Welcome to SkyTab California!

Welcome to SkyTab California!

Privacy Policy

Our Commitment to Protecting Your Privacy

EFFECTIVE DATE

OCTOBER 1, 2023

This Privacy Policy describes how Shift4 Payments, LLC, our Affiliates, which as of the effective date of this revision include Merchant-Link, LLC, LLC, Micros Retail Systems, LLC, Shift4Shop, LLC, Appetize Technologies, LLC, The Giving Block Holdings, LLC, iControl-Enterprises, LLC, Online Payments Group AG, POSTEC, LLC, Secret POS Systems, LLC d/b/a Focus POS, Shift4 (BVI) Limited, Shift4 Corporation, Shift4 OPG Malta, LLC, Shift4 OPG Malta Limited, Shift4 Payments Lithuania UAB, and VenueNext, LLC (collectively, “Shift4,” “us,” “we”) collect, use, disclose, transfer, store, retain, or otherwise process any Personal Information received from you when you apply or sign up for or use any of our payment processing, payment gateway, or point-of-sale services or our various other products (collectively, “Services”).

Please read this Policy carefully. By accessing, browsing or using our website or Services, you confirm that you have read, understand and agree to the terms of this Privacy Policy.

As used in this Privacy Policy “Personal Information” means information and data that identifies you or makes you identifiable as a natural person, such as name, age, home address, phone number, date of birth, Social Security Number, and personal e-mail address. “Personal Information” covers all information defined as “personal data” under Art. 4(1) of the European Union’s (EU) General Data Protection Regulation (GDPR) or the UK General Data Protection Regulation (UK GDPR).

This Privacy Policy is designed to apply to our website visitors, users of our Services, prospective users of our Services, and our authorized distributors, wherever located. As a result, the Privacy Policy will include provisions applicable globally as well as provisions that are only required in particular jurisdictions. Shift4 Payments, LLC, may update this Privacy Policy from time to time. Updates will be reflected on our website, located at https://www.shift4.com/legal/. When we change the policy in a material way, a notice will be posted on our website along with the updated Privacy Policy.

What Information Do We Collect?

Information Provided By You

We collect information you provide when you apply or sign up for our Services, go through our identity or account verification process, authenticate into your account, communicate with us for support, or otherwise use our Services.
When you are applying or signing up for our Services, the information we collect can include:

You may be asked to provide some of this information anytime you are in contact with Shift4. Shift4 may share this Personal Information with its Affiliates and may use it consistent with this Privacy Policy. To provide quality service and support, Shift4 may require you to verify certain Personal Information associated with your account, and use such information to fulfill your requests, provide the relevant product or service, or for anti-fraud purposes. We may also combine it with other information to provide and improve our products, services, content, and advertising. You are not required to provide the Personal Information that we have requested, but, if you choose not to do so, in many cases we will not be able to provide you with our products or services or respond to any queries you may have.

Information We Automatically Collect About You From Your Use of Our Services

We also automatically collect information about you from your use of our Services. The information that we can collect includes:

Information We Can Collect From Other Sources

As a user or prospective user of our Services or as a distributor or prospective distributor, we also may collect information about you from third parties, including:

How Will We Use Your Information

The following sections describe different ways we may use your information. We may use information about you for a number of purposes, including:

Providing, Improving, and Developing our Services

Communicating with You About our Services

Protecting our Services and Maintaining a Trusted Environment

Advertising and Marketing

How Do We Share Your Information?

We may share information about you as follows:

With Other Users of our Services with Whom You Interact

Among our Affiliates

With Third Parties

Service Providers

Business Transfers and Corporate Changes

Safety and Compliance with Law

With Your Consent

Aggregated and De-Identified Information

How Will We Store Your Information?

Shift4 security stores your Personal Information as follows:

How Long Do We Retain Your Information?

We generally retain your information as long as reasonably necessary to provide you the Services or to comply with applicable law or relevant industry standards.

However, even after you deactivate your account, we retain copies of information about you and any transactions or Services in which you may have participated for a period of time that is (a) authorized under the agreements we have made with you or under applicable law, (b) reasonably necessary for us to comply with applicable law, regulation, legal process, or governmental request, or (c) reasonably necessary for us to detect or prevent fraud, to collect fees owed, to resolve disputes, to address problems with our Services, to assist with investigations, to enforce our Terms of Service or other applicable agreements or policies, or to take any other actions permitted under applicable law.

In addition, for UK or EU citizens or residents, Personal Information processed by Shift4 as a data processor will be removed in accordance with the instructions of the applicable data controller, not to exceed two years except where required to be retained for longer than that by applicable law, and except in the context of a legal dispute in which the particular data is relevant.

What Are Your Data Protection Rights (EU Citizens and Residents)?

As a UK or EU citizen or resident, you are entitled to the following:

As a data processor, Shift4 collects and processes personal data on behalf of our clients when we provide them with services including but not limited to: IT, HBR, Lighthouse BMS, Conecto, leads management, table reservation and/or training services. As a data processor, Shift4 processes personal data on behalf of our clients or customers, in accordance with their instructions and requirements. We do not control the purposes for which personal data is collected or the legal basis for such processing, as determined by our clients or customers who act as data controllers. We process personal data solely for the purpose of providing the services requested by our clients or customers, and we do not use the data for any other purposes. It is the responsibility of our clients or customers, as data controllers, to ensure that the processing of personal data complies with applicable data protection laws, including obtaining appropriate consent, providing necessary notices, and fulfilling other obligations as data controllers. We do not bear any responsibility for the legality, accuracy, completeness, or appropriateness of the personal data provided to us by our clients or customers for processing.

Shift4 is happy to work with its clients to effectuate the protections above. Contact information for our Data Protection Officer and our Article 27 Representative may be obtained by sending an email request for such information to security@shift4.com.

Transfers of Personal Information from the EU to the U.S.

Shift4 complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. Shift4 has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Further, Shift4 is responsible for the processing of Personal Information it receives from the European Union, including any subsequent transfers to a third party acting as an agent on behalf of Shift4. Shift4 complies with the legislation for all onward transfers of personal data from the EU, including the onward transfer liability provisions.

In the course of our operations, we may need to transfer personal data to third countries located outside the European Economic Area (EEA) or other jurisdictions that may have different data protection laws. Such transfers are subject to strict compliance with applicable data protection regulations, including the implementation of robust safeguards to ensure the privacy and security of personal data during the transfer process. By using the Services, you hereby consent to the transfer of Personal Information to third countries located outside the EU.

These safeguards may include the use of standard contractual clauses approved by the European Commission, certification mechanisms (if applicable), binding corporate rules, or other appropriate legal mechanisms as required by applicable data protection laws. These measures are designed to provide an adequate level of protection for personal data and to ensure that any data transfers to third countries are carried out in accordance with the principles of data protection, including the necessity, proportionality, and lawfulness of such transfers.

It is important to note that the data protection laws in some countries may not offer the same level of protection as those within the EEA or other jurisdictions with comprehensive data protection regulations. However, we will take reasonable steps to ensure that any transfers of personal data to such countries are conducted in compliance with applicable data protection laws and with appropriate safeguards in place to protect the privacy and security of personal data.

Shift4 is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Shift4 may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

What Are Your Privacy Rights (U.S. Residents)?

Shift4 conducts business throughout the United States and complies with applicable state privacy laws, including the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act, Colorado Privacy Act, Utah Consumer Privacy Act, and Connecticut Data Privacy Act.

This Policy complies with the requirements of these privacy laws by informing you of the categories of Personal Information we collect and your privacy rights under those laws.
If you are a resident of California, Colorado, Connecticut, Utah, or Virginia, you have the right to:

You may submit any of the above Requests by contacting us by phone, email, or physical address indicated below in this Privacy Policy for Privacy Questions. When you submit any of the above requests, we may ask you to provide certain pieces of information in order to verify your identity. Upon receiving your request, Shift4 will take reasonable steps to verify your identity and respond to a request by: (a) providing the requested information; or (b) explaining why Shift4 is not required to provide the requested information or take the requested action. We will not discriminate against you for exercising your privacy rights.

If you are resident of Nevada, you may submit a verified request to us that we not make any sale (as defined under Nevada Revised Statute 603A.333) of any covered information that we have collected or will collect about you. However, please note that Shift4 does not sell your Personal Information.

CCPA/CPRA Privacy Notice (California Residents)

All terms used in this section pertaining to the privacy rights of California residents have the definitions given to them in the California Consumer Privacy Act of 2018 (“CCPA”), the California Privacy Rights Act of 2020 (“CPRA”), unless otherwise clearly indicated. For purposes of this section, the terms “Personal Information” and “Sensitive Personal Information” have the same meanings as defined under Cal. Civ. Code 1798.140.

Shift4 does not sell Personal Information of California residents. Shift4 does not share Personal Information of California Residents with third parties for purposes of cross-context behavioral advertising. Shift4 does not use or share Sensitive Personal Information of California Residents other than for an authorized business purpose under Section 1798.140(e). Shift4 honors “do not track” signals and does not track, use cookies, or use advertising when a “do not track” mechanism is in place. Shift4 does not authorize the collection of personally identifiable information from our users for third party use through advertising technologies.

Shift4’s status under the CPRA/CCPA is normally that of a “service provider.” Accordingly, Shift4 confirms that it currently complies and will continue to comply with applicable provisions of the statute with respect to its function as a service provider. Specifically, Shift4 confirms that when it receives Personal Information from its merchant customers or authorized distributors, Shift4 processes that information only for authorized business purposes in accordance with the contracts it has with those businesses, and Shift4 does not sell or otherwise use the Personal Information so received for any purpose other than providing the services to its customers or distributors pursuant to the contracts it has with those businesses. Shift4 will take such actions and provide information as its customers and distributors may reasonably request to assist those businesses in complying with their relevant obligations under the statute.

To the extent that Shift4 otherwise receives Personal Information directly from a consumer, Shift4 states that:

As a California resident, you have the right to:

To request access, correction, modification, deletion, or opt-out, you can use the phone, email, or physical address indicated below in this policy for Privacy Questions. Upon receiving a request, we will take reasonable steps to verify your identity and respond to a request by: (a) providing the requested information; or (b) explaining why the CCPA or CPRA does not require us to provide the requested information or take the requested action. Shift4 may deny a request (but comply to the greatest extent that it can) if the consumer is unable or unwilling to verify his/her identity in conjunction with making such a request. We will not discriminate against California residents for exercising their rights under the CCPA or CPRA.

How To Ensure Integrity and Access to Your Information

You can help ensure that your contact information and preferences are accurate, complete, and up to date by contacting us at privacy@shift4.com. For other Personal Information we hold, we will provide you with access (including a copy) for any purpose including to request that we correct the data if it is inaccurate or delete the data if Shift4 is not required to retain it by law or for legitimate business purposes. We may decline to process requests that are frivolous/vexatious, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by applicable law.

You may also contact us at privacy@shift4.com if you would like Shift4 to delete the information that we have retained. However, in some circumstances, we may not be able to continue to provide you with some Services if some kinds of information are deleted. Also, if we send you marketing emails, each email will contain instructions permitting you to opt out of receiving future marketing or other communications.

What Are Cookies and Plugins, and How Do We Use Them?

COOKIES

Shift4’s online services, interactive applications, email messages, and advertisements may use “cookies” and other technologies, such as pixel tags and web beacons. These technologies help us better understand user behavior, tell us which parts of our websites people have visited, and facilitate and measure the effectiveness of advertisements and web searches. We treat information collected by cookies, IP addresses, or similar identifiers as Personal Information to the extent that such information can be linked to an individual. Similarly, to the extent that non-Personal Information is combined with Personal Information, we treat the combined information as Personal Information for the purposes of this Privacy Policy.

We may use different types of cookies, including functional, analytical, and tracking cookies. Functional cookies are necessary for the website to function properly and provide basic features. Analytical cookies help us analyze website traffic and improve our website’s performance. Tracking cookies are used for targeted advertising and tracking user behavior on our website.

Ads that are delivered by Shift4’s advertising platform may appear on Shift4’s website and the websites of our Affiliates and in the Shift4 Marketplace. You may see ads in third-party environments based on context like your search query or the channel you are reading. In third-party apps, you may see ads based on other information. This reflects that cookies and similar data from web usage are used to generate and select advertising visible to the user.

Shift4 and our partners also use cookies and other technologies to remember Personal Information when you use our website, online services, and applications. Our goal in these cases is to make your experience with Shift4 more convenient and personal.

If you want to disable cookies, seek out the policies and terms of your internet web browser to manage your browsing privacy preferences. Please note that certain features of the Shift4 website will not be available once cookies are disabled.

As is true of most internet services, we gather some information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit websites and applications, operating system, date/time stamp, and clickstream data.

We use this information to understand and analyze trends, to administer the site, to learn about user behavior on the site, to improve our product and services, and to gather demographic information about our user base as a whole. Shift4 may use this information in our marketing and advertising services.

In some of our email messages, we use a “click-through URL” linked to content on the Shift4 website. When customers click one of these URLs, they pass through a separate web server before arriving at the destination page on our website. We track this click-through data to help us determine interest in particular topics and measure the effectiveness of our customer communications. If you prefer not to be tracked in this way, you should not click text or graphic links in the email messages.

Pixel tags enable us to send email messages in a format that customers can read, and they tell us whether mail has been opened. We may use this information to reduce or eliminate messages sent to customers.

The period of retention of personal data depends on the specific cookie used to collect the personal data, but in all cases the retention period shall not exceed 2 years.

PLUGINS

The websites managed by Shift4 utilize social plugins for various functionalities. These plugins are installed on the website to facilitate user redirection to the Shift4’s social media accounts or communication windows on communication platforms.

Upon clicking on the plugin icons, users are directed to the respective plugin manager’s page, where information such as the originating page of the request, request time, and date may be shared with the plugin manager. Notably, these plugins can be identified by the distinct logos of “Facebook,” “Twitter,” and “LinkedIn.”

It is important to note that any information provided by individuals on the plugin manager’s page or obtained through the links of the plugins on the Shift4’s website is subject to the control and privacy policies of the respective plugin managers. These privacy policies encompass critical aspects such as the collection and storage of personal data, legal bases for data processing, retention periods, as well as the technical and organizational security measures in place.

For any further inquiries or concerns regarding the handling of personal data through these plugins, users are encouraged to review the privacy notices of the respective plugin managers.

Children’s Policy

We do not knowingly collect or solicit any information from anyone under the age of 18 on or through the Services. If we learn that we have nevertheless collected Personal Information from a child under age 18 without parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from a child under 18 without parental consent, please contact us using the contact details listed below at the end of this Privacy Policy.

Third-Party Sites and Services

Shift4 websites, products, applications, and services may contain links to third-party websites, products, and services. Our products and services may also use or offer products or services from third parties.

Information collected by third parties is governed by their privacy practices. We encourage you to learn about the privacy practices of those third parties.

If you purchase a subscription in a third party app, we create an identifier that is unique to you and the developer or publisher that we use to provide reports to the developer or publisher that include information about the subscription you purchased, and other pertinent information. This information is provided to developers so that they can understand the performance of their subscriptions.

If contests or promotions are made available, the applicable contest or promotion rules may include additional rules regarding the collection, use, and disclosure of Personal Information. To the extent that those specific rules conflict with this Privacy Policy, the contest or promotion rules will supersede this Privacy Policy with respect to the conflicting terms and the non-conflicting terms of this Privacy Policy and our Terms of Use will continue to apply. Silence shall not be deemed a conflict.

Social Media Accounts

We have set up and manage our accounts on social media (LinkedIn, Facebook, Instagram), but the information provided by you using the social media (including messages, the use of “Like” and “Follow” thumbnails and other communication) or received when you visit social media accounts managed by us or read entries posted by us are controlled by the operators of the social media.

As the administrator of the social media accounts, we shall select appropriate settings taking into accounts our target audience and the aims of managing and promoting our activities, but the operators of social media may restrict our ability to change certain key settings. As a result, we are unable to influence the type of information the social media operators collect about you after we create our account.

The scope of the data received by us as the administrator of social media accounts depends on the account settings selected by us, agreements with the social media operators for additional services, and the cookies used by the social media.

Our Companywide Commitment to Your Privacy

To make sure your Personal Information is secure, we communicate our privacy and security guidelines to Shift4 employees and strictly enforce privacy safeguards within the company. Employee access to information is managed on a need-to-know least privilege basis. Employees who violate our Privacy Policy are subject to disciplinary action, up to and including termination in appropriate circumstances.

Subject to applicable legal requirements, we will notify you in the manner and in accordance with timeframes specified in the law if we discover that there has been an unauthorized use or unauthorized disclosure of your information. If that were to occur, and in addition to other applicable rights and remedies, we will undertake appropriate steps to remediate the breach and to reduce the risk of future reoccurrences.

Primary Company Locations

Shift4 Corporate Headquarters
3501 Corporate Parkway
Center Valley, PA 18034
800.276.2108

Shift4 (Las Vegas, NV)
1551 Hillshire Drive
Las Vegas, NV 89134
888.857.9751

Shift4 (Silver Spring, MD)
12401 Prosperity Drive
Silver Spring, MD 20904
301.562.5000

Privacy Questions

If you have any questions or concerns about Shift4’s Privacy Policy or data processing or if you would like to make a complaint about a possible breach of applicable privacy laws, or to submit requests for access, modification, or deletion of personal data, please contact us at privacy@shift4.com. You can also contact us by phone at 888-276-2018 (ask for Legal Department), or at the following address: Shift4, Attn: Legal Department, 3501 Corporate Parkway, Center Valley, PA 18034.

When a privacy question or access request is received we have a team that seeks to address the specific concern or query that you are seeking to raise. Where your issue may be more substantive in nature, more information may be sought from you. All such substantive contacts receive a response. If you are unsatisfied with the reply received, you may refer your complaint to the relevant regulator in your jurisdiction. If you ask us, we will endeavor to provide you with information about relevant complaint avenues that may be applicable to your circumstances.

Changes to Our Privacy Policy

Shift4 may update its Privacy Policy from time to time. When we change the policy in a material way, a notice will be posted on our website along with the updated Privacy Policy.