Last Updated: 19.04.2022
Getir UK Limited (“Getir UK”) and the Getir Group companies (collectively "Getir", "we" or "us") respect your right to privacy. This Privacy Policy explains who we are, how we collect, share and use personal data about you and how you can exercise your privacy rights. This Privacy Policy only applies to personal data that we collect through your use of the retail walk in services in our stores ("Retail Services").
For personal data that we collect when you use or interact with our mobile app, please see Getir UK App Privacy Policy.
If you have any questions or concerns about our use of your personal data, then please contact us using the contact details provided at the bottom of this Privacy Policy.
We recommend that you read this Privacy Policy in full to ensure you are fully informed. However, if you only want to access a particular section of this Privacy Policy, then you can click on the relevant link below to jump to that section.
Getir is an on-demand delivery service that offers customers the opportunity to purchase products and have them delivered directly to their door.
For more information about Getir and our Retail Services, please visit our website at www.getir.uk and refer to Retail Walk in Terms and Conditions.
Personal data is all data that can be related to you personally, e.g., name, address, e-mail addresses, user behaviour.
If we use contracted service providers for individual functions of Getir UK’s offer, we will inform you in detail about the respective processes below. In doing so, we will also state the defined criteria for the storage period.
The personal data that we collect about you falls into the following categories:
Data that you provide voluntarily
Checkout Information
When you use our Retail Services, we will collect your name, surname and e-mail address. The processing of your personal data is based on our:
Contact by e-mail or via contact form
When you contact us by e-mail or via a contact form, your e-mail address and, if provided by you, your name and telephone number will be stored by us in order to answer your questions. We delete the data collected in this context after the storage is no longer necessary, or - in the case of legal retention obligations - restrict the processing.
Getir processes the personal data stated above for the following purposes:
We may disclose your personal data to the following categories of recipients:
Our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it.
However, we will collect and process your personal data
If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as of the possible consequences if you do not provide your personal data).
If we collect and use your personal data in reliance on our legitimate interests, this interest will be to operate the Retail Services and communicating with you as necessary to provide our services to you and for our legitimate commercial interest, for instance, when responding to your queries, or improving the Retail Services. In addition to the legitimate interests described in this Privacy Policy, we may have other legitimate interests and if appropriate we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us using the contact details provided under the “How to contact us” heading below.
We use appropriate technical and organisational measures to protect the personal data that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data. Specific measures we or our third-party service providers use include anti-virus software and firewalls, access controls, encryption and detection and prevention software to detect and prevent cyber-attacks.
As our group companies, third party service providers and partners operate around the world, your personal data will be transferred to a location outside of the United Kingdom (“UK”).
When your personal data are transferred outside the UK, we are required to ensure that it is subject to an equivalent level of protection as it would within the UK. Therefore, we have taken appropriate safeguards to require that your personal data will remain protected in accordance with applicable data protection law and with this Privacy Policy.
These include, for example, implementing the Standard Contractual Clauses accepted by the Information Commissioner’s Office for transfers of personal data between our group companies, which require all group companies to protect personal data they process from data subjects residing in the UK in accordance with the applicable data protection law.
A copy of the Standard Contractual Clauses can be provided on request. We have implemented similar appropriate safeguards with our third party service providers and partners and further details can be provided upon request.
Your personal data will be stored and retained for us in accordance with the applicable laws on data protection, and to the extent necessary for the processing purposes set out under this Privacy Policy or resulting from such laws. We retain personal data we collect from you to provide you with our services or to comply with applicable legal, tax or accounting requirements.
When it is no longer necessary to process your personal data for the purposes for which it is processed, we will either aggregate, delete or anonymise it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.
Notwithstanding the above provisions of this Privacy Policy, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
You have the following data privacy rights:
You have the right to receive information from us at any time, upon request, about the personal data we process that concerns you within the scope of Art. 15 UK GDPR. To do this, you can send a request by post or email to the addresses below.
You have the right to request that we correct personal data relating to you without delay if it is incorrect. To do so, please contact us at the addresses below.
You have the right, under the conditions described in Art. 17 UK GDPR, to demand that we delete the personal data relating to you. These conditions provide in particular for the right to erasure if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection or the existence of a duty to erase under Union law or the law of the Member State to which we are subject. For the period of data storage, please also see section “data retention” of this Privacy Policy. To assert your right to deletion, please contact us at the addresses given below.
You have the right to demand that we restrict processing in accordance with Art. 18 UK GDPR. This right exists in particular if the accuracy of the personal data is disputed between the user and us, for the period of time required to verify the accuracy, as well as in the event that the user requests restricted processing instead of erasure in the case of an existing right to erasure; furthermore, in the event that the data is no longer necessary for the purposes pursued by us, but the user requires it for the assertion, exercise or defence of legal claims, as well as if the successful exercise of an objection is still disputed between us and the user. To exercise your right to restrict processing, please contact us at the addresses below.
You have the right to receive from us the personal data relating to you that you have provided to us in a structured, commonly used, machine-readable format in accordance with Art. 20 UK GDPR. To exercise your right to data portability, please contact us at the addresses below.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out, inter alia, on the basis of Art. 6(1)(e) or (f) UK GDPR, in accordance with Art. 21 UK GDPR. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.
You also have the right to contact the competent supervisory authority in case of complaints. The competent supervisory authority is the Information Commissioner’s Office (ICO), who can be found under here.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
We may update this Privacy Policy from time to time in response to changing legal, technical or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Policy changes if and where this is required by applicable data protection laws.
You can see when this Privacy Policy was last updated by checking the “last updated” date displayed at the top of this Privacy Policy.
If you have any questions or concerns about our use of your personal data, or you wish to exercise your rights under this Privacy Policy or the applicable law on data protection, please contact us using the following details: (i) privacy@getir.com; (ii) Getir UK Limited, Wework 30 Stamford Street, London, SE1 9LQ, United Kingdom.
The responsible parties within the meaning of the UK GDPR and UK national data protection laws of the UK as well as other data protection regulations is Getir UK Limited.