Roofoods Ltd (in the UK) and Deliveroo Ireland Limited ("we", "our", “us” or "Deliveroo") are committed to protecting the privacy of riders who apply to ride with us (“rider applicants”), our riders and their substitutes, including all users of the rider mobile device application (the "Rider App") and related services. We’ll be the “data controllers” of the information we collect about you.
1. CONTACT DETAILS
2. INFORMATION THAT WE COLLECT ABOUT YOU
We collect your information in a variety of ways, such as when you apply to be a Deliveroo rider and when you use the Rider App. More details about how your information is collected are listed below. See More.
Your rider application and account set up
- When you apply to ride with Deliveroo, we ask you to provide information about yourself including your name, contact details, vehicle type, date of birth, postcode and your right to provide services to Deliveroo.
- During the application process, we (or a third party) will ask you to provide further information and documents, such as a copy of your passport, ID, visa and proof of address for right to work checks. If you are required by applicable law to have a licence or insurance for your vehicle type, we’ll also ask you to provide evidence that you’re compliant with this law, as well as your vehicle registration details. We will track the progress of your application.
- For your account set-up, we will ask you to provide financial (including bank details), tax (evidence of your PPS number) and business registration information, and further information related to your services for Deliveroo such as contact details of your next of kin (whose details you have permission to share with us for emergency purposes), where you want to provide the services, your kit and a photo. We record your Deliveroo rider payment arrangement and a copy of your signed supplier agreement with us (“Supplier Agreement”).
Payment, ride planning and kit ordering
- We record your deliveries, your tips if obtained via the Rider App, your calculated fees and associated fee statement. We also record your self-serve bookings requested, made and confirmed through the Rider App and any priority access you have.
- We collect your most recent rider activity relating to your attendance of booked sessions (where you make bookings), super peak participation and whether you’ve avoided late cancellations. This information is shown as “Statistics” in the Rider App.
- When you order kit through our Deliveroo kit store, you are asked to provide information about yourself including your name, contact details, delivery address, order details and payment information (if required).
- When you request to use a location-based function in the Rider App, for example when you want to find a zone centre or use the zone selector control, we access your location from your device in order to provide this functionality. This includes when you opt to use these functions whilst your status is set to “”offline” i.e. not available for orders. If you do not want us to view your location when you are “offline”, please do not request these functions.
- When your status is set to “online” (i.e. available for orders) on the Rider App, we intermittently collect your location data. If you do not want us to view your location, please change your rider status to offline, but please note that you will need to be online for the Rider App to allow you to be offered and/or complete orders.
Your use of the Rider App and Rider Support
- When you use the Rider App we collect information about your usage of the Rider App, including about your rider status and (when online) your order progress swipes.
- When you interact with our rider support function via email, phone, post, chat or on the Rider App (“Rider Support”) or Customer Services, including when you report any incident, our team may collect and use information about you. Your communications with us will be stored. If you contact Rider Support by phone, your calls may be recorded for internal Rider Support training and improvement purposes.
- You have the right to use your device settings to reject or remove these functional technologies, however please be aware that if you do this, the Rider App will not function correctly and you will not be able to carry out your services as a rider with Deliveroo.
Information about your services
- We may receive information about your services or any incident you may have been involved with from the restaurants who work with us (our "Partner Restaurants"), our customers, other riders or members of the public.
- We may collect information about you from the feedback you send us or provide to us through focus groups or surveys.
- When you use websites or applications of third parties in connection with your services for Deliveroo, including during the application and onboarding process, those sites or applications may collect and process your information independently of Deliveroo. We recommend that you check their privacy policies to understand how they process your personal data.
3. USE OF YOUR INFORMATION AND WHY
- We will only process the data we collect about you if there is a reason for doing so, and if that reason is permitted under data protection law. We will have a lawful basis for processing your information if: we need to process your information for the performance of a contract with you, or at your request before we enter into a contract; we have your consent; we have a justifiable reason for processing your data; it is in the public interest for us to process your data; or we are under a legal obligation to do so. See More.
- Where we need to process your information for the performance of a contract with you, or at your request before we enter into a contract, we use your information:
- to provide and manage your rider application, account, and onboarding process, including to execute your Supplier Agreement;
- to provide you with access to and use of the Rider App as a means of Deliveroo engaging your services, including to enable you to accept orders and to provide you with the self-service booking tool;
- to communicate with you about operational information relating to your services to Deliveroo, such as closed zones, any important changes or developments to the Rider App and about your upcoming booked sessions;
- to enable Rider Support and Customer Services to communicate with you to support your services;
- to offer you order-specific delivery fees (where available in your market) and calculate and administer payments for your rider services and any referrals. Sometimes it may be necessary to use your location data to confirm what payments are due to you, for example whether a surge fee was applicable to you at a certain time and location; and
- to enable you to access and use the Deliveroo rider kit store website and services to order, pay for and receive delivery of Deliveroo rider kit.
- We also process your data where we have a justifiable reason for doing so. We have listed these reasons below:
To communicate with you
- to help you to complete your rider application;
- to contact you for your feedback on your rider experience;
- to inform you about opportunities to make more money in connection with the services you provide, such as by riding at certain times or by referring your contacts as riders;
- to send you news and information in connection with your rider services and the rider community and to help you to understand more about Deliveroo, such as by sending you the “Roosletter”, tech updates and helping you to find appropriate road safety equipment;
For our onboarding and delivery operations
- to perform right to work, road licence and insurance checks, and to audit and store evidence of these, to ensure that you are legally compliant when providing the services and to comply with our internal policies, protect our reputation and mitigate our legal risks;
- to make the most efficient decisions when offering you orders based on factors like your location, and to determine your level of priority access to booking using your “Statistics” data. Data protection law describes this as profiling;
- to enable you to use or benefit from an insurance policy;
- to enable our Rider Support, tech and engagement teams to help you with any issues, enquiries or complaints efficiently and effectively, including to fix any bugs or other technical issues in the Rider App using technical information relating to your device;
- to provide Deliveroo services and a positive experience to our customers and Restaurant Partners, such as by providing live order progress updates using your order progress swipes on the Rider App;
To develop our business, systems and services
- to ensure and improve the efficiency of our services, for example to understand from your data (such as your order progress swipes and other Rider App usage, feedback you give about orders and your location data) as well as the data of other riders, what causes a negative customer, restaurant or rider experience, inefficient deliveries or damage to Deliveroo, and use this data to responsibly design, develop and test new tools and processes to improve our business, systems and services;
- to train our algorithms to make the most effective and accurate decisions, such as training our order dispatch algorithm, Frank;
- to interact with you (such as via communications or Rider App functionality) to encourage Deliveroo’s network efficiency based on our analysis of your services;
To protect Deliveroo
- for the exercise or defence of legal claims and to exercise and protect the rights of Deliveroo, Restaurant Partners, customers, or others, including determining our liability;
- to enforce the terms of your Supplier Agreement and keep records of such enforcement, including using your data to analyse whether you have breached your Supplier Agreement (such as by misusing the Rider App or acting fraudulently), which may result in us disabling or terminating your Supplier Agreement if we have the right to do so;
- to investigate any complaints or incident reports relating to a rider and to prevent fraud or other misuse of our systems and services;
For referrals and rider initiatives
- to enable your referrer to understand whether they are eligible to receive a referral fee, if you use a referral code in your application;
- to administrate and develop rider events and other rider initiatives; and
- in rider onboarding campaigns where you agree we may do so. We sometimes also use anonymous or aggregated forms of your information in the media or in rider onboarding campaigns (from which you are not identifiable).
- Where we are under a legal obligation to do so we may use your information:
- to keep a record of payments made to you;
- to calculate and administer any relevant taxes (including, if applicable, withholding taxes); and
- to comply with any other legal obligation or regulatory requirement to which we are subject.
- Data protection law describes some processing activities in this section as profiling (see above). You have certain rights in relation to this type of processing. Please see 'Your Rights' section below for more information.
- Where we rely on our justifiable reasons for processing as a basis for processing your personal information, we carry out a ‘balancing test’ to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our justifiable reasons for processing. You can find out more information about these balancing tests by contacting us using the details above.
4. DIRECT MARKETING
Where you have given your consent or where we have a justifiable reason for doing so (and are permitted to do so by law) we will use your information to let you know by email about Deliveroo’s products and services (such as kit) and/or any promotions from third parties which are designed to support your provision of services to Deliveroo, such as by reducing the cost to you of providing services and by helping you to provide the services more safely through special deals we find for riders. You always have the option to unsubscribe from these emails.
5. SHARING YOUR INFORMATION
- The information we collect about you will be transferred to and stored on our servers located within the EU. We are very careful and transparent about who else your information is shared with globally. See More.
- Sharing your information internally: We share your information with other Deliveroo group companies only where necessary for the purposes set out in section 3.
- Sharing your information with third parties: We share your information with third party service providers who will store your information on their servers. The types of third party service providers whom we share your information with includes:
- IT service providers: including cloud, software, analytics, communications and data storage providers and SDKs.
- Operational service providers: including feedback and survey providers, right to work verification and onboarding providers, our support service providers, payment providers, user research partners, professional advisors, financial services providers and other suppliers, business partners, contractors and subcontractors.
- Partner Restaurants and customers: we provide limited information to Partner Restaurants and customers whose orders you accept, for the purposes of our operations.
- Insurance companies: if you decide to purchase third party products or services (such as insurance), or where you are enrolled into a Deliveroo insurance policy, you or the provider may request that we provide your information to the provider to enable them to provide the products, services or policy to you, so we will share this information for this purpose. We may also need to share your information with our insurers to establish whether we are liable for any incident you have been involved in whilst providing services to us.
- The Irish Revenue: where we are legally required to do so.
- Rider perk partners: if you have asked us to do so.
- Anyone who refers you as a rider: your referrer will be given updates about progress towards their referral fee in relation to you, such as if you've reached the required orders for them to receive their fee or if their referral has been unsuccessful.
- Media: where we have the legal right to do so, such as if you share (including by publishing or causing to be published) any details about your rider services for Deliveroo which are misleading or inconsistent with our records of your rider services for Deliveroo, including regarding details about your earnings, we may share your information (such as in the form of a correction) with the media.
- In applicable circumstances, we may also share your information:
- If our business enters into a joint venture with, purchases or is sold to or merged with another business entity, your information may be disclosed or transferred to the target company, our new business partners or owners or their advisors;
- if we are under a duty to disclose or share your information in order to comply with (and/or where we believe we are under a duty to comply with) any legal obligation or regulatory requirement. This includes where we’re under a legal obligation to respond to police data requests or to exchange information with other companies and organisations for the purposes of fraud protection and prevention;
- where we reasonably believe that you or another person has been harmed or is at risk of harm in connection with your rider services for Deliveroo;
- in order to enforce our contractual terms with you;
- in the event of a dispute relating to your services to Deliveroo, or to protect the rights of Deliveroo, Restaurants partners, customers, or others, including to prevent fraud; and
- with such third parties as we reasonably consider necessary in order to detect or prevent crime, e.g. the police.
- International data transfers: In some cases the personal data we collect from you might be processed outside the European Economic Area (“EEA”), such as the United States and the countries in which Deliveroo operates (which are set out on www.deliveroo.co.uk). These countries may not have the same protections for your personal data as the EEA has. However, we are obliged to ensure that the personal data that is processed by us and our suppliers outside of the EEA is protected in the same ways as it would be if it was processed within the EEA. There are therefore certain safeguards in place when your data is processed outside of the EEA.
- We ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- your personal data is transferred to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
- we use the EU approved Standard Contractual Clauses; and
- where your personal data is transferred to third party providers based in the US, data may be transferred to them if they have self-certified under the Privacy Shield framework in relation to the type of data being transferred, which requires them to provide similar protection to personal data shared between the EU and the US.
- Please contact us using the contact details above if you want further information on the countries to which personal data may be transferred and the specific mechanism used by us when transferring your personal data out of the EEA.
6. RETENTION OF YOUR INFORMATION
- We will not retain your information for any longer than we think is necessary. See More.
- Information that we collect will be retained for as long as needed to fulfil the purposes outlined in the ‘Use of my information’ section above, in line with our justifiable reasons for processing or for a period specifically required by applicable regulations or laws, such as retaining the information for regulatory reporting purposes.
- When determining the relevant retention periods, we will take into account factors including:
- our contractual obligations and rights in relation to the information involved;
- legal obligation(s) under applicable law to retain data for a certain period of time;
- statute of limitations under applicable law(s);
- our justifiable reasons for processing where we have carried out balancing tests (see section on ‘Use of your information and why’ above);
- (potential) disputes; and
- guidelines issued by relevant data protection authorities.
- Otherwise, we securely erase your information where we no longer require your information for the purposes collected.
- We adopt robust technologies and policies to ensure the personal information we hold about you is suitably protected. See More.
- We take steps to protect your information from unauthorised access and against unlawful processing, accidental loss, destruction and damage.
- Where you have chosen a password which allows you to access certain parts of the Rider App, you are responsible for keeping this password confidential. We advise you not to share your password with anyone, other than any substitute you are working with. If you do choose to share your password with your substitute, please make sure they are also aware that they must keep it confidential and secure and not share it with anyone else.
- Unfortunately, the transmission of information via the internet is not completely secure. Although we will take steps to protect your information, we cannot guarantee the security of your data transmitted to us; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
8. YOUR RIGHTS
Under data protection law, you may have a number of rights concerning the data we hold about you. If you wish to exercise any of these rights, please contact us using the contact details set out below. For additional information on your rights, please contact your data protection authority. See More.
- The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this policy.
- The right of access. You have the right to obtain access to your information (if we’re processing it). This will enable you, for example, to check that we’re using your information in accordance with data protection law. If you wish to access the information we hold about you in this way, please get in touch (see Contact Us).
- The right to rectification. You are entitled to have your information corrected if it is inaccurate or incomplete. You can request that we rectify any errors in information that we hold by contacting us (see Contact Us).
- The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of the information that we hold about you by contacting us (see Contact Us). The right is not absolute and only applies in certain circumstances.
- The right to restrict processing. You have rights to ‘block’ or ‘supress’ further use of your information. When processing is restricted, we can still store your information, but will not use it further.
- The right to data portability. You have the right to obtain your personal information in an accessible and transferrable format so that you can re-use it for your own purposes across different service providers. This is not a general right however and there are exceptions. To learn more please get in touch (see Contact Us).
- The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your information with a competent data protection authority (see Complaints).
- The right to withdraw consent. If you have given your consent to anything we do with your information (i.e. if we rely on consent as a legal basis for processing certain information), you have the right to withdraw that consent at any time. You can do this by contacting us (see Contact Us). Withdrawing consent will not however make unlawful our use of your information while consent had been apparent.
- The right to object to processing. You have the right to raise an objection to certain types of processing, including processing for direct marketing and profiling. You can object by contacting us on the details above (Contact Us).
If you’re not satisfied with our response to any complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to:
The Information Commissioner’s Office (ICO) in the UK:
- Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
- Telephone number: 0303 123 1113
- Website: www.ico.org.uk
The Office of the Data Protection Commissioner in Ireland:
- Address: Data Protection Commissioner, Canal House, Station Road, Portarlington, R32 AP23 Co. Laois
- Telephone number: +353 57 8684800
- Website: www.dataprotection.ie