WOLT PRIVACY STATEMENT
Wolt Enterprises Oy and certain Wolt group companies (“Wolt”, “we”) process personal data of their users within WOlt Services.
In this Privacy Statement, the word “Wolt Services” refers jointly to the websites and the Wolt App. In this Privacy Statement, the word “User” or “you” refers jointly to our and our group companies’ customers, representatives and other authorized users of our customer organizations, potential customers and the users of the Wolt Services.
Our Privacy Statement explains, for example, the types of personal data we process, how we process the personal data and how you may exercise your rights as a data subject (e.g. right to object, right of access).
This Privacy Statement may be updated from time to time in order to reflect the changes in data processing practices or otherwise. You can find the current version on wolt.com. We will not make substantial changes to this Privacy Statement or reduce the rights of the Users under this Privacy Statement without providing a notice thereof.
1. DATA CONTROLLER(S)
This Privacy Statement applies to processing of personal data carried out by Wolt.
In relation to the processing of personal data of Users, Wolt Enterprises Oy and Wolt Enterprises Deutschland GmbH are acting as joint controllers.
This means that Wolt Enterprises Oy and Wolt Enterprises Deutschland GmbH together determine the purposes for and means by which personal data is processed. Wolt Enterprises Oy as the parent company of Wolt Enterprises Deutschland GmbH implements the decisions regarding the purposes and means of processing personal data. Wolt Enterprises Oy has further been appointed responsible by its subsidiary companies for handling all data subject requests and questions relating to the processing of your personal data. Wolt Enterprises Oy and Wolt Enterprises Deutschland GmbH have entered into a joint controllership agreement in accordance with article 26 of the EU General Data Protection Regulation (“GDPR”) essentials of which can be acquired by contacting Wolt using the details shown below.
2. WOLT’S CONTACT DETAILS
Name: Wolt Enterprises Oy
Business ID: 2646674-9
Correspondence address: Arkadiankatu 6, 00100 Helsinki, Finland
E-mail address: firstname.lastname@example.org
Name: Wolt Enterprises Deutschland GmbH
Business ID: HRB 217122 B
Correspondence address: Stralauer Allee 6, 10245 Berlin, Germany
E-mail address: email@example.com
3. PERSONAL DATA PROCESSED AND SOURCES OF DATA
The personal data collected and processed by us can be divided into two general data categories: User Data and Analytics Data.
User Data is personal data collected directly from you. We may collect User Data from our Users as soon as Users register to the Wolt Services or subscribe to a newsletter. Further, please note that we also collect data with regard to purchase agreements and payments you conclude or carry out through the Wolt Services.
User Data that is necessary in order to use the Wolt Services
The following personal data collected and processed by us is necessary for a proper performance of the contract concluded between you and us and for the compliance with our legal obligations.
When you register to the Wolt Services and create a user account, you need to provide us with the following information:
User Data you give us voluntarily
Your user or customer experience may be enhanced by providing us with the following information:
Additional Account Information:
location data (if you consent to the processing of your location data)
other information you provide either when creating a user account or later when modifying your account profile
Other Information. We may also process other information provided by you voluntarily such as:
information you provide when rating our services
marketing opt-ins and opt-outs
information you provide by phone or in email or chat correspondence with us, including call recordings of your calls with our customer service
In addition to User Data collected from you, we process certain personal data third party service providers provide about you.
If you connect or login to your user account with Facebook, Facebook shares with us personal information about you such as your profile picture, a sample of your Facebook friends and your Facebook ID.
Although we do not normally use Analytics Data to identify you as an individual, you can sometimes be recognized from it, either alone or when combined or linked with User Data. In such situations, Analytics Data can also be considered personal data under applicable laws and we will treat such data as personal data.
We may automatically collect the following Analytics Data when you visit or interact with the Wolt Services:
Device Information. We collect the following information relating to the technical device you use when using the Wolt Services:
device and device identification number, device IMEI
browser type and version
Internet service providers
advertising identifier of your device
Usage Information. We collect information on your use of the Wolt Services, such as:
time spent on the Wolt Services
interaction with the Wolt Services
information on your orders made through the Wolt Services
the URL of the website you visited before and after visiting the Wolt Services
the time and date of your visits to the Wolt Services
the sections of the Wolt Services you visited
the products you searched for while using the Wolt Services
We use various technologies to collect and store Analytics Data and other information when the Users visit the Wolt Services, including cookies and web beacons.
You can manage the cookie preferences you have submitted earlier by clicking here.
A web beacon is a technology that allows identifying readers of websites and emails e.g. for identifying whether an email has been read.
Web analytics services
The Wolt Services use Google Analytics and other web analytics services to compile Analytics Data and reports on visitor usage and to help us improve the Wolt Services. For an overview of Google Analytics, please visit Google Analytics. It is also possible to opt-out of Google Analytics with the following browser add-on tool: Google Analytics opt-out add-on.
4. PURPOSES AND LEGITIMATE GROUNDS FOR THE PROCESSING OF YOUR PERSONAL DATA
Legal grounds for processing
Wolt processes your personal data to perform our contractual obligations towards you and to comply with legal obligations. Furthermore, we process your personal data to pursue our legitimate interest to run, maintain and develop our business and to create and maintain customer relationships. When choosing to use your data on the basis of our legitimate interests, we weigh our own interests against your right to privacy and e.g. provide you with easy to use opt-out from our marketing communications and use pseudonymized or non-personally identifiable data when possible.
In some parts of the Wolt Services, you may be requested to grant your consent for the processing of personal data. In this event, your personal data is not processed before you give consent and you may withdraw your consent at any time.
5. STORAGE PERIOD
Wolt does not store your personal data longer than is legally permitted and necessary for the purposes of providing the Wolt Services or the relevant parts thereof. The storage period depends on the nature of the information and on the purposes of processing. The maximum period may therefore vary per use. Wolt takes reasonable steps to keep the personal data accurate and to delete incorrect or unnecessary personal data.
Most personal data relating to a User’s user account with the Wolt Services will be deleted after a period of 90 days have lapsed after the User has deleted its user account with the Wolt Services. Thereafter, a part of the personal data relating to a User’s user account with the Wolt Services may be stored only as long as such processing is required by law or is reasonably necessary for our legal obligations or legitimate interests such as claims handling, bookkeeping, internal reporting and reconciliation purposes. All personal data relating to a User’s user account with the Wolt Services will be deleted within a period of 10 years after the User has deleted its user account with the Wolt Services, with the exception of personal data required in certain rare situations such as legal proceedings.
We will store Analytics Data of Users that do not have an account with the Wolt Services for a period of 90 days.
6. YOUR RIGHTS
Right of access
You have the right to access and be informed about your personal data processed by us. We give you the possibility to view certain data through your user account with the Wolt Services or request a copy of your personal data using the contact details above.
Right to withdraw consent
In case the processing is based on a consent granted by the User, the User may withdraw the consent at any time free of charge. Withdrawing a consent may lead to fewer possibilities to use the Wolt Services. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to rectify
You have the right to have incorrect or incomplete personal data we have stored about you corrected or completed by contacting us. You can correct or update some of your personal data through your user account in the Wolt Services.
Right to erasure
You may also ask us to delete your personal data from our systems for example when the data is no longer necessary for the purposes for which it was collected. We will comply with such request unless we have a legitimate ground to not delete the data. Please note that if you want to delete such information, we may not be able to provide you the Wolt Services or certain features thereof.
Right to object
You have the right to object to the use of your personal data for direct marketing purposes. You may further have the right to object, on grounds relating to your particular situation, to processing of personal data which is based on our legitimate interest (article 6 (1) (f) GDPR). If you object to the further processing of your personal data, this may lead to fewer possibilities to use the Wolt Services.
Right to restriction of processing
You may request us to restrict processing of personal data for example when your data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your data. When the processing has been restricted, your data will only be stored and not processed further. For example, if you contest the accuracy of your data, such data will be restricted from processing until it is ensured that the data is accurate. This may however lead to fewer possibilities to use the Wolt Services.
Right to data portability
When processing is carried out by automated means and based on a contract or consent, you have the right to receive the personal data you have provided to us yourself in a structured and commonly used format and to independently transmit those data to a third party.
How to use your rights
The abovementioned rights may be used by sending a letter or an e-mail to us on the addresses set out above, including the following information: the full name, address, e-mail address and a phone number. We may request the provision of additional information necessary to confirm the identity of the User. We may reject or charge requests that are unreasonably repetitive, excessive or manifestly unfounded.
7. LODGING A COMPLAINT
In case the User considers our processing of personal data to be inconsistent with the applicable data protection laws, the User may lodge a complaint with the local supervisory authority for data protection in Finland, the Data Protection Ombudsman (tietosuoja.fi). Alternatively, the User may lodge a complaint with any other supervisory authority for data protection within the EU.
8. INFORMATION SECURITY
We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Measures include for example, where appropriate, encryption, pseudonymization, firewalls, secure facilities and access right systems. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, availability, resilience and ability to restore the data. We regularly test the Wolt Services, systems, and other assets for security vulnerabilities.
Should despite of the security measures, a security breach occur that is likely to have negative effects to the privacy of the Users, we will inform the relevant Users and other affected parties, as well as relevant authorities when required by applicable data protection laws, about the breach as soon as possible.