Buyers – the users who create account with us to buy products and have those delivered,;
Couriers – the users who deliver the products to the Buyers.
The terminology used in this notice, and explained in this section, is based on the EU General Data Protection Regulation (GDPR).
Personal data means any information relating to an identified or identifiable natural person (“data subject”).; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future. Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by the European Union or its Member State law, the controller or the specific criteria for its nomination may be provided for by the European Union or its Member State law. Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with the European Union or its Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Legal basis for the processing
GDPR sets out a number of different reasons for which a company may collect and process your personal data, including: Consent – we can collect and process your data with your consent which, for example, can be provided when you tick a box at the time of registering on our app or website. When collecting your personal data, we’ll stipulate which data is necessary for us to provide you with the requested service or access to the Platform. You can revoke your consent at any time. However, when revoking your consent, you will not be able to use any services or features that require collection or use of the information collected or used on the basis of that consent. For example, the consent will be required to provide location information for couriers or to track couriers location live, provide ETA updates, etc.
Contractual obligations – we may need your personal data to comply with our contractual obligations, for example, if you a are a buyer, then we need to collect the delivery address details and pass them on to the courier for delivering your goods; or if you are a courier, then we need your bank details to make a payment for providing delivery services.
Legal compliance – if required by the law, we may have to collect and process your data, for example, we can pass on details of people involved in fraud or other criminal activity affecting us to law enforcement.
Legitimate interest - we may need your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we will use your purchase history to send you or make available personalised offers. We also combine the shopping history of many customers to identify trends and ensure we can keep up with demand, or develop new products/services.
The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs.
4. Collecting general data
When a data subject or automated system calls up the Platform, we collect a series of general data. This information is stored in the server log files. In this process we may collect:
- the browser types and versions used;
- referrers used;
- the operating system used by the accessing system;
- the sub-websites;
- the date and time of access;
- IP address;
- the ISP of the accessing system; and any other similar data or information that may be used in the event of attacks on our IT systems.
The above information is needed to deliver the content of our Platform correctly and optimize its content; ensure the long-term viability of our IT systems and website technology, and if required to provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. The above data is processed to provide the data protection and data security of the Company, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data of data subjects.
Unless an anonymous setting is activated, we also collect technical information about your use of our services through a mobile device such as location and performance data.
5. When personal data is collected
We collect personal data in the following occasions:
- when you download our apps;
- when you create an account with us or you change your account settings;
- when you place an order with us and during the order process (incl. for payment and order delivery);
- when you contact us directly via email, phone, post, message, etc;
- when you engage with us on social media;
- when you use and/or browse our apps or website (incl. when working as a courier);
- when we do background checks if you sign up as a Snap-IT rider.
6. What personal data is collected
We collect the following personal data:
- Identification data - names, addresses, dates of birth, e-mail addresses, telephone numbers, and login passwords (encrypted);
- Location data - delivery addresses, live location coordinates;
- Technical data - IP addresses, operating system, the device and connection type;
- Commercial data – order information, receipts and purchasing history;
- Payment data – credit, debit card and Stripe account information;
- Copies of documents you provide to prove your identity, qualifications or age where the law requires this (including your passport and driver's licence). This is applicable if you are signing up as a courier and will include details of your full name, address, date of birth and facial image. If you provide a passport, the data will also include your place of birth, gender and nationality.
7. The purpose of collecting personal data
Personal data is collected for the following purposes:
- Creating your account and keeping it up-to-date to provide you with the access to the relevant parts of the Platform;
- Verifying your identity;
- Screening potential delivery couriers;
- Processing payments;
- Enabling transport and delivery of your purchase. In this process location data is processed automatically to determine the delivery distance, cost of delivery and ETA;
- Tracking the location of couriers to identify ones closest to the respective store and to trace the progress of delivery;
- Enabling communication between the users of the Platform e.g. a courier may need to contact a buyer if a delivery location needs to be clarified;
- Responding to your queries and complaints. Handling the information you sent enables us to respond. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout;
- Protecting our business and your account from fraud and other illegal activities. This includes using your personal data to maintain, update and safeguard your account. We will also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our Platform;
- Compling with our contractual or legal obligations that require processing personal data or shareing it with law enforcement;
- Developing, testing and improving the systems, services and products we provide to you;
- Keeping you informed by email, web, text, and telephone about relevant products and services updates, new releases, special offers, discounts, promotions, etc.;
The registration on the Platform, together with the voluntary indication of personal data, is intended to enable us to offer you the contents or services that may only be offered to registered users due to the nature of the matter in question. Registered persons are free to change the personal data specified during the registration at any time, or to have them completely deleted from our data stock. In case you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you have asked for.
Upon your request we will provide information to you as to what personal data are stored by us at any time. In addition, we will correct or erase your personal data at your request or indication, insofar as there are no statutory storage obligations.
8. Protecting personal data
We secure access to all transactional areas of our Platform using ‘https’ technology to protect personal data of our Platform users. Access to your personal data is password-protected, sensitive data is secured and tokenised to ensure it is protected.
We monitor our Platform for vulnerabilities and attacks. We conduct penetration testing of the Platform to further strengthen its security.
9. How long will we keep personal data?
We will only keep personal data for as long as is necessary for the purpose for which it was collected. At the end of that retention period, if there are no other statutory retention requirements, your data will either be deleted completely or anonymised.
10. Sharing personal data
It may be necessary to share some personal data we have collected with the other users of the Platform. For example, if you are a buyer, then we need to share your name and delivery address with a courier. We may also need to enable the courier to contact you in case the delivery location needs to be clarified. Alternatively, if you are a courier, then your location data may be shared with a buyer to show the progres of the delivery and the ETA. If you are applying to become a courier then we may share your information with background check providers. We may also share personal data with trusted third parties we work with such as Stripe for payments; Google/Facebook to show you products or services that might interest you while you are browsing the internet (based on either your marketing consent or your acceptance of cookies on our Platform); cloud storage providers to store the data.
When working with third parties, we provide only the information they need to perform their specific services and they may only use your data for the exact purposes we specify in our contract with them. If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
In specific circumstances we may share personal data with third parties for their own purpose. Examples of such circumstances are:
- For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies;
- We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by- case basis and take the privacy of our customers into consideration;
- From time to time, we may expand, reduce or sell the Company and this may involve the transfer of parts of or the whole business to new owners. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Notice;
Google Analytics and Stripe are currently the only third parties we use to process your personal data as part of their contract with us. We use their services to be able to provide the best customer experience.
11. Data protection provisions about the application and use of Google Analytics (with anonymization function)
On our website we have integrated the component of Google Analytics (with the anonymizer function). Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
For the web analytics through Google Analytics the controller uses the application "_gat. _anonymizeIp". By means of this application the IP address of the Internet connection of the data subject is abridged by Google and anonymised when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Internet site for us.
Google Analytics places a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google is enabled to analyze the use of our website. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and into which a Google Analytics component was integrated, the Internet browser on the information technology system of the data subject will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.
The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits of our website by the data subject. With each visit to our Internet site, such personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.
The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.
Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Link https://www.google.com/analytics/.
12. Your rights over your personal data
Right to request:
- Access to the personal data we hold about you;.
- The correction of your personal data when incorrect, out of date or incomplete;
- Erasure of your personal data (Right to be forgotten). For example, when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end (such as the end of a warranty).
- That we stop using your personal data for direct marketing (either through specific channels, or all channels).
- That we stop any consent-based processing of your personal data after you withdraw that consent.
- You have the right to request a copy of any information about you that the we hold at any time, Right to withdraw consent:
- Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.Where we rely on our legitimate interest
- In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data, for example, if there is an ongoing dispute or claim on your account.
- You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
Checking your identity
- To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
Automated decision-making, profiling
- We use automated decision-making based on location data to select a courier to whom to send the delivery request based on the courier’s proximity to the identified store. We do not use profiling.
13. Payment method: Data protection provisions about the use of Stripe as a payment processor
On this website, we have integrated components of Stripe. Stripe is an online payment service provider. Payments are processed via so-called Stripe accounts, which represent virtual private or business accounts. Stripe is also able to process virtual payments through credit cards when a user does not have a Stripe account. A Stripe account is managed via an e-mail address, which is why there are no classic account numbers. Stripe makes it possible to trigger online payments to third parties or to receive payments.
The entity responsible for the collection and processing of Personal Data for residents of the European Economic Area (EEA) and Switzerland is Stripe Payments Europe, Ltd., a company incorporated in Ireland and with offices at 1 Grand Canal Street Lower, Grand Canal Dock, Dublin. To exercise your rights, the Data Protection Officer may be contacted via firstname.lastname@example.org. By selecting payment option, the data subject agrees to the transfer of personal data required for payment processing. The personal data transmitted to Stripe is usually first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. The processing of the purchase contract also requires such personal data, which are in connection with the respective order.
The transmission of the data is aimed at payment processing and fraud prevention. The controller will transfer personal data to Stripe, in particular, provided that a legitimate interest in the transmission exists. The personal data exchanged between Stripe and the controller for the processing of the data will be transmitted by Stripe to economic credit agencies. This transmission is intended for identity and creditworthiness checks.
Stripe will, if necessary, pass on personal data to affiliates and service providers or subcontractors to the extent that this is necessary to fulfill contractual obligations or for data to be processed in the order.
The data subject has the possibility to revoke consent for the handling of personal data at any time from Stripe. A revocation shall not have any effect on personal data which must be processed, used or transmitted in accordance with (contractual) payment processing.
The applicable data protection provisions of Stripe may be retrieved under https://stripe.com/privacy.
14. Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office: https://ico.org.uk/make-a-complaint/.
Information Commissioner's Office
15. Public forums and testimonials
We may provide public forums like bulletin boards, blogs, or chat rooms on our website. These forums are provided as a service to our users to help them exchange ideas, and information related to our services. Any personal information you choose to submit in such a forum may be read, collected, or used by others who visit these forums, and may be used to send you unsolicited messages. We are not responsible for the personal information you choose to submit in these forums.
We also post users and customer testimonials on our website that may contain information such as the users' names and titles. We will obtain the consent of each user prior to posting any information or testimonials on the website.
16. External Links
Our website may contain links to third-party websites. These third-party websites maintain their own policies regarding cookies and the collection and use of personal information. We assume no responsibility or liability for the actions of such third parties with respect to their collection or use of information. We encourage visitors and users to read the privacy policies of every website that you visit through a link on our website.
17. Policy Updates
We may need to update this Privacy Notice from time to time. Any changes will be posted on the Platform and we will also notify you about the changes as appropriate through push notifications or emails.