Privacy Statement for Customers
This privacy statement applies to the processing of personal data of customers who place an order or visit the Eat.ch platform. The data controller for processing these personal data is EAT.ch GmbH (“Just Eat Takeaway.com”). Just Eat Takeaway.com takes your privacy seriously and therefore adheres to the requirements of the General Data Protection Regulation (GDPR) when processing personal data.
What personal data we process and why
Just Eat Takeaway.com processes your personal data because you use our services. We use the following personal data for the following purposes.
1. Ordering process
We process the personal data you provide to us when you place your order. These personal data are needed to execute your order, confirm your order, and to assess your order, payment, and a possible refund. The legal basis for this processing of personal data is that it is needed for the performance of a contract as defined in the GDPR. We process the following personal data in the ordering process:
- Address details
- Contact details
- Order data
- Payment details
- Comments (if applicable)
2. Restaurant reviews
Aside from the above processing operations, we process personal data you provide when submitting a restaurant review. The legal basis for this processing of personal data is that you have consented to it (by posting a restaurant review) as defined in the GDPR. You can withdraw your consent by contacting us on firstname.lastname@example.org . We process the following personal data when you post a restaurant review:
- Name (if submitted)
- Review, including comments (if submitted)
3. Customer Services
When you contact our customer services department, we will use the personal data you provide to answer your question or handle your complaint. The legal basis for this processing of personal data is that it is needed for the performance of a contract as defined in the GDPR. We process the following personal data for customer service purposes:
- Address details (if applicable)
- Contact details
- Order data
- Payment details (if applicable)
- Comments (if applicable)
- Voice recordings
4. Customer satisfaction surveys
To make sure that our services are aligned with your preferences, any personal data you provide to our customer services department may be used for things such as customer satisfaction surveys. The legal basis for this processing operation is that it is needed in pursuing a legitimate interest of Just Eat Takeaway.com (customer satisfaction) as defined in the GDPR. This concerns the same personal data as listed under no. 2.
5. Marketing messages
We also process your personal data to be able to send you (personalised) marketing messages and notifications. Such messages include the latest news, discounts, and updates about new restaurants (by email or push notification), and loyalty schemes, regardless of the format we use to share these kinds of messages (including email or push messages). The legal basis for this processing of personal data, as defined in the GDPR, is that you have consented to it when you placed an order. Whenever you want to change your preferences with respect to receiving such messages and notifications, you can unsubscribe using the link in the marketing message in question.
We process the following personal data for marketing purposes:
- Contact details
- Order data
- Location details
- IP address or app IDs
- Internet browser and device type
- Website language
Please refer to our Cookie Statement for further details about cookies.
7. Fraud prevention
We process some of the above personal data also to prevent fraud and other forms of misuse. The legal basis for this processing operation is that it is needed in pursuing a legitimate interest of Just Eat Takeaway.com (fraud prevention) as defined in the GDPR.
We also use your personal data to be able to meet our reporting obligations towards advertisers and stakeholders and to be able to improve our website and our range of products and services. The legal basis for this processing operation is that it is needed in pursuing a legitimate interest of Just Eat Takeaway.com (analysis & reporting) as defined in the GDPR. We will always make sure the reports do not contain any data that can be traced back to you.
Our website is neither intended for persons aged under 16, and nor do we intend to collect personal data of website visitors who are aged under 16. However, we are unable to verify visitors’ age. We therefore advise parents to monitor their children's online activities, so as to prevent their personal data being collected without parental consent. If you feel that we have collected personal data of a minor without consent, please contact us on email@example.com . We will then proceed to erase these data.
Automated decision-making and profiling
In the performance of the contract with you and to improve our platform, Just Eat Takeaway.com uses automated decision-making and profiling. We use your postal code and/or location details, for example, to select available restaurants in your local area. Just Eat Takeaway.com uses automated decision-making in complying with our legal obligations to prevent money laundering, terrorism financing, and other criminal offences.
When such automated decision-making and/or profiling leads to a negative decision about you, and you do not agree with it, you can contact us on firstname.lastname@example.org . We will then proceed to reassess the situation. We would aside from that also like to hear from you if you have suggestions on how to improve these processes.
How long we store personal data for
Just Eat Takeaway.com will not store your personal data for longer than is strictly necessary for the purposes for which your personal data were collected. We will only store your personal data for longer if we are required by law to do so. Just Eat Takeaway.com erases most of your personal data 2 years after you placed your order. We use this 2-year term for administrative purposes and to be able to deal with possible questions and complaints about your order, either from you or from restaurants. We store personal data that we use for reporting, analytical, and misuse prevention purposes for up to 20 years after you placed your order. We are unable to remove your personal data from backups. But when performing a restore from a backup, we will erase the personal data right away.
Sharing with restaurants
Just Eat Takeaway.com shares your personal data (name, address details and telephone number, order) with the restaurant you selected, so that the restaurant can deliver your order. As you are a direct customer of the restaurant, the restaurant will have its own responsibility and obligations with respect to the processing of your personal data. If you have questions about how the restaurant handles your personal data, you should contact the restaurant directly.
Sharing with others (not being restaurants)
Just Eat Takeaway.com will not sell your personal data to third parties, and we will only disclose them to third parties if necessary for the performance of our contract with you, for analytical and marketing purposes, or to comply with legal obligations.
Your personal data may be shared with the following parties:
- Third parties who undertake various activities to promote, market or support our services. This includes social media platforms like Facebook, offshore customer support agents, website and application support and hosting providers, marketing service providers, eCRM partners like Salesforce who manage our marketing emails and push notifications, delivery companies who deliver your Order to you, market research companies and payment processing providers which process payment card transactions - any of these third parties might be inside or outside your country of residence.
- Any law enforcement or regulatory body, government agency, court or other third party where we believe disclosure is necessary under applicable law or regulations.
- Affiliated or subsidiary companies of Just Eat Takeaway.com.
- New owners or re-organised entities in the event of a business restructuring, sale, purchase or joint venture affecting our business.
- Software providers.
- Implementation partners.
- Any other person provided that you have given your consent.
If you have opted for your Personalized Cookie Package, we may share your personal data in pseudonymized form with third-party platforms such as Google or Facebook in order to create “Custom Audiences”. Based on these Custom Audiences, such platforms will show you personalized ads. You can always opt-out from these advertisements by switching to our Essential Cookie Package.
Whenever we instruct third-party companies to process your personal data on our behalf, we will enter into a data processing agreement to guarantee the same level of protection and confidentiality of your personal data. Just Eat Takeaway.com will then continue to have ultimate responsibility for such processing operations.
Sharing with your employer
If you use your Takeaway Pay allowance with your order (where available), Just Eat Takeaway.com shares personal data (email address and details about your order and allowance) with your employer for performing our contract with your employer. Just Eat Takeaway.com and your employer have a separate responsibility with respect to the processing of your personal data. If you have questions about how your personal data is handled, you should contact both Just Eat Takeaway.com and your employer.
Our website may include links to third-party websites. When accessing such third-party websites, bear in mind that each of these websites has its own privacy statement. Although Just Eat Takeaway.com takes great care in selecting websites to link to, we cannot assume responsibility for the way in which they handle your personal data.
International data transfers
We may transfer your data to countries other than the country in which you are resident. Whilst these countries may have data protection laws that are different to the laws of your country, you can rest assured that Just Eat Takeaway.com takes care to implement appropriate safeguards to protect your data in those countries in accordance with this privacy statement. Some of the safeguards we rely on include, where appropriate, using the European Commission’s approved standard contractual clauses with our suppliers, intra-group transfer agreements (so that we can safely transfer your data between the Just Eat Takeaway.com group of companies all over the world) and contracting with Privacy Shield certified companies in the United States, where this is appropriate.
Personal data access, rectification, and erasure
You have the right to access all personal data we collect about you, as well as to request that we rectify or erase your personal data. If you feel that we are processing your personal data without a valid legal basis or that we are processing personal data that are not relevant for our selection process, please contact us. You can contact email@example.com . Just Eat Takeaway.com will respond to your request as soon as possible, and in any case no later than four weeks after receiving your request.
Tips, questions, and complaints
Just Eat Takeaway.com takes personal data protection very seriously and we therefore take appropriate measures to protect your personal data against misuse, loss, unauthorised access, unwanted disclosure, and unauthorised alteration. If you feel that your personal data are not adequately protected or there are indications of misuse, please contact us on: firstname.lastname@example.org .
Data Protection Authority
Besides the option of lodging a complaint with us, you have the right to lodge a complaint with the relevant supervisory authority for the protection of personal data. To do so, contact the supervisory authority directly.
Updates to this Statement
We may update this privacy statement from time to time in response to changing legal, technical or business developments and will inform you via the platform.