Black Tap Privacy Policy

Effective Date: November 27, 2023.

1. Introduction.

This Privacy Policy describes how Black Tap (“Black Tap,” “we,” “our,” or “us”) collects, uses, and discloses information about you as well as your rights and choices regarding such information. For purposes of this Privacy Policy, unless otherwise stated, “information” or “personal information” means information relating to an identified or identifiable individual, and does not include aggregate information or information that does not identify you.

This Privacy Policy applies to information we collect where we control the purposes and means of processing. Specifically, it applies to information we collect through any of our websites, emails, and other online services that link to this Privacy Policy (the “Service”) as well as any offline locations that make this Privacy Policy available to you. It does not apply to information collected by third parties or information collected in the context of your employment with us.

Please note that your use of the Service is also subject to our Terms of Use.

Some regions provide additional rights by law. For region-specific terms, see below.

• California
• Nevada
• European Economic Area, Switzerland, and United Kingdom

For our contact details, see the Contact Us section below.

2. How We Collect Information.

We collect information about you in a variety of contexts. Please see below for details.

a. Information You Provide through the Service.

When you use the Service, you may be asked to provide information to us, such as when you make a purchase, sign-up for our newsletters, participate in a promotion, or contact support. The categories of information we collect include:

• Contact Identifiers, including your name, email address, postal address, and phone number.

• Characteristics or demographics, including your age, gender, and country.

• Commercial or transactions information, including records of products or services you purchased, obtained, or considered.

• Payment information, including your payment instrument number (such as a credit or debit card number), expiration date, and security code as necessary to process your payments. This information is processed by our payment processors.

• User-generated content, including content such as text or images you include in any messages you send to us (such as feedback or questions).

• Professional, employment, or education-related information, including your employment and work history, transcripts, writing samples, references, and other information necessary to consider you for a job.

Please do not provide any information that we do not request.

b. Information from Your Browser or Device.

When you use the Service, we and third parties we work with automatically collect information from your browser or device. The categories of information we automatically collect include:

• Device identifiers, including your device’s IP address.

• Device information, including your device’s operating software and browser (e.g., type, version, and configuration), internet service provider, and regional and language settings.

• Internet activity, including information about your browsing history and interactions, such as the features you use, pages you visit, content you view, time of day you browse, and referring and exiting pages.

• Non-precise location data, such as location derived from an IP address or data that indicates a city or postal code level.

This information is automatically collected through cookies and other tracking technologies incorporated into our Service, as described below:

• Cookies. Cookies are small text files which are placed on your browser when you visit a website, open or click on an email, or interact with an advertisement. Our Service uses session cookies (which expire when you close your browser) and persistent cookies (which expire at a set expiration date or when you manually delete them). We incorporate both first party cookies (which are cookies served directly by us) and third party cookies (which are cookies served by third parties we work with). We use cookies for a variety of purposes, including to help make our website work, personalize your browsing experience, prevent fraud and assist with security, perform measurement and analytics, and provide advertising (including targeted advertising).

• Pixels. Pixels (also known as web beacons) are code embedded within a service. There are various types of pixels, including image pixels (which are one-pixel transparent images) and JavaScript pixels (which contain JavaScript code). Pixels are often associated with cookies and are used for similar purposes. When you access a service that contains a pixel, the pixel may permit us or a third party to drop or read cookies on your browser, or collect other information about your browser or device.

For details on your rights and choices around cookies and other tracking technologies, see the Your Rights and Choices section below.

c. Information When You Visit Our Stores.

We collect information offline from you when you visit or our stores, which may include: your name (such as when you add your name to a waitlist for a table), your order information, payment information (which will be handled by our payment processors), your email and phone number, optional survey information regarding your experience at our restaurants in exchange for a free item on a subsequent visit.

d. Information from Other Sources.

We also collect information from other sources. The categories of sources from which we collect information may include:

• Business partners that offer co-branded services, sell or distribute our products, or engage in joint marketing or promotional activities.

• Third party vendors and related parties we work with in connection with receiving analytics, advertising, security, and fraud prevention services.

• Social media platforms with which you interact. For example, when you “like,” “follow”, or otherwise engage with our content on social media (such as through our brand pages or in direct messages), we may collect information such as your contact identifiers and any comments you provide. If you publicly reference our Service on social media (such as by using a hashtag associated with us in a tweet or post), we may use your reference on or in connection with our Service.

• Data providers, such as licensors of private and public databases.

• Public sources, including where information is in the public domain.

e. Information We Infer.

We infer new information from other information we collect, including using automated means to generate information about your likely preferences or other characteristics.

f. Sensitive Information.

To the extent any of categories of information we collect are sensitive categories of information under applicable law, we process such information only for the limited purposes permitted by applicable law. We do not sell or use sensitive categories of information for purposes of targeted advertising or to make inferences.

3. How We Use Information.

We collect and use information in accordance with the practices described in this Privacy Policy. Our purposes for collecting and using information include:

• Providing services. We use information to provide services to you, including to operate the Service, and provide support.

• Personalizing your experience. We use information to personalize your experience and show you content we believe you will find interesting.

• Research and development. We use information for research and development purposes, including to improve our services and make business and marketing decisions.

• Communications. We use information to communicate with you about updates, security alerts, changes to policies, and other transactional messages. We also use information to personalize and deliver marketing communications to you. Communications may be by email, text, or telephone.

• Analytics. We use information to understand trends, usage, and activities, for example through surveys you respond to and tracking technologies that we incorporate into the Service (such as Google Analytics).

• Advertising. We work with agencies, ad networks, technology providers, and other third parties to place ads about our products and services on other websites and services. For example, we place ads through Google and Facebook that you may view on their platforms as well as on other websites and services. As part of this process, we incorporate tracking technologies into our own Service as well as into our ads displayed on other websites and services. Some of these tracking technologies may track your activities over time and across non-affiliated services and obtain or infer information about you for purposes of showing you relevant advertising based on your preferences and interests (“targeted advertising”). We may also use audience matching services (which is a type of targeted advertising) to reach people (or people similar to people) who have visited our Service or are identified in one or more of our databases (“Matched Ads”). This is done by us providing a list of hashed email addresses to a third party or incorporating a pixel from a third party into our own Service, and the third party matching common factors between our data and their data. For instance, we may incorporate the Facebook pixel on our Service and may disclose your hashed email address to Facebook as part of the use of Facebook Custom Audiences.

• Promotions. When you voluntarily enter a promotion, we use information as set out in the official rules that govern the promotion as well as for administrative purposes and as required by law. By entering a promotion, you agree to the official rules that govern that promotion, and that, except where prohibited by applicable law, we, the sponsor, and related entities may use your name, voice and/or likeness in advertising or marketing materials.

• Security and enforcement. We use information to prevent, detect, investigate, and address fraud, breach of policies or terms, or threats or harm.

• Recruitment. We use information to make decisions about recruiting and in anticipation of a contract of employment.

• At your direction or with your consent. We use information for additional purposes where you direct us to use it in a certain way or with notice to you and your consent.

Sometimes we aggregate or de-identify information so it is no longer considered personal information. We may use non-personal information for any purpose to the extent permitted by applicable law. For details on your rights and choices around use of your information, see the Your Rights and Choices section below.

4. How We Disclose Information.

We disclose the information we collect in accordance with the practices described in this Privacy Policy. The categories of persons to whom we disclose information include:

• Service providers. Many of the third parties we work are service providers that collect and process information on our behalf in accordance with this Privacy Policy. Service providers perform services for us such as payment processing, data analytics, marketing and advertising, website hosting, and technical support. To the extent required by law, we contractually prohibit our service providers from processing information they collect on our behalf for purposes other than performing services for us, although we may permit them to use non-personal information for any purpose to the extent permitted by applicable law.

• Third party vendors and related parties. Some of the third parties we work with to perform services act as our service providers in some contexts, but in other contexts independently control the purposes and means of processing your information. For example, we disclose information to ad networks, technology providers, and other third parties that help provide targeted advertising, but may also use information for their own purposes. For these third parties, we encourage you to familiarize yourself with and consult their policies and terms of use.

• Business partners. We disclose information to our business partners in connection with offering co-branded services, selling or distributing our products, or engaging in joint marketing or promotional activities.

• Affiliates. We disclose information to our affiliates and related entities, including where they act as our service providers subject to this Privacy Policy or use the information in accordance with their own privacy policies.

• Recipients in a merger or acquisition. We disclose information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another business.

• Recipients for security and enforcement. We disclose information to comply with the law or other legal process, and where required, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We also disclose information to protect the rights, property, life, health, security and safety of us, the Service or anyone else.

• Recipients at your direction or with your consent. We disclose information where you direct us to or with notice to you and your consent.

Sometimes we aggregate or de-identify information so it is no longer considered personal information. We may disclose non-personal information for any purpose to the extent permitted by applicable law. For details on your rights and choices around disclosure of your information, see the Your Rights and Choices section below.

5. Your Privacy Choices.

We provide a variety of ways for you to control the information we process about you. Please see below for details.

a. Communications.

• Emails. You can unsubscribe from receiving promotional emails by following the unsubscribe instructions near the bottom of such emails. Please note that you cannot opt out of transactional messages.

Please note that your opt out is limited to the email address used and will not affect subsequent subscriptions.

b. Region-Specific Rights.

Some regions provide additional rights by law, as described in our region-specific terms. This subsection details how you may exercise some of those rights to the extent they apply to you.

• Data subject requests. To access, correct, delete, or exercise similar rights available to you in your region with respect to your information, please submit a request through our form here or call our toll-free number at (833) 980-7100.

• Opt-out of sales, shares, and targeted advertising. To opt-out of sales or shares (as those terms are defined by applicable law), or the processing of information for targeted advertising purposes, click “Your Privacy Choices” at the bottom of this page or turn on a recognized opt-out preference signal, such as Global Privacy Control, in your browser or extension. Please note that when you submit an opt-out through either method we do not know who you are within our systems, and your opt-out will apply only to information collected from tracking technologies on the specific browser from which you opt-out or, where required by law, to any pseudonymous profiles we may maintain associated with your browser or device. If you delete or reset your cookies, or use a different browser or device, you will need to reconfigure your settings. If you want the opt-out to apply to information we have about you in our systems, such as your email address, please send an email to privacy@blacktapnyc.com.

c. Browser and device controls.

• Cookies and Pixels. You may be able to manage cookies through your browser settings. When you manage cookies, pixels associated with such cookies may also be impacted. Please note that cookie management only applies to our website. If you use multiple browsers, you will need to instruct each browser separately. If you delete or reset your cookies, you will need to reconfigure your settings. Your ability to limit cookies is subject to your browser settings and limitations.

• Preference signals. Your browser or extension may allow you to automatically transmit Do Not Track and other preference and we do not respond to such signals except where required by law.

• Third party opt-out tools. Some third parties we work with offer their own opt-out tools related to information collected through cookies and pixels. To opt out of your information being used by Google Analytics, please visit https://tools.google.com/dlpage/gaoptout. We are not responsible for the effectiveness of any third party opt-out tools.

• Industry opt-out tools for targeted advertising. Some of the third parties we work with participate in programs that allow you to opt-out of receiving targeted advertising from participants. To opt-out of receiving targeted advertising from participants of the Digital Advertising Alliance (“DAA”) on your browser, visit https://www.aboutads.info/choices. To opt-out of receiving targeted advertising from participants of the Network Advertising Initiative (“NAI”) on your browser, visit https://www.networkadvertising.org/choices/. If you choose to opt-out of targeted advertising through these links, you should no longer see targeted advertising from the selected participants on the browser or device from which you opted-out, but the opt-out does not mean that the participants will not process your information for targeted advertising purposes or that you will not receive any advertising. We are not responsible for the effectiveness of any third party opt-out tools.

d. Matched Ads.

To opt out of us disclosing your hashed email address to third parties for Matched Ads purposes, please contact us as set forth in the Contact Us section below and specify that you wish to opt out of Matched Ads. We will remove your email address from any subsequent lists disclosed to third parties for Matched Ads purposes.

6. Children.

The Service is not directed toward children under 13 years old, and we do not knowingly collect personal information (as that term is defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) from children. If you are a parent or guardian and believe we have collected personal information from children, please contact us as set out in the Contact Us section below. We will delete the personal information in accordance with COPPA.

7. Data Security.

We implement and maintain reasonable administrative, physical, and technical security safeguards to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of information about you.

8. Retention.

We retain information for the length of time that is reasonably necessary for the purpose for which it was collected, and as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.

9. International Transfer.

We are based in the U.S. If you are located outside the U.S., please be aware that your information may be transferred to and processed in the U.S. or another country where we operate. Where required by applicable law, we will provide appropriate safeguards for data transfers, such as through use of standard contractual clauses.

10. Changes to this Privacy Policy.

We reserve the right to revise and reissue this Privacy Policy at any time. Any changes will be effective immediately upon posting of the revised Privacy Policy. Your continued use of our Service indicates your consent to the Privacy Policy then posted. If the changes are material, we may provide additional notice to you, such as through email or prominent notice on the Service.

11. Contact Us.

If you have any questions about or trouble accessing this Privacy Policy, please contact us:

By email:
privacy@blacktapnyc.com

12. California.

These additional rights and disclosures apply only to California residents. Terms have the meaning ascribed to them in the California Consumer Protection Act as amended by the California Privacy Rights Act (“CPRA”), unless otherwise stated.

a. Notice at Collection.

At or before the time of collection of your personal information, you have a right to receive notice of our data practices. Our data practices are as follows:

• For the categories of personal information we have collected in the past 12 month, see the How We Collect Information section above.
• For the categories of sources from which personal information is collected, see the How We Collect Information section above.
• For the specific business and commercial purposes for collecting and using personal information, see the How We Use Information section above.
• For the categories of third parties to whom information is disclosed, see the How We Disclose Information section above.
• For the criteria used to determine the period of time information will be retained, see the Retention section above.

We do not sell your personal information as that term is traditionally understood. However, some of our disclosures of personal information may be considered a “sale” or “share” as those terms are defined under the CPRA. A “sale” is broadly defined under the CPRA to include a disclosure for something of value, and a “share” is broadly defined under the CPRA to include a disclosure for cross-context behavioral advertising. We collect, sell, or share the following categories of personal information for commercial purposes: contact identifiers, characteristics or demographics, commercial or transactions information, user-generated content, device identifiers, device information, internet activity, non-precise geolocation data, and inferences drawn from any of the above. The categories of third parties to whom we sell or share your personal information include, where applicable, vendors and other parties involved in cross-context behavioral advertising. For details on your rights regarding sales and shares, see the Right to Opt-Out of Sales and Sharing section below. We do not knowingly sell or share the personal information of minors under 16 years old who are California residents.

To the extent any of the personal information we collect is considered sensitive personal information, we collect, use, and disclose such sensitive personal information only for the permissible business purposes for sensitive personal information under the CPRA or without the purpose of inferring characteristics about consumers. We do not sell or share sensitive personal information.

b. Rights to Know, Correct, and Delete.

You have the following rights under the CPRA:

• The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purposes for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about you.
• The right to correct inaccurate personal information that we maintain about you.
• The right to delete personal information we have collected from you.

To exercise any of these rights, please follow the instructions for data subject requests in the “Your Privacy Choices” section above. Please note these rights are subject to exceptions. We will confirm receipt of your request within 10 business days and respond to your request within 45 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your request.

c. Right to Opt-Out of Sales and Sharing.

To the extent we sell or share your personal information as those terms are defined under the CPRA, you have the right to opt-out of the sale or sharing of your personal information. To exercise this right, please follow the instructions for opting out of sales, shares, and targeted advertising in the “Your Privacy Choices” section above.

d. Authorized Agent.

You can designate an authorized agent to submit requests on your behalf. Requests must be submitted through the designated methods listed above. Except for opt-out requests, we will require written proof of the agent’s permission to do so and may verify your identity directly.

e. Right to Non-Discrimination.

You have the right not to receive discriminatory treatment by us for the exercise of any your rights.

f. Financial Incentives.

We offer incentives to consumers who sign up for our email list and provide their personal information to us. The categories of personal information we collect in connection with this program include emails and names in exchange for a free shake, burger, appetizer, or other menu item.

Under CPRA, our loyalty program may be considered a financial incentive. We value each consumer’s personal information associated with the loyalty program at approximately $5-$30, depending on the price of the menu item given in exchange for signing up for our email list.

You can opt-in to this program by clicking on the corresponding advertisement on social media, or wherever such incentives are linked or made available, and entering your email and other requested personal information. You have the right to withdraw at any time by unsubscribing from our marketing emails.

g. Shine the Light.

Under California’s Shine the Light law, customers who are residents of California may request (i) a list of the categories of personal information disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To exercise a request, please write us at the email or postal address set out in the Contact Us section above and specify that you are making a “California Shine the Light Request.” We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.

13. Nevada.

We do not sell and will not sell your covered information (as those terms are defined by NRS 603A.340).

14. European Economic Area, Switzerland, and United Kingdom

These additional disclosures and rights apply only to individuals located in the European Economic Area, Switzerland, or the United Kingdom (collectively, “Europe”). Terms have the meaning ascribed to them in the General Data Protection Regulation (“GDPR”).

Roles.

Black Tap acts as a controller with respect to personal data collected as you interact with our Service.

Lawful Basis for Processing.

Data protection laws in Europe require a “lawful basis” for processing personal data. Our lawful bases include where: (a) you have given consent to the processing for one or more specific purposes, either to us or to our service providers or partners; (b) processing is necessary for the performance of a contract with you; (c) processing is necessary for compliance with a legal obligation; or (d) processing is necessary for the purposes of the legitimate interests pursued by us or a third party, and your interests and fundamental rights and freedoms do not override those interests. Where applicable, we will transfer your personal data to third countries subject to appropriate or suitable safeguards, such as standard contractual clauses.

Your Rights.

You have the right to access, rectify, or erase any personal data we have collected about you. You also have the right to data portability and the right to restrict or object to our processing of personal data we have collected about you. In addition, you have the right to ask us not to process your personal data (or provide it to third parties to process) for marketing purposes or purposes materially different than for which it was originally collected or subsequently authorized by you. You may withdraw your consent at any time for any data processing we do based on consent you have provided to us.

To exercise any of these rights, please follow the instructions for data subject requests in the “Your Privacy Choices” section above. We will respond to your request within 30 days. We may require specific information from you to help us confirm your identity and process your request. For details on our retention practices for personal data, see the “Retention” section above.

You also have the right to lodge a complaint with the data protection regulator in your jurisdiction.