Access Denied
IMPORTANT! If you’re a store owner, please make sure you have Customer accounts enabled in your Store Admin, as you have customer based locks set up with EasyLockdown app. Enable Customer Accounts
Datenschutzerklärung
Privacy Policy
Last Update: 27/10/21
Welcome to our restaurant supply chain app. If you are reading this Privacy Policy, you are a restaurant or shop owner of one of the partner vendors on the online delivery platforms of the Delivery Hero group.
The aim of this Privacy Policy is not only to describe our standard privacy practices, explain the technical background, or provide you with information about your legal rights under applicable data protection laws, e.g. in Europe the EU General Data Protection Regulation (GDPR). We would also like to reassure you that the Delivery Hero group takes the protection of your personal data seriously and will fully honor the trust you put in us to keep your personal data safe and secure.
If you require additional information or have any concerns about the processing of your personal data please contact us by email, please contact us by sending an email to sackerl.foodora@foodora.at.
Who is the data controller?
Our restaurant supply chain app is being provided by Delivery Hero group for use by our local entities providing delivery services to their customers. This means that several parties are involved in the data processing. However, the party determining the purposes and means of the processing specified in this privacy policy is Delivery Hero SE, Oranienburger Straße 70, 10117 Berlin, Germany hereinafter referred to as “Delivery Hero” “we”, “our” or “controller”).
Delivery Hero has developed the restaurant supply chain app and provides the technical infrastructure to keep it running. However, please note that, generally, your contracting partner as a restaurant or store owner will generally not be Delivery Hero. Rather, you will be with the local company of the Delivery Hero group in the country where you operate your restaurant or store. If you have any questions about data processing by these further parties, please check their privacy policies or submit a request for information directly to them.
Please note that Delivery Hero as our group’s parent company will act as joint controller together with the respective local entity in the jurisdiction where you work. This also means that Delivery Hero and your respective contract partner are each responsible for complying with data protection requirements when you use the grocery delivery apps. You can therefore address any requests both to the local entity, or to Delivery Hero.
Which personal data do we process and why?
In order to provide our restaurant supply chain app, we use various tools and systems that are absolutely necessary for the operation of the app. We collect, process and store the following categories of personal data when you use the app:
|
Data categories |
Explanation |
||
|
Identification data |
Name, surname, address |
||
|
Contact data |
Email address, phone number |
||
|
Account data |
User ID, user password, phone number |
||
|
Order data |
The details of your order from the supplier(s) you have chosen |
||
|
Geolocation data |
Store location by city/country |
||
|
Technical data |
Device information, language settings, usage data |
This data we process for the following purposes:
|
Purpose |
Description and Legal Basis |
||
|
Accounts |
Creation of required accounts for the applications used Categories of personal data:
Legal basis:
|
||
|
Product Analytics |
To be able to analyse the usage of the app, ensure its security and continuously improve we track usage of the app. We use this data only for the creation of pseudonymized / aggregated reports. We will not use this data to identify you as a person. Categories of personal data:
Legal basis:
|
||
|
Internal communication |
Different tools are used for communication between you and the supplier. The purpose of the processing is the communication of necessary information between the parties involved to ensure we can adequately process your order. For this purpose, we use integrations with services such as WhatsApp. Categories of personal data:
Legal basis:
|
||
|
Order Processing & Delivery |
To ensure a prompt delivery of the products ordered by yourself from the supplier, we forward your order to the supplier. Categories of personal data:
Legal basis:
|
||
Please be reminded that you are not obliged to provide the above data. If you would not like to provide this data, please do not use the restaurant supply chain app.
How long do we store personal data?
We generally delete your data after the purpose of their collection has been fulfilled. Different deletion rules apply depending on the purpose of the processing. Within our deletion concepts we have defined various data classes and have assigned deletion periods to them. When the retention period is met, the stored data will be deleted accordingly.
You are also free to request the deletion of your personal data at any time. However, under certain circumstances, such requests for deletion may be opposed by legal retention periods, which prevent us from deleting the stored data for a fixed minimum period of time. In order to comply with these legal requirements, we block the relevant data after the purpose has been fulfilled and thereby guarantee data completeness and data integrity.
Cookies and similar technologies
For the mobile app, we use software development kits (SDKs). SDKs are part of the built-in code of our mobile applications and function in a way similar to cookies: They collect certain information about your device or the interaction with our service, e.g. adding a certain supplier order to your order cart before finalising the order. We use the SDK provided by our external data processor adjust GmbH.
We only use SDKs strictly required to provide the restaurant supply chain app. This means you will generally not be able to opt out of this processing.
Automated individual decision-making and profiling
You can trust that we will not process your personal data in the grocery delivery management apps for the purposes of automated decision-making which produces legal effects or similarly significantly affects you.
With whom do we share your personal data?
We never give your data to unauthorised third parties. However, as part of our work we obtain the services of selected service providers and give them limited and strictly monitored access to some of our data. However, before we forward personal data to these data processors for processing on our behalf, each individual company undergoes an audit. All data recipients must meet the legal data protection requirements and prove their data protection level with appropriate documentation and information. Our categories of recipients:
|
Type of recipient |
Purpose |
||
|
External service provider |
They support our business activities by providing us with IT solutions and infrastructure or by ensuring the security of our business operations, for example by identifying and rectifying faults. Specifically, our grocery delivery apps run on servers provided by the EU subsidiary of Amazon Web Services, with a registered seat of business in Luxembourg as well as adjust GmbH, out of Germany. Furthermore, in select instances, personal data may also be disclosed to external tax consultants, lawyers or auditors who are subject to strict confidentiality agreements. |
||
|
Group companies |
Within a group of companies we try to work as efficiently as possible to be able to provide the best services to our customers and staff members. In this context, the group companies support each other in optimizing our processes. This includes, for example, the technical support of systems, web and database hosting or software engineering services. You can reach the data protection officer of Delivery Hero at dpo@deliveryhero.com. |
||
|
Public authorities |
Unfortunately, it can happen that a few of our staff members do not behave fairly and want to harm our customers or our company. In these cases we are not only obliged to hand over personal data due to legal obligations, it is of course also in our interest to prevent damage and to enforce our claims and to reject unjustified claims. |
||
Data processing outside the EU and EEA
We process your data mainly within the European Union (EU) and the European Economic Area (EEA). However, some data recipients may be located outside this territory. The GDPR has high requirements for the transfer of personal data to third countries. All our data recipients have to measure up to these requirements. Before we transfer your data to a service provider in third countries, every service provider is first assessed with regard to its data protection level. Only if they can demonstrate an adequate level of data protection will they be onboarded and be granted permission to process personal data.
Regardless of whether our service providers are located within the EU/EEA or in third countries, each service provider must sign a data processing agreement with us where such agreement is required by the GDPR. Service providers outside the EU/EEA must meet additional requirements. According to Art. 44 ff. GDPR personal data may be transferred to recipients who are either located in a country generally providing an adequate level of protection (such as, e.g., Japan or Argentina). Transfers are also permissible where the recipient provides appropriate safeguards to protect personal data, such as agreeing to standard contractual clauses, complying with binding corporate rules, approved codes of conduct or approved certification mechanisms. Where additional supplementary measures are required on top of such appropriate safeguards we will make sure these are implemented.
What are your rights as data subjects and how can they be asserted?
You have the following legal rights as an individual person:
|
Right to access |
You have the right to be informed which data we store about you and how we process this data. You can also request a copy of your data. |
|
Right to rectification |
If you notice that stored data is incorrect, you can always ask us to correct it. |
|
Right to erasure |
You can ask us at any time to delete the data we have stored about you. |
|
Right to restriction of processing |
Sometimes we will need to continue to process your data even where you have requested them to be deleted. In this case, even if we cannot delete your data, we will archive your data and only reintegrate it into our operative systems if you so wish. However, during this time you will not be able to use our services, otherwise we will need to process your data again. |
|
Right to data portability |
You can ask us to transmit the data stored about you in a machine-readable format to you or to another responsible person. In this context, we will make the data available to you in JSON or comparable format. |
|
Right to object |
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data relating to you, which is processed on the basis of our legitimate interests, or for marketing purposes. This also applies to any associated profiling. If you file an objection, we will no longer process your personal data unless we can prove compelling grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise, or defend against legal claims. |
|
Right of complaint |
You also have the right to lodge a complaint with a supervisory authority. The competent supervisory authority can be the authority in the EU Member State of your habitual residence, at your place of work, or place of the alleged infringement. You are also free to lodge a complaint with our lead supervisory authority in Berlin, Germany. |
Please note that you might have additional rights under local privacy legislation. To exercise your rights, you can contact the app support by mailing to sackerl.foodora@foodora.at any time.
Invalid password
Enter