“Contract Data” means any Personal Data about our customers, our customers’ customers, or our customers’ personnel that NCR Processes in connection with providing products or services to a customer under a contract.
“Controller” means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
“Personal Data” means information relating to an identified or identifiable natural person to the extent such information is afforded the protection of law. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identification number, location data, an online identifier or to one or more factors specific to the individual’s physical, physiological, mental, economic, cultural, or social identity. In the state of California, Personal Data may also include categories of information that identify or could be linked to a particular consumer or household such as identifiers, bank account and payment card numbers, Protected Class characteristics, commercial information, biometric information, professional, educational or employment-related information, Internet or electronic network activity, and inferences used to create a profile about a consumer in accordance with applicable law.
“Process” means any operation or set of operations that is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, blocking, erasure, or destruction.
“Processor” means a natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of a Controller.
“Special Categories” or “Characteristics of Protected Class(es)” means, to the extent designated under applicable law, Personal Data revealing racial or ethnic origin, color, national origin; political opinions, religious, or philosophical beliefs; trade union membership; genetic data or biometric data for the purpose of uniquely identifying a natural person; data concerning age, disability, or health; or data concerning a natural person’s sex life or sexual orientation.
NCR Customer Obligations with Respect to Contract Data
Collection of Personal Data
The categories of Personal Data NCR may collect about you depend on whether you are a customer, user, employee, or visitor and the requirements of applicable law.
You may provide Personal Data to NCR in a variety of ways, such as:
- Creating an Account, Becoming a Channel Partner, or Setting Up a Merchant Account by registering for an online account or event and supplying your name, title, company, business function, physical and email addresses, telephone number, social security number, tax identification number, financial account information, user IDs, and/or password.
- Communicating with Us. When you contact us to join a mailing list, inquire about or purchase a product or service, apply for employment, fill out an information form, or otherwise contact us with a question, comment, or request, and supply your name, title, company, physical and email addresses, telephone number, resume, user IDs, and/or password.
- Completing Surveys. If you decide to participate, you may be asked to provide certain information, which may include Personal Data.
- Engaging with us on Social Media. We may offer forums, blogs, or social media pages. Any content you provide on these channels will be considered “public” and is not subject to privacy protections.
- Registering for Sweepstakes or Contests. Contact information you provide may be used to reach you about the sweepstakes or contest and for other promotional, marketing and business purposes, if permitted by law. In some jurisdictions, we are required to publicly share information of winners.
We may collect Personal Data about you in the following ways:
- Information from Other Sources. NCR may collect information about you or obtain Personal Data about you from third parties for the purposes of providing you with information about NCR products and services that may be of interest to you, or to take steps to maintain the accuracy of the information we have about you.
- Automatic Data Collection. NCR may also use certain technologies to automatically collect information about you while you are visiting an NCR website, application, product, or service, which as described in more detail below, may include your Internet protocol (IP) address, user settings, IMEI, MAC address, cookie identifiers and related technologies (see below), mobile carrier, mobile advertising and other unique identifiers, details about your browser, operating system or device, location information, Internet service provider, pages that you visit before, during and after using the services, information about the links you click, and other information about how you use the services. Information we collect may be associated with accounts and other devices. In addition, we may automatically collect data regarding your use of our websites, applications, products and services, such as the types of content you interact with and the frequency and duration of your activities. We may combine your Personal Data with information that others provide when they use our services.
- Contract Data. NCR may collect Personal Data about your based on the direction of its customer(s). In such cases, it is our customers’ responsibility to ensure that their directions to NCR are consistent with the terms of any privacy policies or other guarantees they have made to you.
As described above, NCR websites, applications, and services may employ a variety of tools, including cookies, to help us improve your experience and determine the effectiveness of certain of our marketing initiatives.
- Other Technology NCR May Use to Improve Your Experience. NCR, and our service providers, may also use other technology to improve your experience. As described below, these technologies include analysis tools, log file information, web beacons, web links, and local shared objects.
- Log File Information. NCR records log file information whenever you access our websites. Examples of log file information include your IP address, your browser type, the page from which you accessed our website, the pages you viewed while visiting our website, the last page you viewed before you exited our website, and the page you accessed after leaving our website.
- Web Beacons, Pixel Tags, Clear GIFs, and Other Technologies. These technologies involve placing electronic (and usually transparent) images on a website or in an email. These images place certain information on your device such as cookies, the time and date of a page you viewed and the length of time you viewed the page, the IP address of the device that retrieved the image, the time the web beacon was viewed and for how long, and the type of browser that retrieved the image. We may use these technologies, for example, to determine whether you have opened or accessed links included in marketing communications from NCR. These technologies often work with cookies; therefore, if you do not want us to associate your cookie information with your visits to our website, you must turn off cookies in your browser.
- Web Links. Emails from NCR may contain links that are designed to take you to a web page after redirection through NCR’s servers (or those of its suppliers). We use the information we obtain during the redirection process to determine whether a particular marketing initiative is effective and may collect information connected to your identity. If you do not want NCR to collect information about the links that you click, you can choose a text-based version of the message (if the option is available). You may also choose not to click the links we provide in the emails we send to you and search online for the relevant resource independently.
- Local Shared Objects (“Flash Cookies”). NCR may use Adobe Flash Player® to deliver multimedia content, such as a video, to you. To improve your user experience, NCR may use Flash local shared objects (LSOs) – sometimes called “flash cookies” – to store your flash content information and preferences, similar to other types of cookies NCR employs. You can manage flash cookies by accessing the following link on Adobe’s website: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html.
- Notice Regarding APIs and SDKs. We may use third-party APIs and software development kits (“SDKs”) as part of the functionality of our applications. APIs and SDKs may allow third parties including analytics and advertising partners to collect your Personal Data for various purposes including to provide analytics services and content that is more relevant to you. For more information about our use of APIs and SDKs, please contact us as set forth below.
- Information from Other Sources. We may obtain Personal Data about you from other sources, including through third party services and organizations to supplement information provided by you. For example, if you access our website, applications, products and services through a third-party application, such as an app store, a third-party login service, or a social networking site, we may collect information about you from that third-party application that you have made public via your privacy settings. Information we collect through these services may include your name, your user identification number, your user name, location, gender, birth date, email, profile picture, and your contacts stored in that service. This supplemental information allows us to verify information that you have provided to us and to enhance our ability to provide you with information about our business, products, and services.
Use of Personal Data
Lawful Bases for NCR’s Processing. NCR will use Personal Data where reasonably necessary to fulfill NCR’s business needs (as described below), including to:
- Perform a contract with you or take steps at your request prior to entering into a contract;
- Comply with a regulatory or legal obligation;
- Protect your vital interests or that of another natural person;
- Perform a task carried out in the public interest;
- Carry out Processing with your consent, which you may withdraw at any time as described below;
- Further a legitimate interest of NCR or a third party including, but not limited to
- Researching and developing products, services, marketing or security procedures to improve their performance, resilience, reliability or efficiency;
- Auditing related to transactions, short-term transient use in accordance with applicable law, debugging to identify and repair errors that impair existing intended functionality and undertaking activities to verify or maintain the quality or safety of a service or device;
- Detecting security incidents, protecting NCR personnel, property and assets from malicious, deceptive, fraudulent or illegal activity including threats or harm including to NCR’s information technology infrastructure, Intellectual property, or goodwill or reputation and prosecuting those responsible for that activity;
- Ensuring compliance with relevant corporate policies and terms; or
- Optimizing utilization of global corporate resources including the administration of business transactions, personnel and information technology systems.
Additional Business Purposes. In addition to the foregoing, NCR may Process Personal Data in the following specific purposes and circumstances:
- Sensitive Data. With respect to Special Categories of Personal Data or Characteristics of Protected Classes, NCR may Process such information in a manner that is consistent with applicable law.
- Contract Data. As described above, NCR will use Contract Data consistent with applicable contractual obligations with its customers and applicable law. NCR also may use Contract Data to facilitate compliance with regulatory and legal requirements.
- Deidentified Data. For deidentified or aggregated data, which was formerly Personal Data, but which can no longer identify individuals, NCR may conduct research and development, statistical, trend or pattern analysis in order to continuously improve our products, services, processes, and security procedures.
- Fulfilling Business Transactions. NCR may use your Personal Data to fulfil business transaction requests with you or your organization. With respect to our customers, such requests may include, but are not limited to, maintaining or servicing accounts, verifying customer information, processing payments, providing advertising and marketing services, providing analytics services, undertaking internal research of technological development and demonstration, providing products or services including delivering notifications of product issues, fixes or updates, or contacting you in response to your questions, comments, or requests. With respect to our suppliers, such requests may include issuing purchase orders, receiving invoices, or providing other information such as forecasts. If, in providing service or support (including support to assist you with the use of our websites or applications), we engage you telephonically or via electronic communications through tools such as email or online chat, we may monitor or record our interactions for purposes of quality assurance, training, or to document the details of the interaction or transaction.
NCR is a global company with global operations, partners and suppliers. Where it is necessary for the efficient and effective performance of a business transaction or the fulfilment of one of the uses of Personal Data outlined above, NCR may need to transfer Personal Data from the country of collection to other countries, which may have data protection laws that are different from the laws where you live. Where such a transfer is made from one country or territory to another that is not deemed by the first exporting country (“Exporting Country”) to offer an adequate level of protection to the rights and freedoms of data subjects, NCR’s policy is to do so on the basis of contractual controls between the relevant group companies, partners, or suppliers designed to ensure that substantially the same level of protection is afforded to the Personal Data as in the Exporting Country. NCR’s contractual safeguards are based on the ‘standard contractual clauses’ issued by the European Commission and other data protection regulatory authorities of the Exporting Country.
Disclosure of Personal Data to Third Parties
We may share your Personal Data (including Contract Data) with the following categories of third parties:
Affiliates. We may share Personal Data within NCR and our affiliated companies.
Service Providers. We may share Personal Data with third-party suppliers and service providers that help us Process Personal Data. Examples of categories of suppliers include: HR service providers (such as payroll providers, background verification providers, benefits providers, and document management providers), IT vendors (including IT and related services, security product providers, email providers, and application providers), customer service providers, contingent workers, consultants, and other vendors to support the provision of our products and services. It is NCR’s practice to enter into contracts with our suppliers and service providers that require them to handle your information in a manner consistent with NCR policy and applicable law.
Business Partners. We may provide Personal Data to business partners with whom we jointly offer products or services. In such cases, our business partner’s name may appear along with ours.
Disclosure in the Event of Merger, Sale or Other Asset Transfer. From time to time, NCR may contemplate entering into various business development activities which may include the sale, purchase, merger, or reorganization of one or more of its businesses. These business development activities may require the disclosure of Personal Data to the prospective or actual purchaser(s). When such disclosures are required, NCR will seek appropriate protections of your Personal Data.
Disclosures to Protect Us or Others. In certain circumstances, NCR may use or release Personal Data to third parties when disclosure is required or permitted by law (e.g. statute, judicial proceeding, court order, or subpoena). We also reserve our right to use or provide your Personal Data to third parties, including law enforcement, auditors, consultants, and government officials, to protect NCR’s rights, property, or safety, and/or the rights or property of our customers, business partners, suppliers, or other third parties. We may also disclosure Personal Data to enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.
Your Privacy Rights
- Your Preferences. You have certain choices about your Personal Data. Where you have consented to the processing of your Personal Data, you may withdraw that consent at any time and prevent further processing as follows:
- Contract Data. With respect to Contract Data, the NCR customer is responsible for your Personal Data, and, where applicable, Processing your privacy rights requests.
- Mobile Devices. If you install an NCR mobile application, NCR may send you push notifications through our mobile applications. You may at any time opt-out from receiving these types of communications by changing the settings on your mobile device. We may also collect location-based information if you use our mobile applications. You may opt-out of this collection by changing the settings on your mobile device.
- Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that at this time NCR does not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
- Cookies and Interest-Based Advertising. You may stop or restrict the placement of technologies on your device or remove them by adjusting your preferences as your browser or device permits. If you would like to change your browser’s cookie settings, please refer to the online help offered with your browser or to your device manufacturer’s website. Please note, however, if you decide to turn off cookies, there may be some features of our websites that may not be available to you and some pages may not display properly. To learn more about managing cookies on your device, please visit http://www.allaboutcookies.org/manage-cookies/. The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy, at http://www.youronlinechoices.eu/, https://youradchoices.ca/choices/, www.networkadvertising.org/managing/opt_out.asp, and www.aboutads.info/choices/. To separately make choices for mobile apps on a mobile device, you can download DAA's AppChoices application from your device's app store. Alternatively, for some devices, you may use your device's platform controls in your settings to exercise choice.
Please note you must separately opt out in each browser and on each device. Advertisements on third party websites that contain the AdChoices link may have been directed to you based on information collected by advertising partners over time and across websites. These advertisements may also provide a mechanism to opt out of the advertising partners’ use of this information for interest-based advertising purposes. Furthermore, even if you exercise your choices, you may still receive generic, non-targeted ads from NCR.
Your Individual Rights. In accordance with applicable law, we provide several mechanisms to allow you to:
- Access Personal Data about you consistent with legal requirements. In addition, you may have the right in some cases to receive or have your electronic Personal Data transferred to another party. Where permitted by law, NCR may charge a reasonable fee if we are required to provide information about you.
- Request correction of your Personal Data where it is inaccurate or incomplete. In some cases, NCR may provide self-service tools that enable you to update Personal Data about you or refer you to the Controller of your Personal Data who is able to make the correction.
- Request deletion of your Personal Data where required by law, subject to certain exceptions prescribed by law.
- Request restriction of or object to Processing of your Personal Data, including the right to opt in or opt out of the sale of your Personal Data to third parties, if applicable, where such requests are permitted by law. NCR will notify you before we begin to Process any information about you that was restricted just prior to Processing.
You may log into your account or use the contact mechanisms specified below to make your request. We will process such requests in accordance with applicable laws. Where necessary to protect your privacy, NCR may take reasonable steps to verify your identity before acting on a request.
Consent Exceptions. Where you have previously provided your consent, you may withdrawal your consent at any time; however, doing so will not affect the lawfulness of NCR’s processing before your withdrawal of consent. Once you withdraw consent, we will no longer Process your information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further Processing which override your interests, rights, and freedoms or if Processing is necessary for the establishment, exercise, or defense of legal claims.
Use of Automated Individual Decision Making Including Statistical Analysis and Profiling
NCR may use statistical and analytic techniques to support automated individual decisionmaking including profiling for the purpose of improving the quality, performance or efficiency of our products, services or processes or to screen applicants for employment, to facilitate compliance with law or policy, or to protect our information technology infrastructure.
Protection of Your Personal Data
NCR takes reasonable and appropriate steps to safeguard Personal Data in accordance with the applicable laws of the countries in which we conduct business and our contractual requirements. NCR is not responsible for, nor can it guarantee, the security of any Personal Data transmitted over the Internet. Likewise, there is no guarantee that our physical, technical, or organizational security measures are foolproof. It is your responsibility to protect the security of your login information and other Personal Data.
Retention of Personal Data
NCR will retain Personal Data only for so long as it is necessary to support the overall purpose(s) for which NCR collected such information plus any further period as may be required or reasonably necessary for record keeping, analysis or to meet legal or regulatory requirements. We take steps to minimize access, use and retention of Personal Data for such ongoing retention to what is reasonably necessary. To determine the appropriate retention period for your Personal Data, we will consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we Process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
NCR’s applications and websites are not directed to children under the age of 16. By your use of our applications and websites, you affirm that you are at least 16 years of age. If you are a parent or a guardian, and you believe your child has provided NCR with Personal Data without your consent, please contact us as described below.
Changing Your Preferences and Contacting Us
You may change your marketing preferences by clicking here.
864 Spring Street NW
Atlanta, GA 30308
US Toll-free: 1-800-CALL-NCR
Within the European Union
Group Data Protection Officer (EU)
c/o NCR Limited
5 Merchant Square, 9th Floor
London, W2 1BQ, United Kingdom
We will respond to your request within 30 days of submission.
If NCR does not satisfactorily address your concerns and you are subject to the European Union’s General Protection Regulation, you have the right to lodge a complaint with your Supervisory Authority.