Last Updated: 19/03/2023
GETIR SPAIN, S.L.U. (“Getir Spain”), and the Getir Group companies (collectively "Getir", "we" or "us") respect your right to privacy. This Privacy Policy explains who we are, how we collect, share and use personal data about you and how you can exercise your privacy rights. This Privacy Policy only applies to personal data that we collect through your use of the Getir mobile app ("App").
For information on the collection of personal data via the Getir Spain website, please see our Website Privacy Notice.
If you have any questions or concerns about our use of your personal data, then please contact us using the contact details provided at the bottom of this Privacy Policy.
We recommend that you read this Privacy Policy in full to ensure you are fully informed. However, if you only want to access a particular section of this Privacy Policy, then you can click on the relevant link below to jump to that section.
Getir is an on-demand delivery service that offers customers the opportunity to purchase products and have them delivered directly to their door.
For more information about Getir, please visit our website and refer to Getir Terms and Conditions of Service.
Personal data is all data that can be related to you personally, e.g., name, address, e-mail addresses, user behaviour.
If we use contracted service providers for individual functions of Getir Spain’s offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. In doing so, we will also state the defined criteria for the storage period.
The personal data that we collect about you falls into the following categories:
a) Data that are collected while downloading the App
When you download the App, the required data is transferred to the App Store or Google Play Store, i.e. in particular user name, email address and customer number of your account, time of download, payment information and the individual device identification number. We have no influence on this data collection and are not responsible for it. We only process the data insofar as it is necessary for downloading the App to your mobile device.
b) Data that you provide voluntarily
Registration
When you download and use the App, we will collect personal data to register you and create an account. This includes:
The processing of your personal data is based on your consent as well as our obligations to fulfil the contract concluded with you.
Using the app
Within the scope of the App, you can enter, manage and edit your profile information. This information includes, in particular, your name, surname, email address, delivery address, payment information, billing information and password.
The app also requires the following authorisations:
Usage data is processed and used to provide the service. This data processing is justified by the fact that the processing is necessary for the performance of the contract between you as the data subject and us in accordance with Art. 6 (1) (b) GDPR for the use of the App.
Processing of Orders
When you start to use the App we require certain information to process your order and deliver the products to you. Your personal data we process includes:
The processing of your personal data is performed for the fulfilment of the contract concluded with you.
Contact by e-mail or via contact form
When you contact us by e-mail or via a contact form, your e-mail address and, if provided by you, your name and telephone number will be stored by us in order to answer your questions. We delete the data collected in this context after the storage is no longer necessary, or - in the case of legal retention obligations - restrict the processing.
In some instances, such as allergic reactions to products delivered by Getir, some of the personal data that you provide may include sensitive personal data (e.g., such as allergy information or other health-related information). Such sensitive personal data will only be processed based on your freely given consent.
Marketing Communications
You may subscribe to a free newsletter. When registering for newsletter, the data from the input mask will be transmitted to us
This data includes your e-mail address and, if provided by you, your name and telephone number.
If you (i) create an account with us or purchase goods or services via the App and (ii) provide your e-mail address, it may subsequently be used by us to send you marketing messages. In such cases, personalised advertising for our own similar goods and services may be sent via (i) our newsletters or (ii) social media platforms.
If you register for the newsletter, the data processing will be based on your consent. If we send you newsletters as a result of the sale of goods and services, the processing is based on article 21.2 of the LSSI (Law 34/2002, of 11 July, of information society services and e-commerce).
You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by (i) clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you, or (ii) unticking the communication channels you wish to opt-out under the Profile - Communication Preferences section in the App.
In-App Recommendations
We may use your profile information, order and search history to recommend relevant products and services in the App.
The processing of your personal data is based on our legitimate interest in improving our customer experience, products and services.
You have the right to opt-out of these processing activities by contacting us via privacy@getir.com.
Personalised Offers & Ads
We may use your device data and app interactions to: a) display product recommendations or ads on the App or via third-party service providers (including social media platforms); and b) measure the effectiveness of such ads.
This processing of your personal data is based on your consent.
You can easily change your preferences from the Data Management section under the Account Settings on your Profile Page.
c) Data that we collect automatically
When you use the App, we will automatically collect information from your device.
Specifically, this includes:
Some of this information may be collected using cookies and similar tracking technology, as explained further under our Mobile App Cookie Policy and the heading “Cookies and similar tracking technology” below.
The processing of your personal data is based on your consent as well as our obligations to fulfil the contract concluded with you.
We may also process personal data relating to your order history, product purchases and app usage for segmentation purposes. We do this using cookies and SDKs via client IDs for digital marketing activities (such as product-based push notifications).
d) Data that we collect by mapping interfaces
We use Google Maps to display interactive maps. Google Maps is a map service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. By using Google Maps, data about the use of the App, including your IP address and the (start) address entered as part of the route planner function, may be transmitted to Google in the USA. We have no influence on the scope of the data collected by Google in this way. According to our knowledge, this is at least the following data:
Please refer to Google Maps Privacy Policy for further information on how Google processes your personal data within the embedded mapping interfaces.
Your personal data is processed only on the basis of your consent, which you give when download the App. You can control the process of your personal data via your device settings.
e) Information that we obtain from third party sources
From time to time, we may receive personal data about you from third party sources (including social media companies, like Facebook), but only where you have chosen to connect your Getir account with your social media account or have used social media information to register with Getir. We only collect information from these third parties where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal data to us.
The types of information we collect from third parties include your name, age, gender, profile picture and profile information and we use the information we receive from these third parties to create an account with Getir using your social media login credentials.
f) Cookies and similar tracking technology
We use cookies and similar tracking technology, including SDKs (collectively, “Cookies”) to collect and use personal data about you, including to serve interest-based advertising. For further information about the types of Cookies we use, why, and how you can control Cookies, please see our Mobile App Cookie Policy.
The use of cookies, insofar as they are essential, is based on our legitimate interest. For the remaining cookies, the processing is based on your consent.
In general, we will use the personal data we collect from you only for the purposes described in this Privacy Policy. However, we may also use your personal data for other purposes that are not incompatible with the purposes we have disclosed to you (such as archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes) if and where this is permitted by applicable data protection laws.
As indicated in the Terms and Conditions of Service, you must be aged 18 years or older to download and use the App. We do not sell products for purchase by children. We may sell children’s products for purchase by adults.
Getir processes the personal data stated above for the following purposes:
We may disclose your personal data to the following categories of recipients:
Our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it.
However, we will collect and process your personal data
If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as of the possible consequences if you do not provide your personal data).
If we collect and use your personal data in reliance on our legitimate interests, this interest will be to operate the App and communicating with you as necessary to provide our services to you and for our legitimate commercial interest, for instance, when responding to your queries, or improving the App. In addition to the legitimate interests described in this Privacy Policy, we may have other legitimate interests and if appropriate we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us using the contact details provided under the “How to contact us” heading below.
We use appropriate technical and organisational measures to protect the personal data that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data. Specific measures we or our third-party service providers use include anti-virus software and firewalls, access controls, encryption and detection and prevention software to detect and prevent cyber-attacks.
The service providers and business partners are carefully selected by us with particular regard to the suitability of the technical and organizational measures taken by them and checked for their compliance. We process the data in the European Economic Area (“EEA”) as a matter of principle. However, it is possible that your data may be transferred to controllers or processors in a country outside the European Union or the EEA (so-called "third country"). These countries may not have the same level of data protection as the EEA. However, we are obliged to ensure that the personal data processed by us, our group companies and our partners outside the EEA are protected in the same way as if they were processed within the EEA. Therefore, if your data is processed outside the EEA, there are certain safeguards in place.
In this case, we will provide suitable guarantees to ensure that the respective service providers protect the data appropriately, such as entering into the EU model clauses with the recipient of such data. We ensure similar protection by ensuring that at least one of the following safeguards is in place:
Your personal data may be processed in the United States of America (US), United Kingdom (UK), India and Turkey.
Your personal data will be stored and retained for us in accordance with the applicable laws on data protection, and to the extent necessary for the processing purposes set out under this Privacy Policy or resulting from such laws. We retain personal data we collect from you to provide you with our services or to comply with applicable legal, tax or accounting requirements. For example:
When it is no longer necessary to process your personal data for the purposes for which it is processed, we will either aggregate, delete or anonymise it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.
Notwithstanding the above provisions of this Privacy Policy, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
We use technologies involving algorithms and automated decision processing to provide our services, based on real-time decision process or on analytics or the categorization of various usage of our service. However, we will not make any automated decisions about an individual which would produce legal effects or similarly significantly effects on the data subject, unless where it is (i) necessary for entering into, or the performance of, a contract, (ii) or pursuant to individual’s prior consent, or (iii) required by applicable law.
You have the following data privacy rights:
You have the right to receive information from us at any time, upon request, about the personal data we process that concerns you within the scope of Art. 15 GDPR. To do this, you can send a request by post or email to the addresses below.
You have the right to request that we correct personal data relating to you without delay if it is incorrect. To do so, please contact us at the addresses below.
You have the right, under the conditions described in Art. 17 GDPR, to demand that we delete the personal data relating to you. You may request deletion of your account and the associated personal data: (i) through the Account Settings page in our App (iOS users); or (ii) by contacting us using the contact details provided below (all users). After deleting your account, we may retain certain personal data to the extent necessary to comply with our legal obligations and as necessary to protect our legitimate business interests. For example, we may retain personal data for legal, tax or accounting purposes or for the prevention of fraud.
You have the right to demand that we restrict processing in accordance with Art. 18 GDPR. This right exists in particular if the accuracy of the personal data is disputed between the user and us, for the period of time required to verify the accuracy, as well as in the event that the user requests restricted processing instead of erasure in the case of an existing right to erasure; furthermore, in the event that the data is no longer necessary for the purposes pursued by us, but the user requires it for the assertion, exercise or defence of legal claims, as well as if the successful exercise of an objection is still disputed between us and the user. To exercise your right to restrict processing, please contact us at the addresses below.
You have the right to receive from us the personal data relating to you that you have provided to us in a structured, commonly used, machine-readable format in accordance with Art. 20 GDPR. To exercise your right to data portability, please contact us at the addresses below.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out, inter alia, on the basis of Art. 6(1)(e) or (f) GDPR, in accordance with Art. 21 GDPR. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.
You also have the right to contact the competent supervisory authority in case of complaints. The competent supervisory authority is the Spanish Data Protection Authority, who can be found under here.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
We may update this Privacy Policy from time to time in response to changing legal, technical or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Policy changes if and where this is required by applicable data protection laws.
You can see when this Privacy Policy was last updated by checking the “last updated” date displayed at the top of this Privacy Policy.
If you have any questions or concerns about our use of your personal data, or you wish to exercise your rights under this Privacy Policy or the applicable law on data protection, please contact us using the following details: (i) privacy@getir.com; (ii) GETIR, Carrer de Sicília 159, 08013 Barcelona, Spain.
The responsible parties within the meaning of the GDPR and other national data protection laws of the EU member states as well as other data protection regulations is GETIR SPAIN, S.L.U..