Last Updated: 19.04.2022
Getir is an on-demand delivery service that offers customers the opportunity to purchase products and have them delivered directly to their door.
For more information about Getir and our Retail Services, please visit our website at www.getir.uk and refer to Retail Walk in Terms and Conditions.
Personal data is all data that can be related to you personally, e.g., name, address, e-mail addresses, user behaviour.
If we use contracted service providers for individual functions of Getir UK’s offer, we will inform you in detail about the respective processes below. In doing so, we will also state the defined criteria for the storage period.
The personal data that we collect about you falls into the following categories:
Data that you provide voluntarily
When you use our Retail Services, we will collect your name, surname and e-mail address. The processing of your personal data is based on our:
Contact by e-mail or via contact form
When you contact us by e-mail or via a contact form, your e-mail address and, if provided by you, your name and telephone number will be stored by us in order to answer your questions. We delete the data collected in this context after the storage is no longer necessary, or - in the case of legal retention obligations - restrict the processing.
Getir processes the personal data stated above for the following purposes:
We may disclose your personal data to the following categories of recipients:
Our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it.
However, we will collect and process your personal data
If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as of the possible consequences if you do not provide your personal data).
If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us using the contact details provided under the “How to contact us” heading below.
We use appropriate technical and organisational measures to protect the personal data that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data. Specific measures we or our third-party service providers use include anti-virus software and firewalls, access controls, encryption and detection and prevention software to detect and prevent cyber-attacks.
As our group companies, third party service providers and partners operate around the world, your personal data will be transferred to a location outside of the United Kingdom (“UK”).
These include, for example, implementing the Standard Contractual Clauses accepted by the Information Commissioner’s Office for transfers of personal data between our group companies, which require all group companies to protect personal data they process from data subjects residing in the UK in accordance with the applicable data protection law.
A copy of the Standard Contractual Clauses can be provided on request. We have implemented similar appropriate safeguards with our third party service providers and partners and further details can be provided upon request.
When it is no longer necessary to process your personal data for the purposes for which it is processed, we will either aggregate, delete or anonymise it or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.
You have the following data privacy rights:
You have the right to receive information from us at any time, upon request, about the personal data we process that concerns you within the scope of Art. 15 UK GDPR. To do this, you can send a request by post or email to the addresses below.
You have the right to request that we correct personal data relating to you without delay if it is incorrect. To do so, please contact us at the addresses below.
You have the right to demand that we restrict processing in accordance with Art. 18 UK GDPR. This right exists in particular if the accuracy of the personal data is disputed between the user and us, for the period of time required to verify the accuracy, as well as in the event that the user requests restricted processing instead of erasure in the case of an existing right to erasure; furthermore, in the event that the data is no longer necessary for the purposes pursued by us, but the user requires it for the assertion, exercise or defence of legal claims, as well as if the successful exercise of an objection is still disputed between us and the user. To exercise your right to restrict processing, please contact us at the addresses below.
You have the right to receive from us the personal data relating to you that you have provided to us in a structured, commonly used, machine-readable format in accordance with Art. 20 UK GDPR. To exercise your right to data portability, please contact us at the addresses below.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out, inter alia, on the basis of Art. 6(1)(e) or (f) UK GDPR, in accordance with Art. 21 UK GDPR. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.
You also have the right to contact the competent supervisory authority in case of complaints. The competent supervisory authority is the Information Commissioner’s Office (ICO), who can be found under here.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
The responsible parties within the meaning of the UK GDPR and UK national data protection laws of the UK as well as other data protection regulations is Getir UK Limited.