Privacy Policy

Dear Customer,

We are pleased that you are interested in data protection. We would like to
give you an easily understandable overview of our data protection process.

Our goal is to provide you with an amazing customer experience that also
means that you can always trust us, that we are always transparent and
honest to you. Your trust in our product is the reason why we can provide
you with an amazing customer experience. We would like to thank you for this
cooperation.

WHO WE ARE

We are Foodora AB, but usually we just use the name Foodora. You can always
contact us via the following ways:

Foodora AB
Ringvägen 100
118 69 Stockholm
Sverige

While visiting our website, using our app and platform, registering as a
user or placing orders, you agree to this privacy policy.

As data controller, we determine how we process your personal data, for what
purposes and by what means. While we are required by law to provide you with
all of the following information, we do so primarily out of the belief that
a partnership should always be honest.

As data controller we are responsible that all our processing activities are
in accordance with legal requirements but also you may reasonably expect
these processing of your personal data (link to “legitimate
interests”).

If you have any questions about data protection at Foodora, you can also
contact our data protection officer at any time by sending an email to [email protected]

We have a global Corporate Privacy Officer as we are also a member of the
large and fascinating family of the Delivery Hero Group.

As a family, we make certain decisions together. Both our parent company,
Delivery Hero SE, Oranienburger Straße 70, 10117 Berlin and we jointly
decide which means we will use to process your personal data and which
purposes we consider to be appropriate.

We will continue to be your point of contact if you have any questions about
data protection.

PRIVACY IS YOUR RIGHT AND YOU HAVE THE CHOICE

As a customer you have the choice which information you would like to share
with us. Of course, we need some information for the fulfillment of our
contract. However, this does not always require all the data which you can
make available to us.

You can take the following steps to disclose less information about
yourself:

Cookies: You can install additional add-ons in your browser that block
unnecessary cookies. By doing so, you will not see any interest-based
advertisements.

Advertising: If you do not want to receive newsletters from us, you can
unsubscribe at any time. In this case, we will not be able to send you any
cool offers.

No data sharing: If you do not want to share any information with us at all,
that’s a shame. In this case we cannot convince you how great our
products are.

YOU CAN ALSO MAKE USE OF THE FOLLOWING RIGHTS AT ANY TIME:

Right to access

You have the right to be informed which data we store about you and how we
process this data.

Right to rectification

If you notice that stored data is incorrect, you can always ask us to
correct it.

Right to erasure

You can ask us at any time to delete the data we have stored about you.

Right to restriction of processing

If you do not wish to delete your data, but do not want us to process it
further, you can ask us to restrict the processing of your personal data. In
this case, we will archive your data and only reintegrate it into our
operative systems if you so wish. However, during this time you will not be
able to use our services, otherwise we will process your data again.

Right to data portability

You can ask us to transmit the data stored about you in a machine-readable
format to you or to another responsible person. In this context, we will
make the data available to you in JSON format.

Right to object to the processing of your data

You can revoke your consent at any time or object to the further processing
of your data. This also includes objecting to our processing, which we
process without your consent but based on our legitimate interest. This
applies, for example, to direct marketing. You can object to receiving
further newsletters at any time. If you do not agree with one of our
processing purposes based on our legitimate interest or wish to object to
it, you may object to the processing at any time on grounds relating to his
or her particular situation. Please write an email to [email protected] In
this case we will review the processing activity again and either stop
processing your data for this purpose or explain to you our reasons worth
protecting and why we will continue with the processing.

Automated decision making

We also process your personal data in the context of algorithms in order to
simplify our processes. Of course, you have the right not to be subject to
decisions based solely on automated processing. If you believe that we have
denied your access in an unjustified way, you can always contact us at
[email protected] In this case, we will examine the case separately and
decide on a case-by-case basis.

Right of complaint

If you believe that we have done something wrong with your personal data or
your rights, you can complain to the appropriate supervisory authority at
any time.

The supervisory authority responsible for us is:

Datainspektionen
Phone: 08-657 61 00
E-mail:da[email protected]

To exercise your rights, you can contact [email protected] at any time.

WHAT DATA WE PROCESS

In the following description of our processing activities, we refer in each
case to categories of personal data. A category includes several personal
data, which are usually processed together for the purposes.

Personal data is information that can identify you or even make you
identifiable.

We generally process the following categories of personal data for the
following reasons:

Contact Information:

Name, address, telephone number, email address, your ID from any social
media (if applicable).

Reason:

If you contact us, we collect this data because we need to know who we are
talking to and what we have been talking about so that we can help you with
your reason for contacting us. This also applies if you leave comments on
social media on our fan pages. We do not combine this data with your profile
data on our platform, but we can still identify you by your social media ID.

Location data:

Address, Postcode, City, Country, Longitude, Latitude

Reason:

We need these data to be able to deliver your orders. We create the
longitude and latitude automatically in order to be able to process your
delivery address in our other linked systems, such as our Rider app, and to
display your address to our riders or riders of restaurants or shops.

Profile data (master data):

Name, email address, password, telephone number, delivery addresses,
interests, demographic data (age, delivery address)

Reason:

This data is your master data, which we absolutely need for our services.
Without an email address / telephone number and a password, you cannot
create a profile. Together with your name, this is your master data. We need
your age to ensure that you are not a minor.

Device information and access data:

Device ID, device identification, operating system and corresponding
version, time of access, configuration settings, information on Internet
connection (IP address)

Reason:

With each access this information is stored by us for technical reasons. We
also use parts of this information to detect suspicious behavior at an early
stage and to avert damage.

Order information:

Order history, selected restaurants or shops, invoices, order ID, comments
on orders, information on payment method, delivery address, successful
orders and cancelled orders

Reason:

Each time you place an order, this information will be added to your
profile. You can view all this information in your profile at any time. The
information should give you an overview of your own interests and previous
orders. We will also use the same information to improve our services. In
addition, we will anonymize this information when you request a deletion or
when your profile becomes inactive in order to continue to use this
information in an anonymized form to optimize our services.

Communication data

Name, email address, telephone number, device ID

Reason:

If you would like to receive a newsletter, an SMS or an in-app push
notification from us, we need certain information to send you the messages.
Instead of addressing you with “Hey You”, we find it more customer
friendly to address you with your name. This category of personal
information is also used by us to contact you, for example, if a product
cannot be delivered and we want to offer you an alternative instead.
Similarly, to make the online ads you may see from us more relevant, we may
use this data.

Payment information:

Payment method, pseudonymized credit card information

Reason:

We need this information to track your payments and assign them to the
orders you have placed.

Delivery information:

Name, delivery address, phone number, order ID

Reason:

In accordance with the principle of data minimization, we only provide our
riders and partners with the information that they need from you to prepare
and deliver your order.

FOR WHICH PURPOSES WE PROCESS DATA

We process your personal data only in accordance with the strict legal
requirements. We pay particular attention to the fact that all principles
for the processing of personal data are taken into account. The Delivery
Hero Group pays great attention to transparency. Therefore, we only process
your data if this is lawful and you can reasonably expect it to be
processed. If, in the course of our evaluation, we come to the conclusion
that the processing cannot reasonably be expected, we will only carry out
the processing with your express consent.

Account creation, SSO registration, administration of your profile

In order to be able to offer you our services, the processing of your
personal data is essential. Much of this data you transmit to us and other
parts of the data we collect automatically when using our platforms.
Nevertheless, we endeavor to keep the amount of data as small as possible.
You can help us by only sharing necessary data with us that we need to
fulfill our contractual obligations.

Account creation

When creating a customer account, you will be asked to enter your master
data. This is absolutely necessary, as we cannot create a customer profile
without this data. Your email address and telephone number are particularly
important, as we can use this information to identify you in our system the
next time you want to log in again. Furthermore, we would like to ask you to
choose your password carefully. Do not use the same password on multiple
websites. Your password should also be at least 12 characters long, at least
one lowercase letter, one uppercase letter, one special character
(!?#,%& etc.) and one digit. Please do not share neither your password
nor your email address with anyone else.

Categories of personal data:

Profile data (master data)

Device information and access data

Legal basis:

Art. 6 Para. 1 (b) GDPR, performance of contract

Login

If you already have an existing customer account, you will need to enter
your email address and password to log in. If we detect irregularities
during registration, such as entering the wrong password several times, we
will take appropriate measures to prevent damage to you and us.

Categories of personal data:

Profile data (master data)

Legal basis:

Art. 6 Para. 1 (b) GDPR, fulfilment of contract for registration;

Art. 6 Para. 1 (f) GDPR, for the security measures

Single-Sign-On

Facebook

If you have a Facebook profile, you can register on our website to create a
customer account or to register using the social plugin “Facebook
Connect” of the social network Facebook, which is operated by Facebook
Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”), within
the framework of the so-called Single Sign On technology. You can recognize
the social plugins of “Facebook Connect” on our website by the
blue button with the Facebook logo and the inscription “Log in with
Facebook” or “Connect with Facebook” or “Log in with
Facebook” or “Sign in with Facebook”.

If you call up a page of our website that contains such a plugin, your
browser establishes a direct connection to the Facebook servers. The content
of the plugin is transmitted directly from Facebook to your browser and
integrated into the page. Through this integration, Facebook receives the
information that your browser has called up the corresponding page of our
website, even if you do not have a Facebook profile or are not logged on to
Facebook. This information (including your IP address) is transmitted
directly from your browser to a Facebook server in the USA and stored there.
These data processing operations are carried out in accordance with Art. 6
Para. 1 (f) GDPR on the basis of Facebook’s legitimate interest in the
display of personalised advertising on the basis of surfing behaviour.

By using this “Facebook Connect” button on our website, you can
also log in or register on our website using your Facebook user data. Only
if you give your express consent in accordance with Art. 6 Para. 1 (a) GDPR
prior to the registration process on the basis of a corresponding note on
the exchange of data with Facebook, will we receive the general and publicly
accessible information stored in your profile when using the Facebook
“Facebook Connect” button on Facebook, depending on your personal
data protection settings on Facebook. This information includes user ID,
name, profile picture, age and gender.

We would like to point out that after changes have been made to
Facebook’s data protection conditions and terms of use, your profile
pictures, the user IDs of your friends and the friends list may also be
transferred if they have been marked as “public” in your Facebook
privacy settings. The data transmitted by Facebook is stored and processed
by us for the creation of a user account with the necessary data, if this
has been released by you on Facebook (title, first name, surname, address
data, country, e-mail address, date of birth). Conversely, we can transfer
data (e.g. information on your surfing behaviour) to your Facebook profile
on the basis of your consent. The consent given can be revoked at any time
by sending a message to us. Facebook Inc. adheres to the Standard
Contractual Clauses to ensure an adequate level of protection for personal
data can always be ensured.

Google

If you have an account with Google, you can use this account to log in to
our service. Google accounts for European users are provided by Google
Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google
Ireland”), a subsidiary of Google LLC, 1600 Amphitheatre Parkway,
Mountain View, CA 94043 (“Google”).

By using the “Continue with Google” button on our website, you
can log in or register on our website using your Google user data. Only if
you give your express consent in accordance with Art. 6 Para. 1 (a) GDPR
prior to the registration process on the basis of a corresponding note on
the exchange of data with Google, will we receive your Google user ID, user
name and email address. We will never receive your Google password and
cannot log in to your Google account. You can learn more about data sharing
with Google when logging in to our service with Google by reviewing
Google’s explanations here:
https://support.google.com/accounts/answer/112802.

The data transmitted by Google is stored and processed by us solely for the
creation of a user account with the necessary data. Google adheres to the
Standard Contractual Clauses to ensure an adequate level of protection for
personal data can always be provided.

Categories of personal data:

Profile data (master data)

Contact Information

Facebook profile information

Google profile information

Legal basis:

Art. 6 Para. 1 (a) GDPR, Consent

Managing your profile

You can log in to your profile at any time and change your personal data,
such as name, email address or telephone number. You can also view your
previous orders.

Categories of personal data:

Profile data, location data

Order information

Device information and access data

Order information

Communication data

Payment information

Legal basis:

Art. 6 Para. 1 (b) GDPR, performance of contract

Order processing

Ordering from a restaurant

Once you have successfully registered and decided to place your order, we
will store this information in your profile and process it in further
processes so that you can submit your order to us. When you submit your
order, your personal data is transferred to our backend where it is
transferred to other systems for further processing.

Categories of personal data:

Contact Information

Location data

Device information and access data

Legal basis:

Art. 6 Para. 1 (b) GDPR, fulfilment of contract

Buffering

After you have logged in to your profile and made your selection, the
products will be saved in your profile. If you accidentally close your
browser or app, you can continue to the last point of your order. The last
information is stored in a cookie.

Categories of personal data:

Profile data (master data)

Device information and access data

Order information

Legal basis:

Art. 6 Para. 1 (f) GDPR, legitimate interest

The legitimate interest is to provide you with a better ordering experience
where you can conveniently continue your order with browsers or apps that
are accidentally closed.

Delivery

Once you have successfully placed your order, a number of processes are
running in the background to ensure that your order is delivered quickly.
The following processing activities describe how and why your data is
processed for the respective purposes.

Transfer to riders and partners

We use different riders for delivery. These can be permanent employees,
freelancers or third parties who provide us with riders on the basis of a
data processing agreement when we deliver our orders. In all these cases we
send your personal data to the riders so that they can deliver your order
quickly.

Categories of personal data:

Delivery information to Market Place Partners (own delivery of partner)

Name, address, phone number to own riders

Legal basis:

Art. 6 Para. 1 (b) GDPR, performance of contract

Calls from riders or partners

If a product of your choice is not available for delivery or our riders
cannot reach you at the delivery address you provided, they have received
instructions from us to call you so that the problem can be solved easily.

Categories of personal data:

Delivery information

Legal basis:

Art. 6 Para. 1 (b) GDPR, contract performance on call by the rider

Art. 6 Para. 1 (f) GDPR, legitimate interest when called by the partner. The
partner have no claim whatsoever to your personal data and under no
circumstances may they use it for their own purposes. If you should
nevertheless be contacted by a partner without your prior consent, we ask
you to report this to us by e-mail to [email protected]

Saved payment methods

In order to make the ordering process even more convenient for you, we offer
to save your preferred payment method. This means that you don’t have to
enter your payment details again the next time you place an order. The
storage of this data requires your prior consent. You can save your payment
data by clicking on the consent field. You can revoke your consent for the
future at any time by deactivating the consent field again or by informing
us of this by e-mail to [email protected]

Categories of personal data:

Payment data

Legal basis:

Art. 6 Para. 1 (a) GDPR, consent

Advertising and marketing

DIRECT MARKETING

Newsletter

If you have created an account on our platform and provided us with your
email adress, we reserve the right to send you newsletters and offers from
our platform.

If you have provided us with your email address when purchasing goods or
services or we reserve the right to send you regular offers of similar goods
or services to those already purchased from our range by email.

Not only do the contents of our newsletters vary, but so do the technologies
and criteria we use to design our newsletters and segment customer groups.
For example, a group of customers may receive a special newsletter promoting
special deals from restaurants and shops where customers have ordered. Other
newsletters may refer to specific products or to orders that relate to a
particular flavour, such as sushi, Indian delicacies or pizza. We use
different information from your order history and delivery addresses. This
is a profiling process in which we automatically process your data. The
specific customer segmentation can have a legal effect on you or can have a
significant effect on you in other ways if you receive certain newsletters
and are not included in other campaigns.

If automated decision making leads to a negative result for you and you do
not agree with this, you can contact us at [email protected] In this case,
we will individually assess the circumstances of your case.

Categories of personal data:

Contact Information

Location data

Order information

Legal basis:

Data processing in this respect takes place solely on the basis of our
legitimate interest in personalised direct advertising pursuant to Art. 6
Para. 1 lit. f GDPR. If you have initially objected to the use of your email
address for this purpose, we will not send you an email for marketing
purposes. You are entitled to object to the use of your email address for
the aforementioned advertising purposes at any time with effect for the
future by notifying the person responsible named at the beginning. Upon
receipt of your objection, the use of your email address for advertising
purposes will be discontinued immediately.

NPS

We are constantly striving to improve our services. Your constructive
feedback is very important to us. Therefore we will occasionally send you
customer surveys and ask you to give us your opinion. If you do not wish to
receive customer surveys, you can unsubscribe at any time. For any customer
survey request you can click “unsubscribe” below and we will not
contact you again.

Categories of personal data:

Communication data

Legal basis:

Art. 6 Para. 1 (f) GDPR, legitimate interest.

Our legitimate interest is the purpose described above.

App

We have a strong interest in informing you about new partners or deals when
using our app. We are always working to give you an amazing customer
experience. To achieve this, we negotiate very good deals for you with our
restaurant partners. To inform you about these deals, we send you in our
Apps in-app-notification or push-notification. It is imperative that you
have activated this in your end devices.

Categories of personal data:

Location data

Profile data (master data)

Order information

Legal basis:

If processing takes place with your consent, the legal basis is Art. 6 Para.
1 (a) GDPR, namely your consent. Otherwise, the processing is based on our
legitimate interest pursuant to Art. 6 Para. 1 (f) GDPR. Our legitimate
interest lies in the aforementioned purpose.

SMS

Besides other means we continue to use SMS to inform you about new deals in
your area. You will only receive an SMS from us if you have given your
consent. You can revoke your consent at any time for the future. Please send
us an e-mail to [email protected] The registration as well as the
cancellation is free of charge for you.

Categories of personal data:

Contact Information

Order information

Legal basis:

Art. 6 Para. 1 (a) GDPR, consent

Online marketing

Our service is based to a large extent on convincing potential customers
that we offer an amazing customer experience and that every visit to our
platform is worthwhile. In order to reach as many potential customers as
possible, we are very active in the field of online marketing. It is just as
important to win the trust of potential customers and to strengthen the
trust of our existing customers. Therefore, we would like to present to you
our processes as transparently as possible.

Targeting

In principle, targeting means the switching and fading in of advertising
banners on websites that are tailored to specific target groups. The aim is
to display the most attractive banners as individually as possible for the
user and potential customer. Firstly, we define a target group and secondly,
we commission our service providers to show our advertising to the defined
target group. We do not process any personal data, as these are initially
made anonymous. To better define the target group, we segment customer types
and place different ads on different portals.

Retargeting

As soon as you have visited our website and, for example, have already
placed an order in your shopping cart, we store this information in cookies.
If you continue to surf other websites, our advertising partners will remind
you on our behalf that you have not yet completed your order. We don’t
want you to miss out on our amazing customer experience. You can disable
retargeting by installing appropriate add-ons for your browser. Furthermore,
you can and should also regularly delete the cookies stored in the browser
you are using.

Categories of personal data:

Contact Information

Legal basis:

Art. 6 Para. 1 (f) GDPR, legitimate interest.

Our legitimate interest is the purpose described above.

Cookies

In order to make the visit of our website/app attractive and to enable the
use of certain functions, we use so-called cookies on various pages. These
are small text files that are stored on your device. Some of the cookies we
use are deleted after the end of the browser session, i.e. after closing
your browser (so-called session cookies). Other cookies remain on your
device and allow us or our affiliate to recognize your browser on your next
visit (persistent cookies). You can set your browser so that you are
informed about the setting of cookies and individually decide on their
acceptance or exclude the acceptance of cookies for specific cases or in
general. Failure to accept cookies may limit the functionality of our
website/app.

Legal basis:

If processing takes place with your consent, the legal basis is Art. 6 Para.
1 (a) GDPR, namely your consent. Otherwise, the processing is based on our
legitimate interest pursuant to Art. 6 Para. 1 (f) GDPR. Our legitimate
interest lies in the aforementioned purpose.

You can find our cookie policy with all the cookies we use at the bottom of
this Privacy Policy.

Bonus programs

We want to reward our customers’ loyalty with attractive deals and
points. For this reason, we offer our customers the opportunity to
participate in such bonus programs. Participation in a bonus program
requires consent. You can revoke your consent at any time for the future.
Please send us an email to [email protected] for this purpose.

Categories of personal data:

Contact Information

Legal basis:

Art. 6 Para. 1 (a) GDPR, Consent

Sweepstakes

The participation in the lottery requires your consent. If you have already
given your consent and would like to revoke it for the future, you can do so
at any time by sending an email to [email protected] In this case, we
will exclude you from participating in our sweepstakes and you will not
receive any further invitations to sweepstakes.

Categories of personal data:

Contact Information

Legal basis:

Art. 6 Para. 1 (a) GDPR, Consent

User Experience Surveys:

We always develop new products and try to adapt our services to the wishes
of our customers. In order to measure the effectiveness of these changes, we
regularly offer interviews with our User Experience team. In these
interviews we record your usage behaviour and ask you for possible
optimisation possibilities. Participation in the interviews requires your
consent. If you have already given your consent and would like to revoke it
for the future, you can do so at any time by sending an email to
[email protected] In this case we will exclude you from participating in
our interviews and you will not receive any further invitations for them.

Categories of personal data:

Contact Information

Order information

Legal basis:

Art. 6 Para. 1 (a) GDPR, Consent

CUSTOMER RELATIONSHIP MANAGEMENT

Your requests

Your satisfaction is our biggest goal. Therefore we are very keen to be
available for all your questions and to answer them. In order to be able to
answer these questions and understand the overall problem, we store the
conversation content in our Customer Relationship Management System when you
contact us. The content of the information we store depends on the
information you provide to us as part of our communications.

Categories of personal data:

Contact information

Order information

Legal basis:

Art. 6 Para. 1 (b) GDPR, performance of contract

Call Center

If you contact us by phone, we store the conversation with your consent for
quality assurance purposes. In individual cases, we also use the recordings
for Quality improvement in customer service, i.e. for training purposes
(coaching) with our employees. The content of the information we store
depends on the information you provide to us as part of our communications.
The stored telephone calls are deleted after 90 days at the latest or if the
purpose of the storage, i.e. the quality check, is fulfilled earlier.

Categories of personal data:

Contact information

Order information

Legal basis:

Art. 6 Para. 1 (a) GDPR, Consent

Fraud prevention and security of our platform

Fraud detection and prevention

In order to protect our customers and our platform from possible attacks, we
continuously monitor the activities on our website for all visitors. To this
end, we use various technical measures to ensure that suspicious behavior
patterns are detected at an early stage and prevented in good time. To
achieve this goal, several monitoring mechanisms run in parallel and prevent
potential attackers from accessing our website at all.

The decision-making process is automated and can have a legal effect on the
person concerned or affect them in a similar way. If automated decision
making leads to a negative result for you and you do not agree with this,
you can contact us at [email protected] In this case, we will
individually assess the circumstances of your case.

Categories of personal data:

Device information and access data

Contact information

Payment information

Order information

Voucher information

Legal basis:

Art. 6 Para. 1 (a) GDPR, Consent

Mergers & acquisitions, change of ownership

We would also like to inform you that in the event of a merger with or
acquisition by another company, we will disclose information to that
company. Of course, we will require the company to comply with the legal
data protection regulations.

Categories of personal data:

Contact Information

Delivery information

Location data

Profile data (master data)

Device information and access data

Order information

Communication data

Payment information

Voucher information

Legal basis:

Art. 6 Para. 1 (f) GDPR, legitimate interest

Our legitimate interest is the purpose described above.

Vouchers

We often offer vouchers for our platforms. The reasons can vary. The purpose
of these vouchers is to reward our loyal customers and to encourage them to
continue to lead our loyal customers. In order to be able to check the
number, the value and the frequency of use of the vouchers, but also to
avoid misuse of these vouchers, we collect various personal data.

Categories of personal data:

Profile data (master data)

Voucher information

Legal basis:

Art. 6 Para. 1 (f) GDPR, legitimate interest

Our legitimate interest is the purpose described above.

WHO WE WORK WITH AND WHERE WE PROCESS YOUR DATA

We never give your data to unauthorized third parties. However, as part of
our work we obtain the services of selected service providers and give them
limited and strictly monitored access to some of our data. However, before
we forward personal data to these partner companies for processing on our
behalf, each individual company undergoes an audit. All data recipients must
meet the legal data protection requirements and prove their data protection
level with appropriate proofs.

Delivery Hero Group

Within a group it is sometimes necessary to use resources effectively. In
this context, we support each other within our Group in optimizing our
processes. In addition, we provide joint content and services. This
includes, for example, the technical support of systems. This is a joint
responsibility within the meaning of Art. 26 GDPR. We are fully responsible
for fulfilling the data protection requirements together with Delivery Hero
SE, Oranienburger Straße 70, 10117 Berlin, [email protected]
Within the framework of joint controllership, both we and Delivery Hero SE
have agreed that both will guarantee your rights equally. For practical
reasons we have decided that we are to you for all data protection-legal
questions at the disposal and in particular your rights in accordance with
Art. 15 to 22 GDPR will guarantee we will guarantee.

Please contact us for this under [email protected]

Service providers

We use different data processors in our daily processing. These process your
personal data in accordance with the requirements of Art. 28 GDPR only
according to our instructions and have no claims whatsoever on these data.
We also monitor our processors and include only those who meet our high
standards. Because we use different data processors and change them from
time to time, it is not appropriate to identify specific recipients of
personal information. However, if you are interested, we will be happy to
disclose the name of the processor(s) in use at that time upon request.

Third parties

In addition to data processors, we also work with third parties, to whom we
also transmit your personal data, but who are not bound by our instructions.
These are, for example, our consultants, lawyers or tax consultants who
receive your data from us on the basis of a contract and process your
personal data for legal reasons or to protect our own interests. We do not
sell or rent your personal data to third parties under any circumstances.
This will never take place without your explicit consent.

Prosecuting authorities and legal proceedings

Unfortunately, it can happen that a few of our customers and service
providers do not behave fairly and want to harm us. In these cases, we are
not only obliged to hand over personal data due to legal obligations, it is
also in our interest to prevent damage and to enforce our claims and to
reject unjustified claims.

SOCIAL MEDIA PAGES

We have profiles on various social media platforms on which we advertise our
products and interact with customers. Since we operate these profiles on
third-party platforms, each time you visit these social media channels the
operators collect different personal data from you.

Responsibilities

We and the respective operators of the social media platforms act as joint
controllers. Where two or more controllers jointly determine the purposes
and means of processing, they shall be joint controllers.

The social media platforms Facebook and Instagram are operated by Facebook
Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland.

We are responsible for all interactions on our own platforms. The operators
of the social media platforms themselves are data controllers for general
interactions and interactions outside our profiles. An exception applies to
the data processing described below for the usage analysis (page insights);
we are jointly responsible with Facebook for this.

The following links will show you exactly which data is collected by the
respective social media operators:

Privacy Policy Facebook

Privacy Policy Instagram

Data processing

For pages, Facebook provides page administrators with statistics and
insights that help them understand the types of actions people take on their
pages (“Page Insights”).

When you visit or interact with a Page or its content, information such as
the following may be collected and used to create Page Insights:

  • Viewing a Page, or a post or video from a Page
  • Following or unfollowing a Page
  • Liking or unliking a Page or post
  • Recommending a Page in a post or comment
  • Commenting on, sharing or reacting to a Page post (including the type of
    reaction)
  • Hiding a Page’s post or reporting it as spam
  • Clicking a link to a Page from another Page on Facebook or from a
    website off Facebook
  • Hovering over a Page’s name or profile picture to see a preview of
    the Page’s content Clicking on the website, phone number, Get
    Directions button or other button on a Page
  • Whether you’re on a computer or mobile device while visiting or
    interacting with a Page or its content

We and Facebook are jointly responsible for the processing of your data for
the provision of page insights. For this purpose, we and Facebook have
agreed in an agreement which and a division of our data protection
obligations according to Art. 26 GDPR shall be agreed.

Your data subject rights

For all data processing on this website, we are solely responsible for
processing your data in accordance with data protection regulations. As part
of our agreement with Facebook, we have determined that Facebook is
primarily responsible for fulfilling its information obligations in
connection with the Page Insight data and for ensuring that you exercise
your rights under the GDPR. For more information about your data subject
rights on Facebook, please see
Facebook’s Page-Insights Privacy Policy.

DATA PROCESSING OUTSIDE THE EU

We process your data mainly within the European Union (EU) and the European
Economic Area (EEA). However, some of our service providers mentioned above
are based outside the EU and the EEA. The GDPR has high requirements for the
transfer of personal data to third countries. All our data receivers have to
measure up to these requirements. Before we transfer your data to a service
provider in third countries, every service provider is first assessed with
regard to its data protection level. Only if they can demonstrate an
adequate level of data protection will they be shortlisted for service
providers.

Regardless of whether our service providers are located within the EU/EEA or
in third countries, each service provider must sign a data processing
agreement with us. Service providers outside the EU/EEA must meet additional
requirements. According to Art. 44 ff. GDPR personal data may be transferred
to service providers that meet at least one of the following requirements:

a. Commission has decided that the third country ensures an adequate level
of protection (e.g. Israel and Canada).

b. Standard data protection clauses have been accepted.Contractual clauses
which cannot be modified by the contracting parties and in which they
undertake to ensure an adequate level of data protection are recognized by
the GDPR as a suitable transfer mechanism.

c. Further appropriate safeguards pursuant to Art. 46 GDPR have been
implemented.: The GDPR also permits data transfers in other situations, e.g.
where a recipient has accepted the terms of binding corporate rules or
approved certification mechanisms, or where a data subject has granted their
consent.

We will only transfer your data to service providers who meet at least one
of these requirements. If we transfer data to third countries, these are
mainly companies based in the USA or Israel.

HOW LONG WE STORE YOUR DATA

We generally delete your data after the purpose has been fulfilled. The
exact deletion rules are defined in our regional deletion concepts.
Different deletion rules apply depending on the purpose of the processing.
Within our deletion concepts we have defined various data classes and
assigned rule deletion periods to them. The data collected is marked with a
deletion rule. When the retention period is met, the stored data will be
deleted accordingly.

We will delete your personal data either if you wish and let us know or if
your account is inactive for three years, we will also delete your account.
Before this happens, you will receive a separate notification from us to the
email address registered in your user account.

In addition to the deletion rules defined by us, there are other legal
retention periods which we must also observe. For example, tax data must be
kept for a period of between six and ten years or even longer in some cases.
These special retention periods vary according to local legal requirements.

Therefore, despite your request for deletion of your data, we may still have
to store some of the stored data due to legal regulations. In this case,
however, we will restrict data from further processing.

Furthermore, we will continue to store your data if we have a right to do so
in accordance with Art. 17 Para. 3 GDPR. This applies in particular if we
need your personal data for the establishment, exercise or defence of legal
claims.

COOKIES AND WEB-TRACKING POLICY

In order for your visit to or use of our service to be attractive and to
allow some features to be used, we use so-called cookies on various pages.
Cookies are small text files that are stored on your device. Some of the
cookies we use are deleted after the end of your browser session, i.e. after
you close the browser (session cookies). Other cookies remain in your
browser and allow us to recognize your browser on your next visit
(persistent cookies). You can configure your browser to know how to set
cookies and decide individually whether or not to accept them for specific
occasions or in general. Not accepting cookies may limit the functionality
of our site.

We classify the cookies we use into three categories:

● Required: They are required to navigate our service, and in order to use
the features provided. Without the use of such cookies, proper functioning
of our site is not guaranteed. You cannot opt out of these cookies.

● Functional: They store your information to fulfill important, if not
strictly necessary functions. For example they enable you to automatically
log in next time you visit us, allow us to continuously improve the services
we offer by collecting and analyzing data on website traffic, or help you
find exactly what you are looking for.

● Personalization and advertising cookies: They are used to create
personalized content, tailor-made for you, to give you the best possible
online experience. They are also used to deliver to you personalized online
advertisements for our services, targeted to your specific interests.
Effectively, they can be used to send ads and bids or to measure the
effectiveness of our ad campaigns. This category also includes cookies
transmitting pseudonymous data to our ad partners.

Similar technologies

Cookies are not the only way to identify or track individuals online. There
are similar technologies, like web beacons (sometimes called “tracking
pixels”, “pixel tags” or “clear gifs”). These are
tiny graphics files that contain a unique identifier that enable us to
recognize when someone has visited our service. This allows us, for example,
to monitor the traffic patterns of users from one page within our service to
another, to deliver or communicate with cookies, to understand whether you
have come to our service from an online advertisement displayed on a
third-party website, to improve performance. In many instances, these
technologies are reliant on cookies to function properly, and so declining
cookies will impair their functioning.

For mobile applications, we also use software development kits (SDKs). SDKs
are part of the built-in code of our mobile applications and function in a
way similar to cookies: They collect certain information about your device
or the interaction with our service, e.g. adding a certain meal to your
order cart before submitting the order to the restaurant.

Third parties

Through cookies and other web-tracking technologies we also communicate
limited device information such as your IP address, device ID, MAC address,
Apple Advertiser ID (IDFA) or Android Ad ID (AAID) to our partners (Google
Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland operates the
Google Ads network, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal
Harbour, Dublin 2, Ireland delivers advertisements on Facebook and
Instagram). If you opt out of cookies and other web-tracking technologies,
this will also stop any sharing of device information with any recipients.

Opting out of cookies and web-tracking

If you do not want us to collect and analyze information about your visit to
or use of the service, you can opt out at any time. You can do so by
configuring your browser to delete all cookies and rejecting them in the
future. You can also use our cookie and web-tracking preference manager.
There, you can select which category of cookies and web-tracking
technologies you would rather like to have deactivated. However, please note
that you cannot opt out of required cookies and similar technologies.

To implement your opt-out, an exception cookie will be set in your browser
(to remember your preference). This cookie is solely intended to map your
objection. Please note that for technical reasons the opt-out cookie can
only be used for the specific browser from which it is set. If you delete
cookies or use a different browser or device, you will need to repeat this
process.