Privacy Policy

Last Updated: June 17, 2019

Your privacy is important to us. Boonli, LLC, a California company (“Boonli”, “we” or “us”), operates a meal ordering and payment solution (the “Service”) through the website https://boonli.com/ and other co-branded sites with the boonli.com extension (collectively, the “Site”). This Privacy Policy (the “Policy”) describes how we collect, store, use and disclose information collected through the Site. The Policy also describes the choices you have with regards to your personal information. By accessing the Site or utilizing the Services, you consent to the information collection and handing practices outlined in this Policy. This Policy does not apply to third party sites or services that may collect information for their own purposes using our platforms.

We may update this Policy from time to time. We post the effective date of this Policy above. We encourage you to check this Site frequently to see the current Policy and Terms of Use in effect and any changes that may have been made to them. If we make material changes to this Policy, we will post the revised Policy and the revised effective date on this Site. YOUR CONTINUED ACCESS AND USE OF THE SITE, OR OUR SERVICES FOR THIRTY (30) DAYS FOLLOWING ANY POSTED CHANGES TO THIS PRIVACY POLICY, MEANS YOU AGREE TO BE LEGALLY BOUND BY BOTH THIS PRIVACY POLICY AND OUR TERMS OF USE. IF YOU DO NOT AGREE TO THE TERMS OF THIS PRIVACY POLICY, DO NOT USE THE SITE OR OUR SERVICES OR PROVIDE ANY INFORMATION TO US.

This Policy forms part of our Boonli End User Agreement.

What information do we Collect?

Boonli collects information either directly from you when you communicate information to us, indirectly by your interactions with the Site, or from third party servicers.

You have choices about the information we collect. When you are asked to provide us with personal data, you may decline. If you choose to not provide us with the information necessary to make the Services available to you, you may not be able to sign up for an account or use the Services.

The information we collect about you may include but is not limited to:

First and last name;

Full residential address;

Phone number;

Email address;

End User name(s);

End User date of birth; (optional)

Gender;

Cookies;

IP address;

Browser type and version;

Device information;

Account information;

Meal or other expenses; and

Meal or other service preferences.

If you connect with us via social media, such as Facebook or Twitter, we may collect additional information about you and your connections if you authorize us to do so by providing the necessary consents.

When do we disclose your data?

Our Site and Services are designed to share certain information about end users with school, company, administrators or food vendors or others, as applicable. The information we share about you is shared only to the extent reasonably necessary to support the performance of the Services. Through the use of the Site and the Services, you agree to the disclosure of this information by us as applicable. We do not disclose your personal information with any other third parties other than as described in this Policy. Please note that we do not maintain control over the privacy policies and practices of any third-party company.

We will not use or disclose your information for purposes other than those for which it is collected, except with your consent or as required or permitted by law.

We may reveal personally identifiable information about you to affiliated and unaffiliated third parties: (1) if you request or have consented to it; (2) if the information is provided to help complete a transaction for you; (3) if the information is provided to comply with the law, applicable regulations, court orders or subpoenas, to enforce our Terms of Use or other agreements, or to protect our rights, property or safety or the rights, property or safety of our users or others; (4) if the disclosure is done as part of a purchase, transfer or sale of services or assets or in the case of bankruptcy or reorganization (e.g., in the event that some or all of our assets are acquired by another party, customer Services information may be one of the transferred assets); (5) in an emergency to protect the health personal safety of Boonli employees, its customers or the general public; (6) to protect the rights and property of Boonli, including both intellectual property and physical systems infrastructure or (7) as otherwise described in this Policy.

The Service may contain links to sites that are owned and operated by third parties. If you click a third-party link, you will be directed to that third party's site. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services. Any time you access a third-party website, you will be subject to the terms of their applicable privacy policies. We strongly advise you to review the privacy policy of every site you visit.

Cookies and Usage Data

We use cookies and similar tracking technologies to track the activity on our Service and to understand how the Service is accessed and used. The types of cookies we use include session, preference and security cookies.

Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies such as beacons, tags and scripts are used to collect and track information.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some or all of our Service.

Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. The data collected is used to track and monitor the use of the Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please refer to the Google Privacy Terms.

Withdrawal, Access and Retention of Data

If you wish to withdraw from our Services, you can do so by contacting us at the address indicated below. This will terminate your participation in the Services. You will no longer be able to use the Services and information in your Services account may be deleted. Any data concerning your past transactions or account activity will no longer be available to you and will stored in a secure manner. We are legally required to keep a backup copy of such data for seven (7) years after the transaction was completed and we may also use that information for a time following termination to manage risks in our delivery of the Services. Thereafter, the copies of data you have provided in connection with any transaction you complete from the use of the Services are removed from our secure storage and securely destroyed.

We will retain personal information only as long as necessary for the fulfillment of the purposes identified in this Policy, to the extent necessary to comply with our legal obligations, to resolve disputes and to enforce our legal agreements and policies. Personal information that is no longer required to fulfill such purposes are destroyed or anonymized.

To access and review your information, make any changes or corrections or to request that we remove your information please contact us at the address below. To protect your privacy and to comply with federal regulations, we will need to verify your identity before you update or review your information. Any changes will affect only future uses of your information.

Storage and Transfer of Data

We may store or transfer your information outside of your state, or the United States on computers or in a cloud-computing service that is protected by commercially reasonable security systems. By submitting your personal information, you agree to the transfer, storing, or processing in destinations inside or outside the United States. We may transfer personal data to recipients in countries other than the country in which the data was originally collected, including the United States. These countries may have different data protections rules than the United States. We will take measures to ensure that any such transfers comply with the applicable data protection laws and that your personal information data remains protected to the standards described in this Policy.

Boonli will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy and no transfer of your information will take place unless there are adequate controls in place including the security of your data and other personal information.

By providing your information to us, you expressly agree to the above described cross border transmission of information and manner of transmission. Your email transmissions and other communications containing information may be unlawfully intercepted or accessed by third parties and/or the Site and the Services may be subject to hostile network attacks or administrative errors.

Security

The security of your data is important to us. We have physical, administrative, technical and organizational security measures in place in our physical facilities and in our computer systems, databases, and communications networks that are designed to reasonably protect information contained within our facilities or systems from accidental loss, damage, destruction, misuse or alteration appropriate to the sensitivity of the information.

Boonli uses Comodo CA Limited SSL/TLS certificates, which provide 256-bit encryption to protect the personal information stored on our servers hosted in the Amazon Cloud (excluding credit card data which if saved, is secured with a Level 1 PCI Compliant Gateway). For payment processing security information please visit https://www.boonli.com/security.

The safety and security of your information also depends on you. Where we have given you, or where you have chosen a password to access certain parts of the Services, you are responsible for keeping the password and login credentials secure. We ask that you not share your password or login credentials with anyone.

Remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. Any transfer of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Site.

FOR THE AVOIDANCE OF DOUBT, WE EXPRESSLY DISCLAIM ANY RESPRESENTATION OR WARRANTY, WHETHER EXPRESS OR IMPLIED, WITH RESPECT TO ENSURING, GUARANTEEING OR OTHERWISE OFFERING ANY DEFINITIVE PROMISE OF SECURITY IN CONNECTION WITH YOUR INFORMATION, INCLUDING PERSONAL INFORMATION THROUGH THE SITE.

"Do Not Track" Signals under the California Online Protection Act (CalOPPA)

We do not support or respond to browser Do Not Track ("DNT") signals. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

Third Party Payment Processing

Within the Service or on the Site, Boonli may offer paid products and/or services. To process payments for the offered paid products and services, we use a third-party payment processor. Boonli does not collect or store your payment card information, it is provided directly to the third-party payment processor. All other references to use or sharing of information in this Policy shall exclude payment information. The collection, use, and storage of payment card information is governed by the practices and policies of the third party payment processor.

Protecting Children's Privacy

Except to the extent that is absolutely necessary, the Service is not designed nor intended to be attractive to be used by people under the age of 18 (“Children”). We do not knowingly collect personal information from anyone under the age of 18. However, in certain situations in order to property provide the Services, we do collect limited information (such as name and date of birth) of Children by their parent or guardian who is the user of the Service. This information is not shared with any third parties except those needed for the provision of the Service outlined in this Policy.

Children’s personal data will not be used for targeted advertising by Boonli or any of its affiliates. Boonli does not rent, sell or otherwise provide access to student personal data to third parties for marketing or advertising purposes.

Parents have the right to access their child’s information and have it deleted by contacting us. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.

Your Data Protection Rights under the General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights under GDPR. Boonli makes the reasonable effort to comply with GDPR. Boonli’s basis of collecting, storing, transferring, using and disclosing your personal information as described in the Policy depends on the information collected and the context of collection.

Boonli takes reasonable steps to allow you to correct, amend, delete or limit the use of your personal information. Boonli may process your personal data as previously outlined in this policy.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

Data Protection Rights

You can view, access, edit, delete or request a copy of your personal data we have on you within your account settings. If you are unable to perform these actions within your account settings, require assistance or would like to request a copy of your data, please contact us at the address below.

You have the right to rectify any information is inaccurate or incomplete. Your personal data can be modified in your account settings. If any information that has been provided is no longer correct, it is your responsibility to contact us to update this information.

You have the right to request that we delete your personal data by emailing us a request with the subject line “Please delete my personal data”. Please be aware that we require certain information about you in order to make the Services available to you. This means, that if you want to delete any of these critical pieces of personal data, you may be required to delete your account and no longer be able to access the Services.

You have the right to object to our processing of your personal information. You have the right to request that we restrict the processing of your personal information. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format. You also have the right to withdraw your consent at any time where Boonli relied on your consent to process your personal information.

We will use reasonable efforts to respond to your requests within 30 days of our receipt of your request. Please note that we may ask you to verify your identity before responding to such requests.

Contacting Us

If you have any questions, concerns, complaints or suggestions with respect to this Policy, or if you wish to ask us to delete, correct or show you your personal information, please contact us at support@boonli.com with the subject line “Privacy Policy Notice”. We investigate all complaints, comments and requests and will generally respond within 30 days of receipt of your message.

Please note that when you send us a message you will be providing us with personal information, including your email address, name, and any other information provided in the message. In come cases, additional personal information may be needed in order to answer your questions, concerns or requests. Such information will be handled in accordance with this policy.