Olo Inc. Privacy Shield Statement
Last Updated: January 17, 2020
Olo Inc. ("Olo", "us" or "we") has certified that it complies with and adheres to the Privacy Principles of the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework, as set forth by the U.S. Department of Commerce, with respect to the collection, use and retention of consumer personal data (“Personal Data”) that Olo in the US receives from the European Economic Area and Switzerland in connection with a digital ordering platform (“Services”) that Olo provides to restaurants and other food services companies.
If there is a conflict between the terms in this Privacy Shield Statement and the Privacy Principles, the Privacy Principles shall govern.
This Privacy Shield Statement explains how Olo complies with the Privacy Principles in handling Personal Data. To learn more about the Privacy Shield and to view the Olo Privacy Shield certifications, please visit: https://www.privacyshield.gov/. Personal Data does not include information that is encoded, anonymized, aggregated or publicly available information that has not been combined with non-public Personal Data.
The Privacy Principles are:
- Accountability for Onward Transfer
- Data Integrity & Purpose Limitation
- Recourse, Enforcement & Liability
Olo’s Role in Processing Personal Data
Olo offered two types of Services. First, Olo provides a white label online and mobile ordering platform that restaurants deploy under their own brands. Second, Olo provides a platform that connects restaurants with third party food delivery services.
In all cases, Olo acts as a processor on behalf of restaurants and other food services companies that use the Services. This means that Olo is a service provider that processes Personal Data on behalf of and on the instructions of our business customers. Our business customers act as data controllers. The business customers (a) determine the purposes for which Olo processes Personal Data, and (b) are responsible to consumers for the processing of the consumers’ Personal Data.
Second, in connection with Olo’s Services connecting customers to third party food delivery services, Olo requires its customers to inform their consumers of customers’ privacy practices, including Olo’s processing of Personal Data.
Olo does not use or share Personal Data in a way that would require us to offer choice to consumers.
Because Olo acts as a processor on behalf of restaurants and other food services companies that use the Services, Olo processes Personal Data only at the direction of its customers. This means that Olo does not use Personal Data for purposes other than to provide the Services. We have informed our business customers that they are responsible for providing consumers with any required privacy choices regarding Olo’s use, disclosure and other processing of Personal Data on behalf of the business customer.
We do not share Personal Data with third parties for those parties' own purposes, except as follows:
Olo may disclose Personal Data without offering individuals choice (i) if required to do so by law or legal process (such as a court order), (ii) in response to a request by law enforcement authorities, or (iii) when Olo believes disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity. Olo also reserves the right to transfer Personal Information in the event Olo sells, merges or transfers all or a portion of our business or assets.
Accountability for Onward Transfer of Personal Data
Olo may share Personal Data with third party services providers that perform services on behalf of Olo. Olo does not authorize these service providers to use or disclose the Personal Data except as necessary to perform services on behalf of Olo or Olo business customers, or to comply with legal requirements. Olo maintains contracts with these providers restricting their access, use and disclosure of Personal Data in compliance with the Privacy Principles, and requiring these providers to appropriately safeguard the privacy and security of the Personal Data they process. Olo may be liable if these third parties fail to meet those obligations, and Olo is responsible for the event giving rise to the damage. If Olo has knowledge that a third party to which it has disclosed Personal Data subject to this Privacy Shield Statement is processing such Personal Data in a way that is inconsistent with the Privacy Principles, or if Olo has knowledge that such third party is no longer capable of processing such Personal Data consistent with the Principles, Olo will take reasonable and appropriate steps to prevent or stop and remediate such processing.
Olo may also share Personal Data with third parties at the direction of and on behalf of its business customers. Olo relies on its business customers to maintain contracts with these third parties restricting their access, use and disclosure of Personal Data in compliance with the Privacy Principles, and requiring these providers to appropriately safeguard the privacy and security of the Personal Data they process.
Olo takes reasonable and appropriate measures to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration and destruction.
Data Integrity and Purpose Limitation
Olo limits the Personal Data it collects to the Personal Data that is relevant for the purpose(s) for which it is being processed. Olo does not use Personal Data for purposes incompatible with the purpose(s) for which it was collected.
In addition, Olo takes reasonable steps to ensure that the Personal Data it processes is reliable for its intended use and is accurate, complete and current.
Consumers who use the Services to place online or mobile orders may access the Personal Data that Olo maintains about them by accessing their online account or contacting us at firstname.lastname@example.org. Olo also assists its business customers in complying with access requests.
Olo may limit or deny access to Personal Data where providing such access is unreasonably burdensome or expensive under the circumstances, where the rights of persons other than the individual would be violated, or as otherwise permitted by the Privacy Principles.
Recourse, Enforcement and Liability
Olo has established procedures for periodically reviewing and verifying the accuracy of this Privacy Shield Statement, for verifying the company's implementation of and compliance with the Privacy Principles, and for remedying any issues identified during such reviews. Olo conducts an annual self-assessment of its Personal Data practices to verify that the attestations and assertions we make about our privacy practices are true, that our privacy practices have been implemented as represented, and that any identified issues have been remedied. Olo personnel with access to the Personal Data covered by this policy are responsible for conducting themselves in accordance with the policies described in this Privacy Shield Statement, the failure of which may result in disciplinary action up to and including termination.
In compliance with the Privacy Principles, Olo commits to resolve complaints about our collection or use of your Personal Data. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield Statement should first contact Olo at email@example.com. Olo has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgement of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you. If neither Olo nor JAMS resolves an individual's complaint, the individual may have the ability to engage in binding arbitration through the Privacy Shield Panel. Additional information on the arbitration process is available on the Privacy Shield website at https://www.privacyshield.gov/.
US Federal Trade Commission Jurisdiction
Olo’s commitments under the Privacy Principles are subject to the jurisdiction and the investigatory and enforcement authority of the United States Federal Trade Commission.
Olo may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
How to Contact Us
If you have any questions, comments or concerns about this Privacy Shield Statement, please contact us by email at: firstname.lastname@example.org.