Dear Customer,

We are pleased that you are interested in data protection. We would like to give you an easily understandable overview of our data protection process.

Our goal is to provide you with an amazing customer experience that also means that you can always trust us, that we are always transparent and honest to you. Your trust in our product is the reason why we can provide you with an amazing customer experience. We would like to thank you for this cooperation.

WHO WE ARE

We are foodora AB, but usually we just use the name foodora. You can always contact us via the following ways:

foodora AB Ringvägen 100 118 69 Stockholm Sverige

While visiting our website, using our app and platform, registering as a user or placing orders, you agree to this privacy policy.

As data controller, we determine how we process your personal data, for what purposes and by what means. While we are required by law to provide you with all of the following information, we do so primarily out of the belief that a partnership should always be honest.

As data controller we are responsible that all our processing activities are in accordance with legal requirements but also you may reasonably expect these processing of your personal data (link to “legitimate interests”).

If you have any questions about data protection at foodora, you can also contact our data protection officer at any time by sending an email to [email protected].

We have a global Corporate Privacy Officer as we are also a member of the large and fascinating family of the Delivery Hero Group.

As a family, we make certain decisions together. Both our parent company, Delivery Hero SE, Oranienburger Straße 70, 10117 Berlin and we jointly decide which means we will use to process your personal data and which purposes we consider to be appropriate.

We will continue to be your point of contact if you have any questions about data protection.

PRIVACY IS YOUR RIGHT AND YOU HAVE THE CHOICE

As a customer you have the choice which information you would like to share with us. Of course, we need some information for the fulfillment of our contract. However, this does not always require all the data which you can make available to us.

You can take the following steps to disclose less information about yourself:

Cookies: You can install additional add-ons in your browser that block unnecessary cookies. By doing so, you will not see any interest-based advertisements.

Advertising: If you do not want to receive newsletters from us, you can unsubscribe at any time. In this case, we will not be able to send you any cool offers.

No data sharing: If you do not want to share any information with us at all, that’s a shame. In this case we cannot convince you how great our products are.

YOU CAN ALSO MAKE USE OF THE FOLLOWING RIGHTS AT ANY TIME

Right to access

You have the right to be informed which data we store about you and how we process this data.

Right to rectification

If you notice that stored data is incorrect, you can always ask us to correct it.

Right to erasure

You can ask us at any time to delete the data we have stored about you.

Right to restriction of processing

If you do not wish to delete your data, but do not want us to process it further, you can ask us to restrict the processing of your personal data. In this case, we will archive your data and only reintegrate it into our operative systems if you so wish. However, during this time you will not be able to use our services, otherwise we will process your data again.

Right to data portability

You can ask us to transmit the data stored about you in a machine-readable format to you or to another responsible person. In this context, we will make the data available to you in JSON format.

Right to object to the processing of your data

You can revoke your consent at any time or object to the further processing of your data. This also includes objecting to our processing, which we process without your consent but based on our legitimate interest. This applies, for example, to direct marketing. You can object to receiving further newsletters at any time. If you do not agree with one of our processing purposes based on our legitimate interest or wish to object to it, you may object to the processing at any time on grounds relating to his or her particular situation. Please write an email to [email protected]. In this case we will review the processing activity again and either stop processing your data for this purpose or explain to you our reasons worth protecting and why we will continue with the processing.

Automated decision making

We also process your personal data in the context of algorithms in order to simplify our processes. Of course, you have the right not to be subject to decisions based solely on automated processing. If you believe that we have denied your access in an unjustified way, you can always contact us at [email protected]. In this case, we will examine the case separately and decide on a case-by-case basis.

Right of complaint

If you believe that we have done something wrong with your personal data or your rights, you can complain to the appropriate supervisory authority at any time.

The supervisory authority responsible for us is:

Datainspektionen

Phone: 08-657 61 00

E-mail:[email protected]

To exercise your rights, you can contact [email protected] at any time.

WHAT DATA WE PROCESS

In the following description of our processing activities, we refer in each case to categories of personal data. A category includes several personal data, which are usually processed together for the purposes.

Personal data is information that can identify you or even make you identifiable.

We generally process the following categories of personal data for the following reasons:

Contact Information:

Name, address, telephone number, email address, your ID from any social media (if applicable).

Reason:

If you contact us, we collect this data because we need to know who we are talking to and what we have been talking about so that we can help you with your reason for contacting us. This also applies if you leave comments on social media on our fan pages. We do not combine this data with your profile data on our platform, but we can still identify you by your social media ID.

Location data:

Address, Postcode, City, Country, Longitude, Latitude

Reason:

We need these data to be able to deliver your orders. We create the longitude and latitude automatically in order to be able to process your delivery address in our other linked systems, such as our Rider app, and to display your address to our riders or riders of restaurants or shops.

Profile data (master data):

Name, email address, password, telephone number, delivery addresses, interests, demographic data (age, delivery address)

Reason:

This data is your master data, which we absolutely need for our services. Without an email address / telephone number and a password, you cannot create a profile. Together with your name, this is your master data. We need your age to ensure that you are not a minor.

Device information and access data:

Device ID, device identification, operating system and corresponding version, time of access, configuration settings, information on Internet connection (IP address)

Reason:

With each access this information is stored by us for technical reasons. We also use parts of this information to detect suspicious behavior at an early stage and to avert damage.

Order information:

Order history, selected restaurants or shops, invoices, order ID, comments on orders, information on payment method, delivery address, successful orders and cancelled orders

Reason:

Each time you place an order, this information will be added to your profile. You can view all this information in your profile at any time. The information should give you an overview of your own interests and previous orders. We will also use the same information to improve our services. In addition, we will anonymize this information when you request a deletion or when your profile becomes inactive in order to continue to use this information in an anonymized form to optimize our services.

Communication data:

Name, email address, telephone number, device ID

Reason:

If you would like to receive a newsletter, an SMS or an in-app push notification from us, we need certain information to send you the messages. Instead of addressing you with “Hey You”, we find it more customer friendly to address you with your name. This category of personal information is also used by us to contact you, for example, if a product cannot be delivered and we want to offer you an alternative instead. Similarly, to make the online ads you may see from us more relevant, we may use this data.

Payment information:

Payment method, pseudonymized credit card information

Reason:

We need this information to track your payments and assign them to the orders you have placed.

Delivery information:

Name, delivery address, phone number, order ID

Reason:

In accordance with the principle of data minimization, we only provide our riders and partners with the information that they need from you to prepare and deliver your order.

FOR WHICH PURPOSES WE PROCESS DATA

We process your personal data only in accordance with the strict legal requirements. We pay particular attention to the fact that all principles for the processing of personal data are taken into account. The Delivery Hero Group pays great attention to transparency. Therefore, we only process your data if this is lawful and you can reasonably expect it to be processed. If, in the course of our evaluation, we come to the conclusion that the processing cannot reasonably be expected, we will only carry out the processing with your express consent.

Account creation, SSO registration, administration of your profile

In order to be able to offer you our services, the processing of your personal data is essential. Much of this data you transmit to us and other parts of the data we collect automatically when using our platforms. Nevertheless, we endeavor to keep the amount of data as small as possible. You can help us by only sharing necessary data with us that we need to fulfill our contractual obligations.

Account creation When creating a customer account, you will be asked to enter your master data. This is absolutely necessary, as we cannot create a customer profile without this data. Your email address and telephone number are particularly important, as we can use this information to identify you in our system the next time you want to log in again. Furthermore, we would like to ask you to choose your password carefully. Do not use the same password on multiple websites. Your password should also be at least 12 characters long, at least one lowercase letter, one uppercase letter, one special character (!?#,%& etc.) and one digit. Please do not share neither your password nor your email address with anyone else.

Categories of personal data:

Profile data (master data)

Device information and access data

Legal basis:

Art. 6 Para. 1 (b) GDPR, performance of contract

Login

If you already have an existing customer account, you will need to enter your email address and password to log in. If we detect irregularities during registration, such as entering the wrong password several times, we will take appropriate measures to prevent damage to you and us.

Categories of personal data:

Profile data (master data)

Legal basis:

Art. 6 Para. 1 (b) GDPR, fulfilment of contract for registration;

Art. 6 Para. 1 (f) GDPR, for the security measures

Single-Sign-On Facebook

If you have a Facebook profile, you can register on our website to create a customer account or to register using the social plugin “Facebook Connect” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”), within the framework of the so-called Single Sign On technology. You can recognize the social plugins of “Facebook Connect” on our website by the blue button with the Facebook logo and the inscription “Log in with Facebook” or “Connect with Facebook” or “Log in with Facebook” or “Sign in with Facebook”.

If you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has called up the corresponding page of our website, even if you do not have a Facebook profile or are not logged on to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there. These data processing operations are carried out in accordance with Art. 6 Para. 1 (f) GDPR on the basis of Facebook’s legitimate interest in the display of personalised advertising on the basis of surfing behaviour.

By using this “Facebook Connect” button on our website, you can also log in or register on our website using your Facebook user data. Only if you give your express consent in accordance with Art. 6 Para. 1 (a) GDPR prior to the registration process on the basis of a corresponding note on the exchange of data with Facebook, will we receive the general and publicly accessible information stored in your profile when using the Facebook “Facebook Connect” button on Facebook, depending on your personal data protection settings on Facebook. This information includes user ID, name, profile picture, age and gender.

We would like to point out that after changes have been made to Facebook’s data protection conditions and terms of use, your profile pictures, the user IDs of your friends and the friends list may also be transferred if they have been marked as “public” in your Facebook privacy settings. The data transmitted by Facebook is stored and processed by us for the creation of a user account with the necessary data, if this has been released by you on Facebook (title, first name, surname, address data, country, e-mail address, date of birth). Conversely, we can transfer data (e.g. information on your surfing behaviour) to your Facebook profile on the basis of your consent. The consent given can be revoked at any time by sending a message to us. Facebook Inc. adheres to the Standard Contractual Clauses to ensure an adequate level of protection for personal data can always be ensured.

Google

If you have an account with Google, you can use this account to log in to our service. Google accounts for European users are provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google Ireland”), a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 (“Google”).

By using the “Continue with Google” button on our website, you can log in or register on our website using your Google user data. Only if you give your express consent in accordance with Art. 6 Para. 1 (a) GDPR prior to the registration process on the basis of a corresponding note on the exchange of data with Google, will we receive your Google user ID, user name and email address. We will never receive your Google password and cannot log in to your Google account. You can learn more about data sharing with Google when logging in to our service with Google by reviewing Google’s explanations here: https://support.google.com/accounts/answer/112802.

The data transmitted by Google is stored and processed by us solely for the creation of a user account with the necessary data. Google adheres to the Standard Contractual Clauses to ensure an adequate level of protection for personal data can always be provided.

Categories of personal data:

Profile data (master data)

Contact Information

Facebook profile information

Google profile information

Legal basis:

Art. 6 Para. 1 (a) GDPR, Consent

Managing your profile

You can log in to your profile at any time and change your personal data, such as name, email address or telephone number. You can also view your previous orders.

Categories of personal data:

Profile data, location data

Order information

Device information and access data

Order information

Communication data

Payment information

Legal basis:

Art. 6 Para. 1 (b) GDPR, performance of contract

Order processing

Ordering from a restaurant

Once you have successfully registered and decided to place your order, we will store this information in your profile and process it in further processes so that you can submit your order to us. When you submit your order, your personal data is transferred to our backend where it is transferred to other systems for further processing.

Categories of personal data:

Contact Information

Location data

Device information and access data

Legal basis:

Art. 6 Para. 1 (b) GDPR, fulfilment of contract

Buffering

After you have logged in to your profile and made your selection, the products will be saved in your profile. If you accidentally close your browser or app, you can continue to the last point of your order. The last information is stored in a cookie.

Categories of personal data:

Profile data (master data)

Device information and access data

Order information

Legal basis:

Art. 6 Para. 1 (f) GDPR, legitimate interest

The legitimate interest is to provide you with a better ordering experience where you can conveniently continue your order with browsers or apps that are accidentally closed.

Delivery

Once you have successfully placed your order, a number of processes are running in the background to ensure that your order is delivered quickly. The following processing activities describe how and why your data is processed for the respective purposes.

Transfer to riders and partners We use different riders for delivery. These can be permanent employees, freelancers or third parties who provide us with riders on the basis of a data processing agreement when we deliver our orders. In all these cases we send your personal data to the riders so that they can deliver your order quickly.

Categories of personal data:

Delivery information to Market Place Partners (own delivery of partner)

Name, address, phone number to own riders

Legal basis:

Art. 6 Para. 1 (b) GDPR, performance of contract

Calls from riders or partners

If a product of your choice is not available for delivery or our riders cannot reach you at the delivery address you provided, they have received instructions from us to call you so that the problem can be solved easily.

Categories of personal data:

Delivery information

Legal basis:

Art. 6 Para. 1 (b) GDPR, contract performance on call by the rider

Art. 6 Para. 1 (f) GDPR, legitimate interest when called by the partner. The partner have no claim whatsoever to your personal data and under no circumstances may they use it for their own purposes. If you should nevertheless be contacted by a partner without your prior consent, we ask you to report this to us by e-mail to [email protected].

Saved payment methods

In order to make the ordering process even more convenient for you, we offer to save your preferred payment method. This means that you don’t have to enter your payment details again the next time you place an order. The storage of this data requires your prior consent. You can save your payment data by clicking on the consent field. You can revoke your consent for the future at any time by deactivating the consent field again or by informing us of this by e-mail to [email protected].

Categories of personal data:

Payment data

Legal basis:

Art. 6 Para. 1 (a) GDPR, consent

Advertising and marketing

DIRECT MARKETING

Newsletter

If you have created an account on our platform and provided us with your email address, we reserve the right to send you newsletters and offers from our platform.

If you have provided us with your email address when purchasing goods or services or we reserve the right to send you regular offers of similar goods or services to those already purchased from our range by email.

Not only do the contents of our newsletters vary, but so do the technologies and criteria we use to design our newsletters and segment customer groups. For example, a group of customers may receive a special newsletter promoting special deals from restaurants and shops where customers have ordered. Other newsletters may refer to specific products or to orders that relate to a particular flavor, such as sushi, Indian delicacies or pizza. We use different information from your order history and delivery addresses. This is a profiling process in which we automatically process your data. The specific customer segmentation can have a legal effect on you or can have a significant effect on you in other ways if you receive certain newsletters and are not included in other campaigns.

If automated decision making leads to a negative result for you and you do not agree with this, you can contact us at [email protected]. In this case, we will individually assess the circumstances of your case.

Categories of personal data:

Contact Information

Location data

Order information

Legal basis:

Data processing in this respect takes place solely on the basis of our legitimate interest in personalized direct advertising pursuant to Art. 6 Para. 1 lit. f GDPR. If you have initially objected to the use of your email address for this purpose, we will not send you an email for marketing purposes. You are entitled to object to the use of your email address for the aforementioned advertising purposes at any time with effect for the future by notifying the person responsible named at the beginning. Upon receipt of your objection, the use of your email address for advertising purposes will be discontinued immediately.

NPS

We are constantly striving to improve our services. Your constructive feedback is very important to us. Therefore we will occasionally send you customer surveys and ask you to give us your opinion. If you do not wish to receive customer surveys, you can unsubscribe at any time. For any customer survey request you can click “unsubscribe” below and we will not contact you again.

Categories of personal data:

Communication data

Legal basis:

Art. 6 Para. 1 (f) GDPR, legitimate interest.

Our legitimate interest is the purpose described above.

App

We have a strong interest in informing you about new partners or deals when using our app. We are always working to give you an amazing customer experience. To achieve this, we negotiate very good deals for you with our restaurant partners. To inform you about these deals, we send you in our Apps in-app-notification or push-notification. It is imperative that you have activated this in your end devices.

Categories of personal data:

Location data

Profile data (master data)

Order information

Legal basis:

If processing takes place with your consent, the legal basis is Art. 6 Para. 1 (a) GDPR, namely your consent. Otherwise, the processing is based on our legitimate interest pursuant to Art. 6 Para. 1 (f) GDPR. Our legitimate interest lies in the aforementioned purpose.

SMS

Besides other means we continue to use SMS to inform you about new deals in your area. You will only receive an SMS from us if you have given your consent. You can revoke your consent at any time for the future. Please send us an e-mail to [email protected]. The registration as well as the cancellation is free of charge for you.

Categories of personal data:

Contact Information

Order information

Legal basis:

Art. 6 Para. 1 (a) GDPR, consent

Online marketing

Our service is based to a large extent on convincing potential customers that we offer an amazing customer experience and that every visit to our platform is worthwhile. In order to reach as many potential customers as possible, we are very active in the field of online marketing. It is just as important to win the trust of potential customers and to strengthen the trust of our existing customers. Therefore, we would like to present to you our processes as transparently as possible.

Targeting

In principle, targeting means the switching and fading in of advertising banners on websites that are tailored to specific target groups. The aim is to display the most attractive banners as individually as possible for the user and potential customer. Firstly, we define a target group and secondly, we commission our service providers to show our advertising to the defined target group. We do not process any personal data, as these are initially made anonymous. To better define the target group, we segment customer types and place different ads on different portals.

Retargeting

As soon as you have visited our website and, for example, have already placed an order in your shopping cart, we store this information in cookies. If you continue to surf other websites, our advertising partners will remind you on our behalf that you have not yet completed your order. We don’t want you to miss out on our amazing customer experience. You can disable retargeting by installing appropriate add-ons for your browser. Furthermore, you can and should also regularly delete the cookies stored in the browser you are using.

Categories of personal data:

Contact Information

Legal basis:

Art. 6 Para. 1 (f) GDPR, legitimate interest.

Our legitimate interest is the purpose described above.

Cookies

In order to make the visit of our website/app attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your device and allow us or our affiliate to recognize your browser on your next visit (persistent cookies). You can set your browser so that you are informed about the setting of cookies and individually decide on their acceptance or exclude the acceptance of cookies for specific cases or in general. Failure to accept cookies may limit the functionality of our website/app.

Legal basis:

If processing takes place with your consent, the legal basis is Art. 6 Para. 1 (a) GDPR, namely your consent. Otherwise, the processing is based on our legitimate interest pursuant to Art. 6 Para. 1 (f) GDPR. Our legitimate interest lies in the aforementioned purpose.

You can find our cookie policy with all the cookies we use at the bottom of this Privacy Policy.

Bonus programs

We want to reward our customers’ loyalty with attractive deals and points. For this reason, we offer our customers the opportunity to participate in such bonus programs. Participation in a bonus program requires consent. You can revoke your consent at any time for the future. Please send us an email to [email protected] for this purpose.

Categories of personal data:

Contact Information

Legal basis:

Art. 6 Para. 1 (a) GDPR, Consent

Sweepstakes

The participation in the lottery requires your consent. If you have already given your consent and would like to revoke it for the future, you can do so at any time by sending an email to [email protected]. In this case, we will exclude you from participating in our sweepstakes and you will not receive any further invitations to sweepstakes.

Categories of personal data:

Contact Information

Legal basis:

Art. 6 Para. 1 (a) GDPR, Consent

User Experience Surveys

We always develop new products and try to adapt our services to the wishes of our customers. In order to measure the effectiveness of these changes, we regularly offer interviews with our User Experience team. In these interviews we record your usage behavior and ask you for possible optimization possibilities. Participation in the interviews requires your consent. If you have already given your consent and would like to revoke it for the future, you can do so at any time by sending an email to [email protected]. In this case we will exclude you from participating in our interviews and you will not receive any further invitations for them.

Categories of personal data:

Contact Information

Order information

Legal basis:

Art. 6 Para. 1 (a) GDPR, Consent

CUSTOMER RELATIONSHIP MANAGEMENT

Your requests

Your satisfaction is our biggest goal. Therefore we are very keen to be available for all your questions and to answer them. In order to be able to answer these questions and understand the overall problem, we store the conversation content in our Customer Relationship Management System when you contact us. The content of the information we store depends on the information you provide to us as part of our communications.

Categories of personal data:

Contact information

Order information

Legal basis:

Art. 6 Para. 1 (b) GDPR, performance of contract

Call Center

If you contact us by phone, we store the conversation with your consent for quality assurance purposes. In individual cases, we also use the recordings for Quality improvement in customer service, i.e. for training purposes (coaching) with our employees. The content of the information we store depends on the information you provide to us as part of our communications. The stored telephone calls are deleted after 90 days at the latest or if the purpose of the storage, i.e. the quality check, is fulfilled earlier.

Categories of personal data:

Contact information

Order information

Legal basis:

Art. 6 Para. 1 (a) GDPR, Consent

Fraud prevention and security of our platform

Fraud detection and prevention

In order to protect our customers and our platform from possible attacks, we continuously monitor the activities on our website for all visitors. To this end, we use various technical measures to ensure that suspicious behavior patterns are detected at an early stage and prevented in good time. To achieve this goal, several monitoring mechanisms run in parallel and prevent potential attackers from accessing our website at all.

The decision-making process is automated and can have a legal effect on the person concerned or affect them in a similar way. If automated decision making leads to a negative result for you and you do not agree with this, you can contact us at [email protected]. In this case, we will individually assess the circumstances of your case.

Categories of personal data:

Device information and access data

Contact information

Payment information

Order information

Voucher information

Legal basis:

Art. 6 Para. 1 (a) GDPR, Consent

Mergers & acquisitions, change of ownership

We would also like to inform you that in the event of a merger with or acquisition by another company, we will disclose information to that company. Of course, we will require the company to comply with the legal data protection regulations.

Categories of personal data:

Contact Information

Delivery information

Location data

Profile data (master data)

Device information and access data

Order information

Communication data

Payment information

Voucher information

Legal basis:

Art. 6 Para. 1 (f) GDPR, legitimate interest

Our legitimate interest is the purpose described above.

Vouchers

We often offer vouchers for our platforms. The reasons can vary. The purpose of these vouchers is to reward our loyal customers and to encourage them to continue to lead our loyal customers. In order to be able to check the number, the value and the frequency of use of the vouchers, but also to avoid misuse of these vouchers, we collect various personal data.

Categories of personal data:

Profile data (master data)

Voucher information

Legal basis:

Art. 6 Para. 1 (f) GDPR, legitimate interest

Our legitimate interest is the purpose described above.

WHO WE WORK WITH AND WHERE WE PROCESS YOUR DATA

We never give your data to unauthorized third parties. However, as part of our work we obtain the services of selected service providers and give them limited and strictly monitored access to some of our data. However, before we forward personal data to these partner companies for processing on our behalf, each individual company undergoes an audit. All data recipients must meet the legal data protection requirements and prove their data protection level with appropriate proofs.

Delivery Hero Group

Within a group it is sometimes necessary to use resources effectively. In this context, we support each other within our Group in optimizing our processes. In addition, we provide joint content and services. This includes, for example, the technical support of systems. This is a joint responsibility within the meaning of Art. 26 GDPR. We are fully responsible for fulfilling the data protection requirements together with Delivery Hero SE, Oranienburger Straße 70, 10117 Berlin, [email protected]. Within the framework of joint controllership, both we and Delivery Hero SE have agreed that both will guarantee your rights equally. For practical reasons we have decided that we are to you for all data protection-legal questions at the disposal and in particular your rights in accordance with Art. 15 to 22 GDPR will guarantee we will guarantee.

Please contact us for this under [email protected]

Service providers

We use different data processors in our daily processing. These process your personal data in accordance with the requirements of Art. 28 GDPR only according to our instructions and have no claims whatsoever on these data. We also monitor our processors and include only those who meet our high standards. Because we use different data processors and change them from time to time, it is not appropriate to identify specific recipients of personal information. However, if you are interested, we will be happy to disclose the name of the processor(s) in use at that time upon request.

Third parties In addition to data processors, we also work with third parties, to whom we also transmit your personal data, but who are not bound by our instructions. These are, for example, our consultants, lawyers or tax consultants who receive your data from us on the basis of a contract and process your personal data for legal reasons or to protect our own interests. We do not sell or rent your personal data to third parties under any circumstances. This will never take place without your explicit consent.

Prosecuting authorities and legal proceedings Unfortunately, it can happen that a few of our customers and service providers do not behave fairly and want to harm us. In these cases, we are not only obliged to hand over personal data due to legal obligations, it is also in our interest to prevent damage and to enforce our claims and to reject unjustified claims.

SOCIAL MEDIA PAGES

We have profiles on various social media platforms on which we advertise our products and interact with customers. Since we operate these profiles on third-party platforms, each time you visit these social media channels the operators collect different personal data from you.

Responsibilities

We and the respective operators of the social media platforms act as joint controllers. Where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers.

The social media platforms Facebook and Instagram are operated by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland.

We are responsible for all interactions on our own platforms. The operators of the social media platforms themselves are data controllers for general interactions and interactions outside our profiles. An exception applies to the data processing described below for the usage analysis (page insights); we are jointly responsible with Facebook for this.

The following links will show you exactly which data is collected by the respective social media operators:

Privacy Policy Facebook

Privacy Policy Instagram

Data processing

For pages, Facebook provides page administrators with statistics and insights that help them understand the types of actions people take on their pages (“Page Insights”).

When you visit or interact with a Page or its content, information such as the following may be collected and used to create Page Insights:

● Viewing a Page, or a post or video from a Page
● Following or unfollowing a Page
● Liking or unliking a Page or post
● Recommending a Page in a post or comment
● Commenting on, sharing or reacting to a Page post (including the type of reaction)
● Hiding a Page’s post or reporting it as spam
● Clicking a link to a Page from another Page on Facebook or from a website off Facebook
● Hovering over a Page’s name or profile picture to see a preview of the Page’s content Clicking on the website, phone number, Get Directions button or other button on a Page
● Whether you’re on a computer or mobile device while visiting or interacting with a Page or its content

We and Facebook are jointly responsible for the processing of your data for the provision of page insights. For this purpose, we and Facebook have agreed in an agreement which and a division of our data protection obligations according to Art. 26 GDPR shall be agreed.

Your data subject rights

For all data processing on this website, we are solely responsible for processing your data in accordance with data protection regulations. As part of our agreement with Facebook, we have determined that Facebook is primarily responsible for fulfilling its information obligations in connection with the Page Insight data and for ensuring that you exercise your rights under the GDPR. For more information about your data subject rights on Facebook, please see Facebook’s Page-Insights Privacy Policy.

DATA PROCESSING OUTSIDE THE EU

We process your data mainly within the European Union (EU) and the European Economic Area (EEA). However, some of our service providers mentioned above are based outside the EU and the EEA. The GDPR has high requirements for the transfer of personal data to third countries. All our data receivers have to measure up to these requirements. Before we transfer your data to a service provider in third countries, every service provider is first assessed with regard to its data protection level. Only if they can demonstrate an adequate level of data protection will they be shortlisted for service providers.

Regardless of whether our service providers are located within the EU/EEA or in third countries, each service provider must sign a data processing agreement with us. Service providers outside the EU/EEA must meet additional requirements. According to Art. 44 ff. GDPR personal data may be transferred to service providers that meet at least one of the following requirements:

a. Commission has decided that the third country ensures an adequate level of protection (e.g. Israel and Canada).

b. Standard data protection clauses have been accepted. Contractual clauses which cannot be modified by the contracting parties and in which they undertake to ensure an adequate level of data protection are recognized by the GDPR as a suitable transfer mechanism.

c. Further appropriate safeguards pursuant to Art. 46 GDPR have been implemented.: The GDPR also permits data transfers in other situations, e.g. where a recipient has accepted the terms of binding corporate rules or approved certification mechanisms, or where a data subject has granted their consent.

We will only transfer your data to service providers who meet at least one of these requirements. If we transfer data to third countries, these are mainly companies based in the USA or Israel.

HOW LONG WE STORE YOUR DATA

We generally delete your data after the purpose has been fulfilled. The exact deletion rules are defined in our regional deletion concepts. Different deletion rules apply depending on the purpose of the processing. Within our deletion concepts we have defined various data classes and assigned rule deletion periods to them. The data collected is marked with a deletion rule. When the retention period is met, the stored data will be deleted accordingly.

We will delete your personal data either if you wish and let us know or if your account is inactive for three years, we will also delete your account. Before this happens, you will receive a separate notification from us to the email address registered in your user account.

In addition to the deletion rules defined by us, there are other legal retention periods which we must also observe. For example, tax data must be kept for a period of between six and ten years or even longer in some cases. These special retention periods vary according to local legal requirements.

Therefore, despite your request for deletion of your data, we may still have to store some of the stored data due to legal regulations. In this case, however, we will restrict data from further processing.

Furthermore, we will continue to store your data if we have a right to do so in accordance with Art. 17 Para. 3 GDPR. This applies in particular if we need your personal data for the establishment, exercise or defense of legal claims.

COOKIES AND WEB-TRACKING POLICY

In order for your visit to or use of our service to be attractive and to allow some features to be used, we use so-called cookies on various pages. Cookies are small text files that are stored on your device. Some of the cookies we use are deleted after the end of your browser session, i.e. after you close the browser (session cookies). Other cookies remain in your browser and allow us to recognize your browser on your next visit (persistent cookies). You can configure your browser to know how to set cookies and decide individually whether or not to accept them for specific occasions or in general. Not accepting cookies may limit the functionality of our site.

We classify the cookies we use into three categories:

● Required: They are required to navigate our service, and in order to use the features provided. Without the use of such cookies, proper functioning of our site is not guaranteed. You cannot opt out of these cookies.

● Functional: They store your information to fulfill important, if not strictly necessary functions. For example they enable you to automatically log in next time you visit us, allow us to continuously improve the services we offer by collecting and analyzing data on website traffic, or help you find exactly what you are looking for.

● Personalization and advertising cookies: They are used to create personalized content, tailor-made for you, to give you the best possible online experience. They are also used to deliver to you personalized online advertisements for our services, targeted to your specific interests. Effectively, they can be used to send ads and bids or to measure the effectiveness of our ad campaigns. This category also includes cookies transmitting pseudonymous data to our ad partners.

Similar technologies

Cookies are not the only way to identify or track individuals online. There are similar technologies, like web beacons (sometimes called “tracking pixels”, “pixel tags” or “clear gifs”). These are tiny graphics files that contain a unique identifier that enable us to recognize when someone has visited our service. This allows us, for example, to monitor the traffic patterns of users from one page within our service to another, to deliver or communicate with cookies, to understand whether you have come to our service from an online advertisement displayed on a third-party website, to improve performance. In many instances, these technologies are reliant on cookies to function properly, and so declining cookies will impair their functioning.

For mobile applications, we also use software development kits (SDKs). SDKs are part of the built-in code of our mobile applications and function in a way similar to cookies: They collect certain information about your device or the interaction with our service, e.g. adding a certain meal to your order cart before submitting the order to the restaurant.

Third parties

Through cookies and other web-tracking technologies we also communicate limited device information such as your IP address, device ID, MAC address, Apple Advertiser ID (IDFA) or Android Ad ID (AAID) to our partners (Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland operates the Google Ads network, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland delivers advertisements on Facebook and Instagram). If you opt out of cookies and other web-tracking technologies, this will also stop any sharing of device information with any recipients.

Opting out of cookies and web-tracking

If you do not want us to collect and analyze information about your visit to or use of the service, you can opt out at any time. You can do so by configuring your browser to delete all cookies and rejecting them in the future. You can also use our cookie and web-tracking preference manager. There, you can select which category of cookies and web-tracking technologies you would rather like to have deactivated. However, please note that you cannot opt out of required cookies and similar technologies.

To implement your opt-out, an exception cookie will be set in your browser (to remember your preference). This cookie is solely intended to map your objection. Please note that for technical reasons the opt-out cookie can only be used for the specific browser from which it is set. If you delete cookies or use a different browser or device, you will need to repeat this process.