Privacy policy
Who we are
General
Foodpanda Bulgaria Ltd. (hereinafter referred to as "Foodpanda", “we”, “our”) is pleased about your visit to the website as well as your interest in the company and its offers. We take the protection of your private data seriously and we want you to feel comfortable visiting our sites
Below we inform you about what data we store about you when using our website and how this data is used. If our website contains links that lead you to the website of another provider, our privacy policy is not applicable to the redirected website.
By accepting the following privacy policy you agree on the collection, processing and use of your personal data by Foodpanda under consideration of the data protection law / General Data Protection Regulation (GDPR) and the following terms and conditions.
Please take enough time to carefully read this note.
Controller
Controller is the subject that is responsible for the processing of your personal data and who is deciding over the purposes and means of the processing of your personal data. In this case the data controller is:
Company_Name – Foodpanda Bulgaria Ltd.
Company_Address – 1, Tsar Boris III blvd,
ZIP_City - 1612
Coujntry - Bulgaria
Phone: 0700 35 0 36
E-Mail: [email protected]
You can contact our data protection officer at [email protected]
If you want to object to the collection, processing or use of your personal data by Foodpanda in accordance with the data protection law, you can send your objection via e-mail to the address stated above. This may result in the service no longer being usable.
With your objection, further use of the website may not be possible for technical reasons.
Your Rights
You have the right to receive explicit information from Foodpanda about the personal data we have stored about you, free of charge.
In addition, you have the following rights:
§ Right of access – The right to know what data was collected and how it is processed
§ Right to rectification – The right to request the modification of personal data if it is not up to date
§ Right to erasure – The right to request the deletion of personal data
§ Right to restriction of processing – The right to limit processing of personal data
§ Right to data portability – The right to transfer personal data in a machine-readable format
§ Right to object – The right to withdraw from given consent or object to the processing of personal data
§ Right to lodge a complaint to the supervisory authority – The right to submit a complaint against Foodpanda at a supervisory authority, which can be either the responsible authority of Foodpanda as named below or any other supervisory authority within the EU.
The responsible supervisory authority for Foodpanda is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin
E-Mail: [email protected]
You can also send your complaint to the supervisory authority in your habitual residence or place of work.
If you would like to exercise your rights as a data subject, please do not hesitate to contact us under the contact information provided above.
When, why and how we collect your data
We also have to collect, process, store and sometimes even share different personal data in order to be able to offer you our services and provide services. Below you can see which of your data we need for which purposes and under which circumstances we share your data with others.
Personal data is information from which we can directly or indirectly relate to your person, such as first and last name, address, phone number, date of birth, location data or e-mail address.
Please only give us as much information as we absolutely need.
Since we want to give you a good overview of the details, we use the table form. We think this will enable us to provide you with the information in a transparent, understandable and easily accessible form in a clear and simple language.
Below we would like to show you which of your data we collect. Since there are different types of data, we have grouped them into data categories as we believe that the information is so more understandable.
Personal data we collect when visiting our website
When you open our website to get inspiration for your next order but do not register or order as a guest we collect the following personal data:
|
Categories of data |
Explanation |
|
Device information |
Device-ID, operating system and corresponding version or other device identifiers |
|
Connection data |
Time, date and duration of website use, origin, corresponding IP address and other protocol data |
This information is collected to show you the visited website. We also limit ourselves to what is absolutely necessary to ensure that we comply with a principle of data processing, namely data minimisation.
Personal data we collect when visiting our website and registering
As you could see above, we follow the minimum principle. The less information, the better. All data collected is strictly bound to clearly defined purposes. If you not only visit the website but also want to log in to see for example your old orders, we collect the following personal data:
|
Categories of data |
Explanation |
|
Access data |
Username, User-ID, Password |
|
Device information |
Device-ID, operating system and corresponding version or other device identifiers |
|
Connection data |
Time, date and duration of website use, origin, corresponding IP address and other protocol data |
|
Communication data |
Comments, ratings or feedback, general communication |
|
Other information |
Data that you provide us voluntarily while using the website, app or related activities, but also from other sources such as social media or other (public) databases (e.g. User-ID of other platforms) |
If you provide us with personal data of another person, you must obtain that person's prior consent. In this case, you must inform these persons about how we process personal data in accordance with our privacy policy.
Personal data we collect when visiting our website, registering and ordering
To take advantage of all the benefits we offer, you can also log in and place your order. As you can imagine, more data will be collected according to the information you provide. The fields required for order processing are marked as mandatory. Without this information we cannot process your orders. All other information not shown as mandatory fields is optional. If you voluntarily provide us with this information, you will help us improve our service to you. However, omitting this information has no detrimental effect on you. The extent depends on the information you provide. But the basic information is as follows:
|
Categories of data |
Explanation |
|
Account information (necessary for delivery services) |
First name, last name, company (optional), address, phone number and/or e-mail address |
|
Access data |
Username, User-ID, Password |
|
Device information |
Device-ID, operating system and corresponding version or other device identifiers, geolocation data |
|
Connection data |
Time, date and duration of website use, origin, corresponding IP address and other protocol data |
|
Communication data |
Comments, ratings or feedback, communication data (e.g. e-mail communication) |
|
Other information |
Data that you provide us voluntarily while using the website, app or related activities |
|
Order information |
Order history |
What the defined purposes and what the legal basis are
As we have already informed you above, we only collect your personal data when it is necessary and the purpose is lawful and previously defined. The information in (brackets) is the legal basis on which we base the respective processes. Below we would like to give you more information for the purposes and legal basis:
|
What the purpose is |
Why we process data for this purpose |
|
Customer support |
When you contact our Customer Service to obtain information or to complain, we store the information you provide to us. For example, the reason for contacting us, which order you did not like or on which delivery something was missing. Depending on the reason of the contact, the personal data may vary. As we want to improve our service for you, we store the communication in your account. This way we can answer your questions faster and more satisfying. Categories of personal data:
Account information
Legal basis:
But it is also in our business interest to give you the best takeaway experience (legitimate interest). |
|
Security and protection |
We want to offer you and all our customers the best service. Unfortunately, not every visitor to our website is as friendly as you. For this reason, in order to protect our services, we must collect personal data that helps us identify potential attackers and thereby avert risks. We also save that we have informed you about the privacy policy. To this end, we note in your account that you have received the corresponding information and that the privacy policy has been made available to you. Categories of personal data:
Connection data
Legal basis: We are legally obliged to protect your data appropriately (compliance with legal obligation) and the protection of our company is in our interest (legitimate interest). |
|
Ordering and delivery process |
After you have placed your order, some processes are running in the background. We assign your order to your account depending on whether you are a registered customer or a guest. We send your order to the respective restaurant and check whether the order has been delivered to you.
Categories of personal data:
Legal basis: In order to deliver your order and to notify our partner restaurants we need your personal data (fulfilment of contract). |
Further processing based on our legitimate interest
In addition to the purposes and legal bases mentioned above, we also process your personal data out of so-called legitimate interest. A mainly legitimate interest is for example the processing of personal data within a group of companies, processes for network and information security or in direct marketing activities.
We use your personal data to pursue our legitimate interests, provided your rights and freedoms do not prevail. In order to reconcile our interests with your rights, we have introduced appropriate control mechanisms. The processes described below have been subjected to a four-way test to ensure that your rights and freedoms are not affected by our processing. As part of the 4-way test, we first check whether the data collected is (a. Personal Data Test) personal data. Then we test whether the purpose is legitimate (b. (Purpose Test) and the personal data to be collected comply with the principles of data processing (c Necessity Test) and finally a balance of interests (d. Balancing Test). Only if we can reasonably assume and also ensure that we can protect your data from any risks, we will process them on the legal basis of legitimate interest. These processes include:
|
Process based on legitimate interest |
Explanation |
|
Advertising |
We will email you to offer you coupons, discounts and promotions, conduct opinion polls and surveys to improve our service. You can object to the further processing of the data for advertising purposes with every e-mail. Of course, you can also contact our data protection officer directly at [email protected] if you wish to object to the processing of your data for advertising purposes or for further information on this question. |
|
Measurement Data |
In order to improve our services we will collect different measurement data, which we cannot assign to you or to a profile. This helps us to optimize our advertisements |
|
E-Mail Marketing |
We want to prevent generic newsletters and uncontrolled marketing measures. Therefore, we select the deals that suit your interests and contact you if we believe the information might appeal to you. You can object to the further processing of the data for advertising purposes with every e-mail. Of course, you can also contact our data protection officer directly at [email protected] if you wish to object to the processing of your data for advertising purposes or for further information on this question. |
|
Quality Assessment |
To offer you continuously better services, we regularly evaluate the success or potential causes of unsuccessful marketing measures. For this we analyze for example whether our newsletters are opened and the contents are also clicked. |
|
Other information |
Data that you provide us voluntarily while using the website, app or related activities, but also from other sources such as social media or other (public) databases (e.g. User-ID of other platforms) |
|
Merger & acquisition, change of ownership |
We would also like to inform you that in the event of a merger with or acquisition by another company, we will disclose information to that company. Of course, we will require the company to comply with the legal data protection regulations. |
When we delete your data
We generally delete your data after the purpose has been fulfilled. The exact deletion rules are defined in our regional deletion concepts. Different deletion rules apply depending on the purpose of the processing. Within our deletion concepts we have defined various data classes and assigned rule deletion periods to them. The data collected is marked with a deletion rule. When the retention period is met, the stored data will be deleted accordingly.
We will delete your personal data either if you wish and let us know or three years after we collect your data. If your account is inactive for three years, we will also delete your account. Before this happens you will receive a separate notification from us to the e-mail address registered in your user account.
In addition to the deletion rules defined by us, there are other legal retention periods which we must also observe. For example, tax data must be kept for a period of between six and ten years or even longer in some cases. These special retention periods vary according to local legal requirements.
Therefore, despite your request for deletion of your data, we may still have to store some of the stored data due to legal regulations. In this case, however, we will restrict data from further processing.
Who we share your data with
In the following section we would like to inform you to whom and under which conditions we will transfer your data. Furthermore, we would also like to be transparent with regard to the countries to which we transfer your data.
Which third parties have access to personal data
We never give your data to unauthorized third parties. However, as part of our work we obtain the services of selected service providers and give them limited and strictly monitored access to some of our data. However, before we forwarding personal data to these partner companies for processing on our behalf, each individual company undergoes an audit. All data recipients must meet the legal data protection requirements and prove their data protection level with appropriate proofs.
In the following we would like to inform you in a transparent and understandable way about all our data recipients with the respective reasons:
|
Data recipient |
Reason |
|
Members of the Foodpanda AG Group |
Within a group it is sometimes necessary to use resources effectively. In this context, we support each other within our Group in optimizing our processes. Since even the knowledge of personal data represents data processing, we would like to inform you fairly that selected employees of other group members may also have limited access to customer data. In addition, we provide joint content and services. This includes, for example, the technical support of systems. You will not receive unrequested newsletters or other marketing information from other members of the group. |
|
External service provider |
As we have already indicated to you above, we do not only communicate within our group members but also to external service providers. They support our business operations in evaluating and optimizing our marketing campaigns, but also in providing personalized advertising or the security of our business operations, such as identifying and resolving malfunctions. |
|
Prosecuting authorities and legal proceedings |
Unfortunately, it can happen that a few of our customers and service providers do not behave fairly and want to harm us. In these cases we are not only obliged to hand over personal data due to legal obligations, it is of course also in our interest to prevent damage and to enforce our claims and to reject unjustified claims. |
|
Quality Assessment |
To offer you continuously better services, we regularly evaluate the success or potential causes of unsuccessful marketing measures. For this we analyze for example whether our newsletters are opened and the contents are also clicked. |
|
Other information |
Data that you provide us voluntarily while using the website, app or related activities, but also from other sources such as social media or other (public) databases (e.g. User-ID of other platforms) |
Which countries we transfer your data to
We process your data mainly within the European Union (EU) and the European Economic Area (EEA). However, some of our service providers mentioned above are based outside the EU and the EEA.
The GDPR has high requirements for the transfer of personal data to third countries. All our data receivers have to measure up to these requirements. Before we transfer your data to a service provider in third countries, every service provider is first assessed with regard to its data protection level. Only if they can demonstrate an adequate level of data protection will they be shortlisted for service providers.
Regardless of whether our service providers are located within the EU/EEA or in third countries, each service provider must sign a data processing agreement with us. Service providers outside the EU/EEA must meet additional requirements. According to Art. 44 ff. GDPR personal data may be transferred to service providers that meet at least one of the following requirements:
a. Commission has decided that the third country ensures an adequate level of protection (e.g. Israel and Canada)
b. Standard data protection clauses adopted:
These are contractual clauses which cannot be modified by the contracting parties and in which they undertake to ensure an adequate level of data protection.
c. Approved certification mechanism:
Under international agreements, companies can be certified according to defined criteria. One of these certifications is the EU-US Privacy Shield Agreement.
On the following link you can see certified companies: https://www.privacyshield.gov/welcome
We will only transfer your data to service providers who meet at least one of these requirements. If we transfer data to third countries, these are mainly companies based in the USA or Israel.
Information about our cookies
Definition of cookies and what cookies we use
In order to make the visit of our website/app attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your device and allow us or our affiliate to recognize your browser on your next visit (persistent cookies). You can set your browser so that you are informed about the setting of cookies and individually decide on their acceptance or exclude the acceptance of cookies for specific cases or in general. Failure to accept cookies may limit the functionality of our website/app.
What categories of cookies do exist?
Strictly necessary cookies are needed so that you can move around a website/app and use its features. Without these cookies, functionality cannot be guaranteed, such as actions taken during a visit (e.g. text entry), even when navigating between pages on the site.
Functionality cookies allow a website/app to save information already provided (such as user name, language selection, or the location you are in) and improve the user's ability to offer personal features. These cookies collect anonymised information and cannot track your movements on other websites.
Performance cookies collect information about the use of a website/app - for example, which pages a visitor visits most often and whether he receives error messages from a page. These cookies do not store information that allows identification of the user. The collected information is aggregated and anonymous. These cookies are used exclusively to improve the performance of a website/app and thus the user experience.
Cookies for marketing purposes are used to play more targeted advertising relevant to the user and adapted to his interests. They are also used to limit the frequency of an ad and measure the effectiveness of advertising campaigns. They register whether you have visited a website/app or not. This information may be shared with third parties (e.g. Advertisers). To improve targeting and advertising cookies are often linked to third party site functionalities.
Objection to the use of cookies
If you do not want Foodpanda to collect and analyse information about your visit, you can object to this at any time for the future (opt-out). If you want to object, please contact us under the contact information mentioned above.
For technical implementation of this contradiction, an opt-out cookie will be set in your browser. This cookie is solely for the purpose of mapping your opposition. Please note that for technical reasons an opt-out cookie can only be used for the browser from which it was set. If you delete cookies or use a different browser or device, you will need to re-opt-out.
Cookies we use from third parties
Google AdWords
As an AdWords customer, we use Google conversion tracking. This is an analysis service provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”). If you access our website via a Google ad, Google Adwords will set a cookie on your device ("conversion cookie" - performance cookie). This cookie will expire after 30 days. It is not for personal identification. If the cookie has not expired when visiting certain pages, we and Google can recognize that someone clicked on the ad and was redirected to our site. Each advertiser receives a different cookie. Therefore Cookies cannot be tracked through the websites of advertisers. The information gathered through the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Advertisers will see the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive any information that could personally identify users. If you do not want to participate in the tracking process, you can also opt-out of setting a cookie - for example, through your browser setting, which generally disables automatic cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the domain "googleadservices.com".
Google Analytics
We work with Google Analytics. This is a web analysis service of Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”). The information generated by the Google Analytics cookie about your use of our website is usually transmitted to and stored by Google on a server in the USA. IP anonymisation has been activated on our websites, so that the IP address of the users of Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area is shortened beforehand. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. Google will use this information on our behalf to evaluate your use of the website to compile reports on website activity and to provide us with other services related to website usage and internet usage. The IP address provided to Google Analytics as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by a corresponding setting in your browser software; however, we point out that in this case you may not be able to use all functions of this website to the full extent.
You may also prevent Google from collecting and processing the data generated by the cookie and related to your use of the website (including your IP address) by installing the browser plug-in available at the following link : http://tools.google.com/dlpage/gaoptout?hl=en .
Bing ads
We use conversion tracking from Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA; Microsoft). When you reach our website through a Bing ad, Microsoft Bing Ads sets a cookie on your device. This will allow Microsoft Bing and us to recognize that someone clicked on an ad and was redirected to our website. We only see the total number of users who clicked on a Bing ad and were redirected. Personal information about the identity of the user will not be provided. If you do not want to participate in the tracking process, you can also refuse the required setting of a cookie - for example via your browser setting, which generally deactivates the automatic setting of cookies.
Criteo und Mediaplex
On our web pages the technologies of the providers Criteo SA (32 Rue Blanche, 75009 Paris, France; “Criteo”) and Conversant Inc. (30699 Russell Ranch Road #250, Westlake Village, CA 91362, USA; “Conversant”)
collect and store information about the surfing behavior of the website visitors for marketing purposes in anonymized form. This data is stored on your computer using so-called "cookie" text files. Using algorithms, Criteo and Conversant analyse the surfing behavior and can then display targeted product recommendations as personalized advertising banners on other websites (so-called publishers). In no case can this data be used to personally identify the visitor to this website.
The collected data will only be used to improve the offer. There is no other use or disclosure to third parties. You can opt-out of the completely anonymous analysis of your surfing behavior by following this link for Criteo http://www.criteo.com/privacy/ for hosting and for Conversant at http://www.conversantmedia.com/opt-out click.
For more information about Criteo technology, see the Criteo Privacy Policy (http://www.criteo.com/en-GB/ privacy policy) and Conversant at http://www.conversantmedia.com/mediaplex/
Facebook retargeting
We use the Website Custom Audiences Retargeting Tool of Facebook Inc. (1601 S. California Ave., Palo Alto, CA 94304, USA; “Facebook”). In the event that you have a Facebook user account and this is identifiable to the tool based on existing Facebook cookies, this tool will generate a non-personal checksum, which will be transmitted to Facebook for analysis and marketing purposes. On the other hand, we encrypt your email address and send it in encrypted form to Facebook. Through the recognition of cookies and the transmission of encrypted information, Facebook can provide you with targeted product recommendations as personalized advertising banners on Facebook.
You may object to the use of Facebook Website Custom Audiences at https://www.facebook.com/ads/website_custom_audiences/.
Hotjar
This website uses the web analysis service of Hotjar Ltd. (St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta; “Hotjar”) It randomly records selected communications between the individual visitors and the website anonymously. In this way, a protocol is created, which, for example, contains movements of the cursor and the clicks triggered on the website. The aim of the protocol is to identify ways to improve the respective website. In order to ensure the exclusion of a direct personal relevance, there is an anonymous storage and processing of the IP addresses used. In addition, there is a statistical analysis of the data on the operating system, browser, incoming and outgoing links, geographical origin and resolution and type of device.
If you do not want a recording, you can disable it by enabling a DoNotTrack header in your browser. See https://www.hotjar.com/opt-out for more information.
The ADEX
We use the services of The ADEX GmbH ((Torstraße 19, 10119 Berlin, Germany; “ADEX”). ADEX offers so-called "targeting" technologies, in which ADEX evaluates certain user behavior on the websites in order to optimize advertising for the user on the basis of individual usage interests. Cookies, web beacons or similar technologies are used. The collected usage data are stored under a pseudonym. This pseudonym is associated with information about user activity on our websites, services, applications and tools (e.g., clicked banner ads, visited subpages, queries made, etc.). A personal identification of the user is excluded. The IP address of your device transmitted for technical reasons is completely anonymised and not used for the controlled display of advertising. For more information about privacy at ADEX, please visit: http://www.theadex.com/company/privacy/ .
Insofar as the user no longer receives usage-based advertisements and wishes to prevent the further collection of usage data, he may use the following opt-out link: http://de.theadex.com/company/consumer-opt-out/ .
Right of modification
We reserve the right to change this data protection declaration in compliance with the statutory provisions. We will of course inform you of any significant changes, such as changes of purpose or new purposes of processing.
Final advice
The protection of your personal data is very important to us. We will take appropriate technical and organizational measures to protect your data. But please remember that You are the owner of your data. The less information you provide, the more control you have. For example, if you want to surf anonymously and do not want your surfing behavior to be analyzed independently of us and our service providers, you should make the appropriate settings in your browser. As long as you do not make the settings, many providers will collect the information you provide. Only in rare cases a personal reference can be created, nevertheless you could surf for example in "Incognito mode" with Google Chrome or in "Private mode" with Firefox.