Rider Data Protection Terms

DELIVEROO ITALY

RIDER DATA PROTECTION TERMS

 

1. DEFINED TERMS

In these Terms:

“Agreement” means the Supplier Agreement between you and Deliveroo;

“Controller”, “Processor”, “Personal Data” and “processing” all have the meanings given to them in DP Laws (and related terms like “process” have corresponding meanings);

“Customer” means a customer of Deliveroo;

“Customer Data” means Personal Data relating to Customers which you receive to provide the Services; 

“Customer Data Breach” means a breach of security or other action or inaction leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Customer Data;

“DP Laws” means any applicable law, enactment, regulation  relating to the processing, privacy, and use of Personal Data, that applies to you, Deliveroo and/or the Services, including:

• any laws or regulations implementing EU Directives 95/46/EC (Data Protection Directive) or 2002/58/EC (ePrivacy Directive); 
• the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679); and
• any judicial or administrative interpretation of any of the above, and any guidance, guidelines, codes of practice, approved codes of conduct or approved certification mechanisms issued by any relevant Supervisory Authority, 
• in each case, as in force and applicable and as amended, supplemented or replaced from time to time; and

“Supervisory Authority” means any local, national or multinational body responsible for administering DP Laws,

and any other defined terms shall have the meaning described in your Agreement.  

2. PERSONAL DATA

2.1 In relation to the Customer Data, Deliveroo is a Data Controller and you are a Data Processor. 

2.2 You and Deliveroo shall have the rights and obligations as set out in these Terms.

3. DATA PROCESSING OBLIGATIONS

3.1 You and Deliveroo will each comply with DP Laws and respective obligations under these Terms.

3.2 The details of the Customer Data that you process when providing Services to Deliveroo  are set out in the Appendix to these Terms, below. 

3.3 When you choose to provide Services to Deliveroo, you will: 

3.3.1 only process the Customer Data as required to provide the Services, including as notified to you through the App provided by Deliveroo; 

3.3.2 inform Deliveroo as soon as reasonably possible:

(a) of any legal requirement that would require you to process the Customer Data other than as described in clause 3.3.1 above; or

(b) if you are not able to provide the Services in compliance with DP Laws or these Terms;

3.3.3 put in place and maintain appropriate measures to ensure that your processing of Customer Data is secure, for example, you should maintain password protection on the smartphone that you use to provide the Services and keep your App log-in details and password confidential at all times; 

3.3.4 assist Deliveroo with Deliveroo’s obligations to respond to any requests made by Customers exercising their rights under DP Laws, including to ensure that any such requests you receive are recorded and then provided to Deliveroo within four days of you receiving them; 

3.3.5 provide reasonable assistance, information and co-operation to Deliveroo to assist Deliveroo in complying with its obligations under DP Laws; 

3.3.6 make available to Deliveroo all information necessary to demonstrate compliance with the obligations laid down in this Terms and under DP Laws; 

3.3.7 notify Deliveroo of any Customer Data Breach (and provide Deliveroo with details of such breach) without undue delay (but no later than 48 hours after becoming aware of the Customer Data Breach); and

3.3.8 never retain any Customer Data after completion of, or unassignment from, an order (unless necessary in order to provide the Services and in accordance with these Terms) and without unreasonable delay after Deliveroo’s written request at any time, securely delete, return to Deliveroo or remove your access to any Customer Data.

3.4 When providing the Services to Deliveroo there will be no need for you to transfer Customer Data out of the EEA, but please be aware that under DP Laws this type of data transfer is not permitted without Deliveroo’s prior written consent. If Deliveroo provides its consent, such transfer (and any onward transfer) must: 

3.4.1 be made under a written contract;

3.4.2 be subject to appropriate safeguards; and

3.4.3 otherwise comply with DP Laws. 

 

 

APPENDIX: DATA PROCESSING DETAILS