1. Introduction

GSC Software Solutions Limited, trading as ithPOS ("we", "us", "our"), is committed to protecting and respecting your privacy. This policy explains how we collect, use, and safeguard your data in line with GDPR.

2. Data Controller

GSC Software Solutions Limited (ithPOS)

Email: hello@ithpos.com

3. Information We Collect

We collect business, contact, financial (non-card), technical, and transaction-related metadata necessary to provide our services.

4. How We Use Your Information

We use your data to provide services, facilitate integrations, support merchants, comply with legal obligations, and improve our offerings.

5. Legal Basis for Processing

Processing is based on contractual necessity, legal obligations, legitimate interests, and consent where applicable.

6. Sharing Your Information

We may share data with payment processors, acquiring banks, EPOS providers, integration partners, and regulators where required.

7. Data Retention

We retain data for the duration of the contract and up to 6 years for compliance purposes.

8. Data Security

We implement appropriate security measures including access controls, encryption, and secure infrastructure.

9. Your Rights

You have rights including access, rectification, erasure, restriction, portability, and objection under GDPR.

10. Merchant-Specific Data Processing Clauses

10.1 Role of ithPOS

ithPOS acts as a technology provider and may act as a data processor for certain merchant data, but does not act as a payment processor or acquiring institution.

10.2 No Card Data Processing

ithPOS does not process, store, or have access to cardholder data. All card transactions are handled directly by PCI-DSS compliant payment processors and acquiring banks.

10.3 Not in Flow of Funds

ithPOS is not in the flow of funds. All settlement of funds is conducted directly between the merchant and their acquiring bank or payment processor.

10.4 EPOS & Integration Data

ithPOS systems may process order data, transaction references, and operational analytics. Integration partners may access limited data strictly necessary to perform their services.

10.5 Merchant Responsibilities

Merchants are responsible for maintaining their own privacy policies, ensuring lawful processing of customer data, and complying with applicable data protection laws.

10.6 Data Breach Notification

In the event of a data breach affecting merchant data, ithPOS will notify affected parties without undue delay in accordance with GDPR.

10.7 Sub-processors

ithPOS may use third-party sub-processors to deliver its services. Details can be provided upon request.

10.8 Data Processing Agreement

Where required, ithPOS will enter into a Data Processing Agreement (DPA) with merchants.

11. Cookies

We use cookies to enhance user experience. Users can manage preferences via browser settings.

12. Updates to This Policy

We may update this policy periodically. Updates will be posted on our website.

13. Complaints

Complaints can be made to the Data Protection Commission (Ireland).

14. Contact Us

Email: hello@ithpos.com