Norway, firstname.lastname@example.org (hereinafter referred to as “Foodora” “we”, “our”, “controller”). We also use the terms «rider» or «employee» for your salutation.
Below you can see which of your data we need for which purposes and under which circumstances we share your data with others.
Personal data is information from which we can directly or indirectly relate to your person, such as first and last name, address, phone number, date of birth, location data or e-mail address.
In order to provide our delivery service to our customers, we use various tools and systems that are absolutely necessary for the delivery of orders. We also use external and internal tools and systems to process your personal data for personnel management and business operations.
We collect, process and store the following categories of personal data within the scope of using the tools and systems:
We only collect your personal data if this is necessary and the purpose is legal and the processing is proportionate. Below we would like to give you more information for the purposes and legal basis:
Categories of personal data:
We do not collect, process and store any personal data resulting from the execution of solely automated processing. Furthermore, we do not have any processes that are used for profiling purposes.
We generally delete your data after the purpose has been fulfilled. The exact deletion rules are defined in our regional deletion concepts. Different deletion rules apply depending on the purpose of the processing. Within our deletion concepts we have defined various data classes and assigned rule deletion periods to them. When the retention period is met, the stored data will be deleted accordingly.
Under certain circumstances, any requests for deletion may be opposed by legal retention periods, which prevent us from deleting the stored data for a fixed minimum period of time. In order to comply with these legal requirements, we block the relevant data after the purpose has been fulfilled and thereby guarantee data completeness and data integrity.
We never give your data to unauthorized third parties. However, as part of our work we obtain the services of selected service providers and give them limited and strictly monitored access to some of our data. However, before we forwarding personal data to these partner companies for processing on our behalf, each individual company undergoes an audit. All data recipients must meet the legal data protection requirements and prove their data protection level with appropriate proofs.
In the following we would like to inform you in a transparent and understandable way about all our data recipients with the respective reasons:
In addition, we provide joint content and services. This includes, for example, the technical support of systems.
We process your data mainly within the European Union (EU) and the European Economic Area (EEA). However, some of our service providers mentioned above are based outside the EU and the EEA.
The GDPR has high requirements for the transfer of personal data to third countries. All our data receivers have to measure up to these requirements. Before we transfer your data to a service provider in third countries, every service provider is first assessed with regard to its data protection level. Only if they can demonstrate an adequate level of data protection will they be shortlisted for service providers.
Regardless of whether our service providers are located within the EU/EEA or in third countries, each service provider must sign a data processing agreement with us. Service providers outside the EU/EEA must meet additional requirements. According to Art. 44 ff. GDPR personal data may be transferred to service providers that meet at least one of the following requirements:
These are contractual clauses which cannot be modified by the contracting parties and in which they undertake to ensure an adequate level of data protection.
Under international agreements, companies can be certified according to defined criteria. One of these certifications is the EU-US Privacy Shield Agreement.
On the following link you can see certified companies: https://www.privacyshield.gov/welcome
We will only transfer your data to service providers who meet at least one of these requirements.
You have the right to receive explicit information from us about the personal data we have stored about you, free of charge.
In addition, you have the following rights:
The responsible supervisory authority for us is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit