1. Introduction

 

When you use OpaLink, you trust us with your personal data. We’re committed to keeping that trust. That starts with helping you understand our privacy practices.

 

This notice describes the personal data we collect, how it’s used and shared, and your choices regarding this data. We recommend that you read this along with our privacy overview, which highlights key points about our privacy practices.

 

1. Overview

 

1. Scope

This notice applies to users of OpaLink’s services anywhere in the world, including users of OpaLink’s apps, websites, features, or other services.

 

This notice describes how OpaLink and its affiliates collect and use personal data. This notice applies to all users of our apps, websites, features, or other services anywhere in the world, unless covered by a separate privacy notice. This notice specifically applies to:

 

• Purchasers: individuals who request hospitality and/or retail services from a vendor to be provided and/or furnished to a third-party individual

 

• Recipients: individuals who accept hospitality and/or retail services from a vendor, purchased by Purchaser

OpaLink uses stripe payments. which requires information about your phone number and apps installed on the device in order to ensure secure and successful payment.

This notice also governs OpaLink’s other collections of personal data in connection with its services. For example, we may collect the contact information of individuals who use accounts owned by OpaLink for Business customers, or of owners or employees of restaurants or other merchants; or other personal data in connection with our mapping technology and features.

 

All those subject to this notice are referred to as “users” in this notice.

 

Our practices are subject to applicable laws in the places in which we operate. This means that we engage in the practices described in this notice in a particular country or region only if permitted under the laws of those places. Please contact us at 51 E Jefferson St Orlando, FL 32801 P.O Box 2528 or through the addresses below with any questions regarding our practices in a particular country or region.

 

1. Data controller and transfer

OpaLink Inc. is the data controller for the personal data collected in connection with use of OpaLink’s services.

 

OpaLink operates, and processes personal data, globally. We may also transfer such data to countries other than the one where our users live or use OpaLink’s services. We do so in order to fulfill our agreements with users, such as our Terms of Use, or based on users’ prior consent, adequacy decisions for the relevant countries, or other transfer mechanisms as may be available under applicable law, such as the Standard Contractual Clauses.

 

Questions, comments, and complaints about OpaLink’s data practices can be submitted 51 E Jefferson St Orlando, FL 32801 P.O Box 2528. You may also use this form to submit a question to OpaLink’s Data Protection Officer.

 

III. Data collections and uses

 

1. The data we collect

 

OpaLink collects personal data: 

 

• provided by users to OpaLink, such as during account creation

 

• created during use of our services, such as location, app usage, and device data

 

• from other sources, such as other users or account owners, business partners, vendors, insurance and financial solution providers, and governmental authorities

 

The following personal data is collected by or on behalf of OpaLink:

 

1. Data provided by users. This includes:

 

• User profile: We collect data when users create or update their OpaLink accounts. This may include their name, email, phone number, login name and password, address, profile picture, payment or banking information (including related payment verification information), driver’s license and other government identification documents (which may indicate document numbers as well as birth date, gender, and photo). 

 

We may use the photos submitted by users to verify their identities, such as through facial verification technologies. For more information, please see the section titled “How we use personal data.”

 

• Demographic data: We may collect demographic data about users, including through user surveys. In some countries, we may also receive demographic data about users from third parties.

 

We may also infer demographic data from other data collected from users. For example, where necessary to enable features that allow women to provide or receive services from other women, we may infer gender using their first name. In such cases, we enable users to change their gender if necessary via in-app settings.

 

• User content: We collect the data submitted by users when they contact OpaLink customer support, provide ratings or compliments for other users, restaurants or merchants, or otherwise contact OpaLink. This may include feedback, photographs or other recordings collected by users, including audio or video recordings submitted by users in connection with customer support. This also includes metadata relating to the method you use to communicate with OpaLink.
• Device Phonebook: Because our services are all about communicating with friends, we may — with your permission — collect information from your device’s phonebook.
• Location Information: When you use our services we may collect information about your location. With your permission, we may also collect information about your precise location using methods that include GPS, wireless networks, cell towers, Wi-Fi access points, and other sensors, such as gyroscopes, accelerometers, and compasses.

 

2. Data created during use of our services. This includes: 

 

• Location data (Recipients): We collect Recipients’ precise or approximate location data, including to enable services provided to Recipients, to enable tracking for delivery of products and services, to prevent and detect fraud, and to satisfy legal requirements. OpaLink collects this data when the OpaLink app is running in the foreground (app open and on-screen) or background (app open but not on-screen) of their mobile device.

 

We collect such data from users’ mobile devices if they enable us to do so. (See “Choice and transparency” below for information on how riders and delivery recipients can enable location data collection). OpaLink collects such data from the time a ride or delivery is requested until it is finished (and may indicate such collection via an icon or notification on your mobile device depending on your device’s operating system), and any time the app is running in the foreground (app open and on-screen) of their mobile device.

 

• Transaction information: We collect transaction information related to the use of our services, including the type of services requested or provided, order details, payment transaction information (such as a restaurant’s or merchant’s name and location and amount of transaction), delivery information, date and time the service was provided, amount charged, distance traveled, and payment method. Additionally, if someone uses your promotion code, we may associate your name with that person.

 

• Usage data: We collect data about how users interact with our services. This includes data such as access dates and times, app features or pages viewed, app crashes and other system activity, and type of browser. We may also collect data regarding the third-party sites or services used before interacting with our services, which we use for marketing. (Please see “How We Use Data” below for more information on how we market our services to users).

 

In some cases, we collect this data through cookies, pixels, tags, and similar tracking technologies that create and maintain unique identifiers. To learn more about these technologies, please see our Cookie Notice. 

 

• Device data: We may collect data about the devices used to access our services, including the hardware models, device IP address or other unique device identifiers, operating systems and versions, software, preferred languages, advertising identifiers, device motion data, and mobile network data.

 

• Communications data: We enable users to communicate with each other and OpaLink through OpaLink’s mobile app and website. For example, we enable Purchasers and Recipients to call, text, or send other files to each other. To provide this service, OpaLink receives some data regarding the calls, texts, or other communications, including the date and time of the communications and the content of the communications. OpaLink may also use this data for customer support services (including to resolve disputes between users), for safety and security purposes, to improve our services and features, and for analytics.

 

3. Data from other sources. These include:

 

• Users participating in our referral programs. For example, when a user refers to another person, we receive the referred person’s personal data from that user.

 

• OpaLink account owners who request services for or on behalf of other users, or who enable such users to request or receive services through their accounts. 

 

• users or others providing information in connection with claims or disputes.

 

• OpaLink business partners through which users create or access their OpaLink account, such as payment providers, social media services, or apps or websites that use OpaLink’s APIs or whose APIs OpaLink uses. 

 

• OpaLink business partners in connection with debit or credit cards issued by a financial institution in partnership with OpaLink to the extent disclosed in the terms and conditions for the card.

 

• vendors who help us verify users’ identity, background information, and eligibility to work, or who screen users in connection with sanctions, anti-money laundering, or know-your-customer requirements 

 

• publicly available sources

 

• marketing service providers or data resellers whose data OpaLink uses for marketing or research

 

• law enforcement officials, public health officials, and other government authorities

 

• OpaLink may combine the data collected from these sources with other data in its possession.
  
• If another user uploads their contact list, OpaLink may combine information from that user’s contact list with other information OpaLink has collected about you.

 

1. How we use personal data

OpaLink uses personal data to enable reliable and convenient payment, delivery of products and services, and other products and services. We also use such data:

 

• to enhance the safety and security of our users and services

 

• for customer support  

 

• for research and development  

 

• to enable communications between users 

 

• to send marketing and non-marketing communications to users

 

• in connection with legal proceedings

 

OpaLink does not sell or share user personal data with third parties for their direct marketing, except with users’ consent.

 

We use personal data we collect:

 

1. To provide our services. OpaLink uses data to provide, personalize, maintain, and improve our services.

 

This includes using data to:

 

• create/update accounts

 

• enable retail and hospitality services (such as using location data to facilitate an in-store delivery), features that involve data sharing (ratings and compliments), and accessibility features to facilitate use of our services by those with disabilities

 

• process payments

 

• track and share the progress of purchases and in-store deliveries

 

• personalize users’ accounts. We may, for example, present an OpaLink user with personalized restaurant or food recommendations based on their prior orders. Please see the section of this notice titled “Choice and transparency” to learn how to object to this use of personal data.

 

• perform necessary operations to maintain our services, including to troubleshoot software bugs and operational problems; to conduct data analysis, testing, and research; and to monitor and analyze usage and activity trends.

 

OpaLink performs the above activities, including the collection and use of location data for purposes of these activities, on the grounds that they are necessary to fulfill our obligations to users under our Terms of Use or other agreements with users.

 

2. Safety and security. We use personal data to help maintain the safety, security, and integrity of our services and users. This includes:

 

• verifying users’ identity 

 

• using device, location, user profile, usage, and other data to prevent, detect, and combat fraud. This includes identifying fraudulent accounts or uses of our services, verifying user identities in connection with certain payment methods and preventing and combating unauthorized access to users’ accounts.

 

• using user ratings, reported incidents, and other feedback to encourage compliance with our Community Guidelines and as grounds for deactivating users who otherwise violated such guidelines in certain countries.

 

• sharing information regarding compliance with local regulations with third parties, including other companies who enable users to request or purchase retail and/or hospitality products and services 

 

OpaLink performs the above activities on the grounds that they are necessary to fulfill our obligations to users under our Terms of Use or other agreements with users, and/or for purposes of the legitimate safety and security interests of OpaLink or other parties, including users and members of the general public.

 

3. Customer support. OpaLink uses the information we collect (which may include call recordings) to provide customer support, including to investigate and address user concerns and to monitor and improve our customer support responses and processes.

 

OpaLink performs the above activities on the grounds that they are necessary to fulfill our obligations to users under our Terms of Use or other agreements with users.

 

4. Research and development. We may use personal data for testing, research, analysis, product development, and machine learning to improve the user experience. This helps us make our services more convenient and easy-to-use, enhance the safety and security of our services, and develop new services and features.

 

OpaLink performs the above activities on the grounds that they are necessary to fulfill our obligations to users under our Terms of Use or other agreements with users in improving our existing services and features, or for purposes of OpaLink’s legitimate interests developing new services and features.

 

5. Enabling communications between users. For example, a Purchaser may message or call a Recipient to confirm the Recipient’s physical location, or a restaurant, bar, club, other hospitality location and/or retailer may call a Purchaser or Recipient with information about their order.

 

OpaLink performs the above activities on the grounds that they are necessary to fulfill our obligations to users under our Terms of Use or other agreements with users.

 

6. Marketing. OpaLink may use personal data to market our services to our users. This includes sending users communications about OpaLink services, features, promotions, sweepstakes, studies, surveys, news, updates, and events. We may do so through various methods, including email, text messages, push notifications, in app communications and ads, and ads on third party platforms.

 

We may also inform users about products and services offered by OpaLink partners. For example, we may provide recommendations, promotions, or ads for OpaLink partners based on users’ past orders. Although we inform users about products and services offered by OpaLink partners, we do not sell users’ personal data to, or share it with, such partners or others for purposes of their own direct marketing or advertising, except with users’ consent.

 

We may use the data we collect, including in combination with advertising partners’ data, to personalize and improve the marketing communications (including ads) that we send on and off OpaLink’s apps and websites, including based on user location, use of OpaLink’s services, and user preferences and settings. For example, we may share user data (such as hashed email address, usage information, and device or user identifiers) with Facebook, Instagram, Twitter, and/or TikTok to personalize and improve our ads for OpaLink’s services.

 

For information about how to opt out of certain marketing communications (including ads) from OpaLink and its advertising partners, please see the section titled “Marketing choices.”

 

We may also send users communications regarding elections, ballots, referenda, and other political and notice processes that relate to our services. For example, OpaLink has notified some users by email of ballot measures or pending legislation relating to OpaLink’s services in those users’ areas.

 

OpaLink performs the above activities on the grounds that they are necessary for purposes of OpaLink’s legitimate interests in informing users about OpaLink services and features or those offered by OpaLink partners, or on the basis of user consent. See the sections titled “Choice and transparency” and “Marketing choices” for information on your choices regarding OpaLink’s use of your data for marketing.

 

7. Non-marketing communications. OpaLink may use personal data to generate and provide users with receipts; inform them of changes to our terms, services, or policies; or send other communications that aren’t for the purpose of marketing the services or products of OpaLink or its partners.

 

OpaLink performs the above activities on the grounds that they are necessary to fulfill our obligations to users under our Terms of Use or other agreements with users, or for purposes of OpaLink’s and it’s users legitimate interests in informing users about events that may have an impact on how they can use OpaLink services.

 

8. Legal proceedings and requirements. We may use personal data to investigate or address claims or disputes relating to use of OpaLink’s services, to satisfy requirements under applicable laws, regulations, or operating licenses or agreements, or pursuant to legal process or governmental request, including from law enforcement.

 

OpaLink performs the above activities on the grounds that they are necessary for purposes of OpaLink’s legitimate interests in investigating and responding to claims and disputes relating to use of OpaLink’s services and features, and/or necessary for compliance with applicable legal requirements.

 

9. Automated decision-making

 

We use personal data to make automated decisions relating to use of our services. This includes:

 

• flagging users who are identified as having engaged in fraud, unsafe activity, or other activities that may harm OpaLink, its users, and others. In some cases, such as when a user is determined to be abusing OpaLink’s referral program or has submitted fraudulent documents, such behavior may result in automatic deactivation, or in the European Union or where otherwise required by law, deactivation after human review.

 

OpaLink performs the above activities on the grounds that they are necessary to fulfill our obligations to users under our Terms of Use or other agreements with users, or on the grounds that they are necessary for purposes of the legitimate interests of OpaLink, its users and others.

 

1. Cookies and third-party technologies

OpaLink and its partners use cookies and other identification technologies on our apps, websites, emails, and online ads for purposes described in this notice, and OpaLink’s Cookie Notice.

 

Cookies are small text files that are stored on browsers or devices by websites, apps, online media, and advertisements. OpaLink uses cookies and similar technologies for purposes such as:

 

• authenticating users

 

• remembering user preferences and settings

 

• determining the popularity of content

 

• delivering and measuring the effectiveness of advertising campaigns

 

• analyzing hospitality and retailer trends, and generally understanding the online behaviors and interests of people who interact with our services

 

We may also allow others to provide audience measurement and analytics services for us, to serve advertisements on our behalf across the Internet, and to track and report on the performance of those advertisements. These entities may use cookies, web beacons, SDKs, and other technologies to identify the devices used by visitors to our websites, as well as when they visit other online sites and services.

 

Please see our Cookie Notice for more information regarding the use of cookies and other technologies described in this section.

 

1. Data sharing and disclosure

Some of OpaLink’s services and features require that we share personal data with other users or at a user’s request. We may also share such data with our affiliates, subsidiaries, and partners, for legal reasons or in connection with claims or disputes.

 

OpaLink may share personal data:

 

1. With other users

 

This includes sharing:

 

• Purchasers’ and Recipients’ name and locations with hospitality merchant and retailer providers. We may also share ratings and feedback, or other information to the extent required by law, with the restaurant, hospitality merchant and/or retailer partner.

 

• We also provide Purchasers and Recipients recipients with receipts containing information such as a breakdown of amounts charged. We also include other information on those receipts if required by law.

 

• for those who participate in OpaLink’s referral program, we share certain personal data of referred users with the user who referred them, to the extent relevant to determining the referral bonus.

 

2. At the user’s request

 

This includes sharing data with:

 

• Other people at the user’s request. For example, we share a user’s location with a friend when requested by that user.

 

• OpaLink business partners. For example, if a user requests a service through a partnership or promotional offering made by a third party, OpaLink may share certain data with those third parties. This may include, for example, other services, platforms, apps, or websites that integrate with our APIs; vehicle suppliers or services; those with an API or service with which we integrate; or restaurants, hospitality merchants, retailers, or other OpaLink business partners and their users in connection with promotions, contests, or specialized services.

 

3. With the general public 

 

Questions or comments from users submitted through public forums such as OpaLink blogs and OpaLink social media pages may be viewable by the public, including any personal data included in the questions or comments submitted by a user.

 

4. With OpaLink subsidiaries and affiliates

 

We share personal data with our subsidiaries and affiliates to help us provide our services or conduct data processing on our behalf. For example, OpaLink processes and stores such data in the United States on behalf of its international subsidiaries and affiliates.

 

5. With OpaLink service providers and business partners

 

OpaLink provides personal data to vendors, consultants, marketing partners, research firms, and other service providers or business partners. These include:

 

• payment processors and facilitators

 

• background check and identity verification providers

 

• cloud storage providers

 

• Google, in connection with the use of Google Maps in OpaLink’s apps (see Google’s privacy policy for information on their collection and use of data)

 

• social media companies, including Facebook, Instagram, Twitter, and TikTok, in connection with OpaLink’s use of their tools in OpaLink’s apps and websites (see Facebook’s and TikTok’s privacy policies for information on their collection and use of data)

 

• Marketing partners and marketing platform providers, including social media advertising services, advertising networks, third-party data providers, and other service providers to reach or better understand our users and measure advertising effectiveness

 

• research partners, including those performing surveys or research projects in partnership with OpaLink or on OpaLink’s behalf

 

• vendors that assist OpaLink to enhance the safety and security of its apps

 

• consultants, lawyers, accountants, and other professional service providers

 

• insurance and financing partners

 

• restaurants, bars, clubs, other hospitality merchants, grocery stores and other retailers from whom Purchasers place orders, as well as partners and/or their point of sale providers, including for order fulfillment, delivery, communications and marketing purposes  

 

6. For legal reasons or in the event of a dispute

 

OpaLink may share users’ personal data if we believe it’s required by applicable law, regulation, operating license or agreement, legal process or governmental request, or where the disclosure is otherwise appropriate due to safety or similar concerns.

 

This includes sharing personal data with law enforcement officials, public health officials, other government authorities, airports (if required by the airport authorities as a condition of operating on airport property), or other third parties as necessary to enforce our Terms of Service, user agreements, or other policies; to protect OpaLink’s rights or property or the rights, safety, or property of others; or in the event of a claim or dispute relating to the use of our services. In the event of a dispute relating to use of another person’s credit card, we may be required by law to share your personal data, including order information, with the owner of that credit card.

 

This also includes sharing personal data with others in connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.

 

7. With consent

 

OpaLink may share a user’s personal data other than as described in this notice if we notify the user and they consent to the sharing.

 

1. Data retention and deletion

OpaLink retains user data for as long as necessary for the purposes described above.

 

Users may request deletion of their accounts at any time. OpaLink may retain user data after a deletion request due to legal or regulatory requirements or for reasons stated in this policy.

 

OpaLink retains user data for as long as necessary for the purposes described above. This means that we retain different categories of data for different periods of time depending on the type of data, the category of user to whom the data relates, and the purposes for which we collected the data.

 

Users may request deletion of their account at any time through the Settings > Privacy menus in the OpaLink app, or through OpaLink’s website.

 

Following an account deletion request, OpaLink deletes the user’s account and data, unless they must be retained due to legal or regulatory requirements, for purposes of safety, security, and fraud prevention, or because of an issue relating to the user’s account such as an outstanding credit or an unresolved claim or dispute. Because we are subject to legal and regulatory requirements relating to restaurants, hospitality merchants, and retailers, this generally means that we retain their account and data for a minimum of 7 years after a deletion request. For Recipients/Purchasers, their data is generally deleted within 90 days of a deletion request, except where retention is necessary for the above reasons.

 

1. Choice and transparency

 

OpaLink enables users to access and/or control data that OpaLink collects, including through: 

 

• privacy settings

 

• device permissions

 

• in-app ratings pages

 

• marketing choices 

 

OpaLink also enables users to request access to or copies of their data, changes or updates to their accounts, or deletion of their accounts, or that OpaLink restricts its processing of user personal data.

 

1. Privacy settings

 

The Settings > Privacy menu in the OpaLink app allows Recipients/Purchasers to set or update their preferences regarding location data collection and sharing, emergency data sharing, and notifications.

 

• Location data collection (Recipients/Purchasers)

 

Recipients/Purchasers can enable/disable OpaLink to collect location data from their mobile devices through their device settings, which can be accessed via the Settings > Privacy > Location menu.

 

• Share Live Location (Recipients/Purchasers)

 

Recipients/Purchasers can enable/disable OpaLink to share their real-time location data from their mobile devices with their drivers through their device settings, which can be accessed via the Settings > Privacy > Location menu.

 

• Notifications: account updates

 

OpaLink provides users with status notifications and updates related to activity on their account. These notifications are a necessary part of using the OpaLink app and cannot be disabled. However, users may choose the method by which they receive these notifications through the Settings > Privacy menu.

 

• Notifications: discounts and news

 

Users may enable OpaLink to send push notifications about discounts and news from OpaLink. Push notifications may be enabled or disabled through the Settings > Privacy menus in the OpaLink app.

 

• Communications from restaurants, hospitality merchants, and retailers 

 

Users may opt-in to receive communications from certain restaurants, hospitality merchants, and retailers while placing an order in the OpaLink app. Those who opt-in may choose to cease receiving such communications through the Settings > Account > Data Sharing menus in the OpaLink app.

 

2. Device permissions

 

Most mobile device platforms (iOS, Android, etc.) have defined certain types of device data that apps cannot access without the device owner’s permission, and these platforms have different methods for how that permission can be obtained. Please check the available settings on your device or check with your provider.

 

3. Marketing choices

 

Users may opt out of certain marketing communications (including ads) and use of their data for marketing in the following ways:

 

• Ad settings: These settings enable users to choose whether their data is shared with OpaLink’s advertising partners to deliver personalized ads, and/or to measure the effectiveness of such ads.

 

• Marketing emails and messages: To opt out of receiving marketing emails from OpaLink, or for instructions on how to set your preferences regarding whether to receive marketing SMS or push notifications from OpaLink, click here. Users may also opt out of receiving emails and other messages from OpaLink by following the unsubscribe instructions in those messages. We may still send users who have opted out non-promotional communications, such as receipts for rides or information about their account.

 

• Cookies and related technologies: For information on how to opt out of personalized ads using cookies and related technologies, please see our Cookie Notice.

 

4. User personal data requests 

 

OpaLink provides users with a variety of ways to learn about, control, and submit questions and comments about OpaLink’s handling of their personal data.

 

• Accessing data: Users can access data including their profile data and order history through the OpaLink apps or via OpaLink’s website. Users can also request access to their data here.

 

• Receiving data: Users can request a copy of their personal data using our Download Your Data tool. For an overview of the data available through that tool, please click here. Users may also request a copy of their data here. 

 

• Changing or updating data: Users can edit the name, phone number, email address, payment method, and photo associated with their account through the Settings menu in OpaLink’s app. Users may also request to update or correct their data here. 

 

• Deleting data: Users may request deletion of their account at any time through the Settings > Privacy menus in the OpaLink app, or through OpaLink’s website, here.

 

• Objections, restrictions, and complaints: Users may request that we stop using all or some of their personal data, or that we limit our use of their data. This includes objecting to our use of personal data that is based on OpaLink’s legitimate interests. OpaLink may continue to process data after such objection or request to the extent required or permitted by law.

 

In addition, depending on their location, users may have the right to file a complaint relating to OpaLink’s handling of their personal data with the data protection authority in their country. For example, users in the European Union and South America may submit such requests to the data protection authorities in the country in which they live.

 

Users may submit the above requests here.

 

1. Updates to this notice

 

We may occasionally update this notice. 

 

We may occasionally update this notice. If we make significant changes, we will notify users in advance of the changes through the OpaLink apps or through other means, such as email. We encourage users to periodically review this notice for the latest information on our privacy practices.

 

Use of our services after an update constitutes consent to the updated notice to the extent permitted by law.