Kiosk, Web, and Mobile Ordering Privacy Policy
Last Revised: May 13, 2025
Effective Date: May 13, 2025
Rezku provides this privacy policy in connection with Rezku’s self-ordering kiosks, online ordering site, and mobile apps (collectively, the “Services”) on our own behalf as well as on behalf of the restaurants that purchase our Services to make them available to you. “We,” “our,” and “us,” refer collectively to Rezku and its customer restaurants.
We are committed to protecting the privacy and security of personal information and to transparency about how we process personal information (also known as personal data). This Privacy Policy sets forth our policies and practices for collecting and using personal information in connection with your use of our Services. This Privacy Policy does not address Rezku’s or its customers’ processing of personal information outside the context of these Services, but you may refer to Rezku’s main privacy policy for more information about how Rezku processes personal information outside of the context of the Services.
For purposes of this Privacy Policy, we regard personal information as any information that relates to an identified person or a reasonably identifiable person.
Within the context of the Services, this Privacy Policy explains how we process personal information on our own behalf and on behalf of our restaurant customers that offer our Services to their customers. It also explains how you can control certain uses and disclosures of your personal information. We will update this Privacy Policy from time to time, or as our privacy practices change, to ensure it accurately describes how we use your information on behalf of our customers. When we do so, we will make the updated Privacy Policy available on our kiosks and mobile apps. We recommend that you review this Privacy Policy from time to time for the latest information.
If you have any questions regarding this Privacy Policy or our use of your information, please contact us using one of the methods detailed below.
1. How we use and share personal information
We limit the collection and processing of personal information to what we or our customers need for our business purposes, as explained in the table below and the following text.
| Categories of individuals | Categories of personal information | Purposes | Sources/Methods of Collection | Categories of third-party recipients (see below) |
|---|---|---|---|---|
| Users of the Services |
|
|
|
|
| Users of the Services who choose to store their payment card information |
|
|
|
|
| Users of the Services who opt in to the use of biometric features |
|
|
|
|
Please be aware that, in connection with our Services, we use third-party tracking technologies that share personal information with third parties for analytics purposes, as described in the table above.
Please note that you may provide your mobile phone number to receive text messages with information about your order. You may also elect to receive text messages for our marketing purposes and the marketing purposes of our customers. You may opt out of marketing-related messages by replying STOP to any message. Please note that applicable data and messaging rates may apply if you provide your mobile number to receive messages.
2. Disclosure and sharing
In addition to the sharing with the third parties described in the table above, we and our customers may also share your personal information with:
- Service providers. We share your personal information with third parties that provide services to us, such as billing, data storage, quality assurance, web hosting, and marketing. We engage these kinds of third parties with contracts that require them to use your personal information only to deliver the services for which we have engaged the third party and as required by law.
- Legal compliance recipients. We disclose personal information to the courts, the government, law enforcement agencies, litigants, and similar recipients when required by law.
- Successors. We may disclose personal information associated with a part of our business to a buyer, potential buyer, or other successor to our business.
We may also disclose personal information to third parties with your consent or at your direction.
3. Security, quality, and retention
We use reasonable administrative, technical, and physical safeguards to protect personal information in our possession from misuse, interference, loss, unauthorized access, unauthorized modification, or unauthorized disclosure. While we make every reasonable effort to help ensure the integrity and security of our network and systems, you should understand that no data storage system or data transmission over the internet or any other public network can be guaranteed to be completely secure, accurate, complete, or current.
When we process your payment card information, we use encryption and otherwise comply with the Payment Card Industry (PCI) standards.
We also take reasonable steps to ensure that the personal information we collect is sufficiently accurate, up-to-date, and complete for the purposes for which we process or disclose it.
We retain personal information for as long as necessary for the purposes we use it, or for the time required by law. What is necessary depends on the context and purpose of processing. We generally consider the following factors when we determine how long to retain personal information:
- retention periods established under applicable law;
- industry best practices;
- whether the purpose of processing is reasonably likely to justify further processing;
- risks to individual privacy in continued processing;
- applicable data protection impact assessment;
- information systems design considerations/limitations; and
- the costs associated with continued processing, retention, and deletion.
With regard to the personal information we process on behalf of our customers (i.e., in our role as a “service provider” or “processor,”), we recognize our responsibility to maintain appropriate security and privacy safeguards to comply with the privacy laws and regulations that may apply to us or our customers. If you have questions about any of our customers’ processing of personal information, please contact them directly.
With regard to biometric identifiers or biometric information (collectively, “Biometric Data”), it is our policy to retain this information for two years after our last interaction with you. If you wish for us to delete this information earlier, you may contact us using the information in section 9. It is also our policy to protect Biometric Data using security safeguards that are consistent both with a reasonable standard of care within our industry and with the safeguards we use to protect our other confidential and sensitive information. In the event of a security incident that may compromise the security of biometric data, we will conduct a thorough investigation to determine whether biometric data was affected. If the incident is confirmed to have compromised the security of biometric data, we will take remedial measures to prevent further compromise. In addition, in situations where the confidentiality of biometric data is compromised, we will notify the affected individuals as required by law.
4. International users
Please be aware that your personal information will be stored and processed in your local region, the United States, and other countries where our operations are located. If we transfer personal information to the United States from another jurisdiction, we will do so in a way that complies with applicable legal requirements.
5. Children’s privacy
We are very concerned about the privacy of children. We do not knowingly process any personal information from those under the age of 13 and we have designed the Services to notify users that those under the age of 13 may not use the Services.
6. Your Privacy Rights (for California Residents)
We provide the following privacy information for residents of the State of California. (Section 7, below, describes other individuals’ privacy rights.)
A. Collection of Personal Information
The following table lists the categories of personal information we have collected in connection with the Services in the last 12 months in the fashion required by Cal. Civ. Code § 1798.130(a)(5)(B)(i).
| Category under the California Consumer Privacy Act | Specific Legal Description | Collected |
|---|---|---|
| A. Identifiers | Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers. | Yes |
| B. Customer records (as defined in Cal. Civ. Code § 1798.80(e)) | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information or health insurance information. | Yes |
| C. Protected classifications | Characteristics of protected classifications under California or federal law, such as race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information), and age over 40. | No |
| D. Commercial information | Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Yes |
| E. Biometric information | An individual’s physiological, biological, or behavioral characteristics, including DNA information that is used or is intended to be used to establish individual identity. Biometric information includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a face print, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information. | No |
| F. Usage data | Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement. | Yes |
| G. Geolocation data | Data intended to locate a customer within a geographic area. | No |
| H. Sensory data | Audio, electronic, visual, thermal, olfactory, or similar information. | Yes |
| I. Professional or employment information | Your job role, professional and educational qualifications, employment and education history, compensation information and similar data. | No |
| J. Education information | Information that is not publicly available personally identifiable information as defined in the California Family Educational Rights and Privacy Act, including education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | No |
| K. Inferences | Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | Yes |
B. Collection of Sensitive Personal Information
As required by Cal. Civ. Code § 1798.100(a)(2), we disclose that we process the following categories of Sensitive Personal Information:
| Category | Purpose | Sold or Shared |
|---|---|---|
| A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account. | Processing payments (and, where applicable, refunds and adjustments) for orders | No |
| Biometric information for the purpose of uniquely identifying a consumer. | User identification and security | No |
C. Disclosure of Personal Information for a Business Purpose
As required by Cal. Civ. Code § 1798.130(a)(5)(C), the following table lists the categories of personal information that we have “sold” or “shared for cross-context behavioral advertising” with third parties or disclosed for our business purposes in the past twelve months.
| Category under the California Consumer Privacy Act | Sold or Shared in the Last 12 Months | Disclosed for a Business Purpose in the Last 12 Months |
|---|---|---|
| A. Identifiers | No | Yes |
| B. Customer records (as defined in Cal. Civ. Code § 1798.80(e)) | No | Yes |
| C. Protected classifications | Not collected | No |
| D. Commercial information | No | Yes |
| E. Biometric information | No | Yes |
| F. Usage data | No | Yes |
| G. Geolocation data | Not collected | No |
| H. Sensory data | No | Yes |
| I. Professional or employment information | Not collected | No |
| J. Education information | Not collected | No |
| K. Inferences | Not collected | No |
To understand more about the purposes for which we collect personal information, see section 1, above.
D. Your Rights
If you are a California resident, California law gives you several rights relating to your personal information, including:
- the “right to know,” meaning the right to request any or all of the following:
- the specific pieces of personal information we collected about you;
- the categories of personal information we collected;
- the categories of sources used to collect the personal information;
- the business or commercial purposes for collecting your personal information; and
- the categories of third parties with whom we have shared your personal information;
- the right to request deletion of your personal information that we collected;
- the right to have someone you authorize exercise your rights on your behalf;
- the right to opt out of “sale” (as that term is defined in the law) or the sharing of personal information for cross-contextual behavioral advertising purposes (please note, however, that we do not sell or share personal information);
- the right to request the correction of errors or inaccuracies in your personal information;
- the right to restrict the processing of sensitive personal information to uses which are necessary to perform the Services or provide the goods reasonably expected by an average consumer or for specific other purposes explicitly permitted by law; and
- the right not to be discriminated against for exercising these rights.
E. Appeal process
You may appeal our decision concerning your request to exercise these legal rights. You may contact us to submit such an appeal using the contact information below. You must include sufficient information to allow us to verify your identity, reference the date and time of your previous request to exercise your legal rights, and explain why you believe our decision was insufficient or improper. We will respond to your appeal in accordance with the timelines required by applicable law.
F. Opting out of the Sale or Sharing of Personal Information
Although California law gives you the right to opt out of the selling or sharing of your personal information for cross-contextual behavioral advertising purposes, we do not sell or share personal information for cross-contextual behavioral advertising purposes in connection with the Services.
G. Exercising Your Other Rights
You may exercise these rights by contacting us per the directions in section 9, below.
Please note that we may take steps to verify your identity before granting you access to information or acting on your request to delete your information. You may designate an authorized agent to make a request to know or request to delete on your behalf. An agent may be an individual or a business entity registered with the California Secretary of State. To designate an authorized agent, you must provide the agent with written permission to submit the request. We may still require you to verify your identity directly as the law permits. We may refuse a request if the agent does not provide adequate proof of their authorization.
We may not discriminate against you for exercising your rights. This means that we may not deny you services, charge you different prices or rates for service, or provide you with a different level or quality of service (or suggest that we will do so) in response to such a request made under California law. However, as permitted by law, we may charge different prices or rates, or provide a different level or quality of services, where that difference is reasonably related to the value provided to us by your personal information.
H. Shine the Light
California’s “Shine the Light” law, Cal. Civ. Code § 1798.83, entitles California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. Inquiries regarding our sharing of personal information with third parties may be directed to us using the contact information in section 9, below.
7. Your privacy rights (for residents of jurisdictions other than California)
Depending on the law in your legal jurisdiction, you may have certain rights regarding your personal information under the law. To exercise your rights, please submit a request by contacting us through any of the means outlined in section 9, below.
Your rights may include the following:
- the right to opt out of the use of personal information for targeted advertising, personal information sales, or profiling resulting in significant consequences;
- the right to confirm whether we process your personal information and to access a copy (from which we may, for security purposes, exclude certain personal information), including a copy that is in a portable data format;
- the right to the correction of inaccurate personal information;
- the right to the deletion of your personal information;
- the right not to be discriminated against for exercising any of these rights;
- the right to appeal the action we take in response to any request to exercise these rights; and
- the right to ask us to note a dispute about your personal information in our files and to advise third parties where appropriate.
Although you may also have certain rights to limit our processing of your sensitive personal information, please note that we do not process the kinds of personal information that are generally considered sensitive in connection with the Services except after we have obtained your consent for such processing.
Only you or someone legally authorized to act on your behalf may make a request related to your personal information. We will verify that any requests from persons other than you have your legal authorization. You may also make a request on behalf of your child.
Your request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or a legally authorized representative; and
- Describe your request with sufficient detail so that we can understand, evaluate, and respond to it appropriately.
You may also appeal our decision on your request using the contact information below. When you contact us to appeal, please tell us why you believe we erred in responding to your request. We will respond to your appeal in accordance with the timelines set forth in applicable law.
Consumer Health Data Privacy Policy
This section provides information about our processing of consumer health data.
A. Our Consumer Health Data Processing
| Categories of individuals | Categories of consumer health data | Purposes | Sources and methods of collection | Categories of third-party recipients |
|---|---|---|---|---|
| Users of the Services |
|
|
|
|
Please note that we do not sell consumer health data or share consumer health data with any affiliates.
B. Your Consumer Health Data Rights
Depending on the law in your legal jurisdiction, you may have certain rights regarding your consumer health data under the law. To exercise your rights, please submit a request by contacting us through any of the means outlined in section 9, below. These include the right to withdraw your consent to processing, request the deletion of your consumer health data, and confirm whether we collect, share, or sell your consumer health data. To exercise these rights, you can contact us using the contact information in Section 9 below. When you contact us, please identify yourself and describe your request with sufficient detail so that we can understand, evaluate, and respond to it appropriately.
Only you may make a request related to your consumer health data. We will verify your identity before processing any request.
You may also have the right to appeal the action we take in response to your request and may do so using the contact information below. When you contact us to appeal, please tell us why you believe we did not properly respond to your request. We will respond to your appeal in accord with the timelines set forth in applicable law.
You also have the right to be free of discrimination for exercising your legal rights regarding your consumer health data and we do not discriminate on that basis.
9. Contacting Us
To exercise your rights or for other privacy-related inquiries, please contact us at support@rezku.com or by writing us at Guest Innovations, Inc., 2480 Natomas Park Drive, Suite 200, Sacramento, CA 95833.