VertaaFood Oy ("VertaaFood" or "we", "our", etc.) processes the personal data of the users of its food ordering services.
Our data protection statement explains what kind of personal data we process, how we process personal data and how you can exercise your rights as a data subject
We can update this Privacy Policy if it is necessary due to changes in data processing or another reason. The up-to-date version is on our website. We will not make significant changes to this Privacy Statement or limit Users rights under this Privacy Statement without notifying you of such changes.
This Privacy Policy applies only to the processing of personal data where VertaaFood acts as the controller.
-
VertaaFood contact information
Name: VertaaFood oy
Social security number: 2952113-3
Email address: [email protected]
-
Processed personal data and data sources
We mainly collect the following personal data from our users:
When you register for the Services and create a user account, you must provide us with the following information: full name, phone number, email address, payment method information, such as the number of your payment method and the expiration date of your payment method (required to place food orders through the Services).
-
Purpose and basis of personal data processing
VertaaFood processes personal data for the following purposes:
- In order to provide our Services and to fulfill our obligations based on contractual relationships (basis for processing: execution of the contract)
VertaaFood processes your personal data in order to provide you with Services in accordance with the agreement between you and VertaaFood.
We use the information to the extent applicable, for example, to process payment transactions and refunds, and to provide our partners (Restaurants) with the necessary information to deliver your order. If you contact our customer service, we use the information provided to answer questions and solve possible problems.
-
Comply with Ksemme`s legal obligations we (legal basis for processing: legal obligation)
VertaaFood processes data to manage and fulfill its legal obligations. This includes processing data to comply with accounting obligations and providing data to appropriate authorities such as tax authorities.
-
For processing claims and legal procedures (legal basis for processing: legitimate interest)
VertaaFood can process personal data in connection with legal claims, collection and legal procedures.
-
For customer communication and marketing (legal basis for processing: legitimate interest)
VertaaFood may process your personal data in order to contact you in matters related to the Services and when notifying you of changes to the Services. We also use your personal data to market our Services to you. VertaaFood can use the data of registered customers to notify via text message or email.
VertaaFood processes your personal data to fulfill its contractual obligations towards you and to fulfill its legal obligations. In addition, we process personal data based on our legitimate interest to conduct, maintain and develop our business and to create and maintain customer relationships. When we process your personal data based on our legitimate interest, we compare our legitimate interests with your right to privacy and, for example, offer you easy ways to opt out of our marketing communications.
-
Transfer to countries outside Europe
VertaaFood stores your personal data primarily in the European Economic Area. However, the service providers we use operate in several geographical areas. We and our service providers can transfer personal data to countries, or gain access to them in countries outside the European Economic Area or your country of residence.
We take measures to ensure that the level of protection of your personal data is sufficient where your personal data is processed. We arrange adequate protection for transfers of personal data to countries outside the European Economic Area with the agreements we conclude with our service providers based on model contract clauses approved by the European Commission.
You can request more information about transfers of personal data by contacting us using the contact information mentioned above.
-
Recipients of personal data
We share your personal data only to the extent that it is reasonably necessary for the purposes described in this Privacy Policy.
We do not share personal data with external third parties unless one of the following circumstances applies:
Sharing is necessary for the purposes of this Privacy Statement and sharing with authorized service providers
To the extent that third parties (such as restaurants preparing your order and couriers delivering your order) need access to personal data in order to perform the Services, we provide such third parties with your data for processing on our behalf. In addition, we may hand over personal data for processing to authorized service providers providing services to us (including our subcontractors providing data storage, accounting, sales and marketing services) and to service providers providing payment services for the processing of your payments.
When third parties process data on VertaaFood`s behalf, VertaaFood has taken appropriate contractual and organizational measures to ensure that personal data is processed exclusively for the purposes stated in this Privacy Statement and in accordance with applicable laws, regulations and our instructions, in compliance with appropriate confidentiality obligations and security measures.
-
Retention period
VertaaFood does not store personal data longer than the maximum time allowed by legislation and only as long as it is necessary to provide the Services or part of them. The retention period depends on the nature of the data and the purpose of the processing. The maximum storage period can therefore vary on a case-by-case basis.
Most of the personal data concerning the User`s Services user account is destroyed when the User has deleted his Services user account. After this, we can keep part of the User`s user account Connectable information for as long as the law requires us to do so or we have a legal reason to keep the information, for example due to claims processing, internal reporting, marketing or accounting obligations. All personal data associated with the User`s user account will be destroyed within 10 years after the User has deleted his Services user account, unless the retention of the data is exceptionally necessary, for example for legal proceedings.
-
Your rights
- The right to access information
You have the right to access the personal data we process about you.
-
The right to withdraw consent
If the processing is based on the consent given by the User, the User can withdraw the consent given at any time. Revoking consent may limit the User`s ability to use our Services. Withdrawal of consent does not affect the legality of the processing of personal data processed before the withdrawal.
-
The right to demand correction of information
You have the right to demand that we correct or complete incorrect or outdated personal data we have stored by contacting us.You can correct or update some of your personal information about you through your Services user account.
-
The right to demand deletion of information
You can ask us to remove your personal data from our systems.We will carry out the measures according to the request, if we do not have a legitimate reason not to delete the information.
-
The right to resist
You can object to the processing of your personal data if the data is processed for purposes other than providing our Services or fulfilling a legal obligation. Opting out may, however, limit your ability to use our Services.
-
The right to limit the processing of information
You can ask us to limit the processing of your personal data, for example, when your deletion, correction or objection requests are being processed and/or when we have no legitimate grounds to process your data. However, this may limit your ability to use our Services.
-
The right to transfer data from one system to another
You have the right to receive your personal data from us in a structured and commonly used format, and the right to independently transfer the data to a third party.
-
Exercising rights
The above-mentioned rights can be exercised by sending a letter or e-mail to the above addresses, which contains the following information: User`s full name, company name, address, e-mail address and telephone number. We may request the delivery of additional information necessary for proving the User`s identity. We may reject requests that are unreasonably frequent, excessive, or clearly unfounded.
-
Direct marketing
The User has the right to prohibit us from using the User`s personal data for direct marketing, market research and profiling for direct marketing purposes by contacting us according to the contact information indicated above.
-
Filing a complaint
If the User considers that our personal data processing activities are in violation of the applicable data protection legislation, you can file a complaint with the local supervisory authority. The local supervisory authority in Finland is the data protection authority www.tietosuoja.fi.
-
Information security
We use administrative, organizational, technical and physical security measures to protect the personal data we collect and process. The measures we use include, for example, data encryption, firewalls, secure spaces and systems protected with limited access rights. Our security measures are designed to maintain an appropriate level to ensure data confidentiality, integrity, availability, fault tolerance and recoverability.
If, despite data security measures, a data security breach occurs that is likely to have harmful effects on the Users privacy, we will notify the relevant Users and other affected parties of the breach as required by the applicable legislation, and, if required by the applicable data protection legislation, to the authorities as soon as possible.
-
Privacy policy / Facebook
Privacy policy / Facebook
LogIn with Number
If the phone number is incorrect, you will not be able to register.
