1. General
Delivery Hero SE ("Delivery Hero") is pleased about your visit to the website at www.deliveryhero.com as well as your interest in the company and its business. We take the protection of your personal data seriously and we want you to feel comfortable visiting our website.
In the following, we will inform you which data we store about you when you use our website and how this data is used.
Please take enough time to carefully read this note.
2. Data Controller
Controller is the party responsible for the processing of your personal data and deciding on the purposes and means of the processing of your personal data on the website.
On the website, the data controller is:
Delivery Hero SE
Oranienburger Straße 70
10117 Berlin
Deutschland
E-Mail: [email protected]
Our data protection officer can be reached at the aforementioned address or by email to [email protected]
3. Your Legal Rights
Under the EU General Data Protection Regulation (GDPR), you have the following rights:
- Right to access to, and a copy of, your personal data
- Right to rectification
- Right to erasure
- Right to restriction of processing
- Right to object, on the grounds relating to your particular situation, or against any processing for the purpose of direct marketing
- Right to data portability (regarding data we process on the basis of your consent or a valid legal contract with you)
- Right to lodge a complaint to a supervisory authority about the processing of your personal data by us. You are free to lodge the complaint with a supervisory authority at the place of your habitual residence in the EU or place of the alleged infringement.
In cases of cross-border data processing, the responsible lead supervisory authority for Delivery Hero is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin
If you would like to exercise your rights as a data subject, please do not hesitate to contact us under the contact information provided above.
4. Purposes and Legal Basis of Our Processing Activities; Retention Periods
In order to be able to interact with you, we also have to collect, process, store and share certain personal data with contract processors. Below you can see which of your data we need for which purposes and on which legal basis we process them, as well as under which circumstances we share your data with third parties.
Personal data is information from which we can directly or indirectly relate to your person, such as first and last name, address, phone number, date of birth, location data or e-mail address.
Contact form "Deliveryhero.com"
We will store the personal data (name, e-mail address) you provide to us for contacting you and we will contact you as requested.
This processing is based on our legitimate interest in accordance with Art. 6 (1) f) GDPR to be able to contact you immediately and process your request. We will store the personal data you have transmitted for one year and then delete it unless legal retention periods arise from the processing.
Careers Platform and Job Applications
If you would like to learn more about privacy and data protection in the context of our recruiting activities, please access our Candidate Privacy Statement.
Contact form „ir.deliveryhero.com“
If you would like to contact us via the contact form under the "Investor Relations" tab, we will use the personal data you have provided to us for contacting you (mandatory fields: Name, first name; optional: telephone number, address, e-mail address, country) and contact you as requested. This contact form is technically administered by our data processor EQS Group AG and incorporated into our website.
This processing is based on our legitimate interest in accordance with Art. 6 (1) f) GDPR to be able to contact you immediately and process your request. We will store the personal data you have transmitted for one year and then delete it unless legal retention periods arise from the processing.
Analysis of the use of our website
We are always striving to customize our website according to the wishes of the website users. In order to achieve this, we evaluate the use of our website in pseudonymous form. We record the name of the website accessed, the date and time of access, the browser type used and your IP address. This data is only processed for statistical purposes to optimize our website presence and to operate the website.
This processing is based on our legitimate interest under Art. 6 (1) f) GDPR to provide you with a functional and demand-driven website. We will keep your personal data for seven days and then anonymize this information by deleting any personally identifiable content of the information collected, such as your IP address.
For this purpose we also use cookies that we will not drop on your device without consent. If you would like to learn more about cookies and web-tracking on this website, please refer to our Cookies Policy.
Protection against attacks and other unlawful access attempts
In order to protect you and ourselves from possible attacks by third parties and to ensure secure access to our website, we collect the name of the website accessed, the date and time of access, the type of browser used and your IP address in access logs.
This processing is based on our legitimate interest according to Art. 6 (1) f) GDPR to provide you with a secure website and to protect us both preventively and in the event of an attack to immediately take appropriate measures. We will store the personal data transmitted by you for seven days and then anonymise this information by deleting any personally identifiable content of the information collected, such as your IP address.
Share register
Delivery Hero shares are registered shares. In the case of registered shares, Section 67 of the German Stock Corporation Act (AktG) stipulates that these must be entered in the company's share register, stating the name, date of birth and address of the shareholder as well as the number of shares or the share number and, in the case of par value shares, the amount.
The shareholder is generally obliged to provide the Company with this information. In addition, we process personal data that you provide to us when registering for the Annual General Meeting or voting by postal vote, as well as when ordering tickets and/or granting powers of attorney. We use your personal data for the purposes specified in the German Stock Corporation Act. These purposes include, in particular, keeping the share register, communicating with you as a shareholder and conducting the Annual General Meeting.
The legal basis for the processing of your personal data is the German Stock Corporation Act in conjunction with Art. 6 (1) c) GDPR. In addition, we may process your personal data to fulfill other legal obligations, such as regulatory requirements, stock corporation, commercial and tax retention obligations. In order to comply with provisions of German Stock Corporation Act, we must, for example, when authorizing the proxies nominated by the Company for the Annual General Meeting, keep verifiable records of the data that serves as proof of authorization and store them for three years protected from unauthorized access (Section 134 (3) sentence 5 of the German Stock Corporation Act). We will store the data collected and stored in this context in accordance with the statutory retention periods and then destroy them.
5. Categories of Recipients and Recipients of Your Personal Data
We make use of the professional services of data processors. These are natural or legal persons, authorities, institutions or other bodies that process personal data on behalf of the data controller. As the selection of our processors may change from time to time, we provide an overview of the categories of potential recipients below.
If you wish to receive a complete list of our processors at the time of processing your personal data, please contact our data protection officer at [email protected]
External service providers:
These are companies that support our business by evaluating and optimizing our marketing campaigns, but also by providing personalized advertising, IT solutions and infrastructure, or by ensuring the security of our business operations, for example by detecting and resolving malfunctions and identifying attempted attacks. Regarding relevant information on investor relations, our processor EQS Group AG is commissioned to carry out the necessary processing on our behalf. Furthermore, Link Market Service GmbH is responsible for the technical and organizational structure of Delivery Hero's share registers and processes information in the context of the Annual General Meeting.
Affiliated companies:
If the content of your contact request refers to information from affiliated companies of Delivery Hero, we will forward the content of your contact request to the respective addresses.
Law enforcement agencies and legal proceedings:
Unfortunately, it can happen that visitors to our website do not behave according to the rules and want to harm us. In these cases, we are not only legally obliged to disclose personal data, it is of course also in our interest to avert damage, enforce our claims and reject unjustified claims.
6. International Data Transfers
We process your data mainly within the European Union (EU) and the European Economic Area (EEA). However, some of our service providers mentioned above are based outside the EEA in so-called “third countries”. The GDPR has high requirements for the transfer of personal data to third countries. All our data recipients have to measure up to these requirements. Before we transfer your data to a service provider in a third country, every service provider is first assessed with regard to its data protection level. They will only be chosen if they can demonstrate an adequate level of data protection even outside the territory of the EEA. In any case, regardless of whether our service providers are located within the EEA or in third countries, each service provider must sign a data processing agreement with us. Service providers outside the EEA must meet additional requirements. According to Art. 44 ff. GDPR personal data may be transferred to service providers meeting at least one of the following requirements:
- The European Commission has decided that the third country ensures an adequate level of protection (e.g. Israel and Canada).
- Standard contractual clauses have been incorporated into our contract with the data recipient (including any supplementary measures, if required).
- Further appropriate safeguards in accordance with Art. 46 GDPR have been provided (for example Binding Corporate Rules).