Most recent amendment: November 2024
Index
1. Scope
2. Summary of information
3. Your personal data rights
4. Data controller of your personal data
5. Useful information if you are a USER
- 5.1 What are the data processing purposes and the legitimate basis of the processing?
- 5.2 What kind of data do we hold about you and how is your personal data collected?
- 5.3 What are the recipients of your data and why are we communicating it?
- 5.4 How long will we keep your data?
Annex I- General retention periods and retention periods applicable for Users
6. Useful information if you are a COURIER:
- 6.1 What are the data processing purposes and the legitimate basis of the processing?
- 6.2 What kind of data do we hold about you and how is your personal data collected?
- 6.3 What are the recipients of your data and why are we communicating it?
- 6.4 How long will we keep your data?
Annex I- General retention periods and retention periods applicable for Couriers
7. Useful information if you are a PARTNER:
- 7.1 What are the data processing purposes and the legitimate basis of the processing?
- 7.2 What kind of data do we hold about you and how is your personal data collected?
- 7.3 How long will we keep your data?
Annex I- General retention periods and retention periods applicable to Partners
8. Useful information if you are an INVESTOR:
- 8.1 What are the data processing purposes and the legitimate basis of the processing?
- 8.2 What kind of data do we hold about you and how is your personal data collected?
- 8.3 How long will we keep your data?
Annex I- General retention periods
9. Useful information if you are an JOB APPLICANT:
- 9.1 What are the data processing purposes and the legitimate basis of the processing?
- 9.2 What kind of data do we hold about you and how is your personal data collected?
- 9.3 How long will we keep your data?
Annex I- General retention periods
10. Useful information if you are a PROSPECT:
- 10.1 What are the data processing purposes and the legitimate basis of the processing?
- 10.2 What kind of data do we hold about you and how is your personal data collected?
- 10.3 How long will we keep your data?
Annex I- General retention periods
11. Useful information if you are a WEBSITE VISITOR:
- 11.1 What are the data processing purposes and the legitimate basis of theprocessing?
- 11.2 What kind of data do we hold about you and how is your personal data collected?
- 11.3 How long will we keep your data?
Annex I- General retention periods
12. Do we proceed to international transfer of data?
13. Do we proceed to automated decision making?
14. Do we create profiles and/or segment users based on the collected data?
15. What security measures have been adopted?
16. Ethics Channel
17. Glovo Initiatives
18. Artificial Intelligence
Annex II - Details of Glovo Group companies
Annex III - Definitions
1. Scope
Our commitmentGlovo is committed to respecting Users’/ Couriers’/ Job Applicants’/ Partners’/ Investors’/ Prospects’/ Website Visitors’ (jointly named hereinafter as the “Data Subjects”) privacy and protecting their Personal data. In this sense, the aim of this Privacy Policy is to inform Data Subjects about Glovo’s processing activities as per GDPR and the Local Regulation requirements.
The purpose of the Privacy PolicyThis Privacy Policy provides information on the processing of personal data of Data Subjects who contact us via the contact form available on our website, in accordance with the General Data Protection Regulation ("GDPR").
To find them, the different stakeholders involved in this processing as well as our Data Subjects can enter our main website glovoapp.com>>Contact us>>Policies, or App: Help>>Not related to an order>>Policies and there they can select the right which they wish to exercise.
This Privacy Policy notice describes: how Glovo collects and processes the personal data, the different stakeholders involved in this processing as well as our Data Subjects rights with regard to their data. We recommend that both all stakeholders involved in the processing as well as Data Subjects read it carefully and on a frequent basis to fully understand this along with our privacy overview, which highlights key points about our current privacy practices.
Possible changes and updates on the Privacy PolicyDue to the constant evolution of Glovo’s activities, this Privacy Policy may be subject to change or updates in the future.
Use of our Platform after this Privacy Policy has been updated shall be deemed to constitute consent by Data Subjects, whether located in the EU or outside the EU, to the updated or modified Privacy Policy to the extent permitted by local law.
Glovo will notify the Data Subjects in advance in case of substantial changes and modifications to the Privacy Policy by e-mail or through any other means that ensures its receipt. Glovo will in no event modify its policies or practices to make them less effective in the protection of its Data Subjects personal data.
Any doubts? Contact our DPO
If our Data Subjects have any doubt concerning this Privacy Policy or want to obtain more information on it, they can contact our DPO at any time to this email address: gdpr@glovoapp.com.
2. Summary of information
Data Controller |
|
Your rights | You can exercise your rights related to personal data at any time HERE or by sending us an email to: gdpr@glovoapp.com.Your rights related to personal data: right of access, right to rectification, right to erasure, right to object to processing, right to object to profiling, right to unsubscribe to any marketing communication |
Data Protection Officer | gdpr@glovoapp.com |
For which purpose do we use your data? | When you are a User or Courier we may use your data for:
When you are a Partner we may use your data for:
When you are an Investor we may use your data for:
When you are a Job Applicant we may use your data for:
When you are a Prospect we may use your data for:
When you are a Web Visitors we may use your data for:
|
Why can we do it? Lawfulness of processing |
|
With whom we share your data? | If you are a User we may share your data with two different group of recipients: The recipients of data while we carry on your orders:the Courier who carries out the task of collecting and delivering the product; the establishment or venue in charge of selling the product; the Customer Care Services available to you; the payment Platform and payment service providers; Telecommunications service providers; Providers rendering satisfaction survey services Recipients of the data, during the actions undertaken to continue to provide the services offered through the App: service providers that send parcels, carry out orders and/or resolve incidents with delivery; pharmacists dispensing products; Payment Platforms contracted by Glovo; Service providers for fraud control purposes and for for the anonymisation of some data; Telecommunications services; Punctually another entity or affiliate of the Glovo Group; Social media, Third parties associated with Glovo for the purposes of commercial communications; insurance companies If you are a Courier we may share your data with different group of recipients:
In case of every Data Subject (Users, Couriers, Job Applicants, Partners, Investors, Prospects, Website Visitors) we may share personal data with:
|
3. What are your personal data rights?
Privacy is your right and you have the choice.
You may exercise your rights free of charge at any time using the form available on our main website glovoapp.com>>Contact us>>Policies, or in the App, entering to: Help>>Not related to an order>>Policies.
To exercise your rights click HERE.If you have any questions, you can write to us at gdpr@glovoapp.com.
You may exercise the following rights vis-à-vis Glovo:
- The right of access to your personal data to know which data is being processed and the processing operations carried out thereon;
- The right to correct any inaccuracies in relation to your personal data;
- The right to the erasure of your personal data, where possible; by sending us a data erasure request.
- The right to request the restriction of processing of your personal data when the accuracy, legality or need for processing of the data is in question, in which case we may retain the data for the purpose of filing or defending claims.
- The right to object to the processing of your data in order to resolve any query you may have raised with us through the contact form (website: glovoapp.com>>Contact us>>Policies or in the App: Help>>Not related to an order>>Policies) and the right to object to the processing of your data on social media and/or for the purpose of processing your CV.
- If you are the User, and you don’t want to receive any marketing communications, you have the right to unsubscribe to any marketing communication, by sending an e-mail or by using the link provided for this purpose in every commercial communication. Please note that disabling Push notifications will also prevent you from receiving notifications about the status of any order.
You can anytime object to profiling by sending an email to: gdpr@glovoapp.com
If you believe that Glovo is in breach of data protection law:
Please take into account that there may be some situations where the above rights could not be exercised or effectively executed by Glovo, for example when asking us to erase all your personal data where there is contractual relationship with us.
Notifications and Modifications
Due to the constant evolution of Glovo’s activities, this Privacy Policy, the Cookie Policy and the Terms of Use are also subject to change.
Glovo will send all Users/ Couriers / Job Applicants/ Partners/ Investors/ Prospects/ Website Visitors notifications about substantial changes and modifications to such documents by email or through any other method that ensures their receipt.
In any case, Glovo will in no event modify its policies or practices to make them less effective in the protection of our customers’ previously stored personal data.
In the event of discrepancies between the translations and the Spanish version of this document, the Spanish version will prevail.
4. Who is a Data Controller of your data?
The Data Controller of your Personal Data in relation with the use of the Glovo Platform and of the other Forms is Glovoapp Spain Platform, S.L.U., C/ LLull 108, 08005, Barcelona, Spain.
In addition to the information provided above, details of each Glovo Group company can be found in Annex II to this Privacy Policy.
Furthermore Glovo may share the data of those users ("users") or Couriers ("Couriers") who register on the website or the APP (the "Platform") and those persons who contact Glovo using the forms available on its platform with each of the subsidiaries and companies of the Glovo Group for the purpose of offering the services requested by Users through the Platform.
5. Useful information if you are a USER:
5.1 What are the data processing purposes and the legitimate basis of the processing?
Glovo will process your the personal data for the following purposes:
1. For legal purposes.2. For contractual purposes.3. For security purposes.4. For statistics and research purposes.5. For marketing and commercial purposes.6. For non-marketing purposes.
Legal purposes
Glovo processes your personal data for:
i) detect and investigate fraud and possible crimes committed against our Platform and all the users,
ii) comply with the legislation in case any legal regulations oblige us to keep your data for a defined period of time (please check Annex I on data retention),
iii) manage and execute your request(s) to exercise the rights established in the GDPR and local regulations,
iv) file, submit and defend legal actions against any entity of our Group,
v) in any of the cases above-mentioned, Glovo shall be entitled to use any data obtained from you or arisen from your activity through our Platform (e.g. conversations between you and the Partner, you and the Courier, you and our Platform using the chat system) for the purpose of filing and/or defending any claims and/or legal actions that may be necessary, and to manage any incidents arising in connection with User’s orders.
Contractual purposes Glovo processes your personal data for:
i) grant you the possibility to create your own account,ii) provide you with the services you have requested and any additional features on the Platform,
ii) locate the nearest Partners and Courier to the delivery point informed by you (which may involve using geolocation services, if you agreed to them when asked to by the Platform, as described above),
iii) perform payment processing and collection on behalf of you,v) communicate your Order to the Partner selected by you and update you on the status of your Order,
iv) assist you in your decisions and use of the service, including the possibility to quickly reorder from the stores, where you have ordered in the past or suggest you stores based on your past orders or “popularity” among new users. Additionally, we could assist you in your decisions through automatically determined filters by the historical order you have placed in the past, providing in each case specific contents in the Platform tailored for you,
v) send you the receipt corresponding to your Orders,
vi) provide you with a customer service to manage any incident related to your Orders and being able to answer your questions or consultations,
vii) allow your direct contact with the Courier in charge of your Order,
viii) be contacted by our Partners in case of any incident with your Orders,
ix) process reimbursements and refunds both via promo-codes or bank refunds,
x) notify you concerning changes or updates to our services, terms and conditions, privacy policy, cookies policy and any other corporate document that may affect you in a substantial way.
Security purposes Glovo processes your personal data for:
i) use device, location (including geolocation data, if you agreed to), profile, usage, and other data to prevent and detect malicious or unsafe activities (e.g. payment fraud, identity fraud, account hacking, phishing, incentive abuses). In particular, Glovo uses your device's IP address to detect fraudulent activity on your device and to keep the platform away from attackers who may try to access your account by impersonating you;
ii) monitor all actions that could cause fraud or in the commission of a criminal offence related to the payment method employed by you; if any irregularities are detected, Glovo reserves the right to retain the data provided and share it with the competent Authorities in order to carry out the relevant investigation,
iii) make sure that you follow the legal requirements related to specific products you may order through the Platform (e.g. legal age for alcoholic beverages).
For statistics and research purposesGlovo processes your statistics based on your Personal data for:
i) analyse trends, purchase behaviour and characteristics,
ii) understand how you use our Platform,
iii) manage and improve the services offered, including the possibility of adding new or different features and services to improve the quality of the services.
Marketing and commercial purposes
Glovo processes your personal data for:
i) carry out marketing, communications, research and development activities,
ii) analyse and research how to improve our services both offline and on the Platform, by using the data provided by you (such as in focus groups, reviews, valuations of the services, satisfaction survey, feedback or any kind, etc.),
iii) provide you with personalised offers, promotions, discounts, suggestions, views and options in App, by email or by any other communication means, including the use of cookies or other technologies for advertising in third party websites or apps, according to our Cookie Policy and only if you have agreed to,
iv) carry out promotional activities for the delivery of samples or free products inside the order placed by you, which may be of your interest to promote Glovo’s and our Partner’s products or services,
v) carry out promotional activities such as contests, raffles, tenders, quizzes, competitions between users when they have subscribed and/or sent their data for such campaigns,
vi) create custom audiences with Facebook or other providers to reach out to you or other people with similar characteristics, who might be interested in using Glovo services; you can manage your privacy in your Facebook or other third party platform settings,
vii) use as commercial or marketing material published by you on your social networks profiles when Glovo has been expressly mentioned by you (i.e. via hashtag or @).
Glovo might show you ads based on your interests. If you prefer not to see these ads, you can always opt out by emailing us at gdpr@glovoapp.com or through managing your privacy in our settings: enter your Glovo account >>Manage privacy>>personalised ads
We may personalize the marketing communications by using the User activity in our App (including your past orders) and the interaction with the App, online advertising, previous emails, promotions, etc. However, this personalisation is not made only by automated means, nor have any legal effect or affect the User similarly.
Glovo may use Push services on the User’s mobile device to provide marketing communications. If the User does not want to receive these marketing communications, he / she shall unsubscribe in the notifications centre. Please note that disabling Push notifications will also prevent the User from receiving notifications about the status of any order.
Non-marketing purposes
Glovo processes your personal data for:
i) generate and provide you with receipts from each of your Orders placed through our App,
ii) inform you about any incident on the Platform or the operation of the services, including incidents related to your orders. This information can be sent by e-mail or SMS messages, and any other messaging application, that may be used by you and Glovo at any moment,
iii) inform you about any changes to our Terms and Conditions, privacy policy, cookies policy, services, and more generally to inform you about any relevant non-marketing communications.
iii) process incidents and claims with insurance companies in the event you report the occurrence of any damages or unforeseen events that may be covered by Glovo’s insurance policy.
5.2 What kind of data do we hold about you and how is your personal data collected?
Glovo holds the following data about you:
1. Information supplied directly by you:
1.1. Registration Data: the information provided by you when you create an account on the Glovo Platform: username and e-mail.
1.2. User Profile Information: the information added by you on the Platform in order to be able to use Glovo's service, e.g.. your mobile phone number and delivery address. You can view and edit the personal data on your profile whenever you wish.
1.3. Payment information: payment information when processing your orders; card data will be processed by our electronic payment service providers, who will receive the data directly from you. Glovo will have access to this information only for complying with the request of any competent authority,
Glovo offers its users to store the payment information or card details. In this case, the card details are tokenized (converted in a unique code). This token is usable in the Glovo platform, allowing Glovo to facilitate the use of the platform by preventing the introduction of the card details each time you want to perform a payment and provide additional security, as the details of the card are never stored in our systems. You can erase this token at any moment in your profile area.
1.4. Additional information: any information that you could supply to Glovo for other purposes, e.g. your photograph or the billing address in the case if you have asked to receive invoices from Glovo.
1.5. Information about previous communications with Glovo: information supplied by you for the resolution of any queries or complaints about the use of the platform, whether through the contact form (website: glovoapp.com>>Contact us>>Policies, App: Help>>Not related to an order>>Policies), by e-mail or by phone through the customer service.
1.6. Information regarding any accidents: information of any of the parties involved in the provision of services through the Platform for the purpose of making insurance claims or carrying out any other actions with the insurance companies contracted by Glovo.
1.7. Information of conversations held with Glovo: Transcription and recording of conversations for the processing of incidents, queries or other consultations that may be made to guarantee and improve the quality of our services and for security reasons.
1.8. Information on Communications: communications exchanged between you and the Couriers on the chat system provided on the Platform whenever it is necessary to address any incident or discussion between Users and Couriers, or to comply with any request made by authorities. Glovo will never access the communications if it is not strictly necessary and will always ensure the privacy of its users and the confidentiality of all information exchanged on its platform.
1.9. Any additional information that you provide in your requests, comments or questions.
- Information indirectly supplied by Users:
2.1. Data arising from the Use of the Platform: Glovo collects the data arising from your Use of the Platform every time you interact with the Platform.
2.2. Data on the application and the device: Glovo stores data on the device and the Application used by you to access the services:
i) the IP address used by you to connect to the Internet using your computer or mobile phone, and to prevent fraudulent misappropriation or unauthorized access to your account by third parties,
ii) information about your computer or mobile phone, such as your Internet connection, browser type, version and operating system, and type of device,
iii) the full uniform resource locator (URL) Clickstream (the information related with your navigation through our website or the Application, links followed, etc.), including date and time,
iv) data from your account: information on the orders made by you, as well as feedback and/or comments made by you,
v) your browsing history and preferences.
2.3. Data arising from the User’s origin: if you arrive at the Glovo Platform through an external source (such as a link from another website or a social network, as long as you have authorised it on those websites), Glovo collects data on the source from which you arrived.
2.4. Data resulting from the management of incidents: if you contact the Glovo Platform through the Contact Form( website: glovoapp.com>>Contact us>>Policies or App: Help>>Not related to an order>>Policies), Glovo Chat or on Glovo’s phone number, Glovo will collect the messages received in the format used by you and may use and store them to manage current or future incidents.
2.5. Data arising from “cookies”: Glovo uses its own and third-party cookies to facilitate browsing by its users and for statistical purposes, among others (please refer to the Cookie Policy for more details).
2.6. Geolocation Data: provided that you have authorised this, Glovo will collect data relating to your location, including the real-time geographic location of your computer or mobile device.
2.7. Data resulting from external third parties:
i) Glovo collects personal data or information from external third parties only if you authorise such third parties to share that information with Glovo. For example, if you create an account through your Facebook or Google account, these platforms could disclose to us your personal data that can be found on your Facebook/Google profile (such as name, gender or age).
ii) If you choose to send messages to us from social media networks (including Twitter, Facebook and Whatsapp), we will collect that information you provide to us for the purposes set out in this privacy policy, including responding to your inquiry, providing you with customer support and resolving issues.
2.8. At Glovo your privacy is our top priority. We want to remind you that Glovo will never ask for an ID Card or related documents to verify your identity. Instead, we use secure and less intrusive methods to ensure your privacy. If you ever receive a request for personal documentation, such as an ID Card or any other related document, please, do not share it. In those cases, reach out to us immediately for verification and assistance. You can contact us through a form or emailing us to gdpr@glovoapp.com.
5.3. What are the recipients of your data and why are we communicating it?
Glovo warrants that all commercial partners, technicians, suppliers or independent third parties are bound by contractually binding promises to process the information shared with them in accordance with Glovo’s indications, this Privacy Policy and the applicable data protection legislation.
We will not disclose your personal data to any third party who does not act under our instructions and no communication will involve selling, renting, sharing or in any other way revealing customers’ personal information for commercial purposes in breach of the commitments made in this Privacy Policy.
When carrying out an order, data may be shared with:
- The Courier who carries out the task of collecting and delivering the product.
- Partners: the establishment or venue in charge of selling the product, if you have requested the purchase of a product. If you contact the above-mentioned providers directly and give them your data directly, Glovo will not be responsible for the providers’ use of such data.
- The Customer Care Services contracted by Glovo for the purpose of warning you of any possible incidents or asking why negative feedback has been given; data will be used to manage any incidents that may occur during the provision of the services.
- The payment Platform and payment service providers so that the amount can be charged to your account.
- Telecommunications service providers, when they are used to send communications regarding orders or incidents relating to orders.
- Providers rendering satisfaction survey services on Glovo’s behalf.
Sharing your data with third parties:
To continue providing the services offered through the Platform, Glovo may share your certain personal data with:
- Service providers: service providers that send parcels, carry out orders and/or resolve incidents with deliveries have access to your personal information as may be necessary only to carry out their functions. They must process the said personal information as provided in this Privacy Policy and in the applicable data protection legislation.
- Pharmacies: Glovo may provide your name and phone number to pharmacists dispensing products to those Users, to ensure the provision of pharmaceutical advice according to the current applicable legislation.
- Payment Service Providers: When you enter your card number on the App, this is stored directly by the Payment Platforms contracted by Glovo, which allows payment to be charged to your account. Payment service providers have been chosen based on their security measures and in any event complying with the security measures stipulated in the payment service legislation, and they are PCI Compliant under the Payment Card Industry Data Security Standard or PCI DSS. Glovo does not store such data in any event.
- Service providers for fraud control purposes: Glovo will share your data with fraud control service providers to assess the risk of the transactions carried out.
- Service providers for the anonymisation of some data: In order to prevent the misuse of your data by third-party service providers, your data may be being anonymised so that it can be used solely for the provision of the service. For example, Glovo may assign your telephone numbers to third parties in order to anonymise them and provide them in this format to the providers used to carry out the services contracted by you.
- Security companies and Law Enforcement Forces and Agencies: Glovo may disclose personal data on its customers’ accounts if such disclosure is necessary to comply with the law, to enforce or apply the “Terms of Use'' or to protect Glovo’s, its users’ or third parties’ rights, property or safety. It includes the exchange of information with other companies (for example, Glovo uses Google's reCAPTCHA Enterprise service to protect users from cyber attacks or threats to their accounts) and organisations and with Law Enforcement Forces and Agencies to protect against fraud and reduce credit risk.
- Call centre and incident management services: In order to provide a Customer Service and call centres, actions to measure your degree of satisfaction and the provision of administrative support services, your data may be disclosed to companies located outside the European Economic Area.
- Telecommunications services: In order to be able to provide you with telephone contact services, Glovo may contact telecommunications companies that provide secure lines and systems for the purpose of contacting you.
- Delivery Hero group companies: We are part of an international group of companies with legal entities in many parts of the world, including our group’s headquarters located with Delivery Hero SE in Berlin, Germany. In order to utilise our resources efficiently and ensure that our business processes function properly, we utilise our group-wide shared technological support services that sometimes necessitate sharing personal data with our parent company, Delivery Hero SE. Delivery Hero group companies are bound by strict intra-group data transfer agreements ascertaining compliance with data protection requirements whenever sharing personal data with group companies.
- Companies in the Glovo group: To be able to provide its services, Glovo may transfer your certain personal data to subsidiaries, based on the geographical area from which users request our services and to Delivery Hero GmbH. When you register on the Platform from any country in which Glovo operates, your data is stored on Glovo’s database, which is located in Ireland and belongs to the Spanish company Glovoapp23, S.A. In the case of subsidiaries located outside the European Economic Area, the data will be transferred, using the systems established by the European Commission and the GDPR, to countries with an appropriate personal data protection level or through contracts approved by the European Commission establishing and guaranteeing the rights of data subjects.
- Social media connected by Users: If you connect your Glovo account to other social media or to a third-party platform, Glovo may use the information provided to such social media or third party in compliance with the privacy policy of the social media or third-party platform in question.
- Third parties associated with Glovo for the purposes of commercial communications: Glovo may transfer your personal data to third parties associated with Glovo, provided that you have given your express informed and unequivocal consent to such transfer of data and that you are aware of the purpose and recipient of such transfer.
- Changes of ownership: If Glovo’s ownership changes or the majority of its assets are acquired by a third party, you are informed that Glovo will transfer your data to the acquiring organisations to continue to provide the services subject to the processing of data. As Glovo keeps growing continuously, we may buy or sell business units, assets, shares or legal entities, so data subjects’ information may also be transferred. That information, when acquired by Glovo, shall be processed as any other information as described in our privacy policy. You acknowledge that such transfer may occur and that we will be allowed to use your personal information for any of the purposes described in this Privacy Policy. The new file controller will inform Users of its identification data. Glovo states that it will comply with its duty of information and it shall inform Users of the change of file controller if and when this happens. This processing shall be carried out under the contract entered into with Glovo.
- Insurance companies: Glovo may provide your data to those insurers and insurance brokers it collaborates with, for the management and processing of claims and losses arising from the activity carried out by Glovo and the parties that collaborate with it.
Your data will not be disclosed to any third parties unless:
i) this is necessary to provide the services requested if Glovo is collaborating with third parties ;
ii) if Glovo has your express and unambiguous authorisation;
iii) where this has been requested by a competent authority pursuant to its functions (in order to investigate, prevent or take action in relation to illegal actions);
iv) finally, where required by law.
Sharing your data with Glovo Partners
Glovo may share your data also with some of Glovo’s top Partners and only under some certain conditions:
i) having obtained your expressed consent via consent checkbox which may appear (a) at the first order made by you or (b) in each order made by you previously to proceed with the check-out when placing an order through the Partner store.
Once giving your consent, you will be able to withdraw it at any time, using Contact Form ( website: glovoapp.com>>Contact us>>Policies or App: Help>>Not related to an order>>Policies). ii) having signed a Data Sharing Agreement with the Partner and ensuring that all legal, safety and technical measures are met.
5.4 How long will we keep your data?
Glovo shall retain your data for the duration of the contractual relationship and, after this has come to an end, for the period established by law for filing or defending the appropriate legal actions. This is established at a maximum of fifteen (15) years in order to comply with Glovo’s legal obligations – which include the duty to assist the security forces as necessary in the investigation and prosecution of crimes pursuant to the higher interest of public safety – and defend itself or take any action in relation to criminal, tax and social security matters.
The said period may be shorter depending on the legal provision applicable to each purpose of data processing, as established in the table of retention periods set forth in Annex I.
ANNEX I - GENERAL RETENTION PERIODS
GENERAL
TERM | DESCRIPTION | LEGAL REF. | |
DATA PROTECTION | 3 years | The limitation periods for infringements are:- Very serious infringements: after 3 years, - Serious infringements: after 2 years, - Minor infringements: after 1 year | Spanish Organic Data Protection Law (LOPD) |
PERSONAL CIVIL ACTIONS | 5 years | Personal actions of any kind without a specific limitation period established from the moment when the obligation becomes enforceable, taking into account that, in the case of ongoing positive or negative obligations, the period will start running again every time they are infringed. | Article 1962 of the Spanish Civil Code (Código Civil) |
ACCOUNTING AND TAX DOCUMENTATION | 6 years | For commercial purposes: books, correspondence, documentation and supporting documents relating to their business, duly ordered, from the last entry in the books, save as may be established by general or special provisions. This commercial obligation applies to both compulsory books (income, expenses, investment goods and provisions), and the documentation and documentary evidence of the entries contained in the books (invoices issued and received, vouchers, amendment invoices, bank documents, etc.). | Art. 30 of the Royal Decree of 22 August 1885 publishing the Civil Code |
4 years | For tax purposes: accounting books and other compulsory record books pursuant to the applicable tax legislation (personal income tax, VAT, corporation tax, etc.), as well as documentary evidence justifying the entries in the books (including software and computer files and any other documentary evidence that is relevant for tax purposes) must be retained at least for the period during which the tax authorities are entitled to verify and investigate and, therefore, assess and inform of, the tax owed. | Section 3 (Limitation Periods), Arts. 66 to 70 of Law 58/2003 of 17 December 2003, the General Taxation Law (Ley General Tributaria) | |
INFORMATION RELEVANT FOR CRIMINAL ACTIONS | 10 to 15 years | Any information and documentation that may be relevant for the prosecution or defence of criminal proceedings relating to the criminal liability of legal persons. This may include invoices, payment receipts, claims or complaints, delivery routes with geolocation, tax documentation and, in general, any other information from any data subject that may be useful to defend Glovo’s legal interests. | Article 131 of the Organic Law 10/1995, of 23 November 1995, publishing the Spanish Criminal Code (Código Penal). |
USERS
TERM | DESCRIPTION | LEGAL REF. | |
USERS AND CONSUMERS | 3 years | Claims to enforce performance of the service as a result of non-conformity with the contract are subject to a limitation period of three years after the delivery of the product | Article 123.4 of Royal Legislative Decree 1/2007 of 16 November 2007 approving the consolidated text of the General User and Consumer Defence Law (Ley General para la Defensa de los Consumidores y Usuarios) and other additional laws |
| 3 years | The limitation periods for infringements are:- Very serious infringements: after 3 years,- Serious infringements: after 2 years,- Minor infringements: after 6 months. | Article 45 of Law 34/2002 of 11 July 2002 on E-Commerce and Information Society Services (Ley de Servicios de la Sociedad de la Información y el Comercio Electrónico) |
MONEY LAUNDERING | 10 years | Documents formalising compliance with the obligations provided by law. | The filing systems of regulated parties must ensure the proper management and availability of documentation both for internal control purposes and for the purpose of responding to requests from the authorities in a proper and timely manner.Article 25 of Law 10/2010 of 28 April 2010 on the prevention of money laundering and the financing of terrorism (Ley de prevención del blanqueo de capitales y de la financiación del terrorismo). |
6. Useful information if you are a COURIER:
Glovo will process the personal data of Couriers for the following purposes:
1. For legal purposes.2. For contractual purposes.3. For security purposes.4. For statistics and research purposes.Legal purposes
Glovo processes your personal data for:
i) detect and investigate fraud and possible crimes committed against our Platform and all the users,
ii) comply with the legislation in case any legal regulations oblige us to keep your data for a defined period of time (please check Annex I on data retention),
iii) manage and execute your request(s) to exercise the rights established in the GDPR and local regulations,
iv) file, submit and defend legal actions against any entity of our Group,
v) manage and execute your claims related to an Order, problems with the delivery and different sorts of general incidents generated by the use of the Platform.
Contractual purposes
Glovo processes your personal data for:
i) manage Glovo’s activity, enabling you to access and communicate with the Glovo platform so as to provide their services through it,
ii) provide informative sessions to you before the starting of services (focus groups) and to comply with the services offered by the providers through the technological platform, and with obligations arising from the contractual relationship,
iii) studying the use of the platform performed by you and performance of focus groups with you to understand their opinion and feedback about the services provided,
iv) provide you with the equipment and material needed to provide the services, if requested,
v) activate the insurance in case of an incident of you during the delivery of an Order,
vi) assign Orders to you and show to the cCustomers your position while delivering their Orders,
vii) assist you during the performance of services by contacting customer centres,
viii) notify you concerning changes or updates to our services, terms and conditions, privacy policy, cookies policy and any other corporate document that may affect them in a substantial way
Security purposes
Glovo processes your personal data for:
i) control visitors’ access to Courier centre’s facilities and ensure your goods’ and facilities’ safety,
ii) use device, location, profile, usage, and other data to prevent and detect improper payments, money laundering, especially when you pay by cash,
iii) when requested by any authority, administration or court, collaborate with Public Authorities whenever they request Glovo information useful to the aim of their investigation (e.g. anti-drug projects, anti-fraud projects, anti-terrorism projects),
iv) defend Glovo interests in case of a conflict between the parties related to the interpretation or execution of the contract,
v) comply with the compensation, accounting, tax and economic obligations.
For statistics and research purposes
Glovo processes your statistics based on your personal data for:
i) carry out statistical and financial calculations based on aggregate and non-identifiable data,
ii) send voluntary and anonymous questionnaires, as well as surveys, competitions and communications of your interest, for the purpose of assessing the quality of the relationship and any opinions that you may have.
6.2 What kind of data do we hold about you and how is your personal data collected?
Glovo holds the following data about you:
- Name and surnames: pursuit of the contractual relationship.
- Identity Card (DNI) / Passport No.Foreign resident’s card: pursuit of the contractual relationship – billing and legal compliance.
- Social Security number: payment management and legal compliance.
- Bank and billing information: information for billing purposes, current account or credit card numbers, if necessary to fulfil contractual obligations or manage purchases, or services.
- Photo: road safety, account fraud prevention and public safety.
- Image: video surveillance and access control when entering one of the company’s sites.
- Voice (without biometrics) from Customer service calls: pursuit of the contractual relationship and legal compliance.
- Signature: pursuit of the contractual relationship.
- Date of birth: legal compliance.
- Residence details (resident/non-resident): legal compliance.
- Accident insurance processing details: accident insurance management.
- Driving licence: road safety.
- Own vehicle: pursuit of the contractual relationship.
- Vehicle insurance: pursuit of the contractual relationship.
- Geolocation: management of the service provider’s location during the provision of services for road safety reasons and in order to comply with tax and accounting obligations.
- Phone number and Email (Contact data): Pursuit of the contractual relationship and be able to communicate with the Courier by sending some communications through different channels such as: SMS, email, Whatsapp messages, etc.
- Internet connection: pursuit of the contractual relationship.
- Conversation information: Transcription and recording of conversations held between Couriers and Glovo to guarantee and improve the quality of our services, processing of incidents and for security reasons.
6.3 What are the recipients of your data and why are we communicating it?
Your data may be disclosed to third parties only where necessary for the establishment, performance and termination of the contractual relationship with Glovo. We never disclose your data to unauthorised third parties. All data recipients must meet the legal data protection requirements and prove their data protection level with appropriate proofs.
The third-party recipients of the Data include:
i) establishments with which Glovo has a commercial contract,
ii) users who have placed an order whose delivery will be provided by you,
iii) external service providers that provide commercial offers with benefits and/or discounts for you,
iv) advisers and consultants for the pursuit of accounting, labour, tax, insurance, legal and technical activities,
v) government bodies for regulatory matters (tax authority, social security system, etc.), vi) state security forces, courts, mediation and arbitration bodies.
Glovo hereby informs you that the Data may be disclosed to companies in the Glovo group in connection with the purposes described previously.
The Data may also be transferred inside and outside the European Union to group companies or third parties in charge of the filing and management of computer data solely for purposes related to the management of the contractual relationship between the Parties and fully in accordance with the applicable data protection legislation. Glovo hereby reports that it has taken the necessary measures to ensure that the disclosure of your data is carried out in accordance with the above-mentioned legislation.
Companies in the Glovo group: To be able to provide its services, Glovo may transfer your certain personal data to subsidiaries, based on the geographical area from which users request our services and to Delivery Hero GmbH. When you register on the Platform from any country in which Glovo operates, your data is stored on Glovo’s database, which is located in Ireland and belongs to the Spanish company Glovoapp23, S.A. In the case of subsidiaries located outside the European Economic Area, the data will be transferred, using the systems established by the European Commission and the GDPR, to countries with an appropriate personal data protection level or through contracts approved by the European Commission establishing and guaranteeing the rights of data subjects.
6.4 How long will we keep your data?
Glovo shall retain your data for the duration of the contractual relationship and, after this has come to an end, for the period established by law for filing or defending the appropriate legal actions. This is established at a maximum of fifteen (15) years in order to comply with Glovo’s legal obligations – which include the duty to assist the security forces as necessary in the investigation and prosecution of crimes pursuant to the higher interest of public safety – and defend itself or take any action in relation to criminal, tax and social security matters.
The said period may be shorter depending on the legal provision applicable to each purpose of data processing, as established in the table of retention periods set forth in Annex I.
ANNEX I - GENERAL RETENTION PERIODS
GENERAL
TERM | DESCRIPTION | LEGAL REF. | |
DATA PROTECTION | 3 years | The limitation periods for infringements are:- Very serious infringements: after 3 years, - Serious infringements: after 2 years, - Minor infringements: after 1 year | Spanish Organic Data Protection Law (LOPD) |
PERSONAL CIVIL ACTIONS | 5 years | Personal actions of any kind without a specific limitation period established from the moment when the obligation becomes enforceable, taking into account that, in the case of ongoing positive or negative obligations, the period will start running again every time they are infringed. | Article 1962 of the Spanish Civil Code (Código Civil) |
ACCOUNTING AND TAX DOCUMENTATION | 6 years | For commercial purposes: books, correspondence, documentation and supporting documents relating to their business, duly ordered, from the last entry in the books, save as may be established by general or special provisions. This commercial obligation applies to both compulsory books (income, expenses, investment goods and provisions), and the documentation and documentary evidence of the entries contained in the books (invoices issued and received, vouchers, amendment invoices, bank documents, etc.). | Art. 30 of the Royal Decree of 22 August 1885 publishing the Civil Code |
4 years | For tax purposes: accounting books and other compulsory record books pursuant to the applicable tax legislation (personal income tax, VAT, corporation tax, etc.), as well as documentary evidence justifying the entries in the books (including software and computer files and any other documentary evidence that is relevant for tax purposes) must be retained at least for the period during which the tax authorities are entitled to verify and investigate and, therefore, assess and inform of, the tax owed. | Section 3 (Limitation Periods), Arts. 66 to 70 of Law 58/2003 of 17 December 2003, the General Taxation Law (Ley General Tributaria) | |
INFORMATION RELEVANT FOR CRIMINAL ACTIONS | 10 to 15 years | Any information and documentation that may be relevant for the prosecution or defence of criminal proceedings relating to the criminal liability of legal persons. This may include invoices, payment receipts, claims or complaints, delivery routes with geolocation, tax documentation and, in general, any other information from any data subject that may be useful to defend Glovo’s legal interests. | Article 131 of the Organic Law 10/1995, of 23 November 1995, publishing the Spanish Criminal Code (Código Penal). |
COURIERS
TERM | DESCRIPTION | LEGAL REF. | |
COMMERCIAL AGREEMENTS OR. CONTRACTS | 6 years | The agreements signed between the Courier and Glovo in case of commercial relationships. | Article 30 of the Royal Decree of 22 August 1885 publishing the Code of Commerce (Código de Comercio). |
COMMERCIAL AGREEMENTS OR. CONTRACTS | 6 years | The agreements signed between the Courier and Glovo in case of commercial relationships. | Article 30 of the Royal Decree of 22 August 1885 publishing the Code of Commerce (Código de Comercio). |
USERS AND CONSUMERS | 3 years | Claims to enforce performance of the service as a result of non-conformity with the contract are subject to a limitation period of three years after the delivery of the product | Article 123.4 of Royal Legislative Decree 1/2007 of 16 November 2007 approving the consolidated text of the General User and Consumer Defence Law (Ley General para la Defensa de los Consumidores y Usuarios) and other additional laws |
E-COMMERCE AND INFORMATION SOCIETY SERVICES | 3 years | The limitation periods for infringements are:- Very serious infringements: after 3 years,- Serious infringements: after 2 years,- Minor infringements: after 6 months. | Article 45 of Law 34/2002 of 11 July 2002 on E-Commerce and Information Society Services (Ley de Servicios de la Sociedad de la Información y el Comercio Electrónico) |
7. Useful information if you are a PARTNER:
7.1 What are the data processing purposes and the legitimate basis of the processing?
Glovo will process your personal data in order to:
i) grant you the possibility to create your own account and maintain the business relationship with Glovo in order to provide technology intermediation in the generation of leads and processing of payments and other services relating to in-store sales and the delivery of products, also to handle incidents arising in relation to orders,
ii) provide you with customer service to answer your questions or consultations.
7.2 What kind of data do we hold about you and how is your personal data collected?Glovo holds the following data about you:
- Information supplied directly by you:
1.1. Registration Data: the information provided by you when you create an account on the Glovo Platform: username and e-mail.
1.2. User Profile Information phone number and email; phone number and email; pursuit of the business relationship and be able to communicate with the Partner or the Investor by sending some communications through different channels such as: SMS, email.
1.3. Information of conversations held with Glovo Transcription and recording of conversations for the processing of incidents, queries or other consultations that may be made to guarantee and improve the quality of our services and for security reasons.
1.4. Any additional information that you provide in your requests, comments or questions
7.3 How long will we keep your data?
Glovo shall retain your data for the duration of the contractual relationship and, after this has come to an end, for the period established by law for filing or defending the appropriate legal actions. This is established at a maximum of fifteen (15) years in order to comply with Glovo’s legal obligations – which include the duty to assist the security forces as necessary in the investigation and prosecution of crimes pursuant to the higher interest of public safety – and defend itself or take any action in relation to criminal, tax and social security matters.
The said period may be shorter depending on the legal provision applicable to each purpose of data processing, as established in the table of retention periods set forth in Annex I.
ANNEX I - GENERAL RETENTION PERIODS
GENERAL
TERM | DESCRIPTION | LEGAL REF. | |
DATA PROTECTION | 3 years | The limitation periods for infringements are:- Very serious infringements: after 3 years, - Serious infringements: after 2 years, - Minor infringements: after 1 year | Spanish Organic Data Protection Law (LOPD) |
PERSONAL CIVIL ACTIONS | 5 years | Personal actions of any kind without a specific limitation period established from the moment when the obligation becomes enforceable, taking into account that, in the case of ongoing positive or negative obligations, the period will start running again every time they are infringed. | Article 1962 of the Spanish Civil Code (Código Civil) |
ACCOUNTING AND TAX DOCUMENTATION | 6 years | For commercial purposes: books, correspondence, documentation and supporting documents relating to their business, duly ordered, from the last entry in the books, save as may be established by general or special provisions. This commercial obligation applies to both compulsory books (income, expenses, investment goods and provisions), and the documentation and documentary evidence of the entries contained in the books (invoices issued and received, vouchers, amendment invoices, bank documents, etc.). | Art. 30 of the Royal Decree of 22 August 1885 publishing the Civil Code |
4 years | For tax purposes: accounting books and other compulsory record books pursuant to the applicable tax legislation (personal income tax, VAT, corporation tax, etc.), as well as documentary evidence justifying the entries in the books (including software and computer files and any other documentary evidence that is relevant for tax purposes) must be retained at least for the period during which the tax authorities are entitled to verify and investigate and, therefore, assess and inform of, the tax owed. | Section 3 (Limitation Periods), Arts. 66 to 70 of Law 58/2003 of 17 December 2003, the General Taxation Law (Ley General Tributaria) | |
INFORMATION RELEVANT FOR CRIMINAL ACTIONS | 10 to 15 years | Any information and documentation that may be relevant for the prosecution or defence of criminal proceedings relating to the criminal liability of legal persons. This may include invoices, payment receipts, claims or complaints, delivery routes with geolocation, tax documentation and, in general, any other information from any data subject that may be useful to defend Glovo’s legal interests. | Article 131 of the Organic Law 10/1995, of 23 November 1995, publishing the Spanish Criminal Code (Código Penal). |
PARTNERS
TERM | DESCRIPTION | LEGAL REF. | |
COMMERCIAL AGREEMENTS OR. CONTRACTS | 6 years | The agreements signed between the Courier and Glovo in case of commercial relationships. | Article 30 of the Royal Decree of 22 August 1885 publishing the Code of Commerce (Código de Comercio). |
USERS AND CONSUMERS | 3 years | Claims to enforce performance of the service as a result of non-conformity with the contract are subject to a limitation period of three years after the delivery of the product | Article 123.4 of Royal Legislative Decree 1/2007 of 16 November 2007 approving the consolidated text of the General User and Consumer Defence Law (Ley General para la Defensa de los Consumidores y Usuarios) and other additional laws |
E-COMMERCE AND INFORMATION SOCIETY SERVICES | 3 years | The limitation periods for infringements are:- Very serious infringements: after 3 years,- Serious infringements: after 2 years,- Minor infringements: after 6 months. | Article 45 of Law 34/2002 of 11 July 2002 on E-Commerce and Information Society Services (Ley de Servicios de la Sociedad de la Información y el Comercio Electrónico) |
MONEY LAUNDERING | 10 years | Documents formalising compliance with the obligations provided by law. | The filing systems of regulated parties must ensure the proper management and availability of documentation both for internal control purposes and for the purpose of responding to requests from the authorities in a proper and timely manner.Article 25 of Law 10/2010 of 28 April 2010 on the prevention of money laundering and the financing of terrorism (Ley de prevención del blanqueo de capitales y de la financiación del terrorismo). |
8. Useful information if you are an INVESTOR:
8.1 What are the data processing purposes and the legitimate basis of the processing?
Glovo will process your personal data for the following purposes:
i) fulfil the requirements of Glovo’s Compliance Model of carrying out an Investors Due Diligence procedure,
ii) formalise the relationship with you as an Investor,
iii) notify you concerning the corporate matters and inform you about Glovo’s results.
8.2 What kind of data do we hold about you and how is your personal data collected?1. Information supplied directly by you:
1.1. Registration Data: the information provided by you when you create an account on the Glovo Platform: username and e-mail.
1.2. User Profile Information: phone number and email; pursuit of the business relationship and be able to communicate with the Partner or the Investor by sending some communications through different channels such as: SMS, email.
1.3. Information of conversations held with Glovo: transcription and recording of conversations for the processing of incidents, queries or other consultations that may be made to guarantee and improve the quality of our services and for security reasons.
1.4. Any additional information that you provide in your requests, comments or questions.
8.3 How long will we keep your data?
Glovo shall retain your data for the duration of the contractual or investment relationship and, after this has come to an end, for the period established by law for filing or defending the appropriate legal actions. This is established at a maximum of fifteen (15) years in order to comply with Glovo’s legal obligations – which include the duty to assist the security forces as necessary in the investigation and prosecution of crimes pursuant to the higher interest of public safety – and defend itself or take any action in relation to criminal, tax and social security matters.
The said period may be shorter depending on the legal provision applicable to each purpose of data processing, as established in the table of retention periods set forth in Annex I.
ANNEX I - GENERAL RETENTION PERIODS
GENERAL
TERM | DESCRIPTION | LEGAL REF. | |
DATA PROTECTION | 3 years | The limitation periods for infringements are:- Very serious infringements: after 3 years, - Serious infringements: after 2 years, - Minor infringements: after 1 year | Spanish Organic Data Protection Law (LOPD) |
PERSONAL CIVIL ACTIONS | 5 years | Personal actions of any kind without a specific limitation period established from the moment when the obligation becomes enforceable, taking into account that, in the case of ongoing positive or negative obligations, the period will start running again every time they are infringed. | Article 1962 of the Spanish Civil Code (Código Civil) |
ACCOUNTING AND TAX DOCUMENTATION | 6 years | For commercial purposes: books, correspondence, documentation and supporting documents relating to their business, duly ordered, from the last entry in the books, save as may be established by general or special provisions. This commercial obligation applies to both compulsory books (income, expenses, investment goods and provisions), and the documentation and documentary evidence of the entries contained in the books (invoices issued and received, vouchers, amendment invoices, bank documents, etc.). | Art. 30 of the Royal Decree of 22 August 1885 publishing the Civil Code |
4 years | For tax purposes: accounting books and other compulsory record books pursuant to the applicable tax legislation (personal income tax, VAT, corporation tax, etc.), as well as documentary evidence justifying the entries in the books (including software and computer files and any other documentary evidence that is relevant for tax purposes) must be retained at least for the period during which the tax authorities are entitled to verify and investigate and, therefore, assess and inform of, the tax owed. | Section 3 (Limitation Periods), Arts. 66 to 70 of Law 58/2003 of 17 December 2003, the General Taxation Law (Ley General Tributaria) | |
INFORMATION RELEVANT FOR CRIMINAL ACTIONS | 10 to 15 years | Any information and documentation that may be relevant for the prosecution or defence of criminal proceedings relating to the criminal liability of legal persons. This may include invoices, payment receipts, claims or complaints, delivery routes with geolocation, tax documentation and, in general, any other information from any data subject that may be useful to defend Glovo’s legal interests. | Article 131 of the Organic Law 10/1995, of 23 November 1995, publishing the Spanish Criminal Code (Código Penal). |
9. Useful information if you are a JOB APPLICANT:
9.1 What are the data processing purposes and the legitimate basis of the processing?
Glovo will process your personal data for the following purposes:
i) consider your present or future suitability for any of the positions available at Glovo. In addition, Glovo shall process your data for the purpose of conducting any interviews it may deem necessary for the position, test your knowledge, contact companies for which you have previously worked, check references, and assess your skills and abilities in general.
ii) provide you with information of your interest regarding our Job offers.
9.2 What kind of data do we hold about you and how is your personal data collected?Glovo holds the following data about you:
- Information supplied directly by you:
1.1. Registration Data: the information provided by you when you apply for the position available at Glovo or when you request information of your interest regarding our job offers, including the information of your CV and any additional information provided by you during interviews, results of any test or assessment on skills, abilities carried out, information on previous companies and references.
1.2. Academic and Professional Data: student history, professional experience, membership in professional associations, trainings, qualifications.
1.3. Any additional information that you provide in your requests, comments or questions.
9.3 How long will we keep your data?
Your data will be retained for the duration of the selection process and, if you are not selected, for two (2) years following the end of such process, for the purpose of being able to offer the candidate any other vacancy that may be similar and/or compatible to those for which he/she has applied.
If you register in our Glovo Careers portal, your personal data may be retained until you delete your user or any information that you may have included in your applicant profile.
In some cases, we may have to retain some information to comply with any legal provision applicable, such as in case of fraud on your application, according to the table of general retention periods set forth in Annex I.
ANNEX I - GENERAL RETENTION PERIODS
GENERAL
TERM | DESCRIPTION | LEGAL REF. | |
DATA PROTECTION | 3 years | The limitation periods for infringements are:- Very serious infringements: after 3 years, - Serious infringements: after 2 years, - Minor infringements: after 1 year | Spanish Organic Data Protection Law (LOPD) |
PERSONAL CIVIL ACTIONS | 5 years | Personal actions of any kind without a specific limitation period established from the moment when the obligation becomes enforceable, taking into account that, in the case of ongoing positive or negative obligations, the period will start running again every time they are infringed. | Article 1962 of the Spanish Civil Code (Código Civil) |
ACCOUNTING AND TAX DOCUMENTATION | 6 years | For commercial purposes: books, correspondence, documentation and supporting documents relating to their business, duly ordered, from the last entry in the books, save as may be established by general or special provisions. This commercial obligation applies to both compulsory books (income, expenses, investment goods and provisions), and the documentation and documentary evidence of the entries contained in the books (invoices issued and received, vouchers, amendment invoices, bank documents, etc.). | Art. 30 of the Royal Decree of 22 August 1885 publishing the Civil Code |
4 years | For tax purposes: accounting books and other compulsory record books pursuant to the applicable tax legislation (personal income tax, VAT, corporation tax, etc.), as well as documentary evidence justifying the entries in the books (including software and computer files and any other documentary evidence that is relevant for tax purposes) must be retained at least for the period during which the tax authorities are entitled to verify and investigate and, therefore, assess and inform of, the tax owed. | Section 3 (Limitation Periods), Arts. 66 to 70 of Law 58/2003 of 17 December 2003, the General Taxation Law (Ley General Tributaria) | |
INFORMATION RELEVANT FOR CRIMINAL ACTIONS | 10 to 15 years | Any information and documentation that may be relevant for the prosecution or defence of criminal proceedings relating to the criminal liability of legal persons. This may include invoices, payment receipts, claims or complaints, delivery routes with geolocation, tax documentation and, in general, any other information from any data subject that may be useful to defend Glovo’s legal interests. | Article 131 of the Organic Law 10/1995, of 23 November 1995, publishing the Spanish Criminal Code (Código Penal). |
10. Useful information if you are a PROSPECT:
10.1 What are the data processing purposes and the legitimate basis of the processing?
Glovo will process your personal data for the following purposes:
i) process your requests to obtain the products and/or services offered by Glovo and manage the prospective relationship between both parties,
ii) carry out marketing, communications, research activities regarding Glovo’s products and/or services that are similar to those included in your request.
10.2 What kind of data do we hold about you and how is your personal data collected?
Glovo holds the following data about you:
- Information supplied directly by you:
1.1. Registration Data: the information provided by you when you request for information relating to our products and/or services.
1.2. Any additional information that you provide in your requests, comments or questions.
10.3 How long will we keep your data?
Glovo shall retain your data while it is necessary to provide you with the relevant answer to any question you may ask and, after this has come to an end, for the period established by law for filing or defending the appropriate legal actions. The said period may vary depending on the legal provision applicable to each purpose of data processing, as established in the table of retention periods set forth in Annex I.
ANNEX I - GENERAL RETENTION PERIODS
GENERAL
TERM | DESCRIPTION | LEGAL REF. | |
DATA PROTECTION | 3 years | The limitation periods for infringements are:- Very serious infringements: after 3 years, - Serious infringements: after 2 years, - Minor infringements: after 1 year | Spanish Organic Data Protection Law (LOPD) |
PERSONAL CIVIL ACTIONS | 5 years | Personal actions of any kind without a specific limitation period established from the moment when the obligation becomes enforceable, taking into account that, in the case of ongoing positive or negative obligations, the period will start running again every time they are infringed. | Article 1962 of the Spanish Civil Code (Código Civil) |
ACCOUNTING AND TAX DOCUMENTATION | 6 years | For commercial purposes: books, correspondence, documentation and supporting documents relating to their business, duly ordered, from the last entry in the books, save as may be established by general or special provisions. This commercial obligation applies to both compulsory books (income, expenses, investment goods and provisions), and the documentation and documentary evidence of the entries contained in the books (invoices issued and received, vouchers, amendment invoices, bank documents, etc.). | Art. 30 of the Royal Decree of 22 August 1885 publishing the Civil Code |
4 years | For tax purposes: accounting books and other compulsory record books pursuant to the applicable tax legislation (personal income tax, VAT, corporation tax, etc.), as well as documentary evidence justifying the entries in the books (including software and computer files and any other documentary evidence that is relevant for tax purposes) must be retained at least for the period during which the tax authorities are entitled to verify and investigate and, therefore, assess and inform of, the tax owed. | Section 3 (Limitation Periods), Arts. 66 to 70 of Law 58/2003 of 17 December 2003, the General Taxation Law (Ley General Tributaria) | |
INFORMATION RELEVANT FOR CRIMINAL ACTIONS | 10 to 15 years | Any information and documentation that may be relevant for the prosecution or defence of criminal proceedings relating to the criminal liability of legal persons. This may include invoices, payment receipts, claims or complaints, delivery routes with geolocation, tax documentation and, in general, any other information from any data subject that may be useful to defend Glovo’s legal interests. | Article 131 of the Organic Law 10/1995, of 23 November 1995, publishing the Spanish Criminal Code (Código Penal). |
11. Useful information if you are a WEB VISITOR:
11.1 What are the data processing purposes and the legitimate basis of the processing?
Glovo will process your personal data for the following purposes:
i) follow up your comments left on Glovo Website or our Blog. This may include, depending on your consent, the notification of new comments on the article commented by you, and the information on new entries on the blog or our website.
ii) provide you with the answer regarding your request.
11.2 What kind of data do we hold about you and how is your personal data collected?
Glovo holds the following data about you:
- Information supplied directly by you:
1.1. Registration Data: the information provided by you when you request for information relating to our products and/or services.
1.2. Any additional information that you provide in your requests, comments or questions.
1.3. Data derived from cookies: GLOVO uses its own and third party cookies to facilitate navigation for its users and for statistical purposes (see Cookies Policy).11.3 How long will we keep your data?
Glovo shall retain your data while it is necessary to provide you with the relevant answer to any question you may ask and, after this has come to an end, for the period established by law for filing or defending the appropriate legal actions.
The said period may vary depending on the legal provision applicable to each purpose of data processing, as established in the table of retention periods set forth in Annex I.
Any comment you may post on our articles published on Glovo Website and/or Blog may be kept indefinitely while the post is still published.
ANNEX I - GENERAL RETENTION PERIODS
GENERAL
TERM | DESCRIPTION | LEGAL REF. | |
DATA PROTECTION | 3 years | The limitation periods for infringements are:- Very serious infringements: after 3 years, - Serious infringements: after 2 years, - Minor infringements: after 1 year | Spanish Organic Data Protection Law (LOPD) |
PERSONAL CIVIL ACTIONS | 5 years | Personal actions of any kind without a specific limitation period established from the moment when the obligation becomes enforceable, taking into account that, in the case of ongoing positive or negative obligations, the period will start running again every time they are infringed. | Article 1962 of the Spanish Civil Code (Código Civil) |
ACCOUNTING | 6 years | For commercial purposes: books, correspondence, documentation and supporting documents relating to their business, duly ordered, from the last entry in the books, save as may be established by general or special provisions. This commercial obligation applies to both compulsory books (income, expenses, investment goods and provisions), and the documentation and documentary evidence of the entries contained in the books (invoices issued and received, vouchers, amendment invoices, bank documents, etc.). | Art. 30 of the Royal Decree of 22 August 1885 publishing the Civil Code |
4 years | For tax purposes: accounting books and other compulsory record books pursuant to the applicable tax legislation (personal income tax, VAT, corporation tax, etc.), as well as documentary evidence justifying the entries in the books (including software and computer files and any other documentary evidence that is relevant for tax purposes) must be retained at least for the period during which the tax authorities are entitled to verify and investigate and, therefore, assess and inform of, the tax owed. | Section 3 (Limitation Periods), Arts. 66 to 70 of Law 58/2003 of 17 December 2003, the General Taxation Law (Ley General Tributaria) | |
INFORMATION RELEVANT FOR CRIMINAL ACTIONS | 10 to 15 years | Any information and documentation that may be relevant for the prosecution or defence of criminal proceedings relating to the criminal liability of legal persons. This may include invoices, payment receipts, claims or complaints, delivery routes with geolocation, tax documentation and, in general, any other information from any data subject that may be useful to defend Glovo’s legal interests. | Article 131 of the Organic Law 10/1995, of 23 November 1995, publishing the Spanish Criminal Code (Código Penal). |
12. Do we proceed to international transfer of data?
When choosing service providers, Glovo may transfer your data outside the borders of the European Economic Area, for example to the United States. In such cases, Glovo will ensure before sending the data, that such service providers are in compliance with the standard clauses and minimum security standards established by the European Commission and that they always process the data in accordance with Glovo’s instructions.
Basis and instructions regarding the international transfer
Glovo may have a contractual relationship with service providers under which they agree to comply with Glovo’s instructions and put in place the necessary security measures to protect your data.
Where Glovo is compelled to carry out further processing by EU law or the law of the EU Member States to which it is subject, it shall inform the service provider of such legal requirements prior to the processing.
Glovo may subsequently change, supplement or replace the instructions initially given to the service provider by means of individual instructions and is entitled to issue appropriate instructions at any time. This includes, among other things, instructions regarding the correction, deletion and prohibition of data. All instructions issued shall be documented by both Glovo and the service provider.
Requirements directed to service providersService providers may only collect, process or use data pursuant to a master contract and in accordance with Glovo’s instructions. This applies in particular to the transfer of personal data to a third country or an international organizations.
External service providers are required to inform Glovo if they consider that an instruction issued by Glovo, is in contravention of the data protection legislation. Furthermore, service providers are entitled to suspend the execution of the instruction concerned until its confirmation or modification by Glovo, and they have a duty to refuse to carry out any instructions that are clearly illegal.
13. Do we proceed to automated decision making?
Glovo does not adopt any decision that could affect our User/ Courier / Job Applicant significantly based solely on automated processing of their data (e.g. reordering from the stores where our Users have ordered in the past). The only decision-making processes of Glovo are conducted by applying human intervention (e.g. defining the conditions that the User shall meet to be considered for an offer, such as location).
Regarding the existence of automated decisions with legal effects for the Courier, it should be noted that:
- Decisions are not made solely on the basis of the automated processing of the personal data of Couriers, but, where appropriate, on the basis of an assessment of the performance of the service.
- Consumers or Stores have generated all parameters to be taken into account manually.
- All parameters and metrics used to make such decisions always and exclusively refer to the service and the execution of the Terms and Conditions, regardless of the Courier executing it.
- Profiles based on the personal data or personal characteristics of the Couriers are not created, as described below.
- In no case the attributes of the personality or of the non-professional sphere of the Couriers are taken into account.
- The results depend on previous and voluntary actions of the Couriers.
- The results may be corrected if there has been an error and/or discrepancy between the Couriers and Glovo.
- The Couriers are not prevented from exercising any right.
- The Couriers are not prevented from accessing a good or service.
- The Couriers are not prevented from entering into a contract.
14. Do we create profiles and/or segment users based on the collected data?
When using the application, Glovo classifies Users based on the information provided by them about their usage of the application to adapt it to their needs and to improve it.
The classification is conducted by solely using first party data. We use information that our Users provide us, such as their historical orders and popularity among new users to suggest similar stores that could be of their interest. This classification is only intended to ensure that our Users find relevant contents, Partners or offers, among others, that may be suitable according to their preferences, and will never have any legal effect on them or the provision of the services by Glovo, the Partners or the Couriers.
Glovo reserves the right to customise the content on its platform and adjust its fees based on various factors and/or information, including but not limited to the number of orders placed by the user prior to the current session, location data, order and delivery data. This process may involve user segmentation based on the data we collect from you, ensuring we can offer you the most personalised and relevant experience possible in our APP.
We remind you that you have the right to not be subject to automated decision making in case you consider that user segmentation may have legal effects to you., by emailing us to gdpr@glovoapp.com
Please, refer to our T&C for more information.
15. What security measures have been adopted?
Glovo has taken the necessary steps recommended by the European Commission and the competent authority to maintain the required security level, according to the nature of the personal data processed and the circumstances of the processing, in order to avoid, to the extent possible and always in accordance with the state of the art, its alteration, loss or unauthorised access or processing. As mentioned above, the personal data supplied will not be disclosed to third parties without the data subject’s prior authorisation.
16. Ethics Channel
Glovo's Ethics Channel (accessible here) is an information system aimed at both employees and third parties, from which they can request information about the company's Compliance model and/or the internal regulations that develop it and/or report conduct or acts that may constitute a violation of the regulations to which Glovo is subject, the Code of Ethics or any other internal regulations.
1. Glovo informs its employees and third parties that it will process the personal data provided in this context for different purposes:
(i) To process requests/complaints received through the complaints channel.
ii) To investigate the facts communicated/complained through this mechanism.
iii) Propose resolutions on communications and complaints related to possible criminal acts or breaches of regulations and ethics.
iv) Notify the competent authority of facts constituting criminal or administrative offenses and/or, where appropriate, take disciplinary action against an employee, as well as legal and/or contractual actions against partners, distributors, suppliers or other third parties with which it maintains relations.
2. Glovo declares that it has all the measures required by current regulations to ensure:
(i) The confidentiality of the identity of both the complainant and the reported, as well as any third party involved in the process.
ii) The confidentiality of the communication and documents that the complainant may have provided, as well as the unauthorized access to them.
If our Data Subjects have any questions or would like to obtain more information, they can contact the department in charge through the following e-mail address: compliance@glovoapp.com
For any exercise of data protection rights, please click HERE or contact us at gdpr@glovoapp.com
17. Glovo Initiatives
- GLOVO SOCIAL
What is GLOVO SOCIAL?
GLOVO SOCIAL is a feature of our APP whereby you can add your contacts on your Glovo profile and create your own friends network in the APP. Once your contacts are added, you can share with them, under aggregated or identified basis, what you are ordering and how you are rating certain items and services offered through the APP.
How can you add your contacts to GLOVO SOCIAL?
First, we will ask you for access to your contacts list of your device. Once you expressly consent to it, your contacts will appear on your Glovo profile with the name and phone number that are stored in your device.
Then, from those contacts that are incorporated in your Glovo profile from your device, you will be able to add in your Glovo friends list but only those contacts who are already Glovo users. Hence, in order to protect users’ privacy, you will not be able to add contacts who don’t have a Glovo account.
Last, for adding them in your Glovo friends list successfully, your contacts who are already Glovo users will receive an invitation from your Glovo profile. However, to safeguard your contacts' privacy, you will be unable to know if they have a Glovo account until they accept to be part of your Glovo friends list from their device. Once accepted, they will become part of your Glovo friends list and you can start sharing information with each other.
How do we manage your data?
You always have full control over your Glovo friends list.
You can easily withdraw the consent given to Glovo to access the contacts list of your device at any time by removing the permit given to Glovo for accessing to your contacts list via in your device settings.
Additionally, you can add or remove friends from your Glovo friends list, as well as easily accept or decline invitations from other users’ Glovo users at any time.
What data do we share?
If you allow us to have access to the contacts list of your device, we will share with you aggregated data about the dishes and partners they rated positively or ordered in the last 12 months only, without identifying them.
In order to see who of your friends have rated a specific dish or partner positively in the last 12 months, you need to ensure that they have become your Glovo friends.
In no instance will Glovo share any information on any other order (such as grocery or shop orders), nor will it share information on the exact number, time or location of the orders made on the platform.
Do we share data with third parties?
We do not share your data with third parties except with those contacts who you accepted to be added in your Glovo account and/or friends you actively accepted to be part of your Glovo friends list. There are no international data transfers involved in this data sharing.
For how long do we share data with your friends? How can you refrain from sharing data with your friends?
We will share your data with your friends while you decide to keep them in your Glovo friend list or you do not revoke our permission to access your contact list on your device. Hence, we will stop sharing your data with your friends (either on an aggregated or identified basis) upon you withdraw the consent given.
How can you exercise your rights?
If you wish to exercise your rights or have any concerns, feel free to contact us through the form provided in our privacy policy or emailing us to gdpr@glovoapp.com.
18. Artificial Intelligence
We may use artificial intelligence technology, such as chatbots supported by large language models, as part of our customer service processes. In doing so, we maintain full control over your data and guarantee that it will not be shared with third parties for the purpose of training AI models.
In order to effectively address and resolve your concerns, which are integral to the fulfilment of the service we offer, we process your data based on the legal grounds of 'performance of a contract' in accordance with GDPR.
Please, be assured that we will never share your sensitive personal information when using AI tools, as well as we will ensure that human intervention takes place in any artificial intelligence technology we may use.
ANNEX II – DETAILS OF THE GLOVO GROUP COMPANIES
Country | Company name | Tax Identification Number (NIF)or other tax number | Registered address |
Andorra | Glovoapp SLU | L-716443-L | Passatge d'Europa, 1, 4th floor, AD500 Andorra la Vella, Andorra |
Armenia | “GLOVO” Limited liability company | 2841979 | V. Sargsyan / 26/1 Center 0010 Yerevan, Armenia |
Bosnia andHerzegovina | "GlovoApp”, Društvo sa ograničenom odgovornošću | 4202880430005 | Sarajevo, opština Centar, ulica Maglajska broj 1, MBS 6501631921 |
Bulgaria | Delivery Hero Bulgaria, EOOD | BG203039843 | Bulgaria, Sofia, Industrial Area Hladilnika 1407, No.2, Srebarna Str., Mobi Art building, fl. 2 |
Yvory coast | GLOVOAPP COTE D’IVOIRE SARL | 53703324719 | Rue du 7 décembre, Marcory Zone 4C Sud, Lot 76737, BP 654, Abidjan 27, Côte d’Ivoire |
Croatia | Glovoapp Technology d.o.o. | 48879371584 | Radnicka cesta 52 10000, Zagreb, Croatia |
Georgia | Glovoapp Georgia Llc | 402099475 | 5 Mikheil Asatiani Street, 6th Floor. Tbilisi |
Italy | Foodinho, S.R.L. | 09080990964 | Piazza Citta' Di Lombardia 1, 20124, Milano, Italia |
Kazakhstan | Glovoapp Kazhastan LLP | 1-90640018883 | Kazajstán, ciudad de Almaty, distrito de Bostandyk, avenida Al-Farabi, casa 17/1, PFC "Nurly-Tau", bloque 5B, oficina nº 18, código postal 050059 |
Kenya | Glovapp Kenya, LLC | P051739866F | The Mirage, Tower 3, 1st Floor, Suite 1 |
Kyrgyzstan | “GLOVO KG” LLC | 2109202010145 | Erkindik Ave. 64B, Office 18, Pervomaysky District, Bishkek, 720040 |
Moldova | GlovoAppMOL SRL | 1020600034411 | Vlaicu Pircalab 77, ap. 15, Chisinau 2012, Moldova. |
Montenegro | Glovo Montenegro d.o.o. | 03351475 | Rimski trg br. 4, Podgorica, Crna Gora |
Morocco | Glovoapp Morocco Sarl | 26046117 | Rue Soumaya Résidence Shehrazade 3, 5ème étage, n° 22 Palmiers 20340 - Casablanca |
Nigeria | Glovoapp Nigeria Limited | 23916307-0001 | 4th Floor, Adamawa Plaza Plot 1099, 1st Avenue Off Shehu Shagari Way, Central Business District FCT, Abuja, NIGERIA |
Poland | Restaurant Partner Polska SP.Z.o.o | 7252012779 | Piotrkowska 276, 90-361 Łódź, Poland |
Portugal | Glovoapp23, S.L. – Sucursal Em Portugal | 980593573 | Rua Alexandre Herculano, nº 19, 3º, Sala 3. 1250 008 Lisboa, Portugal |
Romanía | GlovoappRo, S.R.L. | 39053728 | Calea Serban Voda, nr 206, Cladirea U-Center, Etaj 4, Sector 4, București |
Serbia | Glovoapp Technology d.o.o. Beograd-Vračar | 111507569 | Ruzveltova 48, 11000 Belgrade, Serbia |
Spain | Glovoapp Spain Platform, S.L.U | B67282871 | Carrer Llull 108, (08005) Barcelona, España |
Tunisia | Glovoapp Tunisia SUARL | 1739051W | Résidence LAKEO, 1er étage, rue du Lac Michigan, les Berges du Lac 1, 1053, Tunis |
Uganda | Glovo Uganda Limited | 1017265563 | 4th Floor, DFCU Towers, 26 Kyadondo Road, Nakasero, Kampala, P O Box 1520, Kampala, Uganda |
Ukraine | Glovoapp Ukraine LLC | 42555522 | Ukraine, 01011, Kiev, Panasa Myrnoho street, building 11, office 2/21 |
Annex III - Definitions
For the purpose of this document:
- “Data Controller” shall mean: the entity in charge of determining the purposes and means of the processing of personal data
- “Data Processor” shall mean: the entity in charge of processing personal data on behalf of the controller
- “GDPR” shall mean: General Data Protection Regulation ((EU) 2016/679)
- “Glover(s)” also referred to as “Courier(s)” shall mean: the independent professionals in charge of providing the user with delivery services and who may access User’s personal data in order to perform such services
- “Glovo” also referred to as “Us” / “we / our / ours” shall mean: the company of the Glovo Group corresponding to the country where User(s) or Courier(s) have registered for the first time in the website or App. The legal details of such a company are included hereafter in the section “Who is the data controller of your data?”
- “Investor(s)” shall mean: anyone who shows interest in committing capital with the expectation of receiving financial returns
- “Job Applicant” shall mean: anyone who applies for a Job on Glovo's website or App
- “Local regulation” shall mean: the data protection regulation applicable to your country
- “Order(s)” shall mean: both food and non-food product/ service requested by the User through the Glovo Platform
- “Partner(s)” shall mean: local stores, physical “retailer”, “supplier”, or “seller” that offer to Users include their products and/or services in the Glovo Platform
- “Personal data” shall mean: any information which directly relates to User(s), Courier(s), Job Applicant(s), Partner(s), Investor(s), Prospect(s), Website Visitor(s) or that may allow their identification
- “Platform” shall mean: both and indifferently the Glovo website and Application
- “App” shall mean: the word “App” is used interchangeably with the word “Platform” , both words means the same: both and indifferently the Glovo website and Application
- “Processing of personal data” also referred to as “Data activity(ies)” shall mean: any activity performed on or with your Personal data, such as collecting, organising, accessing, holding, storing, disclosing, adapting, destroying, erasing or using the Data in any way
- “Profiling” is the process of construction and application of user profiles generated by computerised data analysis also understandable as the use of algorithms or other mathematical techniques that allow the discovery of patterns or correlations in large quantities of data, aggregated in databases
- “Prospects” shall mean: anyone who leaves their data on Glovo’s forms to receive information about Glovo’s services
- “User(s)” shall mean: anyone who registers on Glovo's website or App
- “Website Visitor(s)” shall mean: anyone who browses Glovo website, leaves comments in relation to Glovo’s publications or asks any questions through the website
- “Data Subject”: any natural person from whom data is collected or processed by Glovo; in essence, the User(s), the Agent(s), the Job Applicant(s), the Partner(s), the Investor(s), the Potential Client(s), the Website Visitor(s).