Privacy Policy

1. Introduction and scope
This Privacy Statement describes how Grasp, Inc. and its subsidiaries and affiliates (collectively “Grasp”, “we”, “us” and/or “our”) collects and manages your personal information (i.e. any information that relates to an identified or identifiable individual) as part of providing our Services (defined below). This Statement primarily covers:
Merchants: businesses that have expressed interest in using the Services or have contracted with Grasp to provide the Services within their restaurants;
Merchant Employees: employees of our Merchants that use the Services.

In addition to the groups above, this Statement also covers individuals that visit our websites and our third-party business partners. Please note that certain locations where we operate have laws that require us to share specific privacy information and practices with individuals in those locations. To that end, this Privacy Statement is comprised of two sections – a generally applicable statement and a location-specific addendum. Where there are variations for a specific location or additional information that is required to be provided under the applicable country or state law, individuals in that location can refer to the applicable addendum. Links to the pertinent sections, can be found below:

United States (California) Please note that our Merchants are independent third parties that maintain their own business practices and policies outside of their relationship with Grasp and their use of the Services. As a result, unless provided otherwise in this Statement, we are not responsible for the privacy policies or data practices of our Merchants, who may maintain separate policies and practices. If you are a Merchant Employee, your employer is responsible for providing any additional required notices or information to you regarding its privacy practices outside of this Statement. By using the Services and/or providing us with your personal information, you acknowledge that your personal information will be processed and used in the manner set out in this Privacy Statement.

2. Definitions
Here are a few other terms we use throughout this Privacy Statement that you should know: “Grasp Admin Tool” refers to a module offered as part of the Services directed to Merchant Employees that includes a number of HR-focused services, including but not limited to training administration, and applicant tracking services.“ Services” refers to services and products (including both hardware and software) developed by us from time-to-time, including: our core training software; xAPI data exchange services; our application programming interfaces (“APIs”); associated modules provided as part of our training software, our online and mobile services, such as online scheduling and our mobile application(s); accounts created through our online and mobile services (“Digital Ordering Account(s)”); and Merchant financing and other financial products offered by Grasp or its business partners. “You” and/or “your” is a Merchant, a Merchant Employee, a visitor to one of our websites or other covered data subject.

3. Personal information we collect.

Personal information collected through the Services
A. Merchants
If you are a Merchant, we will collect personal information from you in connection with your service agreement and use of the Services, including, as applicable, your name; address; email; and phone number. As part of our agreement to provide the Services, we will also collect additional information such as your tax identification number, national identification number (e.g. Social Security number or passport number), your drivers’ license details as well as your banking and payment card information. If you are a business partner that is looking to integrate with Grasp, we will also collect information such as your name and contact details as part of your application to integrate with our Services.

B. Merchant Employees If you are a Merchant Employee, we collect personal information about you through your use of the Services. This includes:your name;email;phone number;employee identification number;address;date of birth; andinformation relating to your role, such as your job title, wage rates and salary and hours worked. To the extent you are employed by a Merchant that uses the Grasp software, we may also collect: your name, email, employee id number or other national identification number; your professional and educational history; driver’s license information (e.g. number, state, expiration);gender;marital status;disability status;ethnicity; andyour dependent and beneficiary information. Please note that the actual personal information collected will depend on the specific Grasp services that your employer has elected to use. Please contact your employer for additional information.

Personal information collected through our websites

In addition to using the Services, we may also collect personal Information when you visit our websites and request information about our Services, download a white paper, schedule a product demo or subscribe to our blog or podcast. This personal information may include:your name; email; and phone number. Certain information may also be collected automatically when you visit our websites. For more information, please see the section of this Statement entitled “Information collected automatically”.

Personal information collected from other sources
Depending on whether you are a Merchant, a Merchant Employee, a Diner or a visitor to one of our websites, we may also collect personal information about you from third parties including our business partners, data providers, identity verification services, credit bureaus (if applicable) and credit card companies. We may also collect information from you that is publicly available. For example, if you interact with us through various social media channels.

Information collected automatically
We collect information automatically when you visit our websites, use our mobile application(s) or use our online services such as online ordering. Information collected automatically by cookies, web beacons or other similar technologies (described in the “Cookies and other tracking technologies” section of this Statement) may include:information about your device, such as your device type/model, number and device ID (e.g. MAC address);information about your browser, settings (e.g. language) and operating system;your internet protocol (IP) address;unique advertising identifiers;transactional and purchase information; andbrowsing and usage activity, such as the referring domain, what websites/content you have viewed or actions you have taken on a particular website.Depending on the Services being used or the websites you access, we may also collect geolocation information through your devices. For example, we may show you what restaurants in your area are available within our mobile application(s). This information may be collected via GPS, Bluetooth, cellular or WiFi technologies. You can adjust your settings at the device or browser level to disable the use of these technologies.

4. How we use personal information
We use personal information to:
To provide, maintain and support our Services, including to provide updates, support and training related to the Services; to determine the suitability of individuals in relation to their use of certain Services; for contracting and agreement purposes; to process transactions and payments through the Services; to enable our Merchants and our Merchants Employees to access and use the Services, including information that you have provided as part of using the Services; and to provide online services, including verifying your identity, as well as diagnosing technical and service issues.To manage our business and for internal operational purposes, including analyzing the performance of our Services;workforce development; creating and developing analytics for the benefit of our business and the business of our Merchants; research purposes, including the development of new products; assessing the effectiveness of Services; and improving our Services.To personalize your experience, including using transactional data and order histories to provide recommendations when using our Services or those of our Merchants; and using analytics and profiling technology to personalize your online experience.To advertise and market to you, including sending you marketing communications, either directly or through a third party, in relation to our existing or new Services that we think might interest you; andenabling our Merchants, either directly or through a third party, to advertise their products and services to you.Any communications sent to you pursuant to this section shall either be permitted under the applicable law or with your consent. Please see the “Your rights and choices” section of this Statement for more details on opting out of these communications and updating your preferences.To communicate with you or provide information you have requested, includingto provide notifications in relation to your purchases;sending you white papers and other materials from our website;providing you with our newsletter, podcast and other subscription materials;sending you digital receipts; andresponding to feedback that you have provided in relation to your experience using one of our products or Services or those of our Merchants.For legal, compliance and security-related purposes, including tosecure and protect our network and systems;identify and protect against fraud and other crimes;establish, exercise or defend legal claims;fulfilment of our contractual obligations; andmonitor and report compliance issues.

5. How we share information
Grasp may share personal information as part of providing the Services and for the purposes described within this Statement. This includes:with our Merchants and our Merchant’s Employees for the purposes of providing the Services to you, fulfilling your requests and for the other purposes described in this Statement; with our business partners (including our integration partners) in order to provide, maintain and improve our Services; with our parent, subsidiary, or affiliate companies, agents (if any) for the purposes outlined above; with third parties to provide, maintain, and improve our Services, including service providers who access information about you to perform services on our behalf, such as hosting and information technology services, payment services, identity verification and fraud prevention services, marketing and advertising services, data analytics and personalization services and customer support services. Please note:If you are a Merchant Employee whose employer is using the Grasp training modules, we will share your information with benefits, payroll and other employment-related service providers.If you are a Merchant that applies for financing through Grasp's platform, we will share your information (including personal information) with the lender. As part of the application, a credit report will also be requested from third-party credit bureaus to determine your eligibility for such financing.in connection with, or during the negotiation of, any merger, sale of company stock or assets, financing, acquisition, divestiture, or dissolution of all or a portion of our business; and if we believe it is necessary to:protect our rights or property, or the security or integrity of our Services; enforce the terms of our terms of service or other applicable agreements or policies;protect us, users of our Services, or the public from harm or potentially prohibited or illegal activities; investigate, detect, and prevent fraud, security breaches; or comply with any applicable law, regulation, legal process, or governmental request.We may also share aggregated and/or anonymized information derived from the Services that does not directly identify you, including device information and information derived from cookies and log files with third parties for the purposes described in this Statement.

6. Retention of personal information
We retain personal information as long as reasonably necessary to provide the Services, carry out the purposes described in this Statement or as otherwise required in order to comply with our records retention periods (which reflect the applicable law). For example, we may retain information about users of our Services in order to comply with our legal and regulatory obligations or to protect our interests as part of providing the Services.

7. Cookies and other tracking technologies
Grasp, as well as third parties described in this Statement may use cookies, web beacons and other tracking technologies as part of providing the Services and for the purposes described in this Statement. This includes:Cookies: A small text file placed and saved in your browser when you access our websites and potentially the websites of our Merchants, business partners and other third parties. We use both session cookies (i.e. cookies that are stored only for a specific website visit) and persistent cookies (i.e. cookies that are stored beyond a specific website visit) to provide the Services and for the purposes described in this Statement. These cookies may be set by us (first party cookies) or set by third parties that collect information on our behalf (third party cookies), such as Google Analytics. Web beacons: A small graphic file placed on a website (or websites) or email that tracks your activity and monitors your behavior. We use web beacons within our Services to collect usage and performance data.As part of using the Services, we use these technologies as well as similar technologies within our Services and across our websites. Examples include:to provide our Services (e.g. authentication within the check-out process);to uniquely identify you and/or your device;to store your preferences as part of providing the Services;for personalization and targeted advertising purposes (including across your devices and applications);for security and fraud-prevention purposes;to analyze and monitor the performance of our Services;to improve and develop new Services; andto understand your use of the Services over time.There are ways to control and/or reject the setting of cookies and similar technologies within your browser settings. As each browser is different, please consult the “help” menu within your browser. For additional information about cookies and how to control their use on various browsers and devices, you can visit http://www.allaboutcookies.org. Please be aware that depending on the Services being used, restricting cookies may prevent you from accessing and using all or part of the Services.

Your choices about online ads
We support the self-regulatory principles for online advertising (“Principles”) published by the Digital Advertising Alliance (“DAA”). This means that we allow you to exercise choice regarding the collection of information about your online activities over time and across third-party websites for online interest-based advertising purposes. More information about these Principles can be found at www.aboutads.info. If you want to opt out of receiving online interest-based advertisements on your internet browser from advertisers and third parties that participate in the DAA program and perform advertising-related services for us and our partners, please follow the instructions at www.aboutads.info/choices, or http://www.networkadvertising.org/choices/ to place an opt-out cookie on your device indicating that you do not want to receive interest-based advertisements. Opt-out cookies only work on the internet browser and device they are downloaded onto. If you want to opt out of interest-based advertisements across all your browsers and devices, you will need to opt out on each browser on each device you actively use. If you delete cookies on your device generally, you will need to opt out again. If you want to opt out of receiving online interest-based advertisements on mobile apps, please follow the instructions at http://www.aboutads.info/appchoices.Please note that when you opt out of receiving interest-based advertisements, this does not mean you will no longer see advertisements from us or on our online services. It means that the online ads that you do see from DAA program participants should not be based on your interests. We are not responsible for the effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs. In addition, third parties may still use cookies to collect information about your use of our online services, including for analytics and fraud prevention as well as any other purpose permitted under the DAA’s Principles.

Do not track
We may use, and we may allow third-party service providers and other third parties to use, cookies or other technologies on our Services that collect information about your browsing activities over time and across different websites following your use of the Services. Do Not Track (“DNT”) is an optional browser setting that allows you to express your preferences regarding tracking across websites. We currently do not respond to DNT signals. We may continue to collect information in the manner described in this Privacy Statement from web browsers that have enabled DNT signals or similar mechanisms.

8. Your rights and choices

Managing your information
We want to ensure that you have the necessary tools at your disposal to manage your personal information. It is also important that you ensure that you information is accurate and up to date. Your ability to update and manage your personal information will differ depending on your relationship with Grasp and what Services you use. For example,As a Merchant, for certain services, you may access, change or correct certain account information at any time by logging into your account. In other instances, please contact our customer success team.As a Merchant Employee using the Grasp training module, you have the ability in many cases to access and update your information through the Services. In other instances, please reach out to your Merchant Employer. In other instances, if applicable, see the instructions provided as part of the Services or contact us as described in the “How to contact us” section of this Statement. We may need to verify your identity before changing or correcting your information. In certain instances, we may not be able to make the correction or accommodate the request due to legal, contractual or technical restrictions.Please note that depending on your status and location, you may be entitled to additional information rights in relation to the processing of your personal information. For more information regarding these rights, and the locations where these rights are available, please see the applicable addendums in this Statement.

Managing communications
As part of providing the Services, Grasp (whether directly or through a third party), may send you:Marketing communications: Depending on the nature of our relationship and the Services being used, we may send you marketing and other promotional communications. You can opt out of or unsubscribe from any marketing communications by following the instructions in those messages, by changing your communications preferences within your account or through your device. You can also opt out by contacting us at contact@graspvr.com Opting out of one communication will not necessarily opt you out of all marketing communications. Please note that you may still receive certain non-marketing communications after opting out. These messages may include transaction-specific communications, messages as part of a loyalty program or account-specific communications.In certain cases, our Merchants may also send you marketing and promotional communications as part of the Services, including when you visit a Merchant using Grasp or join a Merchant-specific loyalty program. In these instances, please follow the instructions within those messages or reach out to the Merchant directly.Other communications: As part of your interaction with our Services, you may receive various non-marketing communications from Grasp. These include:sending you digital receipts via email or by text message;responding to feedback that you have provided in relation to the Services of Grasp or one of our Merchants;account or program-specific messages as part of your use of the Services (e.g. loyalty accounts with our Merchants or by setting up a Digital Ordering Account); ormessages associated with contests, competitions or promotions that you have elected to participate in.In certain cases, depending on the nature of your relationship with Grasp and the Services being used, you may also receive messages from third-party service providers and business partners.For additional information about how we communicate with you, please contact us at contact@graspvr.com.

9. Security
We implement appropriate administrative, technical, and organizational security measures to protect your personal information against unauthorized access, disclosure, damage or loss. However, even though we have taken measures to protect your personal information, we cannot guarantee that the collection, transmission and storage of personal information will always be completely secure.

10. Links to other websites
This Privacy Statement only applies to information collected when visiting our websites or otherwise using our Services. While visiting our websites or using the Services, you may be directed through links to third-party websites or services that are not operated or controlled by us. For example, the websites of our Merchants or business partners that provide services as part of this Statement. We are not responsible for the privacy practices and policies of these third parties. As a result, we encourage you to review the privacy policies of these third-party websites as their practices may differ from ours.

11. Children
Our Services are not targeted or directed at children under the age of 13, and we do not intend to, or knowingly, collect or solicit personal information from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided personal information to us, we encourage the child’s parent or guardian to contact us as described in the “How to Contact Us” section of this Statement to request that we remove the information from our systems. If we learn that any personal information we collected has been provided by a child under the age of 13, we will promptly delete that personal information.

12. How to contact us
If you have questions or concerns about our Privacy Statement or practices, you can reach us at: By email: contact@graspvr.com. You can also reach out to us through the above channels to request a copy or a downloadable version of this Statement.

12. Changes to this Privacy Statement
From time to time, we may revise this Privacy Statement in order to comply with the applicable law or our changing business practices. Unless we are required by the applicable law to provide a prescribed form of notice and/or obtain consent, updated versions of this Statement will be posted on this website. Please check this website and this Privacy Statement regularly for updates.

Addendum A – United States (California)Last updated: January 1, 2020

1. Privacy Statement for California Residents as required by the California Consumer Privacy Act of 2018 (“CCPA”).
The provisions below supplement the information provided in the generally applicable portion of our Privacy Statement and apply solely to individuals that are residents of California and qualify as a “Consumer” under the CCPA. This California-specific Statement provides additional information about how we collect, use, disclose and otherwise process the personal information of these individuals, either online or offline, within the scope of the CCPA. Any terms defined in the CCPA or as otherwise defined in our Privacy Statement have the same meaning as used in this addendum.When we use the term “personal information” in this Statement, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

A. CCPA personal information

Please see the generally applicable section of this Privacy Statement for additional information on Grasp's information practices, including more detail on how we use and disclose your personal information.

B. Categories of personal information sold
Grasp does not “sell” personal information as most individuals would typically understand that term. However, we do allow certain third-party advertising partners to collect information about Consumers through our Services for purposes of serving ads that are more relevant and other personalization features, for tracking and analytics, and for ad fraud detection and reporting. The categories of personal information impacted may include:Identifiers;Internet/Network Activity; andInferences.To the extent this practice is interpreted to constitute a “sale” under the CCPA, please see our Privacy Statement section titled “Cookies and other tracking technologies” for more information including how to exercise your rights to opt-out of cookies, analytics and personalized advertising. To the extent that these practices qualify as “sales” under the CCPA, you may have the right to opt out as described in the “How to invoke your rights” section below.

C. Description of rights available to Consumers

A number of individual rights are available to individuals under the CCPA relating to personal information that we have collected (subject to certain limitations at law), including: The right of access: you have the right to request that an in-scope business that collects personal information from you, disclose the following in relation to the preceding 12 month period, upon verification of your identity: (i) the categories of personal information collected about you, (ii) the categories of sources where the personal information was collected, (iii) the business or commercial purposes for collecting (or where applicable, selling) the personal information, (iv) the categories of personal information that we have disclosed to third parties for a business purpose along with the corresponding recipients, (v) the categories of personal information we have sold along with the corresponding recipients, and (vi) the specific pieces of personal information collected about you. The right of deletion: you have the right to request that an in-scope business delete personal information that it has collected from you, subject to certain exceptions.The right to opt out of personal information sales: you have the right to request that an in-scope business refrain from selling personal information it has collected about you to third parties now or in the future. If you are under the age of 16, you have the right to opt in, or to have a parent or guardian opt in on your behalf, to such sales.The right against discrimination: you have the right to not be discriminated against as a result of exercising any of the above rights. However, please note that if the exercise of these rights limits our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide you with our Services or engage with you in the same manner.Please note that your ability to invoke the rights above are limited pursuant to the scope and limitations of the CCPA, including any available exceptions. For example, an access request can only be made twice by a Consumer within a 12 month period.

D. How to invoke your rights
Individual rights requests can be submitted to Grasp through the below channels:

By email: contact@graspvr.com

Once an individual rights request has been submitted, Grasp may ask you for additional information in order to verify your identity or to provide additional details to help us respond to your request. Where applicable, these requests can be submitted by an authorized agent in accordance with the applicable law. Please note that in certain circumstances, we may refuse to act or impose limitations on your rights, as permitted by the applicable law.As noted above, we do not “sell” personal information as traditionally defined, but certain third-party advertising practices may qualify as "sales" under the CCPA. To the extent applicable, an opt-out mechanism has been provided in the "Categories of personal information sold" section above. You do not need to create an account with us to exercise your right to opt out of personal information sales. However, we may ask you to provide additional personal information so that we can properly identify you in our dataset and to track compliance with your opt out request. We will only use personal information provided in an opt out request to review and comply with the request. If you choose not to provide this information, we may only be able to process your request to the extent we are able to identify you in our systems. Once you make an opt-out request, you may change your mind and opt back in to future personal information sales at any time by contacting us at contact@graspvr.com.

E. Updates to this Statement
We will update this Statement from time to time. When we make changes to this Statement, we will change the "Last updated" date at the beginning of this Statement. All changes shall be effective from the date of publication unless otherwise provided in the notification.

2. California “Shine the Light” disclosure
California residents that have an established business relationship with us have a right to know how their information is disclosed to third parties for their direct marketing purposes under California’s “Shine the Light” law (Civ. Code § 1798.83). Please contact us through any of the communication channels within the “How to contact us” section in the main body of this Statement to invoke these rights.Effective: January 1, 2020

Credit for Images: Unsplash.
Blog Post - Is there pent-up demand for dining out? - Photo By Toa Heftiba on Unsplash.
Blog Post - Why 2021 May Bring A Less Experienced Workforce To Restaurants - Photo by Vanna Phon on Unsplash.