DoDelivery Privacy Policy
DoDelivery LTD ("we", "our", or "us") and our staff are committed protecting the privacy of everyone who makes use of our website, mobile applications and services (collectively, the "Sites"). Please read the following privacy policy that explains how we use and protect your information. We are the "data controller" of the information we process, unless otherwise stated.

1. Contact Details
If you have any questions or need to get in touch with us for any reason you can find our contact information for our different departments below:
2. How We Collect Data
We collect personal data from you when you interact with us or use our services, such as when you use our site to place an order, or chat with one of our support team. We also collect analytical data to help understand how our users make use of our site and services and to improve on them in the future.

We collect information:

when you enter your postcode to search for a restaurant;
when you create an account with us or change your account settings;
during the order process and when you place an order (including for payment and order delivery);
when you give us your consent to contact you via sms, email, phone, post, message, push notification or via our chat function to send you marketing campaigns, or to invite you to participate in surveys about our services, or our partners’ services;
when you contact us directly via email, phone, post, message or via our chat function; and
when you browse and use our Sites (before and after you create an account with us).

We also collect information from third party sites, such as advertising platforms and our fraud detection provider.

3. Data We Collect From You
As we are committed to the privacy of our customers. We want to be transparent about the sorts of information we collect from you.

When you visit the Sites or make an order through DoDelivery order via any of our Sites, you are asked to provide personal data such as your name, contact details such as your address and telephone number, your e-mail address and payment details such as your credit / debit card information. We may also collect your date of birth to verify your age when you purchase age restricted items.

We also collect analytical data about your usage of the Sites to find out how our users make use of the Sites, including but not limited to when you provide us with feedback either in the form of survey, a chat interaction or via e-mail. We record all calls for training, quality assurance and for record of the call, we also may take notes during/after the call.

We collect information about the device you are using so that we may provide features that device is capable of and in a location it is capable of performing in. This information may include (but is not limited to) your device manufacturer, model, operating system, carrier, location data, browser and IP address of which you are connecting to our Sites.

We also collect information when you interact with our other technology such as QR Codes, NFC Tags, and/or other scan codes/devices.

4. How We Use Your Data
We will only collect and/or process your data for purposes of providing a service or function on our Sites, and if it is legally permitted under data protection law.

In order to provide you with a service you request, to provide a function on our Sites, or to enter into a contract, we use your information:
We also process your data where we have a legitimate interest in doing so. For example personalisation of our service, including processing data to make it easier and faster for you to place orders. We have listed these reasons below:
We also process your data for contractual purposes, to enforce terms and/or any other agreement, and/or exercise legal defence or legal claims, and to protect the rights of DoDelivery LTD, it's staff, partners, restaurant partners, riders, or others (including to prevent fraud);

If you submit comments or feedback to us regarding our products / services and/or partner restaurants, we may use your name and any information you have submitted to us in the form. This information may be visible to the public (if you choose to submit it).

We may use your information to build a profile about your experiences using our Sites and make assumtions based on the products that you may have looked at in previous authenticated interactions with our Sites to create tailored marketing communications to you. You have certain rights in relation to this type of processing. Please see 'Your Rights' section below for more information.

Where we have a legal obligation to do so we may use your information to comply with any legal requirement or regulation.

5. Cookies
Our sites may use Cookies to provide essential services or to enable us to perform any of the actions mentioned in this document, you may disable cookies on in your browser settings however some parts of our Site and other Sites may become inaccessible as a result.

6. Marketing
Where you have given permission to do so and we have an interest in doing so we may use your information to send you marketing materials about our products / services, by email, post or phone.

You can control your marketing preferences in the Privacy section of your profile on our Sites.

7. Automated Decision Making
We perform fraud checks on all of our users. Where we detect fraud or suspicious activity we may block you from using our Sites. We perform these checks on all of our users because this is necessary for us to fulfill our contractual obligations to our partners, provide contractual services to our customers, by ensuring that all products and services we provide are duly paid for. We also have an obligation to protect individuals against fraud of their card details.

Due to the amount of transactions we deal with, we use automated systems to deal with third party fraud detection. This service analyses your order data in order to make automated decisions as to weather or not we will accept your order. We find this more efficient, fairer and quicker for the customer as with a human processor and the volume of transactions we deal with on a daily basis, without this it would simply not be possible. If we detect fraudulent or suspicious activity we may block you from using our services, and will contact the legal authorities and prosecute to the maximum extent allowed by law.

You have certain rights in respect of this activity - please see 'Your Rights' section below for more information.

You have the right to contest any fraud decision made about you and to be given more information about why any such decision was made by contacting us as set out in section 1 above.

8. Retention Of Your Data
We will not retain your data for any longer than we think is necessary.

Any information that we collect will be used to fulfill any of the legitimate purposes set out in this document, for a period specifically required by applicable laws and/or regulations. Such as retaining information for regulatory purposes.

When setting retention periods, we take the following factors into account:
Otherwise, we securely erase your data from all of our servers or we anonymize it so that it can no longer personally identify you.

9. Disclosure Of Your Data
The data we collect from you will be transferred and stored on servers based in the European Union or United Kingdom.

We are the "Data Controller" for most the data we collect except credit / debit card details, which are handled by our payment partner(s) such as Apple and Google. In the case where you make a payment on one of our Sites, your payment data is transferred encrypted directly from your device to our payment partner(s) and handled securely under regulation. DoDelivery only ever receives and stores on our servers an encrypted Payment Authorisation Code and a Customer ID to identify you as the owner of your card (to prevent against fraud).

We share your data only if it is necessary as defined under section 4. We may share your data with third-party providers whom provide products or services on our behalf or at your request. The types of providers we may share or store your information at are laid out below:
DoDelivery will take all necessary steps to ensure that when your data is transferred to a third party provider, it is done so in an encrypted format using HTTPS and stores on a server which complies with all local data protection regulations such as General Data Protection Regulation (EU GDPR).

If our business is sold, enters into a joint business venture, or is merged with another business entity, your data may be disclosed or transferred to the target company, or new business partners or owners or their advisors.

We may also disclose your information:
International transfers of Data:
In some cases, the personal data we collect from you may be processed in areas outside of the European Economic Area ("EEA"), such as the United States and any country in which DoDelivery operates. These countries may not have the same protections that countries inside of the EEA do. However, we are obliged to ensure that any data stored in these countries adheres to the same strict policies for personal data protection that the EEA has. Therefore in this situation there are certain safeguards we put in place, to ensure your data is kept safe, such as:
Please feel free to contact us using the methods laid out above, if you have any queries relating to the countries in which your data is stored, or the mechanisms we use to transfer said data outside of the EEA.

10. Security
We maintain a high level of security and policies to maintain our customer data and intellectual property.

We take steps to protect your data against unauthorised access, unlawful processing, accidental loss, destruction and damage.

Where you have created an account with a password on our Sites. It is your responsibility to keep that password and e-mail address linked to your account secure and confidential. We advise against sharing your password or access to a device with anyone. We provide possible additional security features (such as Touch ID / Face ID) to keep your account safe.

Whilst every effort has been made to ensure that the data you transfer to us is safe and secure, it is transmitted over the internet, therefore it cannot be guaranteed that it won't be intercepted by third parties. Once we receive your data, we use strict measures and procedures to ensure it is kept secure and prevent unauthorised access.

11. Your Rights
According to local law you may have certain rights regarding the use, transfer and storage of the data we hold on you. If you wish to exercise any of these rights, please contact our legal department using the contact above.

For more information about your rights please contact your local data protection authority.

To the extent provided by the law of your jurisdiction, you may request access to the personal information we maintain about you or request that we correct, update, amend, or delete your information, or that we restrict the processing of such information by contacting us as indicated above.

You can object by changing your marketing preferences, disabling cookies as set out in sections 7 and 8 above or by getting in touch (see Contact Details).

12. Changes To Our Privacy Policy
Any changes to our privacy policy will be posted to the Sites and, where appropriate, we may notify you of the changes for example by email or push notification.

This privacy policy was last updated: 29/09/2020