Ordly privacy statement
Ordly OÜ and its affiliated companies (“Ordly”), collect personal data of its customers and visitors of its websites whilst providing its services. Ordly processes your data with due care, in accordance with all applicable laws and regulations. Our Privacy Statement explains what data we process, how we do that and how you may use your rights as a data subject (e.g., right to object, right of access). This Privacy Statement may be updated from time to time. You can find the current version on our website ordly.io. This Privacy Statement applies to all personal data that Ordly processes during the execution of our services, including the personal data of visitors of the Ordly websites. This Privacy Statement only covers data processing carried out by Ordly. The Privacy Statement does not address, and we are not responsible for, the privacy practices of any third parties.
1. The identity of the controller of the processing of your personal data
The controller of the processing of the personal information is:
|Company ID in Estonian Trade Register||EE101967848|
|Correspondence address||Killustiku tn. 9-12, 11414, Tallinn, Estonia|
|Telephone number||+358 45 229 3439|
2. Personal data processed and sources of data
Ordly collects two types of information from our Users: (i) User Data; and (ii) Technical Data. Although we do not normally use Technical Data to identify you as an individual, you can sometimes be recognized from it. In such situations, Technical Data can also be considered personal data under applicable laws.
We may collect and process the following User Data about our customers and visitors: (i) first and last name; (ii) address details, (iii) telephone number, (iv) e-mail address, (v) date of birth, (vi) your location when you use our services, (vii) payment details, (viii) other personal data you provide yourself, including pictures, for example when creating a profile, in correspondence and by phone, (ix) information that you provide when rating our services.
We may collect User Data from our customers and visitors in a variety of ways, including, when they register to our services, subscribe to a newsletter or fill out a form. Further, please note that we also collect details of any transactions and payments you carry out through our services. We will collect User Data from customers and visitors only if they voluntarily submit such information to us or carry out transactions or payments through our services or sites.
We and/or our authorized third party service providers may automatically collect Technical Data when you visit or interact with our services or sites. Technical Data may include the browser name, the type of computer or device, time spent on website, interaction with the Services, URL of the website you visited before and after visiting the Services, the time and date of user visits, surfing habits, IP address, operating system and the Internet service providers utilized and other similar technical information.
Our sites use Google Analytics and other web analytics services to compile reports on visitor usage and to help us improve our sites and services. For an overview of Google Analytics, please visit http://www.google.com/analytics/. You can opt-out of Google Analytics with this browser add-on tool: https://tools.google.com/dlpage/gaoptout. For more information on how Google uses data, please visit https://www.google.com/intl/en/policies/privacy/partners/
3. Purposes and legitimate grounds for the processing of your personal data
There are several purposes of the processing of your personal data by Ordly:
To provide our services and carry out our agreement with you
Ordly processes your personal data in the first place to be able to deliver our services to you and to run, maintain and develop our businesses. We use the data for example to handle your payments or any refunds (where applicable) and to provide our partners (the restaurants, hotels or other companies) with the information necessary for the preparing and delivery of your order. If you contact our customer service, we will use the information provided by you to answer your questions or solve your complaint. In order to ensure that our services are in line with your needs, these data can be used for things like customer satisfaction surveys. We might also request another party to do this for us.
For customer communication (including marketing)
Ordly processes your personal data to contact you regarding our services and to inform you of changes to our services and products. Your data are also used for research and analysis to improve our services and our websites. We may also use your data entered on our websites in certain cases to send information by e-mail about other services of Ordly to you, provided that you have given us consent to that.
For quality improvement and trend analysis
We may also process information about your use of the services to improve the quality of our services, e.g., by analyzing any trends in the use of our services. When possible, we will do this using only aggregated, non-personally identifiable data.
Legitimate grounds for processing
Ordly processes your personal data to perform our contractual obligations towards you and to comply with legal obligations. Furthermore, we process your personal data to pursue our legitimate interest to maintain and develop our businesses.
4. Transfer to countries outside Europe
Ordly may transfer your personal data to countries outside the European Union and the European Economic Area. When we transfer any data to a country for which no adequacy decision of the European Commission exits, such transfer will be subject to the provisions of the (standard or other) clauses adopted by the European Commission. If you wish to know more about international transfers of your personal data, you may contact us via the contact details above.
5. Recipients & Third parties
We only share your personal data within the organization of Ordly if and as far as reasonably necessary to perform and develop our services, e.g. with our customer service and marketing employees.
We do not share your personal data with third parties outside of Ordly unless one of the following circumstances applies:
It is necessary for the purposes of this Privacy Statement
To the extent that third parties (such as the restaurants which prepare your order) need access to personal data to perform such services, Ordly has taken the appropriate contractual and organisational measures to ensure that your data are processed exclusively for the purposes specified in this Privacy Statement and in accordance with all applicable laws and regulations. Furthermore, we may provide your personal data to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in accordance with our Privacy Statement and any other appropriate obligations of confidentiality and security measures.
For legal reasons
We may share your personal data with third parties outside Ordly if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests, properties or safety of Ordly, our users or the public as far as in accordance with the law. When possible, we will inform you about such processing.
For other legitimate reasons
With your consent
We may share your personal data with third parties outside Ordly for other reasons than the one mentions before, when we have your explicit consent to do so, unless such is necessary for the provisions of our services (such as sharing with the restaurants or hotels you placed your order at). You have the right to withdraw this consent at all times.
Ordly uses services provided by The Rocket Science Group LLC d/b/a MailChimp (MailChimp) to handle some of our newsletters and email communication with you with your consent. You can read more about how MailChimp handles your privacy at https://mailchimp.com/legal/privacy/ . MailChimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG .
With your consent, Ordly sends data to Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S. (“Google”). In connection herewith, we use the services of Google Firebase. Google Firebase uses tracking technologies that allow the analysis of your use of our offer. This way, information on the use of our App is collected, sent to and stored by Google. Google has obtained a Privacy Shield Certification and agreed to compliance with the Privacy Shield Treaty between the EU and the U.S. on the collection, use, and storage of personal data from EU member states, as published by the U.S. Department of Commerce. Google will use the information referred to above in order to analyze your use of our App and to provide us with other services in connection with the use of apps. For detailed information on Google Firebase and data privacy, please refer to https://www.google.com/policies/privacy/ , https://firebase.google.com/, and https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
Ordly uses Facebook Inc to provide fast in-app login. For more information, please refer to Facebook data policy at https://www.facebook.com/privacy/explanation and Facebook privacy shield compliance at https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC
6. Storage period
Ordly does not store your personal data longer than is legally permitted and necessary for the purposes for which the data were collected. The storage period depends on the nature of the information and the purposes of processing. The maximum period may, therefore, vary per use. In general, we store data for the provision of services for a maximum of five years after our relation ended.
7. Your rights
Right to access
Ordly offers you access to the personal data we process. This means you can contact us asking us to inform you about your personal data that we have collected and processed and the purposes such data are used for. We may charge a processing fee in case less than 12 months have passed since your last data request.
Right to correct
You have the right to have incorrect/unprecise, incomplete, outdated, or unnecessary personal data we have stored about you corrected or completed by contacting us.
Right to deletion
You may also ask us to delete your personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data. After the data have been deleted, we may not immediately be able to delete all residual copies from our active servers and backup systems.
Right to object
You may object to certain use of your personal data if such data are processed for other purposes than necessary for the performance of our services or for compliance with a legal obligation. You may also object any further processing of your personal data after prior given consent. If you object to the further processing of your personal data, this may lead to fewer possibilities to use our websites and other services.
You have the right to opt out of receiving electronic direct marketing communications from us by clicking on the opt-out link provided in all marketing communications we send you, and choosing not to receive marketing communications from us in the future. You also have the right to prohibit us from using your personal data for direct marketing purposes, market research and profiling by contacting us on the addresses indicated above.
Right to restriction of processing
You may request us to restrict certain processing of your personal data. If you restrict certain processing of your personal data, this may lead to fewer possibilities to use our websites and other services.
Right to data portability
You have the right to receive your personal data from us in a structured, commonly used format in order to transmit the data to another controller.
How to use your rights
You may use these rights by sending a letter or e-mail, including your name, address, phone number and a copy of a valid ID to us on the addresses set out above. If your request regards personal data in a cookie, you have to enclose a copy of the said cookie. We may request the provision of additional information necessary to confirm your identity. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded. In case you consider our processing activities of your personal data to be inconsistent with the applicable data protection laws, you may lodge a complaint with the local supervisory authority for data protection.
8. Information security
All personal data is stored securely in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR).
We will take all reasonable, appropriate security measures to protect Ordly and our customers from unauthorized access to or unauthorized alteration, disclosure or destruction of personal data we hold. Measures include, where appropriate, encryption, firewalls, secure facilities and access rights systems. Should despite of the security measures, a security breach occur that is likely to have negative effects to your privacy, we will inform you about the breach as soon as reasonably possible.
9. Applicability and changes
Our Privacy Statement applies worldwide, to all of the services offered by Ordly. This Privacy Statement is published in English as well as in other languages. In the event of any differences of interpretation between the versions, the English version is always decisive and binding. Our Privacy Statement may change from time to time. You can find the current version on our website ordly.io. We will not make substantial changes to this Privacy Statement or reduce your rights under this Privacy Statement without providing you with a notice.