Adatkezelési Tájékoztató



A magyar verzióra való váltáshoz kattints a fejlécben található "HU" feliratra.

Privacy Policy

Dear Customer,

We are pleased that you are interested in data protection. We would like to give you an easily understandable overview of our data protection process. For general questions and inquiries, please use the address [email protected], or if you would like to contact us on a specific topic, visit the Contacts page!

Our goal is to provide you with an amazing customer experience that also means that you can always trust us, that we are always transparent and honest to you. Your trust in our product is the reason why we can provide you with an amazing customer experience. We would like to thank you for this cooperation.

1. Who we are?
We are the Delivery Hero Hungary Kft. but usually we just use the name foodpanda. You can always contact us via the following methods:
Address: Czuczor utca 2, 1st Floor, HU-1093 Budapest
E-mail address:[email protected]

As data controller, we determine how we process your personal data, for what purposes and by what means. While we are required by law to provide you with all of the following information, we do so primarily out of the belief that a partnership should always be honest.

As data controller we are responsible that all our processing activities are in accordance with legal requirements (in particular the provisions of the General Data Protection Regulation (GDPR) and the Act CXII of 2011 on the Right of Informational Self-determination and Freedom of Information) but also you may reasonably expect these processing of your personal data.

If you have any questions about data protection at foodpanda, you can also contact us any time by sending an email to [email protected]

We have a global Corporate Privacy Officer as we are also a member of the large and fascinating family of the Delivery Hero Group.

As a family, we make certain decisions together. Both our parent company, Delivery Hero SE, Oranienburger Straße 70, 10117 Berlin and we jointly decide which means we will use to process your personal data and which purposes we consider to be appropriate.

We will continue to be your point of contact if you have any questions about data protection.

Privacy is your right and you have the choice

As a customer you have the choice which information you would like to share with us. Of course, we need some information for the fulfillment of our contract. However, this does not always require all the data which you can make available to us

You can take the following steps to disclose less information about yourself:

Cookies:You can install additional add-ons in your browser that block unnecessary cookies. By doing so, you will not see any interest-based advertisements.

Advertising:If you do not want to receive newsletters from us, you can unsubscribe at any time. In this case, we will not be able to send you any cool offers.

No data sharing:If you don't want to share any information with us at all, that's a shame. In this case we can't convince you how great our products are.
2. For which purposes we process data
We process your personal data only in accordance with the strict legal requirements. We pay particular attention to the fact that all principles for the processing of personal data are taken into account. The Delivery Hero Group pays great attention to transparency. Therefore, we only process your data if this is lawful and you can reasonably expect it to be processed. If, in the course of our evaluation, we come to the conclusion that the processing cannot reasonably be expected, we will only carry out the processing with your express consent.

2.1. Account creation, SSO registration, administration of your profile

In order to be able to offer you our services, the processing of your personal data is essential. Much of this data you transmit to us and other parts of the data we collect automatically when using our platforms (You can read more about automatic data collecting by cookies in our Cookie Policy. Nevertheless, we endeavour to keep the amount of data as small as possible. You can help us by only sharing necessary data with us that we need to fulfill our contractual obligations.

2.1.1. Registration

When creating a customer account you will be asked to enter your master data. This is absolutely necessary, as we cannot create a customer profile without this data. Your email address and telephone number are particularly important, as we can use this information to identify you in our system the next time you want to log in again. Furthermore, we would like to ask you to choose your password carefully. Do not use the same password on multiple websites. Your password should also be at least 5 characters long.

Processed personal data:
  • Master data: name, User-ID, e-mail address, password, telephone number, consent to sending newsletters (not mandatory)

Legal basis:
  • Performance of contract (Art. 6 para. 1 (b) GDPR) in case of mandatory data
  • Consent (Art. 6 para. 1 (a) GDPR) in case of subscription to the newsletter
Data processing happens during registration only in that case if you have accepted the necessary legal documents.

2.1.2. Single-Sign-On with Google

If you have an account with Google, you can use this account to log in to our service. Google accounts for European users are provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google Ireland"), a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 ("Google").

By using the “Continue with Google” button on our website, you can log in or register on our website using your Google user data. Only if you give your express consent in accordance with Art. 6 Para. 1 (a) GDPR prior to the registration process on the basis of a corresponding note on the exchange of data with Google, will we receive your Google user ID, user name and email address. We will never receive your Google password and cannot log in to your Google account. You can learn more about data sharing with Google when logging in to our service with Google by reviewing Google’s explanations here: https://support.google.com/accounts/answer/112802.

The data transmitted by Google is stored and processed by us solely for the creation of a user account with the necessary data.

Processed personal data:
  • Master data: name, e-mail address, password, telephone number, delivery addresses (delivery name, street name, house number, town, postal code), consent to sending newsletters (the latter is not mandatory)
  • Google account information: user ID, user name and email address

Legal basis:
  • Consent (Art. 6 para. 1 (a) GDPR) in case of Google connecting


2.1.3. Single-Sign-On with Facebook

If you have a Facebook profile, you can register on our website to create a customer account or to register using the social plugin "Facebook Connect" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"), within the framework of the so-called Single Sign On technology. You can recognize the social plugins of "Facebook Connect" on our website by the blue button with the Facebook logo and the inscription "Log in with Facebook" or "Connect with Facebook" or "Log in with Facebook" or "Sign in with Facebook".

If you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted directly from Facebook to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has called up the corresponding page of our website, even if you do not have a Facebook profile or are not logged on to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there. These data processing operations are carried out in accordance with Art. 6 Para. 1 (f) GDPR on the basis of Facebook's legitimate interest in the display of personalised advertising on the basis of surfing behaviour.

By using this "Facebook Connect" button on our website, you can also log in or register on our website using your Facebook user data. Only if you give your express consent in accordance with Art. 6 Para. 1 (a) GDPR prior to the registration process on the basis of a corresponding note on the exchange of data with Facebook, will we receive the general and publicly accessible information stored in your profile when using the Facebook "Facebook Connect" button on Facebook, depending on your personal data protection settings on Facebook. This information includes user ID, name, profile picture, age and gender.

We would like to point out that after changes have been made to Facebook's data protection conditions and terms of use, your profile pictures, the user IDs of your friends and the friends list may also be transferred if they have been marked as "public" in your Facebook privacy settings. Please note, if you have publicly accessible information ( user ID, name, profile picture, age and gender, friends list) on Facebook, and you give consent to data exchanging with Facebook, for technical reasons we will have access to these data unavoidably, but we do not abuse of these data.

The data transmitted by Facebook is stored and processed by us for the creation of a user account with the necessary data, if this has been released by you on Facebook (title, first name, surname, address data, country, e-mail address, date of birth). Conversely, we can transfer data (e.g. information on your surfing behaviour) to your Facebook profile on the basis of your consent given by accepting the use of necessary third-party cookie. You can find more information about cookies in our Cookie Policy.
The consent given can be revoked at any time by sending a message to us.

Facebook Inc., headquartered in the USA, is certified for the us European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU.

Processed personal data:
  • Master data: name, e-mail address, password, telephone number, delivery addresses (delivery name, street name, house number, town, postal code), consent to sending newsletters (the latter is not mandatory)
  • Facebook profile information: user ID, name, profile picture, age and gender

Legal basis:
  • Performance of contract (Art. 6 para. 1 (b) GDPR) in case of mandatory data
  • Consent (Art. 6 para. 1 (a) GDPR) in case of Facebook connecting


2.1.4. Managing your profile

Following registration, the system creates your customer account.

When using your own account, you have the option to rectify your data, erase the data, except for optional data, and subscribe to or unsubscribe from the newsletter. If you want to modify your phone number and you give a new one than you have to confirm your new phone number via SMS. You can also link your account and your Facebook profile so you can login to the account using your Facebook profile information. If you would like to unlink your Facebook profile, you can do so by modifying your Facebook settings. In the user profile you have the option to access your personal data or delete your user profile.

Processed personal data:
  • data provided during registration (master data and access data, Facebook profile information if applicable)
  • time of registration
  • notification settings
  • order history: partner, date of order, ordered items, value of order, information on payment method, delivery address, comments on orders,
  • saved credit card information
  • delivery and invoice addresses (street name, house number, town, postal code, time of saving the address, location data)

Legal basis:
  • Performance of contract (Art. 6 para. 1 (b) GDPR) in case of mandatory data
  • Consent (Art. 6 para. 1 (a) GDPR) in case of non-mandatory data (newsletter, Facebook connecting)


2.2. Order processing

Once you have successfully registered and decided to place your order, we will store this information in your account and process it in further processes so that you can submit your order to us. When you submit your order, your personal data is transferred to our backend where it is transferred to other systems for further processing.

Processed personal data:
  • Contact Information: name, e-mail address, phone number
  • Location data: address, postcode, city, country, longitude, latitude (If you allow the site to find your location when choosing a delivery address, your actual position will be loaded automatically based on your location information. We create the longitude and latitude automatically in order to be able to process your delivery address in our other linked systems, and to display your address to our riders Moreover the purpose of processing the longitude, latitude is to display the partners on the platform that delivers to your address as correctly as technological capabilities makes it possible and show the correct distance of the partner to your address.)
  • Payment information: payment method, in case of payment with credit card or SZÉP card pseudonymized credit card or SZÉP card information
  • Device information and access data in case of using website: information on Internet connection (IP address), user agent (application type, operating system, software vendor or software version)
  • Device information and access data in case of using the Application: Device ID, device identification, operating system and corresponding version, time of access, configuration settings,

Legal basis:
  • Performance of contract (Art. 6 para. 1 (b) GDPR)
  • Legitimate interest (Art. 6 para. 1 (f) GDPR) in case of Device information and access data
While you are placing an order, you have to confirm your phone number that you have given during data entry with a confirmation code sent by our system via SMS. The purpose of the confirmation of phone numbers is to make sure that users give real phone numbers, thereby we can reduce the number of the abuses regarding orders. Verifying phone numbers ensures the authenticity and accuracy of the personal data handled by us too.

We declare not processing, collecting or storing any card data required for the payment and not having access to such data in any manner when the payment is made with a bankcard or SZÉP card.

In case of payment with credit card you accept to provide the following personal data stored in our database to OTP Mobil Ltd. (1093 Budapest, Közraktár utca 30-32.). Provided data: family name, given name, country, phone number, e-mail address. The purpose of data transmission: customer support for users, confirming transactions and fraud-monitoring for users’ defense.

In case of payment with SZÉP card you accept that we transfer the following personal data concerning you stored in our database to BIG FISH Payment Services Ltd. (registered office: H-1066 Budapest, Nyugati tér 1-2.). Scope of transferred data: family name, given name, IP-address, billing address, shipping address, country, phone number, e-mail address, the last 4 digits of the card number. The purpose of data transfer: to carry out online payment transactions transmitting the required dataset between the merchant and the payment service provider to carry out online payment transactions, providing transaction data retrieval possibilities for merchant partners.

2.3. Delivery

Once you have successfully placed your order, a number of processes are running in the background to ensure that your order is delivered quickly. The following processing activities describe how and why your data is processed for the respective purposes.

2.3.1. Data transfer to riders, calls from riders (foodpanda delivery)

We use riders for delivery, when you order from foodpanda delivery partner.. In all these cases we send your personal data to the riders so that they can deliver your order quickly. If our riders cannot reach you at the delivery address you provided, they have received instructions from us to call you so that the problem can be solved easily.

Processed personal data:
  • Delivery information: name, delivery address, phone number, order details, ID, comments on order, payment method

Legal basis:
  • Performance of contract (Art. 6 para. 1 (b) GDPR)


2.3.2. Data transfer to partners, calls from partners

When you give an order, we send your personal data to the partners so that they can fulfil your order and deliver it quickly. If a product of your choice is not available for delivery, they have received instructions from us to call you so that the problem can be solved easily. In the case of an order from a foodpanda delivery partner, we do not send the personal data neither to the Vendor Portal interface used by the Partners nor to the tablet used for receiving orders the personal data will only be shown on the receipt printed from the tablet (the adress and the e-mail address will not be sent to the receipt either), the partner will only use the data to verify the order and checking the takeover process, and will not record or store it in any way, Partner need to ping it to the product.

Processed personal data:
  • Delivery information: name, delivery address, phone number, order details, payment method, comments on order, e-mail

Legal basis:
  • Performance of contract (Art. 6 para. 1 (b) GDPR)
  • Legitimate interest (Art. 6 para. 1 (f) GDPR) when called by the partner.

By placing your order, you accept the partner's privacy policy. We declare that we do not take any responsibility for the legality of the data processing after the handover to the partner. You shall get information about privacy policy of the partner on the partner’s contacts.
The partners have no claim whatsoever to your personal data and under no circumstances may they use it for their own purposes. If you should nevertheless be contacted by a partner without your prior consent, we ask you to report this to us by e-mail to [email protected].

2.4. Saved payment methods

In order to make the ordering process even more convenient for you, we offer to save your preferred payment method. This means that you don't have to enter your payment details again the next time you place an order. The storage of this data requires your prior consent. You can save your payment data by clicking on the consent field. You can revoke your consent for the future at any time by deactivating the consent field again or by informing us of this by e-mail to [email protected]

We declare not processing, collecting or storing any card data required for the payment and not having access to such data in any manner when the payment is made with a bankcard or SZÉP card.

Processed personal data:
  • Payment information: payment method, pseudonymized credit card information

Legal basis:
  • Consent (Art. 6 para. 1 (a) GDPR)


2.5. Advertising and marketing

2.5.1. Direct marketing

Newsletter

During registration you can subscribe to the newsletter by checking the relevant checkbox or – if available on our platform – in your own profile menu or at your request.

Not only do the contents of our newsletters vary, but so do the technologies and criteria we use to design our newsletters and segment customer groups. For example, a group of customers may receive a special newsletter promoting special deals from partners where customers have ordered. Other newsletters may refer to specific products that relate to a particular flavor, such as sushi, Indian delicacies or pizza
We use different information from your order history and delivery addresses.
This is a profiling process in which we automatically process your data. The specific customer segmentation can have a legal effect on you or can have a significant effect on you in other ways if you receive certain newsletters and are not included in other campaigns.

If automated decision-making leads to a negative result for you and you do not agree with this, you can unsubscribe from our newsletters with the link on the bottom of the newsletter or contacting our Customer Care.

Processed personal data:
  • Contact Information: name, e-mail address
  • Location data: address, postcode, city, country, longitude, latitude
  • Order information: order history, selected partners, invoices, order ID, comments on orders, information on payment method, delivery address, successful orders and cancelled orders

Legal basis:
  • Consent (Art. 6 para. 1 (a) GDPR)


NPS (customer survey)

We always develop new products and try to adapt our services to the wishes of our customers. In order to measure the effectiveness of these changes, we regularly offer interviews with our User Experience team. In these interviews we record your usage behavior and ask you for possible optimization possibilities. Your constructive feedback is very important to us. Therefore we will occasionally send you customer surveys on the basis of your previous consent and ask you to give us your opinion. If you do not wish to receive customer surveys, you can unsubscribe at any time. For any customer survey request you can click "unsubscribe" below or you can send at any time an email to [email protected] and we will not contact you again.

Processed personal data:
  • Communication data: name, e-mail address, phone number
  • Data concerning to survey:

Legal basis:
  • Consent (Art. 6 para. 1 (a) GDPR)

The answers given in the survey will be anonymized, so these cannot be connected to any User

Rating

We are constantly striving to improve our services. Your constructive feedback is very important to us. In the foodpanda Mobile Application or, if possible, on the foodpanda website, it is possible to submit a rating on a pop-up window or on any other platform. By submitting a rating, you give your consent to us to forward your rating to our partner in order to get adequate information to improve the services. The data of rating are forwarded anonymously so these doesn’t contain your personal data.

Processed personal data:
  • Communication data: name, e-mail address
  • Rating data: order satisfaction (3 leveled), comments, delivery time, product satisfaction, rider satisfaction

Legal basis:
  • Consent (Art. 6 para. 1 (a) GDPR)



Push notification

We are always working to give you an amazing customer experience. To achieve this, we negotiate very good deals for you with our partner partners. If you activate push messages on your mobile device and give your active consent to sending marketing push messages by clicking the checkbox on the app, we will be able to inform you about these offers.

Processed personal data:
  • Location data
  • Profile data (master data)
  • Order information

Legal basis:
  • Consent (Art. 6 para. 1 (a) GDPR)


2.5.2. Online marketing

Our service is based to a large extent on convincing potential customers that we offer an amazing customer experience and that every visit to our platform is worthwhile. In order to reach as many potential customers as possible, we are very active in the field of online marketing. It is just as important to win the trust of potential customers and to strengthen the trust of our existing customers. Therefore, we would like to present you our processes as transparent as possible

Targeting

In principle, targeting means the switching and fading in of advertising banners on websites that are tailored to specific target groups. The aim is to display the most attractive banners as individually as possible for the user and potential customer. Firstly, we define a target group and secondly, we commission our service providers to show our advertising to the defined target group. To better define the target group, we segment customer types and place different ads on different portals.

Processed personal data:
  • Contact Information: name, e-mail address,

Legal basis:
  • Legitimate interest (Art. 6 para. 1 (f) GDPR).
    Our legitimate interest is the purpose described above


Cookies In order to make the visit of our website/app attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your device and allow us or our affiliate to recognize your browser on your next visit (persistent cookies). You can set your browser so that you are informed about the setting of cookies and individually decide on their acceptance or exclude the acceptance of cookies for specific cases or in general. Failure to accept cookies may limit the functionality of our website/app.

Processed personal data:
  • defined in detail in chapter 3 below

Legal basis:
  • If processing takes place with your consent, the legal basis is Art. 6 Para. 1 (a) GDPR, namely your consent. Otherwise, the processing is based on our legitimate interest pursuant to Art. 6 para. 1 (f) GDPR. Our legitimate interest lies in the aforementioned purpose
You can find information about cookies in detail in the cookie policy, which can be found at the following link: https://www.foodpanda.hu/en/contents/cookies

2.5.3. Sweepstakes

The participation in the lottery requires your consent. If you have already given your consent and would like to revoke it for the future, you can do so at any time by sending an email to [email protected] In this case, we will exclude you from participating in our sweepstakes and you will not receive any further invitations to sweepstakes. The details of the data processing can be find in the rules of the given sweepstake.

Processed personal data:
  • Contact Information: name, e-mail address
  • In the event of winning: delivery address in Hungary, phone number.

Legal basis:
  • Consent (Art. 6 para. 1 (a) GDPR)


2.6. Fraud prevention and security of our platform

In order to protect our customers and our platform from possible attacks, we continuously monitor the activities on our website. To this end, we use various technical measures to ensure that suspicious behavior patterns are detected at an early stage and prevented in good time. To achieve this goal, several monitoring mechanisms run in parallel and prevent potential attackers from accessing our website at all.

The decision-making process is automated and can have a legal effect on the person concerned or affect them in a similar way. If automated decision-making leads to a negative result for you and you do not agree with this, you can contact us at [email protected].In this case, we will individually assess the circumstances of your case.

Processed personal data:
  • Device information and access data
  • Contact information
  • Payment information
  • Order information
  • Voucher information

Legal basis:
  • Legitimate interest (Art. 6 para. 1 (f) GDPR)


2.7. Vouchers We often offer vouchers for our platforms. The reasons can vary. The purpose of these vouchers is to encourage those customers who ordered long time ago or we use vouchers in marketing campaigns. In order to be able to check the number, the value and the frequency of use of the vouchers, but also to avoid misuse of these vouchers, we collect various personal data.

Processed personal data:
  • Profile data: name, e-mail address
  • Voucher information: name of campaign, value, validity of voucher, order using the voucher, number of vouchers.

Legal basis:
  • legitimate interest Art. 6 para. 1 (f) GDPR,
    Our legitimate interest is the purpose described above.


2.8. System messages In many cases, we may send you information about the operation of our services and our website, the content of these messages may be different, but which can never be considered as marketing request. The information can be received via e-mail, text message or push message. Our system messages inform you, for example, about your ordering, shipping information, maintenance of the website or our services, and changes to your user account.

Processed personal data:
  • Contact Information: name, e-mail address, phone number

Legal basis:
  • Legitimate interest (Art. 6 para. 1 (f) GDPR).
    Our legitimate interest is that the information specified in this section reaches you, which is also in your interest in all cases, as you can use our services efficiently and with satisfaction.


2.9. Complaint handling

Should you have a complaint relating to our services, we recommend that you send your complaint primarily through the customer service chat interface. In addition, you still have the opportunity to submit your complaint by telephone, orally or in writing.

For the handling and traceability of complaints relating to the services, and for documenting your identity, the exact time and content of the complaint as well as the information provided in relation to the complaint we record the phone call and chat conversation when you call us to share your complaint with us and prepare a minutes about the complaint (written, oral or by phone).

At the start of the phone call we inform the caller of the identity of the controller, the purpose of the data processing (complaint handling), of the fact that the conversation will be recorded, as well as of the fact that if they do not consent to the recording of the phone call, they have the option to submit their complaint via post of electronic mail. We also inform you of the fact that detailed information about data processing is available on the foodpanda website and regarding how a voice recording may be obtained.

Processed personal data:
  • in case of chat conversation:
    • name;
    • subject and content of complaint.
  • in case of written complaint:
    • name;
    • address or e-mail;
    • subject and content of complaint.
  • in case of chat conversation, oral complaint or complaint by phone call if the complaint could not be handled immediately, we prepare a minute which contains the following data:
    • name;
    • address;
    • place, date, mode, subject and content of the complaint;
    • special identifying number of the complaint.
  • in case of phone call recording:
    • the voice of the caller,
    • the information provided during the phone call.

Legal basis:
  • Legal obligation pursuant to Act CLV. of 1997 on Consumer protection, paragraph 17/B.
3. How long we store your data?
We generally delete your data after the purpose has been fulfilled. Different deletion rules apply depending on the purpose of the processing. Within our deletion concepts we have defined various data classes and assigned rule deletion periods to them. The data collected is marked with a deletion rule. When the retention period is met, the stored data will be deleted accordingly.

We will delete your personal data either if you wish and let us know unless we have legal obligation to reserve the data. In addition to the deletion rules defined by us, there are legal retention periods which we must also observe. Therefore, despite your request for deletion of your data, we may still have to store some of the stored data due to legal regulations. In this case, however, we will restrict data from further processing.

Regarding the legal basis of different data processing we process the data as following:
  • consent: until you request the erasure of the data or revoke your consent
  • legitimate interest: until you object to processing your personal data for the given purpose unless we prove that these activities are made necessary by legitimate obligations which take precedence over your interests, rights and freedoms, or are necessary for the submission, enforcement or protection of legal claims.
    • legal obligations:
    • we process the data required for the purpose of enforcing the claims and rights arising from the contract concluded between us for 5 years after terminating the contract, in accordance with Section 6:22 of Act V of 2013 on the Civil Code.
    • we preserve your data of name and address indicated in the accounting document pursuant to Section 169 of Act C on Accounting for at least 8 years only for the purpose of complying with the accounting obligation.
    • we preserve the data processed in connection with complaint handling (so the record of the phone conversation) for 5 years according to Act CLV. of 1997 on Consumer protection, paragraph 17/B.

Furthermore, we will continue to store your data if we have a right to do so in accordance with Art. 17 para. 3 GDPR. This applies in particular if we need your personal data for the establishment, exercise or defense of legal claims.
4. Who we work with and where we process your data?
We never give your data to unauthorized third parties. However, as part of our work we obtain the services of selected service providers and give them limited and strictly monitored access to some of our data. However, before we forwarding personal data to these partner companies for processing on our behalf, each individual company undergoes an audit. All data recipients must meet the legal data protection requirements and prove their data protection level with appropriate proofs.

4.1. Delivery Hero Gruppe

Within a group it is sometimes necessary to use resources effectively. In this context, we support each other within our Group in optimizing our processes. In addition, we provide joint content and services. This includes, for example, the technical support of systems.

This is a joint responsibility within the meaning of Art. 26 GDPR. We are fully responsible for fulfilling the data protection requirements together with Delivery Hero SE, Oranienburger Straße 70, 10117 Berlin, [email protected]. Within the framework of joint controllership, both we and Delivery Hero SE have agreed that both will guarantee your rights equally.

For practical reasons we have decided that we are to you for all data protection-legal questions at the disposal and in particular your rights in accordance with Art. 15 to 22 GDPR will guarantee we will guarantee.

Please contact us for this under [email protected].

4.2. Service providers

We use different data processors in our daily processing. These process your personal data in accordance with the requirements of Art. 28 GDPR only according to our instructions and have no claims whatsoever on these data. We also monitor our processors and include only those who meet our high standards.

Because we use different data processors and change them from time to time, it is not appropriate to identify specific recipients of personal information. However, if you are interested, we will be happy to disclose the name of the processor(s) in use at that time upon request.

4.3. Third parties

In addition to data processors, we also work with third parties, to whom we also transmit your personal data, but who are not bound by our instructions. These are, for example, our consultants, lawyers or tax consultants who receive your data from us on the basis of a contract and process your personal data for legal reasons or to protect our own interests.

We do not sell or rent your personal data to third parties under any circumstances. This will never take place without your explicit consent.

4.4. Prosecuting authorities and legal proceedings

Unfortunately, it can happen that a few of our customers and service providers do not behave fairly and want to harm us. In these cases, we are not only obliged to hand over personal data due to legal obligations, it is also in our interest to prevent damage and to enforce our claims and to reject unjustified claims.
5. You can also make use of the following rights at any time
5.1. Right to access

You have the right to be informed which data we store about you and how we process this data.

Upon your request we provide information on whether we use your personal data for data processing purposes, and if so, we grant you access to your personal data and shares the following information with you:
  • the purpose(s) of the data processing activity;
  • the type of the personal data affected by data processing;
  • the legal ground and recipient(s) in the event of transferring their personal data;
  • the planned processing period;
  • your rights relating to the rectification, erasure and restriction of processing of the personal data, as well as the option to object to personal data processing;
  • the possibility of turning to the Authority;
  • the data source;
  • the name, address of the processors and their activities related to data processing.


You have the opportunity to request in the user profile what personal data we process about you.

We shall provide you with a copy of the personal data processed free of charge. For any further copies you request, we may charge a reasonable fee based on administrative costs. If you submitted the request via an electronic channel the requested information shall be sent to you in a widely used electronic format unless you, as the data subject, request it in a different format.

Upon your request we are obligated to provide you with the information requested without any undue delay, but by no later than within one month from the submission of the request, in a readily intelligible form. You may submit your request for access through the contact channels specified in this Privacy Policy while simultaneously also verifying your identity, and you can also access the personal data we process through your user profile.

5.2. Right to rectification

If you notice that stored data is incorrect, you can always ask us to correct it.

Taking into account the purpose of the data processing and the provision of the correct data, you may request the rectification of inaccurate personal data or the supplementation of incomplete data from our Company. We shall fulfil the rectification requirement without undue delay.

5.3. Right to erasure (right to be forgotten)

You can ask us at any time to delete the data we have stored about you.

You have the right to request us to erase your personal data with immediate effect without undue delay; and we are obligated to perform the requested erasure of the personal data immediately if any of the following criteria is fulfilled:
  • the personal data requested to be erased are no longer needed for the purpose they were obtained for and managed in any way;
  • you revoked your consent and there is no other legal ground for data processing;
  • you object to the processing of your personal data;
  • the personal data was processed unlawfully;
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;
  • the personal data obtained based on consent was collected with the provision of services relating to the information society to children.

Where we have made the personal data public (made it available to a third party) and are obligated to erase them pursuant to the above, we shall take into account the available technology and the cost of implementation, shall take reasonable steps to inform controllers who are processing your personal data that you have requested them to erase any links to, or copy or replication of those personal data, as well as to erase any duplicate copies.

Personal data is not required to be erased when data processing is required:
  • to exercise rights to freedom of expression and information;
  • for compliance with a legal obligation which requires processing of personal data by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • based on public interest that relates to public health;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes if the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • for the presentation, enforcement or defence of legal claims.


You can also initiate the erasure of your user profile and the personal data stored in it in your user profile. If you request the erasure of your personal data, we will comply with your request immediately, but no later than one month from the receipt of the request, except for data that we are still required to process in order to enforce our rights and obligations under the contract or it is required by law.

5.4. Right to restriction of processing

If you do not wish to delete your data, but do not want us to process it further, you can ask us to restrict the processing of your personal data.

You have the right to request us to, instead of rectifying or erasing, restrict the processing of your personal data, if any of the following criteria apply:
  • you contest the correctness of the personal data, in which cases the restriction shall only apply to the time period necessary for us to verify the correctness of the personal data;
  • the data processing activity has no legal basis, and the data subject does not consent to the deletion of the data but requests the limitation of their use;
  • we no longer require the personal data for data processing purposes, but you request the data for the submission, enforcement or protection of legal claims; or
  • you objected to data processing; in such cases the restriction shall only apply to the time period necessary to determine whether the Company’s justified needs override your justified needs.


Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

You shall be notified in advance of the lifting of restrictions on data processing.

5.5. Notification obligation regarding rectification or erasure of personal data or restriction of processing

We communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. Upon your request we shall share with you the list of recipients.

5.6. Right to data portability

You can ask us to transmit the data stored about you in a machine-readable format to you or to another responsible person. In this context, we will make the data available to you in JSON format.

5.7. Right to object to the processing of your data

This also includes objecting to our processing, which we process without your consent but based on our legitimate interest. This applies, for example, to direct marketing. You can object to receiving further newsletters at any time.

You have the right to object to the processing of your personal data, if the data processing
  • is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • is necessary for the enforcement of the legitimate interest of our Company or a third party.


In the event of objection, we shall abandon the processing of the personal data unless we prove that these activities are made necessary by legitimate obligations which take precedence over your interests, rights and freedoms, or are necessary for the submission, enforcement or protection of legal claims.

Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to the processing of personal data related to you for such purposes. If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

5.8. Automated decision making

We also process your personal data in the context of algorithms in order to simplify our processes. Of course, you have the right not to be subject to decisions based solely on automated processing. If you believe that we have denied your access in an unjustified way, you can always contact us at [email protected]. In this case, we will examine the case separately and decide on a case-by-case basis

5.9. Measures taken in connection with the requests

We shall inform you without undue delay, but no later than within one month from the receipt of the request, of the measures taken in relation to the access, rectification, erasure, restriction, objection or data portability request. This deadline may, however, be extended by two months if warranted by the complexity of the request or the number of requests. We shall notify you of any such extension within one month of receiving the request; such a notification shall include the reason of the extension. If you submit the request via an electronic channel the notification shall preferably be sent to you in electronic format unless you request a different format.

If we fail to act upon your request we shall notify you without delay, but no later than within one month of receiving the request, of the reasons of such a failure, and shall also inform you that you may place a complaint at a supervisory authority, and may seek judicial legal remedy.

Upon your request, the information, notifications and the measures taken based on your request shall be provided free of charge. If your request is clearly unfounded or excessive, in particular because of its repetitive nature, we may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested or may refuse to take action in relation to the request. The burden of demonstrating the clearly unfounded or excessive nature of the request falls on us.

5.10. Right of complaint

We take all necessary measures to ensure that the personal data are processed in line with the applicable laws and regulations, however, if you feel that we have failed to meet these expectations, please write to the [email protected] e-mail address or to the Czuczor utca 2, 1st Floor, HU-1093 Budapest postal address.

If you feel that we have violated your right to privacy, you may seek legal remedy from the competent bodies in accordance with applicable laws
  • at the Hungarian National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C., [email protected];www.naih.hu)
  • or in court.


The National Media and Communications Authority is responsible for advertisements sent electronically, the detailed rules of which are contained in Act CXII of 2011 on the Right of Informational Self-determination and Freedom of Information and in Act CVIII of 2001 on Electronic Trading Services and Certain Issues Concerning Services in an Information Society.
6. Social Media Fanpages
We have profiles on various social media platforms on which we advertise our products and interact with customers. Since we operate these profiles on third-party platforms, each time you visit these social media channels the operators collect different personal data from you.

6.1. Responsibilities We and the respective operators of the social media platforms act as joint controllers. Where two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers.

The social media platforms Facebook and Instagram are operated by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland.

We are responsible for all interactions on our own platforms. The operators of the social media platforms themselves are data controllers for general interactions and interactions outside our profiles. An exception applies to the data processing described below for the usage analysis (page insights); we are jointly responsible with Facebook for this.

The following links will show you exactly which data is collected by the respective social media operators:
Privacy Policy Facebook
Privacy Policy Instagram

6.2. Data processing

For pages, Facebook provides page administrators with statistics and insights that help them understand the types of actions people take on their pages ("Page Insights").

When you visit or interact with a Page or its content, information such as the following may be collected and used to create Page Insights:
  • Viewing a Page, or a post or video from a Page
  • Following or unfollowing a Page
  • Liking or unliking a Page or post
  • Recommending a Page in a post or comment
  • Commenting on, sharing or reacting to a Page post (including the type of reaction)
  • Hiding a Page's post or reporting it as spam
  • Clicking a link to a Page from another Page on Facebook or from a website off Facebook
  • Hovering over a Page's name or profile picture to see a preview of the Page's content
  • Clicking on the website, phone number, Get Directions button or other button on a Page
  • Whether you're on a computer or mobile device while visiting or interacting with a Page or its content

We and Facebook are jointly responsible for the processing of your data for the provision of page insights. For this purpose, we and Facebook have agreed in an agreement which and a division of our data protection obligations according to Art. 26 GDPR shall be agreed.

6.3. Your data subject rights

For all data processing on this website, we are solely responsible for processing your data in accordance with data protection regulations.

As part of our agreement with Facebook, we have determined that Facebook is primarily responsible for fulfilling its information obligations in connection with the Page Insight data and for ensuring that you exercise your rights under the GDPR. For more information about your data subject rights on Facebook, please see:Facebook's Page-Inside Privacy Policy.
7. Handling and reporting of personal data breaches
All incidents are considered personal data breaches which result in the unauthorized processing or controlling of personal data, in particular unauthorized or accidental access, alteration, disclosure, erasure, loss or destruction of personal data handled, transferred, stored or processed by the Controller, or in its accidental destruction or damage.

We are obligated to report any personal data breach to the National Authority for Data Protection and Freedom of Information (NADPFI, NAIH) by the Service Provider without undue delay, or at the latest 72 hours after becoming aware of the personal data breach, unless we can prove the personal data breach is unlikely to pose any risk to the rights and freedoms of natural persons. Where such notification cannot be achieved within 72 hours, the reasons for the delay should accompany the notification and information may be provided in phases without undue further delay.

We shall inform the data subjects of the personal data breach through our website within 72 hours of detecting the data breach incident.

We keep a record of each personal data breach for controlling the measures taken in relation to the occurring incidents and for providing information to the data subjects. The records contain the following data:
  • the scope of the affected personal data;
  • the range and number of data subjects;
  • the date and time of the personal data breach;
  • the circumstances and effects of the personal data breach;
  • the measures taken for the prevention of the personal data breach.

We keep the data contained in the record for 5 years from the detection of a personal data breach.
8. Data security
We undertake to ensure the security of data and takes all technical and organizational measures, puts into place the procedural rules that ensure the protection of all collected, stored and processed data, as well as preventing the destruction, unlawful use and unlawful alteration of data. It also undertakes to call upon each third party to whom data are transferred or transmitted without the data subjects’ consent to comply with the data security requirements.

It also ensures that no unauthorized persons may access, disclose, transfer, rectify or erase the processed data. The processed data may be accessed only by our company and its employees, as well as the processor employed by us, and we shall not transfer the data to any third party not authorized to have access to them.

We shall take every possible effort to ensure that data are not accidentally damaged or destroyed. We require all our employees taking part in data processing activities to assume the above obligations.
9. Other provisions
This Policy is governed especially by the provisions of Act CXII of 2011 on the Right of Informational Self-determination and Freedom of Information and by the Hungarian law and the Regulation of the European Parliament and of the Council (EU) 2016/679 (27 April 2016) on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and repealing Directive 95/46/EC.

We reserve the right to change this data protection declaration in compliance with the statutory provisions. We will inform you of any significant changes, such as changes of purpose or new purposes of processing.


Last update: 10 November 2021