BentoBox Privacy Policy

Last updated: November 5, 2018

We at BentoBox CMS, Inc. (“BentoBox,” “we,” “us,” or “our”) have created this privacy policy (this “Privacy Policy”) because we know that you care about how information you provide to us is used and shared. This Privacy Policy relates to the information collection and use practices of BentoBox in connection with our online services, which are made available to you through our website located at http://getbento.com/ (the “Website”), and our proprietary platform (the “Platform”) which is made available to you through our Website.

Description of Users and Acceptance of Terms
This Privacy Policy applies to visitors to the Website, who view only publicly-available content (the “Visitors”), and subscribers who have signed up to access and use our Platform (the “Subscribers”).

By accessing and using the Website, Visitors are agreeing to the terms of this Privacy Policy and the accompanying Terms of Service. By signing up, accessing, and/or using the Platform, each Subscriber is agreeing to the terms of this Privacy Policy and the applicable Platform Subscription Agreement (the “Subscription Agreement”).

Capitalized terms not defined in this Privacy Policy shall have the meaning set forth in our Terms of Service (when such term concerns Visitors), or the Subscription Agreement (when such term concerns Subscribers).

The Information We Collect and/or Receive

In the course of operating the Website, the Platform, the Restaurant Website(s), and/or interacting with you, BentoBox will collect (and/or receive) the following types of information. You authorize us to collect and/or receive such information in accordance with this Privacy Policy.

Contact Information

When you sign up to become a Subscriber, contact us via the Contact Us page, or sign up to receive our newsletter, you will be asked to provide certain information about yourself which may include, your name, your business name, e-mail address and phone number (collectively, “Contact Information”). The Contact Information is used to provide the requested Services, and to contact Subscribers and Visitors for purposes of direct marketing of our current and future products and services. We store our contact information within our customer relationship management (CRM) system to help our sales and customer support team manage our relationships with current or prospective customers.

Billing Information

In order to purchase a Subscription to our Platform, you will need to provide certain information in addition to the Contact Information. Such information may include a credit card number, expiration date, billing address and zip code, activation code, and similar information (collectively, the “Billing Information”). Such Billing Information will be collected and processed by our third party payment processor and we do not obtain access to or process any Billing Information.

Order Information

When Restaurant Guests place an Order through the Platform, we will also collect and/or receive certain information, including but not limited to, Guest name, the products and services the Guests are seeking to purchase, and their name, billing address and total transaction amount (collectively, the “Order Information”). We shall use and share the Guest Order Information with the applicable Subscriber as reasonably necessary to provide our Platform. All actual payment information provided by Guests will be collected and processed by our third party payment processor and we do not obtain access to or process any such information

Subscriber Data

In using the Platform, Subscribers grant us permission to access Subscriber Data. We use the Subscriber Data in accordance with the terms and conditions of the Subscription Agreement.

Other Information

In addition to the Contact Information, Subscriber Data, and Order Information, we may collect additional information (collectively, the “Other Information”). Such Other Information may include:

  1. From Your Activity In an ongoing effort to improve the Website and the Platform, we automatically collect certain information when Visitors visit the Website, when Subscribers use the Platform, and when Restaurant Guests access and use the Restaurant Website(s). Such information includes, without limitation, IP addresses, browser type and language, referring and exit pages and URLs, date and time, amount of time spent on particular pages, what sections of the Website Visitors visit, and similar information concerning your use of the Platform.
  2. From Cookies We collect information using “cookie” technology. Cookies are small packets of data that a website stores on your computer’s or mobile device’s hard drive so that your computer will “remember” information about your visit. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to help us collect Other Information and to enhance your experience using the Website and the Platform. If you do not want us to place a cookie on your hard drive, you may be able to turn that feature off on your computer or mobile device. Please consult your Internet browser’s documentation for information on how to do this and how to delete persistent cookies. However, if you decide not to accept cookies from us, some features of the Website and the Platform may not function properly.
  3. Third-Party Analytics We may use one or more third-party analytics services (such as Google Analytics) to evaluate your use of the Website and the Platform, compile reports on activity, collect demographic data, analyze performance metrics, and collect and evaluate other information relating to the Website, the Platform and mobile and Internet usage. These third parties use cookies and other technologies to help analyze and provide us the data. By accessing and using the Website and/or the Platform, you consent to the processing of data about you by these analytics providers in the manner and for the purposes set out in this Privacy Policy. Please be advised that if you opt out of any service, you may not be able to use the full functionality of the Website and/or the Platform.


    Below is a list of analytics providers that we use; however, such list may be subject to change based on how we wish to understand the user experience. You may use the accompanying links to learn more about such providers and, if available, how to opt-out from their analytics collection.

    For Google Analytics, please visit https://www.google.com/analytics

    For MixPanel, please visit https://mixpanel.com/

    For Segment, please visit https://segment.com

    For Sentry, please visit https://sentry.io/privacy/

Information Collected by or Through Third-Party Advertisers/Remarketers

We may share Other Information about you with third parties, including, but not limited to, advertising and remarketing providers, or other brand partners, for purposes of personalizing or otherwise understanding how you engage with ads or other content. These third parties may use cookies, pixel tags (also called web beacons or clear gifs), or other technologies to collect Other Information in furtherance of such purposes, including to tailor, target (i.e., behavioral, contextual, retargeting, and remarketing), analyze, report on, and/or manage advertising campaigns or other initiatives. For example, when a browser visits a site, pixel tags enable us and these third-parties to recognize certain cookies stored within the browser to learn which ads or other content bring a user to a given site. In addition, we may receive Other Information from these third parties, including through their service providers, such as advertising identifiers, IP addresses, and post-conversion data.

Below is a list of advertising/remarketing providers that we use; however, such list may be subject to change based on the campaigns that we run. You may use the accompanying links to learn more about such providers and, if available, how to opt-out from their targeted ads or other personalization features. Please note you will not necessarily be opted-out of advertising or content generally; you may still receive generic ads or content.

For Google AdWords, you can set preferences for how Google advertises to you using the Google Ad Preferences page, and if you want to you can opt out of interest-based advertising entirely by cookie settings or permanently using a browser plugin.

For Facebook/Instagram, please visit: http://facebook.com/about/privacy/update.

In addition, you may opt-out of interest-based advertising by participating providers by visiting http://www.networkadvertising.org and http://www.aboutads.info/choices for details on how to do so.

How We Share Your Information

Onward Transfers to Third Parties

We may engage other companies and individuals to perform certain business-related functions on our behalf. Examples may include providing technical assistance, payment processing, billing, email management, order fulfillment, customer service, and marketing assistance. These other companies will have access to the information only as necessary to perform their functions and to the extent permitted by law. All such third parties function as our agents, performing services at our instruction and on our behalf pursuant to contracts which require they provide at least the same level of privacy protection as is required by this Privacy Policy and implemented by us. We may also disclose personal information to our affiliates in order to support marketing, sale and delivery of products and services.

Aggregate Information

In an ongoing effort to better understand our Visitors, and Subscribers, we may analyze your information in anonymized and aggregate form in order to operate, maintain, manage, and improve the Website and the Platform and for our own research purposes. This aggregate information does not identify you personally. We may share this aggregate data with our affiliates, agents, and business partners. We may also disclose aggregated user statistics in order to describe our products and services to current and prospective business partners and to other third parties for other lawful purposes.

Business Transfers

In the event of a merger, dissolution or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal information, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal information as set forth in this Privacy Policy.

Legal Requirements

We may disclose your information if required to do so by law, or in the good faith belief that such action or disclosure is necessary or appropriate to: (i) operate the Platform, (ii) comply with any legal obligation, report unlawful activity, cooperate with law enforcement or public authorities (including for the purpose of meeting national security or law enforcement requirements), (iii) protect against legal liability, (iv) protect and defend our rights, property, personnel, suppliers, sponsors, agents or licensors, (v) protect the personal safety of vendors, users of the Platform or the public, or (vi) comply when compelled to disclose personal information to other third parties by government authorities or as required by law or regulation, including, but not limited to, in response to court orders and subpoenas.

Third-Party Applications

With your permission, third-party applications or services may access your personal information. We use standard OAuth (open authorization) to enable you to update and manage public content on third-party websites, such as Facebook or Twitter, and integrate with other third-party service providers (e.g., payment processors, analytics providers, marketing automation) from within the Platform. For the sole purpose of enabling such features via OAuth, BentoBox must request certain access permissions to your account(s) on such third-party websites.

Communication Preferences

Anyone who has signed up to use the Platform may access, remove, review, and/or make changes to the same by following the instructions found on the Platform. In addition, you may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of any BentoBox marketing e-mail. We will use commercially reasonable efforts to process such requests in a timely manner. You should be aware, however, that it is not always possible to completely remove or modify information in our subscription databases. Subscribers cannot opt out of receiving transactional e-mails related to their account with BentoBox. Retention of personal information

We will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, or subsequently authorized. We may continue processing your personal information for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of this Privacy Policy. After such time periods have expired, we may either delete your personal information or retain it in a form such that it does not identify you personally.

How We Protect Your Information

BentoBox takes very seriously the security and privacy of the personal information that it collects pursuant to this Privacy Policy. Accordingly, we will implement reasonable and appropriate security measures to protect your personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in processing and the nature of such data, and comply with applicable laws and regulations. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that the information you supply will not be intercepted while being transmitted to and from us over the Internet. In particular, e-mail sent to or from the Platform may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail.

Children

We do not knowingly collect personal information from children under the age of 13. If you are under 13, please do not give us any personal information. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children to never provide us personal information without their permission. If you have reason to believe that a child under the age of 13 has provided personal information to us, please contact us at privacy@getbento.com, and we will endeavor to delete that information from our databases.

Important Notice to All Non-US Residents

Our Website, Platform, and their servers are located in the US. If you are located outside of the US, please be aware that any information provided to us, including personal information, will be transferred from your country of origin to the US. Except in the case of data transfers under the EU-US Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, your decision to provide such data to us, or allow us to collect such data through our Website and/or the Platform constitutes your consent to this data transfer.

Important Notice for Individuals of the European Economic Area and Switzerland

BentoBox complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries (as well as Iceland, Liechtenstein, and Norway) and Switzerland transferred to the United States pursuant to Privacy Shield. BentoBox has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, BentoBox is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should contact us at privacy@getbento.com, with the subject line, “Privacy Shield.” We may require payment of a non-excessive fee to defray our expenses in this regard. Please allow us a reasonable time to respond to your inquiries and requests.

We will not disclose your sensitive personal information to any third party without first obtaining your opt-in consent. You may grant such consent by contacting us at privacy@getbento.com, with the subject line, “Privacy Shield”. In each instance, please allow us a reasonable time to process your response.

We will provide an individual opt-out choice, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to privacy@getbento.com, with the subject line, “Privacy Shield”.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose personal information to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.

BentoBox’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, BentoBox remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless BentoBox proves that it is not responsible for the event giving rise to the damage.

In compliance with the Privacy Shield Principles, BentoBox commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact BentoBox at privacy@getbento.com with the subject line, “Privacy Shield”.

BentoBox has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

California Residents

Under California Civil Code Section 1798.83, California residents who have an established business relationship with BentoBox may choose to opt out of our sharing their personal information with third parties for direct marketing purposes. If you are a California resident and (1) you wish to opt out; or (2) you wish to request certain information regarding our disclosure of your personal information to third parties for the direct marketing purposes, please send an e-mail to privacy@getbento.com.

In addition, BentoBox does not monitor, recognize, or honor any opt-out or do not track mechanisms, including general web browser “Do Not Track” settings and/or signals.

External Websites

The Platform and the Website may contain links to External Sites. BentoBox has no control over the privacy practices or the content of these External Sites. As such, we are not responsible for the content or the privacy policies of those External Sites. You should check the applicable third-party privacy policy and terms of use when visiting any other websites.

Changes to This Privacy Policy

This Privacy Policy is effective as of the date stated at the top of this Privacy Policy. We may change this Privacy Policy from time to time. Any such changes will be posted on the Platform. By accessing the Website and/or using the Platform after we make any such changes to this Privacy Policy, you are deemed to have accepted such changes. Please be aware that, to the extent permitted by applicable law, our use of the Information is governed by the Privacy Policy in effect at the time we collect the Information. Please refer back to this Privacy Policy on a regular basis.

How to Contact Us

If you have questions about this Privacy Policy, please contact BentoBox via e-mail at privacy@getbento.com with “Privacy Policy” in the subject line.