Kiokii-Apos Privacy Policy

Effective Date: April 14, 2025 

This Privacy Policy explains how Kiokii (Company, we, us, or our) collects, uses, discloses, and otherwise processes personal data in connection with Kiokii-Apos, a semi-integrated point-of-sale connector application (App) developed by Kiokii exclusively for Kiokii, and deployed on the Clover Point of Sale system (Clover POS). This Privacy Policy applies solely to Kiokii-Apos and does not apply to Kiokii’s other products or services. 

Kiokii-Apos serves as the integration layer between Heading’s APOS point-of-sale system (Heading APOS) and the Clover payment terminal, enabling Kiokii to process customer payments through Clover’s payment infrastructure. The App is a private application installed exclusively on Kiokii’s Clover merchant account and is not available to other merchants. 

Company’s processing of personal data in connection with Kiokii-Apos is governed by this Privacy Policy and our agreements with Kiokii. In the event of any conflict between this Privacy Policy and a customer agreement, the customer agreement will control to the extent permitted by applicable law. 

 

Information We Collect 

We may collect personal data from or on behalf of Kiokii as the Merchant. The information we collect includes the following categories: 

Customer Transaction Data 

When a customer makes a payment via a Clover POS using Kiokii-Apos, we collect information about the transaction, including the payment method used, name associated with the payment, location of the merchant’s store, date and time of the transaction, transaction amount, and information about the goods or services purchased. 

Customer Profile Data 

We may collect additional customer information including: 

  • Customer name, UUID, phone number, and email address 

  • Purchase history and order details 

  • Membership tier, loyalty points, and program participation 

  • Customer marketing preferences 

  • Physical address, where needed for delivery of goods or services 

Merchant Data 

We collect merchant information including merchant name, business address, phone number, and business hours. This information is used to accurately associate transactions with Kiokii’s merchant account and to populate receipts and transaction records. 

Employee Data 

We collect information about Kiokii’s personnel and their interactions with Kiokii-Apos, including employee name, employee ID, work hours, sales performance, and permission levels. This information is collected for the purpose of transaction attribution, workforce management, and payroll support. 

Order and Inventory Data 

We collect order details, order status, product information, and real-time inventory levels to support accurate transaction processing and stock management. 

Payment Records 

We collect payment method, payment status, partial payment details, refund information, and payment timestamps to maintain complete and accurate financial records for each transaction. 

 

How We Use the Information We Collect 

We use the personal data we collect on behalf of Kiokii to provide the Kiokii-Apos application and its associated services, including: 

  • Facilitating payment transactions between Heading APOS and the Clover payment terminal 

  • Processing and recording point-of-sale transactions on behalf of Kiokii 

  • Managing and updating customer profiles, membership, and loyalty programs 

  • Tracking and updating real-time inventory following each transaction 

  • Attributing transactions to the correct employee for performance and payroll purposes 

  • Generating accurate receipts and transaction records 

  • Processing refunds, handling order modifications, and supporting after-sales service 

  • Maintaining accurate financial records and supporting reconciliation 

We may also use personal data for related internal purposes, including: 

  • Providing information about the application, such as important updates or security alerts 

  • Measuring performance of and improving the application 

  • Responding to inquiries, complaints, and requests for technical support from Kiokii 

Company may use personal data as necessary to comply with applicable laws and lawful requests, enforce our agreements, protect our rights and the rights of others, and protect against fraudulent or illegal activity. 

 

How We Share Information 

We may share personal data that we collect with: 

  • Kiokii — as the Merchant on whose behalf all data is collected and processed 

  • Clover / Fiserv — as the underlying payment platform that processes and records transactions. You may review Clover’s Privacy Notice at: https://www.clover.com/privacy-policy 

  • Third-party service providers — who assist us in operating, maintaining, and improving Kiokii-Apos, subject to confidentiality obligations 

  • Kiokii affiliates or corporate group members — for purposes described in this Privacy Policy or in our agreement with Kiokii 

  • Government or law enforcement authorities — as required by applicable law 

Company may disclose personal data in connection with a business transaction such as a merger, acquisition, or sale of assets, in which case we will make reasonable efforts to require the recipient to honor this Privacy Policy. 

 

Payment Security 

All payment transactions processed through Kiokii-Apos are handled in accordance with Payment Card Industry Data Security Standards (PCI DSS). We do not store full payment card numbers. Payment data is processed securely through Clover’s certified payment infrastructure. 

 

Data Retention 

We retain transaction, customer, employee, and merchant data collected through Kiokii-Apos for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements with Kiokii. Kiokii may contact us to request access to, correction of, or deletion of their data using the contact information below. 

 

International Data Transfers 

Kiokii is headquartered in Markham, Ontario, Canada. Personal data collected through Kiokii-Apos may be transferred to, stored, or processed outside of Canada. When we transfer personal data outside of Canada or Europe, we rely on recognized transfer mechanisms such as Standard Contractual Clauses or other mechanisms permitted under applicable law to ensure an adequate level of protection for personal data. 

 

Your Rights and Choices 

Depending on where you are located, you may have some or all of the following rights in relation to your personal data: 

  • Right to Access / Know: You may request access to the personal data we hold about you. 

  • Right to Delete: You may request that we delete personal data we maintain about you. 

  • Right to Correct: You may request that we correct inaccurate personal data we maintain about you. 

  • Right of Portability: You may request a copy of your personal data in a structured, machine-readable format. 

  • Restriction of Processing: You may request that we stop or restrict our processing of personal data. 

  • Withdrawal of Consent: Where we rely on consent to process your personal data, you may withdraw that consent at any time. 

To exercise any of these rights, please contact us using the information below or contact Kiokii directly at hello@kiokii.com. 

 

Additional Information for Merchants Located in Europe 

Controller 

Company acts as a data processor on behalf of Kiokii, which is the controller of personal data that we process on their behalf. Clover is also a controller of personal data in some circumstances. 

Legal Basis for Processing 

Company processes personal data as directed or permitted by Kiokii. Kiokii is responsible for establishing a legal basis for our processing of personal data on their behalf. 

Cross-Border Data Transfer 

When we transfer personal data outside of Europe or the UK, we make the transfer pursuant to one of the following mechanisms: 

  • Standard Contractual Clauses approved by the European Commission 

  • The recipient’s Binding Corporate Rules 

  • The consent of the individual to whom the personal data relates 

  • Other mechanisms permitted under applicable European law 

Data Subject Rights 

Data subjects in Europe and the UK have rights relating to their personal data, including rights to access, correct, erase, restrict processing, and data portability. Data subjects may also file a complaint with a supervisory authority at https://edpb.europa.eu/about-edpb/board/members_en. 

 

California Privacy Rights (CCPA) 

We do not sell personal information as defined under the CCPA. California residents may contact us using the information below to exercise their rights to access, delete, or correct their personal data. 

 

Changes to This Privacy Policy 

We may update this Privacy Policy from time to time. We will notify Kiokii of material updates by updating the Effective Date at the top of this document. 

 

Contact Us 

If you have any questions, comments, or complaints about this Privacy Policy or our privacy practices, please contact us at: 

Kiokii Email: hello@kiokii.com 

You may also contact Kiokii directly at: 

Kiokii Unit 1, 140 Amber St, Markham, ON, Canada, L3R 3J8 Email: hello@kiokii.com