Last updated: 13 May 2023
As part of our mission to restore control of digital orders to restaurants, droov is dedicated to maintaining transparent, robust, and secure privacy policies. Our goal is to foster and cultivate our relationship with restaurants on the foundation of trust. To this end, our operations are driven by core values. The information of the restaurant is the property of the restaurant. We strive to limit the information we collect from the restaurant to what is absolutely necessary for us to deliver our services. We firmly believe that the information of the restaurant belongs to the restaurant, and when droov uses this information, it is done so with the ultimate benefit of the restaurant in mind.
We safeguard the restaurant’s information from third parties. We never sell personal information to any entity. If a third-party requests access to the restaurant’s information, we will reject the request unless we have explicit permission from the restaurant or are legally mandated to comply. If we are legally required to share personal information of the restaurant, we will notify the restaurant in advance, unless we are legally prohibited from doing so.
We safeguard the confidentiality of our business partners' information. We never sell or transfer commercial or personal information of business partners, including food delivery apps with which droov interacts and/or similar partners, to anyone. We never disclose this type of information to third parties, including parent companies, group companies, or subsidiaries of droov. If a third party requests access to commercial or personal information that can be linked to a business partner, we will deny the request unless we have permission from the business partner or are legally obligated to do so. If we are legally required to share commercial or personal information of business partners, we will notify the business partner and, if applicable, any affected restaurants in advance, unless we are legally prohibited from doing so.
1. About droov and information processing
droov UG (haftungsbeschränkt), ("droov") is a limited liability company under German law, with registered office at Max-Liebermann-Str. 13, D-80937 München, Deutschland, with VAT ID DE355534747 and Steuernummer 143/130/71627.
droov seeks to offer a technology platform ("droov Platform") to restaurants, cafes, and other entities involved in the preparation and sale of food and beverages (collectively, "Clients"), enabling them to promote their products and services to end consumers ("Buyers") via digital channels, with a strong focus on the Client’s ease-of-use, efficiency, and profitability. The droov Platform includes, among other features, the establishment of digital channels branded with the Client’s identity for direct marketing to end consumers ("Stores"), courier app for Client’s delivery operations and route optimisations ("Courier app"), an order management system with menus editing and settings ("Dashboard") for the Stores and/or channels managed by third parties ("Channel Partners") or a logistics hub for the delivery of goods to Buyers. droov shall operate in accordance with the General Data Protection Regulation No. 2016/679 of the European Parliament ("GDPR") and other German data protection laws, which implements the European Union’s GDPR in the German territory (collectively "Personal Data Protection Legislation").
droov acts as both the controller and processor of personal data pertaining to the Client, processed in association with the delivery of our services, as defined by the GDPR. The Client serves as the controller and droov as the data processor when it comes to personal data processed for the execution and completion of transactions made by Buyers with the Client through the droov Platform.
2. What data we gather and the reason behind it
droov collects personal data from the Client, from the person in charge of the Client's droov account who will be the contracting party with droov ("Representative"), and from other users of the Client's account where applicable ("Users"), whenever they utilize our platform or supply information to droov. Generally, droov requires this information so that the Client, the Representative, and the Users can utilize our Platform.
a) What data we gather: Personal data given by the Client. This data might pertain to the Client (e.g., company name, trademark, address, tax ID, website address, social media profile addresses), to the Representative (e.g., name, phone number, email address), and to the Users (e.g., name, phone number).
a) How we use this data: To provide access to the Representative and the Users associated with the Client's account (e.g., to validate identities, contact if necessary, or send invoices). To transfer to the Client the revenues resulting from the sales in its Stores. To personalize and contribute to the projection of the Client's store. To communicate products or services that may be suited for the Client. To comply with legal requirements.
b) What data we gather: Financial information shared by the Client. This data includes the Client's bank account specifics, such as the IBAN, bank name, SWIFT code, as well as the Client's credit or debit card number.
b) How we use this data: We use this information to transfer the earnings from sales in the Client's stores and to debit the Client for the cost of our services.
c) What data we gather: We automatically gather certain information when you utilize the droov website or platform. While this information doesn't directly disclose your identity like your name or contact information, it may encompass details about your device, browser, network connection, IP address, and your navigation behavior on our website and platform. To collect some of this information, we use 'cookies' or comparable technologies.
c) How we use this data: To grant you access and enhance your user experience on our platform and associated services. To tailor our platform to your needs. To communicate and promote products and features that might be beneficial to you.
3. Ensuring security of your personal information
Ensuring the security of your personal information is of utmost importance to us at droov. We have implemented a variety of measures to ensure that your information is adequately protected against unauthorized access, usage, disclosure, and destruction. Despite these efforts, the complete security of information transmitted over the internet can never be fully guaranteed. However, we continually strive to safeguard your personal information to the best of our abilities.
Among the security measures adopted by droov are:
- - Access to the information collected by droov is limited to a select number of droov employees
- - We utilize industry-leading practices to maintain the security of all information collected by droov. The droov website and platform are secured by SSL cryptographic protocols, which encrypt all transmitted information
- - Each client can only access their own information and the information of their respective customers
- - For processing debit and credit card payments, droov employs a third-party provider that adheres to PCI DSS standards
4. In which cases we share your data with third parties
In order to deliver the best experience to our clients, droov collaborates with various companies that offer a range of services to help support your business. Occasionally, we might share your personal information with these companies to ensure the proper operation and delivery of our services.
We also share your personal information in the following scenarios:
- - To prevent or investigate suspected cases of fraud, threats to physical security, illegal activity, or any violations of our contracts (such as our Terms of Service) or our policies (like our Acceptable Use Policy)
- - To assist us in conducting advertising and marketing activities
- - To comply with legal requirements, respond to court orders, or other similar governmental requests
- - With droov's subsidiaries, parent companies, or any other company within the group that droov is a part of
- - In case of a merger of droov with another company, or if droov is acquired by another company
Further, and as mentioned earlier, droov will never sell or disclose the commercial or personal information of its business partners, including any partners we interact with, to anyone, including parent companies, group companies, or subsidiaries of droov. This is except for when consent for this transfer has been granted by the business partner, or if droov is legally obliged to do so. If droov is legally required to disclose commercial or personal information from business partners, we will inform these partners, unless we are legally prohibited from doing so.
Moreover, clients may use services not provided by droov to support their business. These could include applications and integrations we offer on the droov platform, or various logistics companies for pickups and deliveries. droov does not control how these services handle your personal information. It is crucial that you ensure these services align with your expectations and privacy needs.
5. Your rights for your data
droov firmly believes in your right to access and control your personal data, regardless of where you reside. You can access and modify your personal information directly on the droov platform. If there is information that you can't directly access or modify on the droov platform, please reach out to droov via email at firstname.lastname@example.org
You can contact us to exercise the following rights:
- - Access your personal data to understand what data we are processing and the processing operations being performed
- - Correct any inaccuracies in your personal data
- - Request the restriction of processing of your personal data when the accuracy, legality, or necessity of the data processing is in question. In such cases, we may retain the data for the purpose of filing or defending against claims
- - With droov's subsidiaries, parent companies, or any other company within the group that droov is a part of.
- - Object to the processing of your data. You also have the right to withdraw your consent to the receipt of commercial communications at any time, either through the Platform User profile, by sending an e-mail, or by using the provided link in every commercial communication. You can also object to profiling at any time through the Platform User profile or by sending an email
droov needs your personal information to provide droov services to you. For this reason, droov generally retains your personal information as long as you continue to use droov's products or services. If you choose to cancel your account with droov, cease payment for droov platform access subscriptions, or if we decide to close your account, droov may retain your information for a period of two years before the process of purging personal information begins. We do not initiate this purge immediately in case you decide to reactivate your account, or if an audit or legal claim related to your business arises.
If you reach out to droov to delete personal information or withdraw your consent for the collection and processing of personal information, droov will undertake the deletion of this information within 30 days of receiving the request, unless we are legally obliged to retain specific information for a longer period. In doing so, you understand and accept that droov will have to terminate your account and your access to droov services. droov will not sell your personal information.
6. Cookies and other tracking technology
droov utilizes cookies (tiny pieces of text saved on your computer by your web browser when you visit our website or our Platform) and similar tracking technologies such as "web beacons" and "pixels" to gather and store your information.
7. Buyers Information
As part of our service provision, allowing the Client to sell goods and services to Buyers through their digital channels, droov collects and uses personal data from its Buyers.
droov will not utilize your Buyers' information beyond the confines of the services we provide to you, and will not engage in any independent advertising or marketing efforts unless your Buyers are also direct droov Clients. We will not sell your Buyers' information.
The Client is in control of how their Buyers' personal information is used and must ensure that their Buyers comprehend and accept the manner in which the Client (and droov, on the Client's behalf) collects and processes their personal data.
If you have any inquiries, requests, or grievances about how droov manages your personal data, you can reach us via email at email@example.com, or by postal mail sent to:
droov UG (haftungsbeschränkt)
D-80937 München, Deutschland
[Your company name]
Last updated: 16 March 2023
Who we are
[Your Restaurant Name] ("Restaurant") is a company operating under its country's laws, located at [Your Restaurant Address], and possessing the tax identification number [Your Tax ID]. The terms "we" and "our" pertain to the Restaurant.
At our Restaurant, we are committed to ensuring the highest level of data privacy and security for our customers. To fulfil this commitment, we strictly adhere to the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz or BDSG) when processing personal data. Our Restaurant has chosen to utilise software provided by a German Software company, which inherently aligns with European data protection standards, particularly those outlined in the GDPR and BDSG. This guarantees that our customers' personal data is managed in accordance with the stringent legal requirements set forth by these regulations.
Information We Collect and the Purpose
We only process your personal data for the purposes communicated to you and will not utilise it for any other reasons.
- - Examples of Personal Information collected: browser type, IP address, cookie data, search queries, and interactions with the Store
- - Purpose: to customize the Store experience for you and to analyze Store usage in order to optimize its performance
- - Source: automatically collected when you access the Store using cookies or other tracking technologies such as web beacons, tags, or pixels
- - Disclosure for commercial purposes: shared with our Kitch processor
- - Examples of Personal Information collected: first and last name, delivery address (if applicable), phone number, payment details (including credit card numbers), email address, and tax identification number
- - Purpose: to provide you with products or services from the Store, collect payment, communicate with you, offer customer support, assess requests for potential risk or fraud, and, with your consent, contact you for future informational and marketing purposes
- - Source: obtained directly from you
- - Disclosure for commercial purposes: shared with our processor droov UG (haftungsbeschränkt) a limited liability company under the German law, registered at Max-Liebermann-Str. 13, D-80937 München, with tax identification number DE355534747
Sharing Your Information with Third Parties: When and Why
The Restaurant discloses your Personal Information to service providers to help us offer our services and fulfill our contractual obligations to you, as outlined above. For instance:
- - We utilize droov to manage our Store
- - We may disclose your personal information, specifically your name, address, and phone number, to logistics providers to ensure accurate order delivery and allow them to communicate with you in case of any issues
- - We may share your personal information to comply with relevant laws and regulations, respond to subpoenas, search warrants, or other legal requests for information, or to safeguard our rights
Retention of Your Personal Information
By placing an order through the Store, you grant the Restaurant explicit permission to collect and store your Personal Information in our records until you request its deletion.
Your Rights Concerning Your Information
You possess the right to access, transfer, amend, update, or delete your Personal Information held by the Restaurant. To exercise these rights, please contact the Restaurant at [Your Contact Email].
Contacting Us About This Policy
If you have any questions, requests, or complaints regarding how we process your Personal Information, please reach out to the Restaurant at [Your Contact Email].
Information We Collect
When you use the App, we collect the following types of information:
- - Personal Information: This includes your name and phone number. This information is necessary to facilitate communication between you and the customer during the delivery process.
- - Location Information: When you are delivering an order, the App collects real-time information about the location of your device. This allows customers to track their order and enhances the delivery experience.
How We Use the Information
We use the information we collect for the following purposes:
- - To facilitate the delivery of orders: We use your location information to track the progress of a delivery, and we share your name and phone number with the customer to facilitate communication during the delivery process.
- - To improve our services: We analyze information about how you use our App to help us improve our services and develop new features.
How We Share Your Information
We will not share your personal information with third parties except in the contexts listed below. We do not sell your personal information.
- - With customers: We share your name and phone number with customers when you are delivering their order. This is necessary for them to communicate with you during the delivery process.
- - For legal reasons: We may share your information if we believe it's required by law, regulation, operating agreement, legal process, or governmental request, or where the disclosure is otherwise appropriate due to safety or similar concerns.
We take reasonable measures, including administrative, technical, and physical safeguards, to protect your information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. We hold information about you both at our own premises and with the assistance of third-party service providers.
You have the right to ask us not to process your personal data for marketing purposes. You can exercise this right at any time by contacting us at firstname.lastname@example.org. You have the right to access information held about you. Your right of access can be exercised in accordance with the applicable data protection legislation. Any access request may be subject to a fee to meet our costs in providing you with details of the information we hold about you.
Changes to this Policy