Last updated: December 2025
This Privacy Statement aims to clarify what personal data we process, why we process it, who receives your data and how you can exercise your legal rights. Accordingly, in this Privacy Statement, “personal data” means any information which directly identifies you as a person (like the combination of your full name and address), or can be used to identify you as a person (like a user ID connected to your identity). Similarly, “processing” refers to any operation performed on your personal data, for example the collection, storage, use, disclosure, or destruction of your personal data.
1. Who are we?
We are Glovo, part of the Delivery Hero Group headquartered in the official address Oranienburger Str. 70 10117 Berlin, Germany. As regards your privacy, it’s us who decide how and for what purposes your personal data is processed. In data protection language that makes us a so-called “Data Controller” or “Controller” (the party responsible for how your personal data is processed. Specifically, the local Glovo company below that is also your contracting party is the Controller of your data and if you have any questions related to your privacy, you can contact us at the email address given next to your contracting party’s name below:
Country | Company name | Tax Identification Number (NIF) or other tax number | Registered address |
Armenia | GLOVO LLC | 2841979 | V. Sargsyan 26/1 Center 0010, Yerevan, Armenia |
Bosnia and Herzegovina | GlovoApp d.o.o. Sarajevo | 4202880430005 | Branilaca Sarajeva 17 |
Bulgaria | Glovoapp Bulgaria, EOOD | BG203039843 | Bulgaria, Sofia, Industrial Area Hladilnika 1407, No.2, Srebarna Str, Mobi Art Building, floor 2 |
Croatia | Glovoapp Technology d.o.o. | 48879371584 | Radnicka cesta 52 10000, Zagreb, Croatia |
Georgia | Glovoapp Georgia LLC | 402099475 | Tbilisi, Didube District, Davit Agmashenebeli Ave. #129a, Shop #4 |
Italy | Foodinho, S.R.L. | 09080990964 | Via Giovanni Battista Pirelli, n. 31, 20124 Milano (MI) |
Ivory Coast | GLOVOAPP COTE D’IVOIRE SARL | 53703324719 | Abidjan – Cocody Riviera Mbadon – Rue Ambassade de Chine 27 BP 654 Abidjan 27 Côte d’Ivoire.¡ |
Kazakhstan | Glovoapp Kazhastan LLP | 1-90640018883 | Kazakhstan, Almaty city, Al Faravi avenue 15, Nurly TAU business center, block 4В, 14 floor, office No 1403, postal 050059 |
Kenya | Glovapp Kenya, LLC | P051739866F | P.O BOX 13423 WESTLANDS, MAHIGA MAIRU AVENUE, BUILDING, WESTCOM POINT, Nairobi, Kenya |
Kyrgyzstan | “GLOVO KG” LLC | 2109202010145 | Erkindik Ave. 64B, Office 18, Pervomaysky District, Bishkek, 720040 |
Moldova | GlovoAppMOL SRL | 1020600034411 | Moldova, Chisinau, Alexandru Hajdeu 47 MD-2001 |
Montenegro | Glovo Montenegro d.o.o. | 03351475 | PODGORICA, BULEVAR DŽORDŽA VAŠINGTONA BR. 83 |
Morocco | Glovoapp Morocco Sarl | 26046117 | Rue Soumaya Résidence Shehrazade 3, 5ème étage, n° 22 Palmiers 20340 - Casablanca |
Nigeria | Glovoapp Nigeria Limited | 23916307-0001 | 4th Floor, Adamawa Plaza Plot 1099, 1st Avenue Off Shehu Shagari Way, Central Business District FCT, Abuja, NIGERIA |
Poland | Restaurant Partner Polska SP.Z.o.o | 7252012779 | Piotrkowska 276, 90-361 Łódź, Poland |
Portugal | GlovoApp Portugal Unipessoal Lda. | 515642428 | Rua Alexandre Herculano, 50, 4.º, 1250 048, Lisbon, Portugal |
Romania | GlovoappRo, S.R.L. | 39053728 | Romania, Bucuresti, Sector 4, Calea Serban Voda, Nr. 206-208, 208-210, 210-218, Cladirea U-Center 2, Etaj 2 |
Serbia | Glovoapp Technology d.o.o. Beograd-Stari Grad | 111507569 | Belgrade, Žorža Klemansoa 19 |
Spain | GlovoApp Spain Platform, S.L.U. | B67282871 | Carrer Llull 108, (08005) Barcelona, España |
Tunisia | Glovoapp Tunisia SUARL | 1739051W | Complexe Vital Cube - Bloc E, N° 2 & 3 Rue de L'Île de Tasmanie, Berges du Lac 2, Tunis - 1053 Mat |
Uganda | GLOVO UGANDA SMC LIMITED | 1017265563 | 4th Floor, DFCU Towers, 26 Kyadondo Road, Nakasero, Kampala, P O Box 1520, Kampala, Uganda |
Ukraine | Glovoapp Ukraine LLC | 42555522 | 01011, Ukraine, Kyiv, Panasa Myrnoho Street, building 11, office 2/21 |
2. What categories of personal data do we process?
Data Categories | Explanation |
Company Information | Name, Address, Tax ID, Geolocation Data, Order Data, Trading Licence, Contact Data, Order History |
Proprietor Information | Name, Surname, Address, ID Data, Birthdate, Social Security Number, Phone Number, Email and other contact information |
Technical Information | Device Data, Language Settings, Usage Data |
Order Information | Order IDs, Product Names and Quantities, Order History, Delivery Related Data |
Financial Information | Bank Account, Tax ID, Payment Recipient Data |
Care Team Support Information | Content of Support Chat for Vendor Support and Customer Support |
3. What do we do with your personal data?
In order to provide services on our vendor portal, we use various tools and systems that are necessary for the operation of the portal. Accordingly, we collect, process and store the following categories of personal data when you use the portal:
We process the above categories of personal data for the following purposes:
Purpose | Description and Legal Basis |
Account Creation and Maintenance | The information we request during the account creation process is necessary to take the first step in establishing a business relationship with you so that we can provide you with our services. We only ask for your data that is necessary for this purpose. Categories of personal data:
The legal basis for this processing is ‘entering into or performance of a contract’ under Art. 6(1)(b) GDPR. |
Order Processing & Delivery | Following information is necessary for us to conclude your order and ensure the successful delivery. Categories of personal data:
The legal basis for this processing is ‘entering into or performance of a contract’ under Art. 6(1)(b) GDPR. |
Advertising | We utilize marketing activities to reach as many potential business partners as possible. These activities encompass a range of marketing strategies, including advertisements, both on our own platform, or on online media properties (e.g., websites, social platforms) owned and operated by third-party publishers. Categories of personal data:
The legal basis for this processing is ‘legitimate interest’ under Art. 6(1)(f) GDPR and consent under Art. 6(1)(a) GDPR, if required by applicable law. |
Payment | On a regular basis, your information will be shared with payment providers to facilitate the payment process. Categories of personal data:
The legal basis for this processing is ‘entering into or performance of a contract’ under Art. 6(1)(b) GDPR. |
Product Analytics | We analyze the usage of the Vendor Portal in order to ensure its security, optimization and effectiveness. Accordingly, Vendor Portal generates and uses anonymous information about the device you used to access. Categories of personal data:
The legal basis for this processing is ‘legitimate interest’ under Art. 6(1)(f) GDPR. |
Business Communication | Different tools channels (email, SMS and messaging platforms such as WhatsApp) are used for communication between you and the partnering entity. The purpose of the processing is the communication of necessary information between the parties involved to ensure adequate business operations. Categories of personal data:
The legal basis for processing for the purpose of business communication is ‘entering into or performance of a contract’ under Art. 6(1)(b) GDPR and ‘legitimate interest’ under Art. 6(1)(f) GDPR. |
Direct Marketing | We may send you newsletters and promotions via email, pushes, SMS or messaging platforms such as WhatsApp informing you about new offers, deals or campaigns that are available for you on our platform We may use the contact details you provided to us when registering as a partner to send you such communications. Opt-Out You can opt out at any time, free of charge and with future effect, by updating your message preferences, and using the unsubscribe possibility offered in connection with any direct marketing messages or by contacting us via the email address provided at section 1. Categories of personal data:
The legal basis for processing of your data for the purpose of direct marketing as described above is ‘legitimate interest’ under Art. 6(1)(f) GDPR and ‘consent’ under Art. 6(1)(a) GDPR, if required by applicable laws. |
4. Who will receive your data and under what circumstances?
You can trust that, within our company, only those staff members will receive access to your personal data who need them in order to fulfill their professional duties, such as providing you with a great online experience, or looking into your support request. In certain scenarios, we also need to share your personal data with recipients outside of our company. Please be assured that your data is shared with these recipients only to the extent necessary for the specified purposes and only as we are legally permitted to do so.
a) Delivery Hero group companies
We are part of an international group of companies with legal entities in many parts of the world, including our group’s headquarters located with Delivery Hero SE in Berlin, Germany. In order to utilize our resources efficiently and ensure that our business processes function properly, we utilize our group-wide shared technological support services that sometimes necessitate sharing personal data with our parent company, Delivery Hero SE, or with the locations of our global tech hubs. In certain situations, we might also share limited data with other group companies, for example, to assist with payment collection or to implement platform security measures.
Delivery Hero group companies are bound by strict intra-group data transfer agreements ascertaining compliance with data protection requirements whenever sharing personal data with group companies.
b) Data processors
In some situations, we engage other companies to process your personal data on our behalf. We refer to these companies or service providers as “processors.”. This means they are only allowed to process your personal data under our instructions and have no claims whatsoever to process your personal data for their own, independent purposes. Our processors are strictly monitored and we only engage processors who meet our high data protection standards.
Our user platforms and databases run on cloud resources provided by the EU subsidiaries of Google Cloud Platform and Amazon Web Services. We use marketing and communications tools by companies such as Salesforce or Insider. Our finance and accounting platforms are provided by SAP.
c) Other third parties and service providers
In addition to data processors, we also work with third parties, to whom we share your personal data, but who are not bound by our instructions and instead will process your data independently. These may be our consultants, lawyers or accountants who receive your data from us under a contract and process your personal data for legal reasons, or to protect our own interests.
d) Mergers & acquisitions, change of ownership
In the event of a merger with, or acquisition by, another company or group of undertakings, we may need to disclose limited information to that company and their advisors who are under professional obligations to maintain the confidentiality of your personal data. This may occur in circumstances such as mutual due diligence assessments and regulatory disclosures.
In any event, we will ensure that we only disclose the minimum amount of information necessary to conduct the transaction, while also carefully considering the feasibility of removing or anonymising any data that could identify individuals.
e) Prosecuting authorities, courts and other public authorities
From time to time we may be requested to disclose personal data to public authorities. In some circumstances, we may disclose personal data with public bodies in order to bring or defend legal claims, to protect our rights and interests, or to address security concerns.
Examples of such situations include cooperating in the detection and prevention of crime, responding to legal processes such as court orders or subpoenas, or sharing data with tax authorities for tax-related purposes. The public authorities involved in these scenarios may include law enforcement agencies, courts, tax authorities, or other government officials.
5. How do we transfer your personal data to other countries?
We and the parties we share your personal data with may transfer personal data to countries other than the country in which you use our services. Where such transfers take place, we take appropriate measures to ensure that your data is always afforded an adequate level of protection in the countries to which it is transferred.
For example, if we transfer your personal data from a country within the European Economic Area (EEA) to a country outside of the EEA, we take appropriate safeguards to ensure that these transfers provide a level of protection that complies with data protection requirements. If there are specific further requirements of the law of the country in which you use our services, we will abide by them as well.
Specifically as far as transfers from the EEA to countries outside the EEA are concerned, we rely on a number of appropriate safeguards:
- Adequacy decisions by the EU Commission (e.g. for Argentina or the United States, to the extent recipients have certified under the EU-US Privacy Framework, or other applicable mutual agreement between the EU and the US);
- Standard contractual clauses mutually agreed in our contract with the data recipient (including any supplementary measures, if required).
- Further appropriate safeguards in accordance with Art. 46 GDPR (for example Binding Corporate Rules).
6. What are your legal rights?
Under the data protection laws, you are entitled to the following rights:
Right to access | You have the right to access your personal data and obtain additional information on how we process it. You may also request a copy of your personal data. |
Right to rectification | If you notice that your personal data is incorrect, you can always request that we correct it. |
Right to erasure | You have the right to ask us to delete your personal data. Please note that even if you exercise this right, we may be required to retain some of your information if we process it as part of our legal obligations, or in pursuit of our own (or a third party’s legitimate interests) such as the assertion of, or defense against, legal claims, preventing fraud or protecting ourselves or others against abusive behavior. |
Right to restriction of processing | If you have requested the deletion of your personal data, but we are legally prevented from immediately deleting it, we will store your data in our archives and retain them for the sole purpose of meeting our legal obligations. However, you will not be able to use our services during this time, as this would require us to de-archive your personal data. |
Right to data portability | You can ask us to provide you or another Data Controller with your personal data in a machine-readable format. However, please note that this right only applies to data that we process based on your consent. |
Right to object | You have the right, for reasons arising from your particular situation, to object at any time to any processing of your personal data, which is processed on the basis of our legitimate interests. If you object, we will no longer process your personal data unless we can prove compelling grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise, or defend against legal claims. |
Right of complaint | You can raise a complaint about our processing with the data protection authority in the country of your habitual residence, place of work, or the place where you think a violation of data protection laws has occurred. |
Right not to be subject to a decision based solely on automated processing | You have the right to object to a fully automated decision (i.e. without any human intervention in the decision-making process) that has legal effects or significantly affects you. |
To exercise your rights, we encourage you to use the functions available in your account at any time. For example, if you would like to delete your data, or receive a copy of it, you can directly do so by following the relevant steps in your profile. These self-service methods are designed to expedite the process of fulfilling your rights. Alternatively, you can also reach out to the contact information given next to your Glovo contracting partner’s name and request our customer support team to assist you.
7. How long do we keep your data?
We retain your personal data for as long as it is necessary to achieve the purposes we described above. The duration for which we retain your personal data is determined by factors such as the scope, nature and purposes of the personal data processing, and whether we have legitimate interests or legal obligations that require us to retain your personal data.
CATEGORY | TERM | DESCRIPTION | LEGAL REF. |
COMMERCIAL AGREEMENTS OR CONTRACTS | 6 years | The agreements signed between the Courier and Glovo in case of commercial relationships. | Article 30 of the Royal Decree of 22 August 1885 publishing the Code of Commerce (Código de Comercio). |
USERS AND CONSUMERS | 3 years | Claims to enforce performance of the service as a result of non-conformity with the contract are subject to a limitation period of three years after the delivery of the product. | Article 123.4 of Royal Legislative Decree 1/2007 of 16 November 2007 approving the consolidated text of the General User and Consumer Defence Law (Ley General para la Defensa de los Consumidores y Usuarios) and other additional laws |
E-COMMERCE AND INFORMATION SOCIETY SERVICES | 3 years | The limitation periods for infringements are:- Very serious infringements: after 3 years,- Serious infringements: after 2 years,- Minor infringements: after 6 months. | Article 45 of Law 34/2002 of 11 July 2002 on E-Commerce and Information Society Services (Ley de Servicios de la Sociedad de la Información y el Comercio Electrónico). |
MONEY LAUNDERING | 10 years | Documents formalizing compliance with the obligations provided by law. | The filing systems of regulated parties must ensure the proper management and availability of documentation both for internal control purposes and for the purpose of responding to requests from the authorities in a proper and timely manner.Article 25 of Law 10/2010 of 28 April 2010 on the prevention of money laundering and the financing of terrorism (Ley de prevención del blanqueo de capitales y de la financiación del terrorismo). |
8. How do we use Artificial Intelligence (AI)?
We may use artificial intelligence (AI) to improve our services and vendor experience. Artificial Intelligence may be used, for example, to provide personalized content, recommend products, or support customer service. These technologies may collect and process personal data provided by you.
Our intention is not to collect sensitive personal data through the usage of AI. We therefore ask that you avoid providing any type of sensitive personal data.
In some cases, we may use third-party AI services to power certain features. When we do, we ensure that these partners comply with applicable laws and the highest data privacy standards. We may share your data with these third parties only to the extent necessary for them to perform their services, and we require them to protect your data in a manner consistent with this privacy statement.
We will let you know when you are interacting with AI. If you have any inquiries regarding this process, you have the right to contact support agents and request human intervention. Furthermore, you have the right to opt out of AI related data processing at any time.
9. Changes to this Privacy Statement
We may update this Privacy Statement to reflect our new processes, new technologies, and legal obligations. We are committed to keeping you informed of any changes to our privacy practices, so we encourage you to review this privacy statement to keep updated.