End User Privacy Policy
Updated last: 1st October 2024.
Spillover End-User Privacy Policy (“Privacy Policy”)
Spillover Software Group, LLC (“Spillover, “we”, “us””), has created this Privacy Policy in order to demonstrate our firm commitment to the privacy of personal information and to describe how we process, collect ,use and share personal information.
Spillover provides digital marketing products and services to restaurants and other small businesses (our “Customers”). These software products and associated software and marketing services include but are not limited to websites for our Customers (“Site”), email marketing, text messaging, reputation management, social media management, mobile apps, table reservations and any of our digital marketing offerings or other online offerings (collectively our/the “Platform”). It is through the Platform that we interact with our Customers, and their customers (“End User”, “you”) and this Privacy Policy is written for you.
For access to our End User Terms of Use please see www.spillover.com/terms-of-use/.
WHAT PERSONAL INFORMATION WE COLLECT FROM YOU:
1. “Device Information”.
When you visit the Site, or engage with the Platform, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device.
Additionally, as you browse the Site, we automatically collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site.
Website Cookies:
We may use cookies, web beacons, tracking pixels, and other tracking technologies on the Site [and our Platform] to help customize the Site [and our Platform] and improve your experience. When you access the Site [or elements of our Platform], your personal information may be collected through the use of tracking technology. Most browsers are set to accept cookies by default. You can remove or reject cookies, but be aware that such action could affect the availability and functionality of the Site[or our Platform]. You may not decline web beacons. However, they can be rendered ineffective by declining all cookies or by modifying your web browser’s settings to notify you each time a cookie is tendered, permitting you to accept or decline cookies on an individual basis.
Website Analytics:
We may also partner with selected third-party vendors to allow tracking technologies and remarketing services on our Platform through the use of first party cookies and third-party cookies, to, among other things, analyze and track users’ use of our Platform, determine the popularity of certain content and better understand online activity. By accessing the Site or our Platform you consent to the collection and use of your information by these third-party vendors. You are encouraged to review their privacy policy and contact them directly for responses to your questions. We do not transfer personal information to these third-party vendors.
2. “Order Information”.
If you make a purchase or attempt to make a purchase through the Platform, we collect certain information from you, including your name, billing address, and shipping address, we also gather information on what you order from our Customers, when and how frequently among other things related to the order. This is called“Order Information” and does not include your payment details as these are tokenized by our credit card processor and stored securely away from our servers.
3. “Confidential Information”.
We also collect information (“Confidential Information”) from or about you if you register with the Site for marketing information from our Customers, join their online club, interact with any of our website forms, engage with them through social media platforms, leave a review, or engage in numerous options delivered by our Platform including reserving a table with our restaurant customers or booking a service call from one of our service business customers.
When we refer to “Personal Information”in this Privacy Policy, we are collectively talking about the three elements listed above of Device Information, Confidential Information and Order Information.
Policy for Children:
We do not knowingly solicit information from, or market to children under the age of 13. If you become aware of any data we have collected from children under age 13, please contact us using the contact information provided below.
Financial information:
We store only very limited, if any, financial information that we collect. Otherwise, all financial information is stored by our payment processor and their privacy policy can be found at www.help.jupico.com/references-and-resources/legal/privacy-policy.
HOW DO WE USE YOUR PERSONAL INFORMATION:
This Personal Information helps us personalize and continually improve your online experience as well as provide you with unique opportunities and offers. We use the information that you provide for purposes such as responding to your requests, tailoring our presentations to you, customizing future promotions, improving our functionality, targeted marketing and communicating more effectively with you and providing technical support.
You may choose to provide Spillover or our Customers with limited information. Your decision to provide us with information has a direct correlation to your ability to take advantage of many of our features. Your information is an important part of our business.
We take security measures that limit access to your information. Please be aware that no security measures are perfect or impenetrable. We cannot control the actions of other users with whom you may choose to share your information. Therefore, we cannot and do not guarantee that content you post on the Site or through our Platform will not be viewed by unauthorized persons. We are not responsible for circumvention of any privacy settings or security measures contained on the Site or our Platform. You understand and acknowledge that, even after removal, copies of content may remain viewable in cached and archived pages or if other users have copied or stored your content. Spillover and its affiliates are the owners of the Personal Information collected on our Customers Sites and through our Platform.
We may then use the Personal information and data we gather to create aggregate non-personalized information. Such aggregate non-personal information is recorded and collected so that it no longer reflects or references an individually identifiable user and this non-personalized data may be used in whatever manner we choose.
We do not disclose any nonpublic Personal Information about you to anyone, except as permitted by law, however, we may choose to disclose all of the Personal Information we collect, as described above, to companies that perform marketing services on our behalf or to other similar companies with whom we have joint marketing agreements. We also may display targeted advertisements based on Personal Information. Spillover may promote its services or those of our Customers through our Platform or through our Customer Sites. We may provide information to our subsidiaries and affiliated companies. We require that these parties agree to process such information based on our instructions and in compliance with this Privacy Policy and any other applicable confidentiality and security measures. Additionally, it may be necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms and Conditions or as otherwise required by law. We may also transfer information about you if Spillover or its business is acquired by or merged with another company.
We use your Personal Information to provide specific services for you via our Platform (“Consumer Services”), and to operate our business.
These Consumer Services include:
Service-Related Usage:We use the Personal Information and other Information to provide and support these Consumer Services, such as communicating with you and other End Users, managing your accounts and services, administering our customer rewards, referral, and promotional programs, soliciting feedback for our Customers and review and maintaining our systems. We use the Order Information to process your orders, and we may also use the geolocational information for delivery cost estimates and driver information for delivery purposes.
Analyzing and Improving the Services:We may run calculations, aggregate, normalize, clean, and make derivative works of the information obtained about you in order to;
- Understand and analyze usage trends and preferences;
- Monitor and analyze the effectiveness of the Consumer Services;
- Improve the Consumer Services and develop new products, services, features, and functionality; and
- Test the Consumer Services and our infrastructure to make sure the Consumer Services are working correctly.
Marketing:As permitted by applicable law, with your consent or with an opportunity for you to withdraw consent, we may use the Personal Information for marketing purposes, such as informing you about our products and services, and those of our third-party marketing partners that could be useful, relevant, valuable, or otherwise of interest to you or other End Users. Where required under applicable law, we will obtain your prior opt-in consent to send you electronic marketing communications. We may also use your phone number to text them information with regard to real time information about your online orders. For more detailed information on Text Messaging please see further below.
Spillovers Policy with regard to Public Authorities Access Requests:
To date, Spillover has never been asked to provide customer data in response to a public authority data request (“Personal Data Request” or “Request”). Given the nature of our business in dealing with restaurants and their diners, we do not collect or retain data that we believe is likely to be of any interest in US surveillance matters.
We do however believe it is important to assist law enforcement authorities with legitimate investigations while balancing that need with our overriding commitment to protecting the privacy of those who use our Platform.
The following guidelines are intended to assist Law enforcement authorities or Public authorities (“Public Authority”) in making access to data request:
We will respond to records requests in accordance with Spillovers Terms of Use and our Privacy Policy as well as any other relevant policies, and the applicable law.
We generally require a search warrant, subpoena or valid court order issued in connection with an official criminal investigation to compel the disclosure of basic information.
The type of process we require depends on the nature of the request.
Guideline for Public Authority in what to Include in Your Personal Date Request
Clear grounds for the legal basis for the request.
-
Detailed specifics on the information being requested and its relationship to your investigation. We will be unable to process overly broad or vague requests that do not identify the specific information being sought.
-
All known email address(es), the full name, any known physical address(es), telephone number(s), of the subject for whom you are seeking information.
-
Please note that…
-
We do not hold credit card data on any End Users that our Customers process business with, and
-
our delivery partners are not employees of Spillover and are usually provided via third parties and/or bidding systems, and
-
restaurant staff employed by our Customers are not employees of Spillover.
Therefore, we cannot provide any employment history or personnel files for these individuals or credit card information of any kind on transactions processed through or with our Customers (usually restaurants).
-
We also require the name of the issuing authority, the badge/ID number of the responsible agent or officer, an email address from a law-enforcement domain, and a direct contact number for the responsible agent or officer.
All Public Data Requests should be sent via email to our company lawyers at Akerman LLP, to attention of todd.reed@ackerman.com and also copied to
legal@spillover.com
and must be identified in the subject line as a “Personal Data Request from Spillover Software Group by a Public Authority”.
Emergency Disclosure Requests
Emergency requests are situations that involve an immediate risk of death or serious bodily injury or cases of verifiable time-sensitive investigations. In these situations, requestors must submit an Emergency Disclosure Request to support@spillover.com and legal@spillover.com. We will review these requests on a case-by-case basis and as quickly as reasonably possible. Emergency Disclosure Requests must include all of the following:
-
“Emergency Disclosure Request” identified in the subject line of the request;
-
Identity of the person in immediate risk of physical harm;
-
Describe in detail the nature of the emergency or urgency and why the information requested is necessary to prevent the emergency;
-
All other available details or context regarding the particular circumstances.
-
A phone number and contact name within the Public Authority for Spillover to contact.
We may respond with some or all of the requested information when we have a good faith belief that doing so may protect End Users, Customers, delivery partners, restaurants, employees, or other people, or when that information may otherwise assist with an exigent investigation. We may still require law enforcement to obtain appropriate legal process for any initial or additional disclosures.
Spillover Actions if we receive a Request:
1.
Spillover will review the legality of the Request, in particular whether it remains within the powers granted to the requesting Public Authority, and to challenge the request if, after careful assessment, Spillover concludes that there are reasonable grounds to consider that the Request is unlawful under the laws of the country of destination.
2.
Unless otherwise required under applicable law, before disclosing any personal data to a Public Authority, Spillover may notify the affected End User, and where appropriate also our Customer, restaurant and our associated partners to the Request. Law enforcement officials seeking non-disclosure of legal process should provide an appropriate court order, or other information establishing that notice is prohibited or would otherwise pose a risk to public safety.
3.
If Spillover is prohibited from notifying the End User, under the laws of the country of request, Spillover will use reasonable efforts to obtain a waiver of this prohibition, with a view to communicating as much information as possible, as soon as possible.
Spillover Commitment to our End Users if we receive a Personal Data Request:
Spillover will review each Request on a case-by-case basis, and liaise with outside counsel as appropriate, to determine the nature, context, purposes, scope, and urgency of the Request, and its validity under applicable laws.
If such Request is determined to be invalid or unlawful, Spillover will challenge that Request on the basis of overbreadth, appropriateness, or conflict with applicable law.
If the Request is determined to be valid and lawful then Spillover will disclose only the minimum amount of information necessary to comply with the Request and will notify (if permitted) the affected End User as detailed above.
Transparency report:
Spillover is committed to maintaining an annual report (a “Transparency Report”) which reflects the number and type of Requests that it has received in the preceding year, as may be limited by applicable law or court order. This Transparency Report is available here.
Unsolicited Email:
Our system powers permission-based Internet marketing only; sending personalized messages from businesses to their customers. The transmission of unsolicited commercial email to parties who have no relationship with our Customers is expressly forbidden in our terms with our Customers.
Each email sent through our system contains an easy, automated way for End Users (you) to stop receiving email from our Customers or us. Simply follow the instructions at the end of any email. If you have received unwanted, unsolicited email, please forward a copy of that email with your comments to support@spillover.com for us to review. If you have received more than one of these emails from our Customer(s) or if we have failed to remove you from a list after you requested to be removed please contact the Spillover Data Protection Officer immediately at support@spillover.com.
We only allow our Customers to communicate with individuals with whom they already have a relationship and likewise we only communicate with End Users or Customers with whom we have, or had a relationship. In some cases we receive other sources of information from our Customers to be used in our system. We clearly inform our Customers that they may only send emails, using our system, to individuals who have expressly shared their address, established a relationship with us or our Customers already, or opted-into a campaign or event with our Customers in the past. It is our Customers responsibility to confirm that any contact details they provide us with have met this standard before we load them into their database and mark them for email usage. Our Customers must notify us at once if we have communicated with an End User, on their behalf, whom they did not have a relationship with, and as outlined above we may also be contacted directly in such cases and we will strive to act as promptly as reasonably possible, given each unique circumstance, to remedy the issue, if such a situation has occurred.
Text Messaging:
Spillover offers our Customers a text messaging service via a 3rd party called iVisionMobile (ivisionmobile.com). Through iVisionMobile we provide a sophisticated software system that allows our Customers to create and manage interactive mobile campaigns. Companies use iVision Mobile to interact with their target audience using mobile phones through text messages, mobile content such as ringtones, wallpapers, video, and more.
This service complies with TCPA regulations. Key to these regulation is that (i) Our Customer (restaurant or small business) must have prior express consent from you (the End User) prior to texting you (ii) they must inform you that your giving permission will allow them to send ongoing messages (although usually there is a limitation stated on the frequency this will happen) and (iii) that your consent (for text messaging) is not required for you to be able to purchase goods or services from them
Service Description
Mobile campaigns that operate on the iVision Mobile platform include but are not limited to text alerts, text voting/polling, mobile content distribution, and more. The mobile campaigns are delivered from our Customers through a dedicated text number (“Spillover Customer Text Number”)
Pricing
Message and data rates may apply for participation in mobile campaigns on the iVision Mobile platform.
Service/Help Info
For help or additional information on a specific mobile campaign, please text “HELP” to the Spillover Customer Text Number or email us including your cellphone # to support@spillover.com.
Opt-in/Opt-out Info
You have the choice to opt-in or opt-out of text messaging services.
To opt-in to a particular mobile campaign, you can text the “keyword” associated with the campaign to the Spillover Customer Text Number that is being promoted with the campaign. To opt-out of a particular mobile campaign, please text STOP, END, QUIT, CANCEL, UNSUBSCRIBE, or STOP ALL to the Spillover Customer Text Number. If you would like to opt-out of all mobile campaigns, text “STOP ALL” to the Spillover Customer Text Number.
If you are experiencing problems with opting out of a mobile campaign, please email us including your cellphone # to support@spillover.com or contact iVisionMobile directly at support@ivisionmobile.com. Include in email title the word “Text Issues” and address it to our Data Protection Officer.
Frequency of Program Service
When our Customer promotes a campaign it should have details on the likely frequency of texts you will receive before the choose to opt-in. Alerts may then be sent daily, weekly, monthly, and at scheduled intervals dependent on the mobile campaign to which your End User has subscribed and your mobile carrier’s policy.
Carriers Supported
The following carriers are currently supported on the iVision Mobile platform: T-Mobile, Sprint, Nextel, Boost, AT&T, Cellular One Dobson, Alltel, Verizon Wireless, Virgin Mobile, Cricket, Cincinnati Bell, and Cellular South. More carriers will be added to this list when they participate with the iVisionMobile programs.
Notice Concerning Children
PLEASE NOTE: We are a general audience site, and do not direct any of our content specifically at children under 13 years of age. We understand and are committed to respecting the sensitive nature of children’s privacy online. If we learn or have reason to suspect that a Mobile Web site visitor is under age 13, we will promptly delete any personal information regarding that visitor.
CTIA Compliance
CTIA recommends the following rules be applied for SMS text messaging and Spillover strongly encourages our Customers to follow these rules and supports their application through our Platform;
- All messages should convey a clear call to action.
- End Users must understand precisely what they’re signing up to receive.
- Clearly labeled Terms & Conditions and Privacy Policy links must be displayed in the opt-in message.
- Once a subscriber their SMS program, our Customer must send them a message that includes the description of the recurring program, the message frequency, a disclaimer that message and data rates may apply for each message, and information about getting help or opting out.
- Subscribers must be able to opt-out at any time by responding with language like: “stop,” “end,” “cancel,” “unsubscribe,” or “quit.”
- Subscribers should be able to get help by responding with the message “help,” which should automatically respond with the program name and information on getting help.
- All outgoing text messages must clearly include our Customers business name.
- Content such as (but not limited to) hate speech, certain firearms, and violence cannot be promoted via SMS messaging.
- Programs must display opt-out instructions at regular intervals in SMS messages.
- Opt-out information must be clearly displayed in the message or within the Terms & Conditions
Linked Sites:
The Site and Platform may contain links to other sites. Please be aware that Spillover may not be responsible for content or the privacy practices of such other sites. We encourage End Users to be aware when they leave our Site and to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies solely to information collected by this Site or on our Platform and pertains to our Customers business for only as long as they are a customer of Spillover.
Online Ordering Software
Online ordering site usage may be governed by additional policies over and above those posted by Spillover. See this link for additional details specific to our 3rd party online ordering software www.biteheist.com/privacy/
Deliveries for Online Ordering
If you are using our 3 rd party delivery service as part of placing an online food order with our Customers then the privacy terms for this are also part of the terms displayed by our partner provider InHouseDelivery.com. To review their privacy terms please see www.inhousedelivery.com/privacy.
Table Reservation Software
Table reservation usage may be governed by additional policies over and above those posted by Spillover. See this link for additional details specific to our 3rd party reservation software www.simpleerb.com/privacy/
California Privacy Rights:
California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.
If you are under 18 years of age, reside in California, and have a registered account with the Site or our Platform you have the right to request removal of unwanted data that you publicly post on the Siteor our Platform. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California.We will make sure the data is not publicly displayed on the Siteor our Platform, but please be aware that the data may not be completely or comprehensively removed from our systems.
Changes to Privacy Policy
We may occasionally change this Privacy Policy. If we do, we will post the changes on the Site. The changes will take effect as soon as posted. Your continued use of the Site constitutes your acceptance and agreement to any changes to this Privacy Policy.
Contact Information
If you have a comment, question or request, or if you need to contact Spillover for any other reason, please contact the Spillover Data Protection Officer at support@spillover.com or contact us in writing at 3908, Avenue B, Suite 301, Austin TX 78751. Please include your own contact information and put “Spillover Data Protection Officer” in the title of the email or letter.