PDF

Getir UK Limited Mobile App Privacy Notice

Updated on: March 2023

Getir UK Limited ("Getir") respects your right to privacy. This Privacy Notice explains who we are, how we collect, share and use personal information about you, and how you can exercise your privacy rights. This Privacy Notice only applies to personal information that we collect through your use of the Getir mobile app ("App").

For information on the collection of personal information via our website, please see our website privacy notice here.

If you have any questions or concerns about our use of your personal information, then please contact us using the contact details provided at the bottom of this Privacy Notice.

What does Getir do?

Getir is an on-demand delivery service that offers customers the opportunity to purchase products and have them delivered directly to their door.

For more information about Getir, please visit our website at www.getir.uk

What personal information does Getir collect?

The personal information that we may collect about you broadly falls into the following categories:

a) Information that are collected while downloading the App

When you download the App, the required information is transferred to the App Store or Google Play Store, i.e. in particular user name, email address and customer number of your account, time of download, payment information and the individual device identification number. We have no influence on this information collection and are not responsible for it. We only process the data insofar as it is necessary for downloading the App to your mobile device.

b) Information that you provide voluntarily

Registration

When you download and use the App, we will collect personal information to register you and create an account. This includes: 

  • Identity and contact details: your name, surname, delivery address, phone number and email address. We will also ask you to create a password for your account.

The processing of your personal information is based on your consent as well as our obligations to fulfil the contract concluded with you.

Using the app

Within the scope of the App, you can enter, manage and edit your profile information. This information includes, in particular, your name, surname, email address, delivery address, payment information, billing information and password.

The app also requires the following authorisations:

  • Internet access: This is required in order for you to access and use the App.
  • User authentication: This is required to verify your identity as the account holder.

Usage information is processed and used to provide the service. This information processing is justified by the fact that the processing is necessary for the performance of the contract between you as the data subject and us in accordance with Art. 6 (1) (b) GDPR for the use of the App.

Processing of Orders

When you start to use the App we require certain information to process your order and deliver the products to you. Your personal information we process includes: 

  • Identity and contact details: your customer ID, and account details used to register as per the above;
  • Financial details: your payment information and payment methods;
  • Customer transaction details: your shopping history, order information, and invoice information as well as any enquiries, or complaints submitted to us, including call recordings if you call us and live support records from our customer services team;
  • Rating, Comment and Review Details: the ranking or rate you have scored your experience of using the App and Getir services, as well as any comments and reviews you have submitted to us and customer satisfaction survey responses.

The processing of your personal information is performed for the fulfilment of the contract concluded with you.

Contact by e-mail or via contact form

When you contact us by e-mail or via a contact form, your e-mail address and, if provided by you, your name and telephone number will be stored by us in order to answer your questions. We delete the information collected in this context after the storage is no longer necessary, or - in the case of legal retention obligations - restrict the processing.

In some instances, such as allergic reactions to products delivered by Getir, some of the personal information that you provide may include sensitive personal information (e.g., such as allergy information or other health-related information). Such sensitive personal information will only be processed based on your freely given consent.

Marketing Communications

You may subscribe to a free newsletter. When registering for newsletter, the information from the input mask will be transmitted to us 

This information includes your e-mail address and, if provided by you, your name and telephone number.

If you (i) create an account with us or purchase goods or services via the App and (ii) provide your e-mail address, it may subsequently be used by us to send you marketing messages. In such cases, personalised advertising for our own similar goods and services may be sent via (i) our newsletters or (ii) social media platforms.

If you register for the newsletter, the information processing will be based on your consent.

You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by (i) clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you, or (ii) unticking the communication channels you wish to opt-out under the Profile - Communication Preferences section in the App.

In-App Recommendations 

We may use your profile information, order and search history to recommend relevant products and services in the App. 

The processing of your personal information is based on our legitimate interest in improving our customer experience, products and services. 

You have the right to opt-out of these processing activities by contacting us via privacy@getir.com.

Personalised Offers & Ads 

We may use your device information and app interactions to: a) display product recommendations or ads on the App or via third-party service providers (including social media platforms); and b) measure the effectiveness of such ads. 

This processing of your personal information is based on your consent. 

You can easily change your preferences from the Data Management section under the Account Settings on your Profile Page.

c) Information that we collect automatically

When you use the App, we will automatically collect information from your device.

Specifically, this includes: 

  • Device details, such as your IP address, device type, unique device identification numbers, browser-type, device location, advertisement ID and other technical information including user transaction records, application usage information and commercial electronic communication consent logs;

Some of this information may be collected using cookies and similar tracking technology, as explained further under our Mobile App Cookie Policy and the heading “Cookies and similar tracking technology” below.

The processing of your personal information is based on your consent as well as our obligations to fulfil the contract concluded with you.

We may also process personal information relating to your order history, product purchases and app usage for segmentation purposes. We do this using cookies and SDKs via client IDs for digital marketing activities (such as product-based push notifications).

d) Information that we collect by mapping interfaces

We use Google Maps to display interactive maps. Google Maps is a map service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. By using Google Maps, data about the use of the App, including your IP address and the (start) address entered as part of the route planner function, may be transmitted to Google in the USA. We have no influence on the scope of the information collected by Google in this way. According to our knowledge, this is at least the following information: 

  • Date and time of the visit to the app,
  • Internet address or URL of the App called up,
  • IP address, (start) address entered as part of route planning.

Please refer to Google Maps Privacy Policy for further information on how Google processes your personal information within the embedded mapping interfaces.

Your personal information is processed only on the basis of your consent, which you give when download the App. You can control the process of your personal information via your device settings.

e) Information that we obtain from third party sources

From time to time, we may receive personal information about you from third party sources (including social media companies, like Facebook), but only where you have chosen to connect your Getir account with your social media account or have used social media information to register with Getir. We only collect information from these third parties where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us. 

The types of information we collect from third parties include your name, age, gender, profile picture and profile information and we use the information we receive from these third parties to create an account with Getir using your social media login credentials.


f) Cookies and similar tracking technology 

We use cookies and similar tracking technology, including SDKs (collectively, “Cookies”) to collect and use personal information about you, including to serve interest-based advertising. For further information about the types of Cookies we use, why, and how you can control Cookies, please see our Mobile App Cookie Policy.

The use of cookies, insofar as they are essential, is based on our legitimate interest. For the remaining cookies, the processing is based on your consent.

In general, we will use the personal information we collect from you only for the purposes described in this Privacy Policy. However, we may also use your personal information for other purposes that are not incompatible with the purposes we have disclosed to you (such as archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes) if and where this is permitted by applicable data protection laws.

Why do we collect this information?

Getir processes the personal information above for the following purposes:

  • To register and update your account on the App
  • To communicate with you and manage our relationship with you
  • To conduct the process of receiving orders, processing payments and delivering orders
  • To personalise your experience on the App, including by presenting you with products, services, recommendations and promotional offers that are relevant to you
  • To conduct marketing activities via email, text message, push notification, in-app message or other communication methods in order to inform you about products, services and opportunities that are relevant to you
  • To display adverts to you via the App or on third party apps and websites (including social media platforms)
  • To enable communication between Getir couriers and you
  • To analyse and improve our products and services
  • To conduct activities in relation to customer satisfaction including receiving feedback or handling any requests or complaints from you
  • To comply with legal requirements or to establish, exercise or defend any legal claims
  • To carry out age verification checks when you have purchased restricted products
  • To detect, prevent and respond to security incidents, fraud, abuse of promos/discounts and any other malicious or illegal activity
  • To maintain and audit appropriate business records

Who does Getir share my personal information with?

We may disclose your personal information to the following categories of recipients:

  • to our group companies, for intra-group shared services (e.g., fraud prevention, marketing, legal, IT, tech, product, tax or customer services activities on a group level), and administrative purposes. The disclosure of the data is primarily based on our legitimate business and economic interests or otherwise, if applicable, based on our contractual obligations or the consent of the data subjects. We have entered into Internal Data Transfer Agreement to transfer personal data within our group of companies in a compliant and secure way;
  • to our third party service providers and partners who provide data processing services to us (for example, to process payments and facilitate online servers for Getir App), or who otherwise process personal information for purposes that are described in this Privacy Policy or notified to you when we collect your personal information. Categories of our service providers include but are not limited to: (i) payment service providers such as Adyen and Checkout.com; (ii) online server providers such as Amazon AWS; (iii) mapping interface provider, Google Maps; (iv) social media platforms such as Facebook; (v) customer service software providers such as Kustomer; (vi) customer engagement providers such as Leanplum; and vii) fraud prevention service providers such as Telesign. In each case, we have concluded appropriate data processor agreements;
  • to our franchisees;
  • to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary: (i) as a matter of applicable law or regulation; (ii) to exercise, establish or defend our legal rights; or (iii) to protect your vital interests or those of any other person;
  • to an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Notice;
  • to any other third party with your consent to the disclosure.

What is the legal basis for processing my personal information?

Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.

However, we will normally collect personal information from you only: (i) where we need the personal information to perform a contract with you, (ii) where the processing is in our legitimate interests and not overridden by your rights, or (iii) where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).

If we collect and use your personal information in reliance on our legitimate interests, this interest will normally be to: (i) operate our App, (ii) provide an experience that meets your expectations (for example, by showing you products or offers that are more relevant to you); and (iii) communicate with you as necessary to provide or improve our services.. In addition to these, we may have other legitimate interests and if appropriate we will make clear to you at the relevant time what those legitimate interests are.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “How to contact us” heading below.

How does Getir keep my personal information secure?

We use appropriate technical and organisational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. Specific measures that we or our third-party service providers use include anti-virus software and firewalls, access controls, encryption and detection and prevention software to detect and prevent cyber-attacks.

International data transfers

Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country.

Specifically, our group companies and third party service providers and partners operate around the world. This means that when we collect your personal information we may process it in any of these countries.

However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice.

These include implementing the European Commission’s Standard Contractual Clauses for transfers of personal information between our group companies, which require all group companies to protect personal information they process from the UK or EEA in accordance with UK and/or European Union data protection law, as applicable.

Our Standard Contractual Clauses can be provided on request. We have implemented similar appropriate safeguards with our third party service providers and partners and further details can be provided upon request.

Data retention

We may retain personal information we collect from you to comply with our legal obligations or where we have a legitimate business need. For example, to provide you with information you have requested or to comply with applicable legal, tax or accounting requirements.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Automated decision making

We may use your personal information to make automated decisions in order to provide our services. However, we will not make any automated decisions about an individual which would produce legal effects or similarly significant effects on the data subject, unless it is: (i) necessary for entering into, or the performance of, a contract, (ii) pursuant to the individual’s prior consent, or (iii) required by  law.

Your data protection rights

  • If you wish to access, correct, update your personal information, you can do so at any time by contacting us using the contact details provided below.
  • You may request deletion of your account and the associated personal information: (i)  through the Account Settings page in our App (iOS users); or (ii)  by contacting us using the contact details provided below (all users). After deleting your account, we may retain certain personal information to the extent necessary to comply with our legal obligations and as necessary to protect our legitimate business interests. For example, we may retain personal information for legal, tax or accounting purposes or for the prevention of fraud.
  • You can object to all or some of our processing of your personal information, in particular, when the processing is based on our legitimate interests. We may continue to process your personal information after such an objection to the extent permitted by law.
  • You can ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided.
  • You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by: (i) clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you; (ii) contacting us through the contact details provided; or (iii) by changing your permission settings in the Communication Preferences section under the Profile tab in our App.
  • Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  • You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact the UK Information Commissioner's Office (ICO) whose details are available here.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

Updates to this Privacy Notice

We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws.

You can see when this Privacy Notice was last updated by checking the “updated on” date displayed at the top of this Privacy Notice.

How to contact us

If you have any questions or concerns about our use of your personal information, please contact us using the following details: privacy@getir.com.

The data controller of your personal information is Getir UK Limited.