PRIVACY POLICY Our Commitment to Protecting Your Privacy

Information Provided By You

We collect information you provide when you apply or sign up for our Services, go through our identity or account verification process, authenticate into your account, communicate with us for support, or otherwise use our Services.
When you are applying or signing up for our Services, the information we collect can include:

• Identification Information. Your name; email address; mailing address; phone number; birthdate; passport, driver’s license, Social Security, Taxpayer Identification, or other government-issued identification when you apply or sign up for an account or other Services, signature, and authentication credentials (for example, information you use to login to your account), including IP address.
• Financial Information. Information such as bank account, payment card numbers, and other publicly available information. We may collect information regarding credit worthiness from business partners, but not from individuals
• Transaction Information. When you use our Services to make, accept, request, or record payments, we collect information about when and where the transactions occur, the names of the transacting parties, a description of the transactions, the payment or transfer amounts, billing and shipping information, and the devices and payment methods used to complete the transactions.
• Other Information You Provide. Information that you voluntarily provide to us, which can include survey responses; participation in contests, promotions, or other prospective seller marketing forms or devices; suggestions for improvements; referrals; or any other actions performed on the Services.

You may be asked to provide some of this information anytime you are in contact with Shift4. Shift4 may share this Personal Information with its Affiliates and may use it consistent with this Privacy Policy. To provide quality service and support, Shift4 may require you to verify certain Personal Information associated with your account, and use such information to fulfill your requests, provide the relevant product or service, or for anti-fraud purposes. We may also combine it with other information to provide and improve our products, services, content, and advertising. You are not required to provide the Personal Information that we have requested, but, if you choose not to do so, in many cases we will not be able to provide you with our products or services or respond to any queries you may have.

We also automatically collect information about you from your use of our Services. The information that we can collect includes:

• Device Information. Information about your device, including your hardware model, operating system and version, device name, unique device identifier, mobile network information, and information about the device’s interaction with our Services.
• Use Information. Information about how you use our Services, including your access time, “log-in” and “log-out” information, browser type and language, country and language setting on your device, Internet Protocol (“IP”) address, the domain name of your Internet service provider, other attributes about your browser, mobile device and operating system, any specific page you visit on our platform, content you view, features you use, the date and time of your visit to or use of the Services, your search terms, the website you visited before you visited or used the Services, data about how you interact with our Services, and other clickstream data.
• Business Information. Information about products and services you sell (including inventory, pricing and other data) and other information you provide about you or your business (including appointment, staffing availability, employee, payroll and contact data). This also includes the features of your unique point-of-sale system configuration.
• Employee Information. Information provided to a Merchant using our Services.
• Customer Information. Information you collect from your customers, such as email address, phone number, and payment card information.

As a user or prospective user of our Services or as a distributor or prospective distributor, we also may collect information about you from third parties, including:

• Identification Verification. Information from third-party verification services, credit bureaus, financial institutions, mailing list providers, and publicly available sources. In some circumstances, where lawful, this information may include your government-issued identification number.
• Credit, Compliance and Fraud. Information about you from third parties in connection with any credit investigation, credit eligibility, identity or account verification process, fraud detection process, or collection procedure. This may include, where applicable, credit-related information with credit reporting agencies.

The following sections describe different ways we may use your information. We may use information about you for a number of purposes, including:

Providing, Improving, and Developing our Services

• Processing or recording payment transactions;
• Displaying your historical transaction or other historical data;
• Providing, maintaining and improving our Services;
• Developing new products and services;
• · Delivering the information and support you request or that you may require, including technical notices, security alerts, and support and administrative messages, which may be used to resolve disputes, collect fees, or provide assistance for problems with our Services or your account;
• Personalizing and facilitating your use of our Services;
• Measuring, tracking, and analyzing trends and usage in connection with your use or the performance of our Services.

Communicating with You About our Services

• Sending you information that we think you may find useful or that you have requested from us about our Services;
• Conducting surveys and collecting feedback about our Services.

Protecting our Services and Maintaining a Trusted Environment

• Investigating, detecting, preventing, or reporting fraud, misrepresentations, security breaches or incidents, other potentially prohibited or illegal activities, or to otherwise help protect your account, including to dispute chargebacks on your behalf;
• Protecting our, our customers’, or your customers’ rights or property, or the security or integrity of our Services;
• Enforcing our Terms of Service or other applicable agreements or policies;
• Verifying your identity or determining your creditworthiness;
• Complying with any applicable laws or regulations, or in response to lawful requests for information from the government or through legal process;
• Fulfilling any other purpose disclosed to you in connection with our Services;
• Contacting you to resolve disputes, collect fees, and provide assistance with our Services.

Advertising and Marketing

• Marketing of our Service;
• Communicating with you about opportunities, products, services, contests, promotions, discounts, incentives, surveys, and rewards offered by us and select partners.

We may share information about you as follows:

With Other Users of our Services with Whom You Interact

• With other users of our Services with whom you interact through your own use of our Services when such sharing is expressly indicated in product documentation as an element of the Services (e.g., when using universal tokens).

Among our Affiliates

• Information supplied to any one affiliate of Shift4 may be shared with and used by any other affiliate of Shift4 for any purpose permitted by this Policy, unless otherwise expressly and in writing agreed in a particular instance.

With Third Parties

• With third parties to provide, maintain, and improve our Services, including service providers who access information about you to perform services on our behalf (e.g., fraud prevention, identity verification, and fee collection services), as well as financial institutions, payment networks, payment card associations, credit bureaus, partners providing services on our behalf, and other entities in connection with the Services;
• With third parties that run advertising campaigns, contests, special offers, or other events or activities on our behalf or in connection with our Services.

Service Providers

• Shift4 shares Personal Information with companies who provide services such as information processing, extending credit, fulfilling customer orders, delivering Services to you, managing and enhancing customer data, providing customer service, assessing your interest in our Services, and conducting customer research or satisfaction surveys

Business Transfers and Corporate Changes

• To a subsequent owner, co-owner, or operator of one or more of the Services; or
• In connection with (including, without limitation, during the negotiation or due diligence process of) a corporate merger, consolidation, or restructuring; the sale of substantially all of our stock or assets; financing, acquisition, divestiture, or dissolution of all or a portion of our business; or other corporate change.

Safety and Compliance with Law

• If we believe that disclosure is reasonably necessary (i) to comply with any applicable law, regulation, legal process, or governmental request; (ii) to enforce or comply with our Terms of Service or other applicable agreements or policies; (iii) to protect our or our customers’ rights or property, or the security or integrity of our Services; or (iv) to protect us, users of our Services or the public from harm, fraud, or potentially prohibited or illegal activities.

With Your Consent

• With your consent. For example:
  • At your direction or as described at the time you agree to share;
  • When you authorize a third party application or website to access your information.

Aggregated and De-Identified Information

• We also may share (within our group of companies or with third parties) aggregated and de-identified information.

Shift4 security stores your Personal Information as follows:

• Shift4 online services such as the Shift4 Marketplace and the Lighthouse Transaction Manager protect your Personal Information during transit using encryption technologies required by law and by the PCI Data Security Standard. When your personal data is stored by Shift4, we use computer systems with limited access housed in facilities using physical security measures.However, when you use some Shift4 Services, or post on a Shift4 forum, the Personal Information and content you share is visible to other users and can be read, collected, or used by them. You are responsible for the Personal Information you choose to share or submit in these instances. For example, if you list your name and email address in a forum posting, that information is public. Please take care when using these features.

We generally retain your information as long as reasonably necessary to provide you the Services or to comply with applicable law or relevant industry standards.

However, even after you deactivate your account, we retain copies of information about you and any transactions or Services in which you may have participated for a period of time that is (a) authorized under the agreements we have made with you or under applicable law, (b) reasonably necessary for us to comply with applicable law, regulation, legal process, or governmental request, or (c) reasonably necessary for us to detect or prevent fraud, to collect fees owed, to resolve disputes, to address problems with our Services, to assist with investigations, to enforce our Terms of Service or other applicable agreements or policies, or to take any other actions permitted under applicable law.

In addition, for UK or EU citizens or residents, Personal Information processed by Shift4 as a data processor will be removed in accordance with the instructions of the applicable data controller, not to exceed two years except where required to be retained for longer than that by applicable law, and except in the context of a legal dispute in which the particular data is relevant.

As a UK or EU citizen or resident, you are entitled to the following:

• The right to access — You have the right to request copies of your Personal Information.
• The right to rectification — You have the right to request that any Personal Information you believe is inaccurate be corrected, and request that any incomplete Personal Information be completed.
• The right to erasure — You have the right to request that your Personal Information be erased under certain conditions.
• The right to restrict processing — You have the right to request that the processing of your Personal Information be restricted under certain conditions.
• The right to object to processing — You have the right to object to the processing of your Personal Information be restricted under certain conditions.
• The right to data portability — You have the right to request that your Personal Information be transferred to another organization, or directly to you, under certain conditions.

As a data processor, Shift4 collects and processes personal data on behalf of our clients when we provide them with services including but not limited to: IT, HBR, Lighthouse BMS, Conecto, leads management, table reservation and/or training services. As a data processor, Shift4 processes personal data on behalf of our clients or customers, in accordance with their instructions and requirements. We do not control the purposes for which personal data is collected or the legal basis for such processing, as determined by our clients or customers who act as data controllers. We process personal data solely for the purpose of providing the services requested by our clients or customers, and we do not use the data for any other purposes. It is the responsibility of our clients or customers, as data controllers, to ensure that the processing of personal data complies with applicable data protection laws, including obtaining appropriate consent, providing necessary notices, and fulfilling other obligations as data controllers. We do not bear any responsibility for the legality, accuracy, completeness, or appropriateness of the personal data provided to us by our clients or customers for processing.

Shift4 is happy to work with its clients to effectuate the protections above. Contact information for our Data Protection Officer and our Article 27 Representative may be obtained by sending an email request for such information to security@shift4.com.

Transfers of Personal Information from the EU to the U.S.

Shift4 complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. Shift4 has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Further, Shift4 is responsible for the processing of Personal Information it receives from the European Union, including any subsequent transfers to a third party acting as an agent on behalf of Shift4. Shift4 complies with the legislation for all onward transfers of personal data from the EU, including the onward transfer liability provisions.

In the course of our operations, we may need to transfer personal data to third countries located outside the European Economic Area (EEA) or other jurisdictions that may have different data protection laws. Such transfers are subject to strict compliance with applicable data protection regulations, including the implementation of robust safeguards to ensure the privacy and security of personal data during the transfer process. By using the Services, you hereby consent to the transfer of Personal Information to third countries located outside the EU.

These safeguards may include the use of standard contractual clauses approved by the European Commission, certification mechanisms (if applicable), binding corporate rules, or other appropriate legal mechanisms as required by applicable data protection laws. These measures are designed to provide an adequate level of protection for personal data and to ensure that any data transfers to third countries are carried out in accordance with the principles of data protection, including the necessity, proportionality, and lawfulness of such transfers.

It is important to note that the data protection laws in some countries may not offer the same level of protection as those within the EEA or other jurisdictions with comprehensive data protection regulations. However, we will take reasonable steps to ensure that any transfers of personal data to such countries are conducted in compliance with applicable data protection laws and with appropriate safeguards in place to protect the privacy and security of personal data.

Shift4 is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Shift4 may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Shift4 conducts business throughout the United States and complies with applicable state privacy laws, including the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act, Colorado Privacy Act, Utah Consumer Privacy Act, and Connecticut Data Privacy Act.

This Policy complies with the requirements of these privacy laws by informing you of the categories of Personal Information we collect and your privacy rights under those laws.
If you are a resident of California, Colorado, Connecticut, Utah, or Virginia, you have the right to:

• Request information about what Personal Information we collect and maintain about you and how we use that information and obtain a copy of your personal information (a “Request to Know”);
• Request that Shift4 delete your Personal Information (“Request to Delete”) or correct any inaccuracies; and
• Request to opt out of sharing, selling, or otherwise disclosing your data with third-parties (“Request to Opt-Out”) (Shift4 does not sell your data to third-parties.)

You may submit any of the above Requests by contacting us by phone, email, or physical address indicated below in this Privacy Policy for Privacy Questions. When you submit any of the above requests, we may ask you to provide certain pieces of information in order to verify your identity. Upon receiving your request, Shift4 will take reasonable steps to verify your identity and respond to a request by: (a) providing the requested information; or (b) explaining why Shift4 is not required to provide the requested information or take the requested action. We will not discriminate against you for exercising your privacy rights.

If you are resident of Nevada, you may submit a verified request to us that we not make any sale (as defined under Nevada Revised Statute 603A.333) of any covered information that we have collected or will collect about you. However, please note that Shift4 does not sell your Personal Information.

All terms used in this section pertaining to the privacy rights of California residents have the definitions given to them in the California Consumer Privacy Act of 2018 (“CCPA”), the California Privacy Rights Act of 2020 (“CPRA”), unless otherwise clearly indicated. For purposes of this section, the terms “Personal Information” and “Sensitive Personal Information” have the same meanings as defined under Cal. Civ. Code 1798.140.

Shift4 does not sell Personal Information of California residents. Shift4 does not share Personal Information of California Residents with third parties for purposes of cross-context behavioral advertising. Shift4 does not use or share Sensitive Personal Information of California Residents other than for an authorized business purpose under Section 1798.140(e). Shift4 honors “do not track” signals and does not track, use cookies, or use advertising when a “do not track” mechanism is in place. Shift4 does not authorize the collection of personally identifiable information from our users for third party use through advertising technologies.

Shift4’s status under the CPRA/CCPA is normally that of a “service provider.” Accordingly, Shift4 confirms that it currently complies and will continue to comply with applicable provisions of the statute with respect to its function as a service provider. Specifically, Shift4 confirms that when it receives Personal Information from its merchant customers or authorized distributors, Shift4 processes that information only for authorized business purposes in accordance with the contracts it has with those businesses, and Shift4 does not sell or otherwise use the Personal Information so received for any purpose other than providing the services to its customers or distributors pursuant to the contracts it has with those businesses. Shift4 will take such actions and provide information as its customers and distributors may reasonably request to assist those businesses in complying with their relevant obligations under the statute.

To the extent that Shift4 otherwise receives Personal Information directly from a consumer, Shift4 states that:

• Shift4 has identified the categories of Personal Information that it collects and the business or commercial purposes for which the Personal Information will be used (for the past twelve months preceding the date this Policy was last updated) in Section 1 and Section 2 of this Policy, and these Sections serve as our Notice at Collection.
• Shift4 has and will maintain reasonable administrative, technical, and physical safeguards to ensure the data’s confidentiality, integrity, and availability, that are designed in accordance with applicable industry standards to prevent unauthorized or inappropriate access or use by, or disclosure to, third parties;
• Shift4 has and will maintain security measures appropriate to (i) protect data against accidental or unlawful destruction or loss, unauthorized alteration, unauthorized disclosure or access, in particular where the handling of or access to data involves the transmission of data over a network, and against all other unlawful forms of processing, and (ii) ensure a level of security appropriate to the risks presented by the services and the nature of the data to be protected having regard to the state of the art and the cost of implementation;
• Shift4 has processes to receive and timely response to consumer requests to access, correct, modify, delete, or opt out of the sale of their Personal Information, and will comply with its statutory obligations with respect thereto; and
• Shift4 will not sell, share, or otherwise disclose or use Personal Information received from a consumer other than as necessary to fulfill the specific purposes for which it was supplied to Shift4. Shift4 does provide certain information, such as IP addresses, to third parties, which you can read more about below under “Cookies.”

As a California resident, you have the right to:

• Request that we delete your Personal Information;
• Opt-out of the sale of your Personal Information (Shift4 does not sell Personal Information of California residents);
• Request that we limit our use or disclosure of Sensitive Personal Information (Shift4 does not use or disclose Sensitive Personal Information other than for authorized business purposes).
• Request information about (i) the categories of Personal Information we have collected about you; (ii) the categories of sources from which we have collected your Personal Information; (iii) the business or commercial purpose for collecting or selling your Personal Information; (iv) the categories of third parties with whom we have shared your Personal Information.

To request access, correction, modification, deletion, or opt-out, you can use the phone, email, or physical address indicated below in this policy for Privacy Questions. Upon receiving a request, we will take reasonable steps to verify your identity and respond to a request by: (a) providing the requested information; or (b) explaining why the CCPA or CPRA does not require us to provide the requested information or take the requested action. Shift4 may deny a request (but comply to the greatest extent that it can) if the consumer is unable or unwilling to verify his/her identity in conjunction with making such a request. We will not discriminate against California residents for exercising their rights under the CCPA or CPRA.

You can help ensure that your contact information and preferences are accurate, complete, and up to date by contacting us at privacy@shift4.com. For other Personal Information we hold, we will provide you with access (including a copy) for any purpose including to request that we correct the data if it is inaccurate or delete the data if Shift4 is not required to retain it by law or for legitimate business purposes. We may decline to process requests that are frivolous/vexatious, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by applicable law.

You may also contact us at privacy@shift4.com if you would like Shift4 to delete the information that we have retained. However, in some circumstances, we may not be able to continue to provide you with some Services if some kinds of information are deleted. Also, if we send you marketing emails, each email will contain instructions permitting you to opt out of receiving future marketing or other communications.

COOKIES

Shift4’s online services, interactive applications, email messages, and advertisements may use “cookies” and other technologies, such as pixel tags and web beacons. These technologies help us better understand user behavior, tell us which parts of our websites people have visited, and facilitate and measure the effectiveness of advertisements and web searches. We treat information collected by cookies, IP addresses, or similar identifiers as Personal Information to the extent that such information can be linked to an individual. Similarly, to the extent that non-Personal Information is combined with Personal Information, we treat the combined information as Personal Information for the purposes of this Privacy Policy.

We may use different types of cookies, including functional, analytical, and tracking cookies. Functional cookies are necessary for the website to function properly and provide basic features. Analytical cookies help us analyze website traffic and improve our website’s performance. Tracking cookies are used for targeted advertising and tracking user behavior on our website.

Ads that are delivered by Shift4’s advertising platform may appear on Shift4’s website and the websites of our Affiliates and in the Shift4 Marketplace. You may see ads in third-party environments based on context like your search query or the channel you are reading. In third-party apps, you may see ads based on other information. This reflects that cookies and similar data from web usage are used to generate and select advertising visible to the user.

Shift4 and our partners also use cookies and other technologies to remember Personal Information when you use our website, online services, and applications. Our goal in these cases is to make your experience with Shift4 more convenient and personal.

If you want to disable cookies, seek out the policies and terms of your internet web browser to manage your browsing privacy preferences. Please note that certain features of the Shift4 website will not be available once cookies are disabled.

As is true of most internet services, we gather some information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit websites and applications, operating system, date/time stamp, and clickstream data.

We use this information to understand and analyze trends, to administer the site, to learn about user behavior on the site, to improve our product and services, and to gather demographic information about our user base as a whole. Shift4 may use this information in our marketing and advertising services.

In some of our email messages, we use a “click-through URL” linked to content on the Shift4 website. When customers click one of these URLs, they pass through a separate web server before arriving at the destination page on our website. We track this click-through data to help us determine interest in particular topics and measure the effectiveness of our customer communications. If you prefer not to be tracked in this way, you should not click text or graphic links in the email messages.

Pixel tags enable us to send email messages in a format that customers can read, and they tell us whether mail has been opened. We may use this information to reduce or eliminate messages sent to customers.

The period of retention of personal data depends on the specific cookie used to collect the personal data, but in all cases the retention period shall not exceed 2 years.

PLUGINS

The websites managed by Shift4 utilize social plugins for various functionalities. These plugins are installed on the website to facilitate user redirection to the Shift4’s social media accounts or communication windows on communication platforms.

Upon clicking on the plugin icons, users are directed to the respective plugin manager’s page, where information such as the originating page of the request, request time, and date may be shared with the plugin manager. Notably, these plugins can be identified by the distinct logos of “Facebook,” “Twitter,” and “LinkedIn.”

It is important to note that any information provided by individuals on the plugin manager’s page or obtained through the links of the plugins on the Shift4’s website is subject to the control and privacy policies of the respective plugin managers. These privacy policies encompass critical aspects such as the collection and storage of personal data, legal bases for data processing, retention periods, as well as the technical and organizational security measures in place.

For any further inquiries or concerns regarding the handling of personal data through these plugins, users are encouraged to review the privacy notices of the respective plugin managers.

We do not knowingly collect or solicit any information from anyone under the age of 18 on or through the Services. If we learn that we have nevertheless collected Personal Information from a child under age 18 without parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from a child under 18 without parental consent, please contact us using the contact details listed below at the end of this Privacy Policy.

Shift4 websites, products, applications, and services may contain links to third-party websites, products, and services. Our products and services may also use or offer products or services from third parties.

Information collected by third parties is governed by their privacy practices. We encourage you to learn about the privacy practices of those third parties.

If you purchase a subscription in a third party app, we create an identifier that is unique to you and the developer or publisher that we use to provide reports to the developer or publisher that include information about the subscription you purchased, and other pertinent information. This information is provided to developers so that they can understand the performance of their subscriptions.

If contests or promotions are made available, the applicable contest or promotion rules may include additional rules regarding the collection, use, and disclosure of Personal Information. To the extent that those specific rules conflict with this Privacy Policy, the contest or promotion rules will supersede this Privacy Policy with respect to the conflicting terms and the non-conflicting terms of this Privacy Policy and our Terms of Use will continue to apply. Silence shall not be deemed a conflict.

We have set up and manage our accounts on social media (LinkedIn, Facebook, Instagram), but the information provided by you using the social media (including messages, the use of “Like” and “Follow” thumbnails and other communication) or received when you visit social media accounts managed by us or read entries posted by us are controlled by the operators of the social media.

As the administrator of the social media accounts, we shall select appropriate settings taking into accounts our target audience and the aims of managing and promoting our activities, but the operators of social media may restrict our ability to change certain key settings. As a result, we are unable to influence the type of information the social media operators collect about you after we create our account.

The scope of the data received by us as the administrator of social media accounts depends on the account settings selected by us, agreements with the social media operators for additional services, and the cookies used by the social media.

To make sure your Personal Information is secure, we communicate our privacy and security guidelines to Shift4 employees and strictly enforce privacy safeguards within the company. Employee access to information is managed on a need-to-know least privilege basis. Employees who violate our Privacy Policy are subject to disciplinary action, up to and including termination in appropriate circumstances.

Subject to applicable legal requirements, we will notify you in the manner and in accordance with timeframes specified in the law if we discover that there has been an unauthorized use or unauthorized disclosure of your information. If that were to occur, and in addition to other applicable rights and remedies, we will undertake appropriate steps to remediate the breach and to reduce the risk of future reoccurrences.

Shift4 Corporate Headquarters
3501 Corporate Parkway
Center Valley, PA 18034
800.276.2108

Shift4 (Las Vegas, NV)
1551 Hillshire Drive
Las Vegas, NV 89134
888.857.9751

Shift4 (Silver Spring, MD)
12401 Prosperity Drive
Silver Spring, MD 20904
301.562.5000

If you have any questions or concerns about Shift4’s Privacy Policy or data processing or if you would like to make a complaint about a possible breach of applicable privacy laws, or to submit requests for access, modification, or deletion of personal data, please contact us at privacy@shift4.com. You can also contact us by phone at 888-276-2018 (ask for Legal Department), or at the following address: Shift4, Attn: Legal Department, 3501 Corporate Parkway, Center Valley, PA 18034.

When a privacy question or access request is received we have a team that seeks to address the specific concern or query that you are seeking to raise. Where your issue may be more substantive in nature, more information may be sought from you. All such substantive contacts receive a response. If you are unsatisfied with the reply received, you may refer your complaint to the relevant regulator in your jurisdiction. If you ask us, we will endeavor to provide you with information about relevant complaint avenues that may be applicable to your circumstances.

Shift4 may update its Privacy Policy from time to time. When we change the policy in a material way, a notice will be posted on our website along with the updated Privacy Policy.