Last Updated: 9/16/2020
TipHaus's service offering involves providing organizations and individuals within those organizations with access to and use of the TipHaus Services which allows our customers to and their staff members to administer work scheduling (the “ Service”) through their devices (any computer used to access the TipHaus Service, including without limitation a desktop, laptop, mobile phone, tablet, or other consumer electronic device (each a “ Device”)).
your organization signs up to the Services and you access the TipHaus Services using a business Account, or you register for an individual Account not linked to a company, or decide to continue to use an individual Account or individual account features after no longer being associated with your organization, via our website (www.TipHaus.com), subdomain (*.TipHaus.com), Apple App Store, Google Play Store, through applications on devices, through APIs, or through third-parties, or partner marketplaces (together, the " Users");
you visit our website www.TipHaus.com (the " Website") while browsing the internet (together, the " Website Users"); and
you call our customer service team or sales team for any purpose (" Phone User").
1. TipHaus Role as Data Controller and Data Processor
Our primary purpose for collecting and using your Personal Data is to provide the Services to you and your organization. We use Personal Data to allow Users to access and use the TipHaus Services on the instructions of your organization and on behalf of your organization. This makes us a "data processor" for the purposes of the Data Protection Legislation. Please see section 4 ("How do we use your Personal Data") for more information.
If you are a Website User, we use your information for our own purposes. This makes us a "data controller" for the purposes of the Data Protection Legislation. Please see section 4 ("How do we use your Personal Data") for more information.
If you are a Phone User, we may record your call for our own purposes. This makes us a "data controller" for the purposes of the Data Protection Legislation. Please see section 4 ("How do we use your personal information") for more information.
2. WHAT KIND OF PERSONAL DATA DO WE COLLECT?
2.1 Services Users:
Date of Birth;
Credit card details or other billing information;
Business postal addresses;
Any further Personal Data contained in any files that you upload, download, or create (“ Files”) within the TipHaus Services; and
Log data from your Device, its software, and your activity using the TipHaus Services including the Device’s Internet Protocol (“ IP”) address, browser type, locale preferences, geo-Location Information, identification numbers associated with your Devices, your mobile carrier, date and time stamps associated with transactions, system configuration information, metadata concerning your Files, and other interactions with the TipHaus Services.
In particular, Users are required to submit Personal Data to create an Account and use the Service. Our customers’ staff members create employee profiles to allow their employer and fellow employees to interact with them on the Services.
Personal Data associated with your personal profile, that is not specific to an employer, such as name, availability, time off, profile picture and tip information (“ Profile Data”) will remain associated with your Account for as long as your Account is active, whether or not your Account is linked to an organization.
When you use the Service, Personal Data related to your employment, such as job title, company, schedule, schedule preferences, shifts, and attendance is collected in order to provide you and your organization with the Services, such as scheduling (“ Employment Information”).
2.2 Website Users:
We collect a limited amount of Personal Data from our Website Users which we use to help us to improve your experience when using our website and to help us manage the services we provide. This includes log data such as your Device’s IP address, browser type, the web page visited before you came to our website, information you search for on our website, locale preferences, identification numbers associated with your Devices, your mobile carrier, date and time stamps associated with transactions, system configuration information and other interactions with the Website. If you contact us via the Website (including via any chat widget), we will collect any information that you provide to us, for example your name and contact details to order to respond to the inquiry.
2.3 Phone Users:
We collect a limited amount of Personal Data by recording and subsequently storing certain telephone calls. On each occasion, you will be notified whether the call is being recorded at the commencement of the call. The primary purpose of the call recording is to improve the quality of the services we provide. During the course of the phone call we will collect limited categories of Personal Data including name, phone number, and email address to assist us in confirming the identity of the caller.
3 HOW DO WE COLLECT YOUR PERSONAL DATA?
We collect your Personal Data in four primary ways:
Personal Data that you provide to us when you register for an Account, use the Services, contact us or create content;
Personal Data that we receive from your organization (our Customer) and other sources, to send you email when we receive your email address to invite you to the Services; and/or;
Employment Information that is inputted by you or your organization, or other generated from your use of the Services;
Personal Data that we collect automatically through the Service, in particular when you use the Services, where we automatically record Personal Data in the form of log data from your Device, its software, and your activity using the TipHaus Services and/or where we collect your personal data automatically via cookies, in line with cookie settings in your browser. If you would like to find out more about cookies, including how we use them and what choices are available to you, please see section 11 (" Cookies").
3.2 Website Users:
When you visit our Website there is certain Personal Data in the form of log data that we may automatically collect, whether or not you use the TipHaus Services. We also collect some limited Personal Data (name, email, phone number, company name) when you opt into certain marketing activities (download template files, for example). We also collect some limited Personal Data automatically via cookies, in line with cookie settings in your browser. If you would like to find out more about cookies, including how we use them and what choices are available to you, please see section 11(" Cookies").
3.3 Phone Users:
As set out in Section 2 above, we collect a limited amount of Personal Data by recording and subsequently storing certain telephone calls. On each occasion, you will be notified at the commencement of the call whether the call is being recorded and for what purpose.
4 HOW DO WE USE YOUR PERSONAL DATA?
Our primary purpose for using your Personal data is to Provide the Services to your organization. When we use your Personal Data to allow you to access and use the TipHaus Services, we do so on the instructions of your organization (our Customer) and on the behalf of your organization. This makes us a "data processor" for the purposes of the Data Protection Legislation. Activities that we may carry out on this basis include:
Allowing you to access and use the TipHaus Application;
Providing you with assistance (including technical assistance) in relation to your use of the TipHaus Application;
Personalizing and optimizing your experience of the TipHaus Services and providing you with software updates; and
Ensuring compliance with the terms of our agreement with your organization.
However, there may be certain circumstances under which we use your Personal Data for purposes that are not on behalf of your organization or in accordance with instructions of your organization. Under these circumstances, we are a "data controller" for the purposes of the Data Protection Legislation. Activities that we may carry out on this basis include:
Making announcements to you regarding our products and service offerings (see section 5 (" Marketing") below);
Providing you with any service offering outside of the TipHaus Service directly;
Ensuring compliance with our own obligations under applicable law and regulations;
Using your Personal Data to help us to establish, exercise or defend legal claims; and
Analyzing log data/user statistics with the aim of improving the TipHaus Service for all Users.
We may use your Personal Data for these purposes if we have a legal basis for doing so. If you would like to know more about what this means, please see section 12 ("Legal basis for processing your Personal Data"). If you are not happy about this, in certain circumstances you have the right to object and can find out more about how and when to do this in section 9 ("How can you access, amend or take back the Personal Data that we hold about you").
4.2 Users not linked to employer accounts:
If you register for an Account that is not linked to any company or once you have left your organization, we are a "data controller" for the purposes of the Data Protection Legislation. Activities that we may carry out on this basis include:
Allowing you to continue to use and maintain your Account and/or link your Account and Profile Data to another organization;
Making announcements to you regarding our products and service offerings (see section 5 ("Marketing") below);
Ensuring compliance with our own obligations under applicable law and regulations; and
Using your Personal Data to help us to establish, exercise or defend legal claims.
We may use your Personal Data for these purposes if we have a legal basis for doing so. If you would like to know more about what this means, please see section 12 ("Legal bases for processing your Personal Data"). If you are not happy about this, in certain circumstances you have the right to object and can find out more about how and when to do this in section 9 ("How can you access, amend or take back the Personal Data that we hold about you").
4.3 Website Users
We use your Personal Data to help us to improve your experience of using our website, for example by analyzing your recent search criteria to help us to present information to you that we think you will be interested in. This makes us a "data controller" for the purposes of the Data Protection Legislation.
4.4 Phone Users:
We use your Personal Data to help us to improve our customer experience, for example by analyzing whether the Personal Data we collect is suitable for the purpose of verifying the identity of the caller. This makes us a "data controller" for the purposes of the Data Protection Legislation.
We use Personal Data of Users in order to let you know about, and invite you to participate in, our products and service offerings. We need your consent for some aspects of these activities which are not covered by our legitimate interests (in particular, the delivery of direct marketing to you through digital channels) and, depending on the situation, we'll ask for this via an opt-in in accordance with applicable laws. If you are not happy about this, you have the right to opt out of receiving marketing materials from us and can find out more about how to do so in section 9 ("How can you access, amend or take back the Personal Data that we hold about you?").
If you want to know more about how we obtain consent, please see section 12 ("Legal bases for us processing your Personal Data"). If you are not happy about our approach to marketing, you have the right to withdraw your consent at any time and can find out more about how to do so in section 9 ("How can you access, amend or take back the personal data that we hold about you?")
6 INFORMATION SHARING & DISCLOSURE
Your Use: We will display your Personal Data on your profile page, and this may be viewed by other persons to whom you are connected within your organization depending on their access level. If you use community services on the TipHaus Services such as messaging, log book, and notes, you should be aware that any Personal Data you provide in these areas may be read, collected, and used by Users who access them. Your posts may remain even after you close your account.
Employees: The organization with which your Account is connected will have access to the Employment Information. If you switch jobs, no Employment Information will be shared with any other organization.
Other Service Providers, Business Partners and third parties: We may share your Personal Data with our agents or third-party service providers (including professional advisers and telecommunication service providers) which require your Personal Data to provide their services to TipHaus. Such agents and third party service providers will not be permitted to use your Personal Data for any other purpose.
Compliance with Laws and Law Enforcement Requests: We may disclose to parties outside TipHaus, Files stored in your TipHaus Services and Personal Data about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; or (b) to protect TipHaus’s intellectual property rights. If we provide your Files to a law enforcement agency as set forth above, we will remove TipHaus’s encryption from the files before providing them to law enforcement.
Non-private or Non-Personal data: We may disclose your non-private, aggregated, or otherwise non-personal data, such as usage statistics of the TipHaus Services.
List of service provider types and locations:
Infrastructure, hosting, and data storage: USA & Canada
SMS, Push, Email providers: USA
Sales and Marketing tools: USA
Payment Processing and Contract Storage: USA
7 HOW DO WE SAFEGUARD YOUR PERSONAL DATA?
We are committed to taking all reasonable and appropriate steps to protect the Personal Data that we hold from misuse, loss, destruction or unauthorized access. We do this by having in place a range of appropriate technical and organizational measures. These include measures to deal with any suspected data breach. If you enter payment details onto our payment pages, we encrypt the transmission of that information using secure socket layer technology (SSL) and Transport Layer Security (TLS) which is PCI DSS compliant. All call recordings that we (or our third-party service providers) collect and store are encrypted.
8 HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR?
We will not keep your Personal Data for longer than we are permitted to do so under our agreement with your organization or as is necessary for the purposes for which we have collected it unless we believe that the law or other regulation requires us to preserve it (for example, because of a request by a tax authority or in connection with any anticipated litigation) or if we require it to enforce our agreements.
When we are no longer permitted under our agreement with your organization or it is otherwise no longer necessary to retain your Personal Data, we will delete the Personal Data that we hold about you from our systems. While we will endeavour to permanently erase your Personal Data once it reaches the end of its retention period, some of your Personal Data may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, this data has been put beyond use, meaning that, while it still exists in the electronic ether, our employees will not have any access to it or use it again.
Your organization may store your Employment Information for longer periods in accordance with its own retention policies, including after your employment terminates.
All Call Recordings are stored for a maximum of three (3) years from the date of collection where after they are automatically deleted.
9 HOW CAN YOU ACCESS, AMEND OR TAKE BACK THE PERSONAL DATA THAT WE HOLD ABOUT YOU?
You have various rights in relation to the Personal Data that we hold about you. If you wish to make a request in relation to our use of your Personal Data for the purposes of providing the Services to your organization (and in respect of which we are a data processor), please contact your organization, the data controller, in the first instance to handle your request. If you contact us in respect of an Account that is linked to your employer, we may refer your request to your organization. Otherwise, please contact us and we will handle your request.
The Data Protection Legislation gives you the following rights in relation to your Personal Data:
Right to object: this right enables you to object to us processing your Personal Data
Right to withdraw consent: Where we have obtained your consent to process your Personal Data for certain activities (for example, sharing your information with a third-party application), you may withdraw this consent at any time. For certain activities this may require you having to cancel your TipHaus account due to the nature of the Service. For example, opting out of our notifications makes the TipHaus Services impossible to use.
Data Subject Access Requests (DSAR): You may ask us to confirm what information we hold about you at any time, and request us to modify, update or delete such information. You may also request a copy of the information we hold about you.
Right to erasure: You have the right to request that we "erase" your Personal Data in certain circumstances. We will try to delete your Personal Data quickly upon request and if desired make it available to you. While we will endeavour to permanently erase or return your Personal Data upon request, some of your Personal Data may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, this Personal Data has been put beyond use, meaning that, while it still exists in the electronic ether, our employees will not have any access to it or use it again. We may retain and use your Personal Data if we believe that the law or other regulation requires us to preserve it (for example, because of a request by a tax authority or in connection with any anticipated litigation) or if we require it to enforce our agreements. If your Account is connected with an organization, we shall not delete or edit your Personal Data without the approval of your organization.
Right to restrict processing: You have the right to request that we restrict our processing of your Personal Data in certain circumstances, for example if you dispute the accuracy of the Personal Data that we hold about you or you object to our processing of your Personal Data for our legitimate interests. If we have shared your Personal Data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your Personal Data.
Right to rectification: You also have the right to request that we rectify any inaccurate or incomplete Personal Data that we hold about you, including by means of providing a supplementary statement. If we have shared this Personal Data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. You may also request details of the third parties that we have disclosed the inaccurate or incomplete Personal Data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
Right of data portability: If you wish, you have the right to request that we transfer your Personal Data to another third party. To allow you to do so, we will provide you with your Personal Data in a commonly used machine-readable format so that you can transfer the data. Alternatively, we may directly transfer the Personal Data for you. This right of data portability only applies to certain types of Personal Data.
Right to lodge a complaint with a supervisory authority: You also have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.
10 HOW DO WE STORE AND TRANSFER YOUR PERSONAL DATA INTERNATIONALLY?
12 LEGAL BASES FOR US PROCESSING YOUR PERSONAL DATA
Where we process your Personal Data as a data processor on behalf of and under the instructions of your organization, your organization is responsible for ensuring that there is a legal basis for us processing your Personal Data on their behalf.
Where we process your Personal Data as a data controller, we need to ensure that there is a legal basis to justify our processing of your Personal Data . There are a number of different ways that we are lawfully able to process your Personal Data. We have set these out below.
12.1 Where processing your Personal Data is necessary for us to carry out our obligations arising from any contracts entered into between you and us
12.2 Where processing your Personal Data is within our legitimate interests
12.3 Where you give us your consent to process your Personal Data
In certain circumstances, we will seek to obtain your opt-in consent before we undertake certain processing activities with your Personal Data.
We will obtain your opt-in consent where necessary prior to sharing your Personal Data with third party applications and carrying out certain marketing activities. As and when we introduce these particular processing activities, we will provide you with more information so that you can decide whether you want to opt-in. You have the right to withdraw your consent to these activities. You can do so at any time, and details of how to do so can be found above at section 9 ("How can you access, amend or take back the Personal Data that we hold about you").
13 Children and Minors
By using our Services, you affirm that you are at least 13 years of age. In accordance with the Children's Online Privacy Protection Act (COPPA) and associated rules, we do not knowingly collect or maintain any personal information from children under 13.
14 WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA AND CONTACT INFORMATION
Your California Privacy Rights
If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit https://oag.ca.gov/privacy/privacy-laws.
Privacy Notice for California Residents
Effective Date : January 2020
Last Reviewed on: January 2020
Information We Collect
Our Website collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (” personal information ”). In particular, our website has collected the following categories of personal information from its consumers within the last twelve (12) months:
Category A : Identifiers
Examples : A real name, Internet Protocol address, email address, or other similar identifiers.
Collected : YES
Category B : Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
Examples : A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.
Collected : YES, with your consent
Category C : Protected classification characteristics under California or federal law.
Examples : Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
Collected : NO
Personal information does not include:
Publicly available information from government records.
De-identified or aggregated consumer information.
Information excluded from the CCPA’s scope, like:
health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
Use of Personal Information
We may use, or disclose the personal information we collect for one or more of the following business purposes:
To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
As described to you when collecting your personal information or as otherwise set forth in the CCPA.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
Disclosures of Personal Information for a Business Purpose
In the preceding twelve (12) months, TipHaus has not disclosed personal information for a business purpose.
Sales of Personal Information
In the preceding twelve (12) months, TipHaus had not sold personal information.
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
The categories of personal information we collected about you.
The categories of sources for the personal information we collected about you.
Our business or commercial purpose for collecting or selling that personal information.
The categories of third parties with whom we share that personal information.
The specific pieces of personal information we collected about you (also called a data portability request).
If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
sales, identifying the personal information categories that each category of recipient purchased; and
disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions, by emailing us at . Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
Debug products to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
Comply with a legal obligation.
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by sending us a message to . Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, specifically by electronic-mail communication.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Personal Information Sales Opt-Out and Opt-In Rights
While TipHaus does not sell any personal information, you have the right, if you are 16 years of age or older, to direct us to not sell your personal information at any time (the “right to opt-out”). We do not sell the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to personal information sales may opt-out of future sales at any time. To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by sending us a message to .
Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize personal information sales. However, you may change your mind and opt back in to personal information sales at any time by visiting our website and sending us a message. We will only use personal information provided in an opt-out request to review and comply with the request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send us an email to .