browser, or application e.g. IP addresses, MAC addresses, application ID/AdID/IDFA, identifiers from cookies, session navigation history, options clicked, navigation, timing, and similar browsing metadata, and other data generated through applications and browsers, including cookies and similar technologies.|
|Inference Data:||Personal Data inferred about personal characteristics and preferences, such as demographics, interests, behavioral patterns, psychological trends, predispositions, or behavior.|
|User Content:||Any Personal Data contained in a text box or other free-text field, such as when you email or contact us, including any content of a comment, review, or message.|
Sources of Personal Data
We collect Personal Data in various ways, which vary depending on the context in which we process that Personal Data:
|Data you provide to us:||You may provide us or our Clients with Personal Data directly. We collect Identity Data, Payment Data, Transaction Data, Contact Data, and User Content when you submit it through our Service, for example, as part of account registration or when you conduct a transaction.|
|Data we create or infer:||We or our Clients (or third parties operating on our behalf) create and infer Personal Data such as Inference Data or Aggregate Data based on our observations or analysis of other Personal Data processed under this Privacy Notice, and we may correlate this data with other data we process about you.|
|Clients:||We may receive Identity Data, Contact Data, Transaction Data, Payment Data, Device/Network Data, Inference Data, and User Content from third parties with whom we or a Client have a relationship. For example, we may receive certain Personal Data when you interact with certain cookies, tablets and similar technologies, or when you use our third-party payment processing tools.|
|Data Aggregators:||We may receive Identity Data, Device/Network Data, Inference Data, Contact Data from data aggregators and similar parties that provide us with data to augment other personal data we hold about you.|
Business and Commercial Purposes of Processing
How We Process Personal Data: Platform
When you use the Platform, we generally process your Personal Data as follows, as well as for the general processing purposes (described below) that are applicable to our Service generally or the Platform specifically.
Client User Accounts
We generally process Identity Data, Device/Network Data, and Contact Data when Client Users register and create an account on our Service. We primarily use this data as necessary to create, maintain, and provide Users with information about their account. We may also use Contact Data to correspond with Users with informational messages regarding the Service, or in connection with other requests from those Users. Note, when Client Users’ information is shared with the Client, the Client may use that data for its own purposes.
Presto accounts allow Guest Users to create a profile in order to simplify ordering and payment, improve customer service, and enjoy a personalized user experience at restaurants using Presto. We may also create a guest account when you register for a Client’s loyalty program. We generally process Identity Data, Contact Data, Payment Data and Device/Network Data when Guest Users create and access their account on our Service. We use this data as necessary to authenticate Users, deliver messages and notifications to Users, and as otherwise necessary to provide our Service and carry out the processes and transactions Guest Users request. We may also store your Payment Data to enable payment through your account.
Data we control in connection with a Presto account is processed on behalf of our Clients when a Guest interacts with a Client, for example, in connection with an order, making a payment, for customer service purposes, and to share useful information (such as allergy information, name, preferences, etc.) with the Client, or in connection with feedback/surveys. We may send Guest Users messages regarding our service, security alerts, or other important information about their account. Further, Guest Users that opt in, or if otherwise allowed, may receive marketing communications from us (including communications on behalf of our Clients or third parties).
When Guests submit an order through the Platform, or where a Client User interacts with a Guest’s order, we generally process Identity Data, Transaction Data, Contact Data, Device/Network Data, Payment Data, Inference Data, and if you provide it (e.g. as part of a special request) User Content. Note, Client Users may also add certain data (e.g. additional Transaction Data or User Content) to the order.
We primarily process this data and share it with Clients as necessary to process your order and in connection with our provision of the Service. Payment Data is used only to secure and process payments at your request. Additionally, we may analyze this information to create Inference Data and relate it to the order data, and Device/Network Data from the PRESTO, and we may store and analyze that record on behalf of the Client. If a Guest User logs into or links their Presto account or a Client loyalty program, this Data may be associated with the Guest User’s Presto account, in which case we will retain and process this information on our own behalf, as well as on behalf of our other Clients when a Client User interacts with them. Note, certain data (excluding Device/Network Data and Payment Data) may be shared with the Client who may use that data for its own purposes.
Client Loyalty Programs & Mailing Lists
Feedback and Surveys
We generally process Identity Data, Contact Data, and User Content collected in connection with Guest surveys or questionnaires. We generally process this Personal Data as necessary to inform the Client of Guest preferences, to create aggregate analytics regarding Guest satisfaction, or to allow Clients to communicate with Guests. Any Feedback/Survey data may be made available to the Client, who may use it for their own purposes. We may also store and analyze feedback for our purposes, for example, to personalize the services, and help recommend relevant offers or services.
How we Process Personal Data: Corporate Site
When you use the Corporate Site, we generally process your Personal Data in the following contexts, as well as for the processing purposes (described below) that are applicable to our Service generally.
You may contact us through our Corporate Site, or sign up for certain communications from us. In each case, we generally collect Contact Data, and any Identity Data or User Content that you provide in the registration form. This information is primarily used to respond to your request, but where you consent, or if relevant to your request and permitted by law, we may send you marketing communications as described further below.
Cookies and Similar Technologies
When you use our Service, you may interact with cookies and similar technologies that we operate on or allow access to our Service. We, and certain third parties, may automatically collect and process Device/Network Data and Inference Data when you interact with these cookies and similar technologies. In cases where these cookies and similar technologies are controlled by third parties, we may receive this data from third parties to the extent allowed by the applicable service provider or partner. Please note, some of these technologies can be used by third parties to identify you across platforms, devices, websites, and services. The privacy policies of third parties may apply to these third-party technologies and their own use of any Personal Data they collect.
Subject to Users’ Rights and Choices, we use this data as follows:
- for “essential” or “functional” purposes, such as to enable various features of the Service such as remembering passwords, or staying logged in during your session;
- for “analytics” purposes, consistent with our legitimate interests in how the Service is used or performs, how users engage with and navigate through the Service, what other sites users visit before visiting our Service, how often they visit our Service, and other similar information; and
- on our Corporate Site, for “retargeting” or similar advertising purposes, so that you can see advertisements from us on other websites. These technologies and the data they collect, may be used by advertisers to deliver ads that are more relevant to you based on content you have viewed, including content on our Corporate Site. These tracking technologies may also help prevent you from seeing the same advertisements too many times, and help us understand whether you have interacted with or viewed ads we’ve delivered to you. This collection and ad targeting may take place both on our Corporate Site, as well as on third-party websites that participate in the ad network (e.g. any advertisements delivered by that ad network on a third-party website).
Purposes of Processing
We process Personal Data for numerous business and commercial purposes; for example:
- To facilitate ordering and communications between Guests and our Clients
- To fulfill our contractual obligations to you
- To provide, improve, and secure our products and services
- For customer service and workforce training/development
- To compile statistics, segmented by various demographics data
- To comply with the law, and in the public interest
Please see below for more information regarding the purposes for which we process your Personal Data.
Service Provision and Contractual Obligations
We process any Personal Data as is necessary to provide our Service, authenticate users and their rights to access the Service, the Platform version, or various data, features, or functionality, and as otherwise necessary to fulfill our contractual obligations to you, and provide you with the information, features, and services you request.
Internal Processes and Service Improvement
We may use Personal Data we process through our Service as necessary in connection with our business interests in improving the design of our Service, for customer service purposes, in connection with logs and metadata relating to Service use, and for ensuring the security and stability of the Service. Additionally, we may use this data to understand what parts of our Service are most relevant to Users, how Users interact with various aspects of our Service, how our Service performs or fails to perform, etc., or we may analyze use of the Service to determine if there are specific activities that might indicate an information security risk to the Service, our Users or our Clients. We may also use this information in connection with the provision of new features, products, and analytics tools to be used by other Clients. This processing is subject to Users’ rights and choices applicable to processing performed in accordance with our legitimate business interests.
We may use automated processing in relation to our Users’ use of the Platform. For Guest Users, automated processing may determine suggestions for items you may want to order, offers or promotions you may be interested in, ordering/payment methods, or for other similar matters. For Client Users, we use automated processing on behalf of the Client to help determine priorities for guest service, to analyze hours worked and availability, determine server performance, average check size, Guest count, and other similar information.
We use Personal Data processed through our Platform to create aggregate analytics relating to Platform Use. For example, we use Guest Users’ Personal Data to create aggregate analytics relating to trends in how Guests interact with our Clients, such as food and drink orders, product choices, preferences, spending habits, time of day, or other similar information. Additionally, we may use Client Users information to create aggregate data regarding staff efficiency, hours worked, service performance, Guest satisfaction, availability, etc. Platform Analytics will not contain information from which an individual may be individually identified, but may be combine with information used in automated processing or advertising. These analytics may be made available to our Clients individually, in the case of Client User analytics, and to all clients, in the case of Guest User analytics. This processing is subject to Users’ rights and choices applicable to processing performed in accordance with our legitimate business interests.
We process Personal Data in connection with our legitimate business interest in personalizing the Platform. For example, the Service may be customized to you so that it displays your name, reflects service preferences, to suggest orders, or to display items that you have ordered or interacted with in the past, or to display content that we think may be of interest to you based on your interactions with our Platform, Clients, or other content. This processing may involve the creation and use of Inference Data relating to your preferences. This processing is subject to Users’ rights and choices applicable to processing performed in accordance with our legitimate business interests.
We use Personal Data processed through our Service in connection with our, and with our Clients’ marketing communications. You may opt-in to these communications, or consistent with our legitimate business interests, we may send you marketing and promotional communications if you communicate with us about our Service, register for an account, or where otherwise permitted by law. We may also process Device/Network Data and Contact Data when you interact with our communications in connection with our interest in understanding communication response and open rates. This processing is subject to Users’ rights and choices applicable to processing performed in accordance with our legitimate business interests.
Please note: on occasion, third parties unaffiliated with us may conduct marketing campaigns using our devices where they offer incentives, as inducements to enroll in their programs, complete surveys or take other actions. In such cases, requests directed to us to opt out of further communications will not be effective, as we have no control over the activities of such third parties.
With your consent or where otherwise permitted by law, we may deliver advertising through our Platform. As part of these services, we use the Personal Data we process through our Platform to deliver messages, offers, promotions, or content that we, our Clients, or third-party partners believe may interest you. We may deliver advertising to a specific PRESTO, or if a Guest is logged in to the Platform, to specific Guest Users.
Specifically, when a Guest User accesses our Platform, we may collect and combine order information with information about your use of the Platform. If a Guest User uses a PRESTO, advertisements on that PRESTO may be based on interactions during a Guest User’s session and other contextual information available to Presto or the Client. For example, Guest Users may see certain ads on our PRESTOs because we collect information from your entertainment activity, ordering activity, payment activity or browsing behavior using PRESTO.
Similarly, if a Guest User accesses the Platform on a personal device, or logs into their Presto account on the PRESTO this Identity Data and Inference Data may be associated with the Guest User’s account information to improve these advertising services through the PRESTO, for the Guest User, and on third-party websites that participate in certain ad networks use to support or deliver the advertisements (e.g. any advertisements delivered by that ad network on a third party website).
Information we collect for advertising enables us to present more relevant ads than is otherwise possible, may help prevent you from seeing the same advertisements too many times, and help us understand whether Guest Users have interacted with or viewed ads we’ve delivered. Note, when linked to an individual Guest User or a Guest User’s personal Device/Network Data, these technologies and the data they collect, may be used by advertisers to deliver ads elsewhere on the internet and can be used by third parties to identify you across platforms, devices, websites, and services.
This processing is subject to Users’ rights and choices applicable to processing performed in accordance with our legitimate business interests.
Compliance, Health, Safety & Public Interest
Note that we may, without your consent or further notice to you, and to the extent required or permitted by law, process any Personal Data for purposes determined to be in the public interest, required by law, or as necessary in connection with the establishment or defense of our legal rights. For example, we may process information as necessary to fulfil our legal obligations, to protect the vital interests of any individuals, to establish claims for violations of applicable contracts, for authorized medical or public health purposes, or as otherwise in the public interest or required by a public authority. Please see the data sharing section for more information about how we disclose Personal Data in extraordinary circumstances.
Other Processing of Personal Data
If we process Personal Data in connection with our Service in a way not described in this Privacy Notice, this Privacy Notice will still apply generally (e.g. with respect to Users’ rights and choices) unless otherwise stated when you provide it.
Information we collect may be shared with a variety of parties, depending upon the purpose for and context in which that information was provided. We generally share Personal Data with the following categories of recipients:
|Clients:||We process data on behalf of Clients and may share your Personal Data with Clients to the extent such information was provided to us for processing on the Client’s behalf, subject to the data sharing choices and configurations made by the Client. Personal Data provided by a Client User or processed on the Client’s behalf may be disclosed to Clients, including: Identity Data, Contact Data, Transaction Data, Payment Data, Device/Network Data, Inference Data, and User Content.|
|Service Providers:||In connection with our general business operations, product/service improvements, to enable certain features, and in connection with our other legitimate business interests or other business purposes, we may share your Personal Data with service providers or subprocessors who provide certain services or process data on our behalf. For example, we may use cloud-based hosting providers to host our Service or may disclose information as part of our own internal operations, such as security operations, internal analytics, product development, etc.) We may disclose Identity Data, Contact Data, Transaction Data, Payment Data, Device/Network Data, Inference Data, and User Content to Service Providers.|
|Data Aggregators:||In connection with our marketing operations, and subject to Users’ rights and choices, we may share or sell certain personal data to data aggregators and platform advertising. These disclosures/sales can help better personalize our Services, the services of third parties, and help ensure that you see advertisements that are more relevant to your interests.|
|Affiliates:||We may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies, for example, in order to streamline certain business operations, develop products and services that better meet the interests and needs of our customers, or to improve the quality and delivery of our Service.|
|Successors:||Your Personal Data may be shared if we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.|
Users’ Rights and Choices
To the extent required under applicable law, and subject to our rights to refuse requests under applicable law, you may have the following rights in your Personal Data. You may exercise your rights by emailing us at the address below.
Note: In some cases, Presto acts on its Clients’ behalf when processing Personal Data. In those cases, we may notify Clients of your rights request, however, we may be unable to directly fulfill rights requests regarding Personal Data unless we are in control of how that data is processed or have the necessary rights of access. Presto may not have access to or control over all or some Personal Data controlled by Clients. Please contact the Client directly for data rights requests regarding Client-controlled information, and we will assist the Client as necessary to complete your request.
Know/Access: You may have a right to know what information we collect, use, disclose, or sell, and you may have the right to receive a list of that Personal Data and a list of the third parties (or categories of third parties) with whom we have received or shared Personal Data, to the extent required and permitted by law. You may be able to access some of the Personal Data we hold about you directly through the account settings menu.
Rectification: You may correct any Personal Data that we hold about you to the extent required and permitted by law. You may be able to make changes to much of the information you provided to us using the account settings menu.
Delete: To the extent required by applicable law, you may request that we delete your Personal Data from our systems. We may delete your data entirely, or we may anonymize or aggregate your information such that it no longer reasonably identifies you.
Data Export: To the extent required by applicable law, we will send you a copy of your Personal Data in a common portable format of our choice.
Regulator Contact: You may have the right to contact or file a complaint with regulators or supervisory authorities about our processing of Personal Data. To do so, please contact your local data protection or consumer protection authority.
California Rights: Residents of California (and others to the extent required by applicable law) may request a list of Personal Data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year. Upon receipt of a verifiable request, you may also request that we provide you a copy of your Personal Data, direct us to stop selling or disclosing Personal Data for certain purposes (if we have done so), and receive information regarding: (1) the categories of Personal Data we have collected about you, or that we have sold, or disclosed for a commercial purpose; (2) the categories of sources from which your Personal Data was collected; (3) the business or commercial purpose for which we collected or sold your Personal Data; (4) the categories of third parties with whom we have disclosed your Personal Data, or sold, or disclosed it for a business purpose; and (5) the specific pieces of Personal Data we have collected about you. You have the right to not to receive discriminatory treatment as a result of your exercise of rights conferred by the CCPA.
Note: We may require that you provide additional Personal Data to exercise these rights, e.g. information necessary to prove your identity.
It is possible for you to use portions of our Service without providing any Personal Data, but you may not be able to access certain features or view certain content. To the extent required under applicable law, and subject to our rights under applicable law, you may have the following choices regarding the Personal Data we process. Note: Presto processes Personal Data primarily on behalf of its Clients. Some choices may be available only to certain Clients and Users, and your choices may be limited based on a Clients’ specifications and requirements.
Consent: If you consent to processing, you may withdraw your consent at any time, to the extent required by law.
Direct Marketing: You have the choice to opt-out of or withdraw your consent to processing related to direct marketing communications. You may have a legal right not to receive such messages in certain circumstances, in which case, you will only receive direct marketing communications if you consent. You may exercise your choices via the links in our communications or by contacting us re: direct marketing using the information below. To opt-out of the collection of information relating to email opens, configure your email so that it does not load images in our emails.
Data Sale: You may have the right to request that we cease the future sale of your Personal Data in the event we “sell” your Personal Data as defined under applicable law. Your request to stop the sale of your data may potentially result in the loss of any incentives or the ability to participate in certain programs to the extent they involve the sale of your Personal Data.
Other Processing: You may have the right under applicable law to object to our processing of your Personal Data that we undertake without your consent as in connection with our legitimate business interests. You may do so by Contact Us re: data rights requests. Note that we may not be required to cease, or limit processing based solely on that objection, and we may continue processing cases where our interests in processing are balanced against individuals’ privacy interests.
We implement and maintain reasonable security measures to safeguard the Personal Data we process. However, we sometimes share Personal Data with, or process data on behalf of third parties, as noted above. We require our service providers to follow certain security practices. However, we do not warrant perfect security and we do not provide any guarantee that your Personal Data or any other information you provide us will remain secure.
We retain Personal Data for the periods stated above, or if none, for so long as it remains relevant to its purpose or for so long as is required by law (if longer). As we process Personal Data on behalf of Clients, we may retain information for the periods requested by the Client or delete information upon the Client’s request. We will review retention periods periodically, and if appropriate, we may de-identify or anonymize data held for longer periods.
Our Service is intended for use by Clients and Users, and is neither directed at nor intended for direct use by individuals under the age of 16. Do not access or use the Service if you are not of the age of majority in your jurisdiction.
We operate and use service providers located in the United States. If you are located outside the U.S., your Personal Data may be transferred to the U.S. The U.S. may not provide the same legal protections of Personal Data as your home country. If you are a resident of the European Union, your Personal Data may be transferred to the U.S. pursuant to the E.U.-U.S. Privacy Shield Framework, the Standard Contractual Clauses, or other adequacy mechanisms, or pursuant to exemptions provided under EU law.
Changes to Our Privacy Notice
We may update this Privacy Notice periodically and without prior notice to you to reflect changes in our personal information practices. Changes will be posted on this page with the effective date. Please visit this page regularly so that you are aware of our latest updates. Your acknowledgement of these changes, or use of the Service following notice of any changes (as applicable) indicates your acceptance of any changes.
Feel free to contact us with questions or concerns using the appropriate address below.
General inquires: email@example.com
Physical address: E la Carte, Inc. dba Presto
Attention: Dan Smith, Privacy Department
c/o Compliance and Ethics Office
810 Hamilton St.
Redwood City, CA 94063