City Grab Ltd (trading as Citygrab) (“we”, “our”, “us”) are committed to protecting and respecting your privacy. This policy (together with our terms and conditions Terms and Conditions , and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By accessing and using our website Citygrab Website (“Website”) or by downloading our Citygrab app (“App”) via either Apple’s Appstore or the Google Play Store, you are accepting and consenting to the practices described in this policy.
1. WHO ARE WE?
2.2. This version was last updated on 10th October 2019. It may change and if it does, these changes will be posted on this page and, where appropriate, notified to you. The new policy may be displayed on-screen and you may be required to read and accept the changes to continue your use of the App or the services on our Website.
2.3. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.
2.4. Our App or Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. Please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services, such as contact and location data. Please check these policies before you submit any personal data to these websites or use these services.
3. THE DATA WE COLLECT ABOUT YOU
3.1. Information you give us. When you provide any details on the Website or to register for an account or download, register and use the App (or contact us in respect of the App or Website), we may collect any or all of the following information about you: Registration Information
• Personal details (name, address, date of birth, email, postcode, telephone number, mobile number, etc.).
We collect the above data for the following reasons:
• to create your account so you can place orders;
• to identify you when you sign into your account;
• to contact you for your views on our services; and
• to notify you of changes and updates to our services.
Transaction Information • Personal details and payment details (credit and debit card details etc.).
• We collect the above data for the following reasons:
• to process your order and to bill you (please note, Citygrab never stores your credit card information on our systems);
• to communicate your order to the supplier;
• to send you status updates on your order;
• to reply to your order queries and questions and to resolve problems;
• to carry out analysis and research to develop and improve our services;
• to protect you and the services by seeking to detect and prevent fraud or other acts in breach of our terms or policies.
3.2. Data we collect automatically. When you access the Website or install and run the App, we may collect any or all of the following technical data:
• Device Identifiers (the internet protocol address used to connect your device to the internet, your log-in information, browser type and version, regional settings, operating system and platform); • data about your use of the App and Website;
• location information (we use GPS technology to determine your current location); and
• data about your orders (items ordered and the time and date orders are placed).
5. HOW WE USE YOUR PERSONAL DATA
5.1. The purpose of processing your personal data. You have asked us to process your personal data for the purpose of placing orders with suppliers for food takeaway and delivery, and other convenience foods/goods. 5.2. How your personal data is used. We only ever use your personal data where the law allows us to do so, most commonly we will use your personal data in the following circumstances:
• where you have consented before the processing, most commonly we will use your personal data in the following circumstances:
• where we need to perform a contract we are about to enter or have entered into with you;
• in order to comply with a legal duty;
• in order to protect your vital interests; or
• for our own (or a third party’s) legitimate interests, provided your interest or fundamental rights don’t override these.
In any event, we’ll only use your personal data for the purposes for which it was collected, or purposes which are very similar.
We will only send you direct marketing communication by email or text if we have your consent. You have the right to withdraw that consent at any time by contacting us.
6. HOW WE PROTECT YOUR PERSONAL DATA
6.1. Technical and organisational measures. All information you provide to us is stored on our secure servers. Any payment transactions carried out by us or our chosen third-party provider of payment processing services will be encrypted using Secured Sockets Layer technology. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our App or Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Once we have received your information, we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.
6.2. Device security. You are fully responsible for access to your device. You undertake not to allow unauthorised third parties to use your device for any reason whatsoever. You undertake to contact us as soon as possible should you suspect that an authorised person has gained access to your device. We shall not be held liable for any misuse of your device and any resulting consequences for you, your partner, or any third party.
7. WHO CAN ACCESS YOUR PERSONAL DATA
7.1. We will not communicate, sell or transfer your personal data to third parties without obtaining your prior written consent, except where we are required to do so by law.
7.2. We may share personal data with certain third parties including:
• companies in the Citygrab group;
• third parties that support our services;
• any law enforcement or regulatory body, government agency, court or other third party where we believe disclosure is necessary under applicable law or regulations;
• new owners or re-organised entities in the business of restructuring, sale, purchase or joint venture affecting our business; and
• any other person provided that you have given your consent.
However, these activities will be carried out under a contract which imposes strict requirements on our subcontractors or suppliers to keep your information confidential and secure.
8. DATA RETENTION
8.1. Where it is stored. We only store data within the European Economic Area (“EEA”). If our trusted service providers transfer any of it outside of the EEA we will take steps to make sure adequate levels of privacy protection, in line with UK Data Protection legislation, are in place.
8.2. How long is it stored for (App). The data we collect will be stored and kept for as long as your App remains active. If you delete or remove the App your data will be deleted without undue delay. We continually review the personal data we hold and delete what is no longer required.
8.3. How long is it stored for (Website). The data we collect will be shared and kept for as long as your Website Citygrab account remains active. If you delete your account, your data will be deleted without undue delay. We continually review the personal data we hold and delete what is no longer required.
9. YOUR RIGHTS
We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:
• the right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of it (this is known as a subject access request) within one month of our receiving your request;
• the right to have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason);
• the right to have inaccurate data rectified;
• the right to object to your data being used for marketing or profiling; and
• where technically feasible, you have the right to see any personal data you have provided to us which we process automatically on the basis of your consent or the performance of a contract. This information will be provided in a common electronic format. If you would like further information on your rights or wish to exercise them, please write to us at:
• firstname.lastname@example.org; or
• DPO, Citygrab, Unit 1, Waterside Court, Bold Street, Sheffield, South Yorkshire, S9 2LR.
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you should contact the UK Information Commissioner’s Office, which oversees data protection compliance in the UK. Details of how to do this can be found at www.ico.org.uk.
CITY GRAB LTD – WEBSITE COOKIES POLICY
We may gather information about your general internet use by using cookies. Where used, these cookies are downloaded to your computer and stored on the computer’s hard drive. Such information will not identify you personally. It is statistical data. This statistical data does not identify any personal details whatsoever. You can adjust the settings on your computer to decline any cookies if you wish. This can easily be done by activating the “reject cookies” setting on your computer. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our Website.
We use the following cookies:
1.1. Strictly necessary cookies.
These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
1.2. Analytical/performance cookies.
They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
1.3. Functionality cookies.
These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
1.4. Targeting cookies.
These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of third party websites. Except for essential cookies, all cookies will expire after 12 months.