In accordance with the General Data Protection Regulation and any other applicable local data protection laws, YUMMITCO LTD (hereinafter, “YUMMIT”) hereby informs Users of its online Marketplace about the Privacy and Data Protection Policy that will be applied by it in the processing of the personal data voluntarily provided to it by Users when accessing the Site https://yummit.co/ or its related mobile application.
When registering, Users must provide the following information to create their account and edit their profile: username, e-mail and place of residence. In addition, and provided this has been authorized by Users, YUMMIT will collect data relating to their location, including the real-time geographic location of their computer or mobile device.
Once they have completed the registration process, all Users will be able to access, complete and/or edit their profile as they deem appropriate. Users may also access and create an account through their Facebook or Google profiles. The information and data provided by Users will be available in their user account area at all times and may be modified by them through the “edit profile” option.
Users agree to provide true and accurate data. Furthermore, they shall be solely responsible for any loss or damage that may be suffered by YUMMIT or third parties as a result of the information provided being false, inaccurate, out of date or not genuine.
- • Legislation applicable to Users’ personal data (Personal Data Protection).
- • Who is the file controller in relation to the Data provided by you?
- • What information does YUMMIT collect?
- • For what purpose is the data collected?
- • Does YUMMIT share the information it collects?
- • What rights do Users have?
- • How do we protect YUMMIT Users’ data?
- • Notifications and modifications
Legislation Applicable to Users’ Personal Data — (Personal Data Protection)
YUMMIT states its commitment to comply with the data protection legislation in force at all times. Users are informed that the personal data provided on the Website will be the subject of automated processing and will become part of the files belonging to YUMMIT, who will be the file control.
Basic Data Protection Information
- Identity — YUMMITCO LTD – Company Number: 10961268.
- Purpose — Management and provision of the services requested.
- Legitimization — Compliance with the contractual relationship, legitimate interest and User consent.
- Rights — The right to access, rectify and erase data, as well as other rights, as explained in the additional information.
- Additional Information — Additional detailed information on Data Protection can be found in the following sections.
Who is the File Controller in relation to the Data Provided by You?
All personal information provided or collected through https://yummit.co/ will be processed by YUMMIT, whose contact information can be found below, as file controller.
The file controller for your data:
- Identity — YUMMITCO LTD – Company Number: 10961268.
Postal address —
27 Old Gloucester Street, London, United Kingdom, WC1N 3AX Telephone no. 07925488894
- Contact Form — https://help.yummit.co/contact/
What Information Does YUMMIT Collect?
The YUMMIT Marketplace (which includes the Web format and the App) is used by both Users and our Suppliers (i.e. cooks, etc.). The information we receive from Users is collected as set out below.
YUMMIT collects Users’ information as supplied directly by them, as well as information that is provided indirectly through the use of the YUMMIT marketplace.
a) Information supplied directly by Users:
- • Registration Data: the information provided by Users when they create an account on the YUMMIT Marketplace: Username and e-mail.
- • User Profile Information: the information added by Users on the Marketplace in order to be able to use the YUMMIT service; i.e. their mobile phone number and delivery address. Users can view and edit the personal data on their profile whenever they wish. YUMMIT does not store Users’ credit card details, but these are provided to licensed electronic payment service provider Stripe, who receive the data included directly and store it in order to facilitate the payment process for Users and to manage it on YUMMIT’s behalf. This information is under no circumstances stored on YUMMIT’s servers. Users may delete the details of the credit cards linked to their account at any time. This will trigger the service provider to delete the information, which will have to be re-entered or selected in order to place new orders through the Marketplace. Users may request such providers’ privacy policies at any time.
- • Additional information that Users wish to share: any information that a User could supply to YUMMIT for other purposes. Examples include a photograph of the User.
- • Information about communications with YUMMIT: YUMMIT will have access to the information supplied by Users for the resolution of any queries or complaints about the use of the marketplace, whether through the Contact Form, by e-mail or by phone through the customer service.
- • In specific cases, based on our legitimate interest and on YUMMIT’s obligation to control the actions that may result in fraud or the commission of a crime related to the payment methods used by the users, YUMMIT could ask for a copy of the ID and the credit card used for the request of the order. All the data will be, in any case, treated by YUMMIT with the only purpose of complying with its vigilance and fraud prevention functions and will be stored as the relationship with the user remains valid, or even after this period only if the user or YUMMIT still have the right to present a claim or legal actions related to the payment of the products or of services requested through YUMMIT.
YUMMIT needs to process this data in order to perform the contractual relationship established. If a User does not provide this, the services requested may not be available and YUMMIT will be unable to provide them.
b) Information indirectly supplied by Users:
- Data arising from the Use of the Marketplace: YUMMIT collects the data arising from Users’ Use of the Marketplace every time they interact with the Marketplace.
- Data on the application and the device: YUMMIT stores data on the device and the Application used by Users to access the services. This data is:
- • The IP address used by each User to connect to the Internet using his/her computer or mobile phone.
- • Information about his/her computer or mobile phone, such as his/her Internet connection, browser type, version and operating system, and type of device.
- • The full Uniform Resource Locator (URL) clickstream, including date and time.
- • Data from the User’s account: information on the orders made by each User, as well as feedback and/or comments made about them by such User.
- • The User’s browsing history and preferences.
- Data arising from the User’s origin: if a User arrives at the YUMMIT Marketplace through an external source (such as a link from another website or a social network), YUMMIT collects data on the source from which the YUMMIT User arrived.
- Data resulting from the management of incidents: if a User contacts the YUMMIT Marketplace through the Contact Form or on YUMMIT’s phone number, YUMMIT will collect the messages received in the format used by the User and may use and store them to manage current or future incidents.
- Data resulting from external third parties: YUMMIT may collect personal data or information from external third parties only if the User authorizes such third parties to share that information with YUMMIT. For example, if a User creates an account through his/her Facebook account, Facebook could disclose to us the personal data of that User that can be found on his/her Facebook profile (such as name, gender or age).
Similarly, if a user accesses YUMMIT through products and services offered by Google, Google may send the User’s browsing data to YUMMIT, with access to the marketplace through the links created by Google.
- Geolocation Data: If this has been authorized by Users, YUMMIT will collect data relating to their location, including the real-time geographic location of their computer or mobile device.
For What Purpose is the Data Collected?
1. - To use the YUMMIT Marketplace
By the courier who performs the task of collecting and delivering the product.
By the cooks or venue in charge of selling the product, if the User has requested the purchase of a product.
By the Customer Care Services of YUMMIT for the purpose of warning the User of any possible incidents or asking why negative feedback has been given for the service. YUMMIT may use the data provided in order to manage any incidents that may occur during the provision of the services.
It may also be used to show Users all the orders made through the marketplace and to enable them to give their opinion on the services provided by YUMMIT.
By the payment provider Stripe so that the amount can be charged to the User’s account.
1.3. YUMMIT also uses the information to research and analyse how to improve the services it provides to Users, as well to develop and improve the features of the service it offers. Internally, YUMMIT uses the information for statistical purposes in order to analyse User behaviour and trends, to understand how Users use the YUMMIT Marketplace and to manage and improve the services offered, including the possibility of adding new, different services to the Marketplace.
2. - To ensure security and an appropriate environment for the safe supply of services.
2.1. YUMMIT may use the data in order to ensure the proper use of the products requested on its Marketplace (e.g. to ensure the delivery is made to persons over the age of 18).
Thus, for example, when YUMMIT is the intermediary for the collection of meals, the User expressly authorizes YUMMIT, where applicable, to provide the cook with any personal data that may be necessary to enable the cook responsible for cooking to contact the purchaser, if he/she considers it appropriate, and provide relevant information that will result in a correct use of the product. The cook may not use the data for any other purpose than that of providing the advice needed to provide the service entrusted.
YUMMIT may use the information provided by Users for the data processing described above based on the legitimate interest of protecting the proper use of the Marketplace, complying with the applicable legislation and ensuring the proper and safe provision of services.
3. - Promotion and commercial offers (on-line and off-line)
YUMMIT uses own dashboard integrated in its Marketplace for the purpose of collecting Users’ data and preferences. The following processing will thus be carried out on their data through the information collected:
3.1. YUMMIT may send to Users’ e-mail addresses promotional messages and/or offers relating to the service offered by it that may be of interest to Users. YUMMIT may gauge and personalize such advertising in accordance with its Users’ preferences. If a YUMMIT User does not wish to receive this information and/or commercial communications, he/she may at any time choose to “Unsubscribe” as provided in the e-mail, and YUMMIT will immediately stop sending the aforementioned information.
3.2. YUMMIT may also send Users messages and/or offers relating to such services through “push” notifications consisting of sending such promotional messages and/or offers to their mobile phones. If a YUMMIT User does not wish to receive the commercial communications described in this clause and in 3.1 above, he/she may remove them all by disabling them with a single click in the privacy preferences of his/her profile.
3.3. YUMMIT and/or the third parties associated with YUMMIT may use the order delivery address entered by the User for carrying out promotional activities, which may be of interest to the User (e.g. home delivery of advertising brochures) at the same time as delivering the order.
3.4. As a result of using the YUMMIT Marketplace, Users may also receive commercial communications from third parties associated with the Marketplace, such as Facebook and Google, all this in accordance with the privacy preferences set by each User on the said Marketplaces.
The processing described above shall be performed pursuant to YUMMIT’s legitimate interest in carrying out marketing activities for the benefit of Users, as described in the following section. It should be mentioned that Users might use their privacy management center to unsubscribe from online marketing services or to close their account if they do not wish to receive samples with their YUMMIT orders.
4. - To share User data with third parties.
4.2. If YUMMIT’s ownership changes or the majority of its assets are acquired by a third party, Users are informed that YUMMIT will transfer their data to the acquiring organisations in order to continue to provide the services subject to the processing of data. The new file controller will inform Users of its identification data. YUMMIT states that it will comply with its duty of information to the relevant Supervisory Authority in the event of such circumstances arising, and it shall inform Users of the change of file controller if and when this happens. This processing shall be carried out under the contract entered into with YUMMIT.
4.4. YUMMIT may, with a User’s express consent, transfer his/her personal data to third parties associated with YUMMIT, if the User has given his/her express informed and unequivocal consent to such transfer and is aware of the purpose and recipient of such transfer.
Does YUMMIT Share the Information It Collects?
For the proper performance of the contractual relationship and excellence in the provision of the service, as well as for its own legitimate interest, YUMMIT will share certain personal data of Users with:
When choosing service providers, YUMMIT may transfer users’ data outside the borders of the European Economic Area. In such cases, YUMMIT will ensure before sending the data that such service providers are in compliance with the minimum security standards established by the European Commission and that they always process the data in accordance with YUMMIT’s instructions. YUMMIT may have a contractual relationship with them under which the service providers agree to comply with YUMMIT’s instructions and to put in place the necessary security measures to protect Users’ data.
- Payment Gateway: YUMMIT does not store Users’ credit card details. However, the credit/debit cards’ identification details (number and expiry date) are stored by the payment service provider Stripe chosen by YUMMIT, which has high-level security measures in place, as it is PCI Compliant under the Payment Card Industry Data Security Standard or PCI DSS. If a User requests the deletion of the information relating to the payment method entered by him/her in his/her profile, the third-party payment service provider shall delete such information from its servers.
- After being required to do so by law, YUMMIT may share information with bodies of executive authorities and/or third parties in relation to requests for information relating to criminal investigations and alleged illegal activities.
- Call center, SMS providers and incident management services: In order to provide a Customer Service and call center, actions to measure Users’ degree of satisfaction and the provision of administrative support services, YUMMIT may disclose Users’ data to such companies, if it is authorized to do so and the security requirements mentioned in the preceding section have been met.
- Fraud control service providers: YUMMIT will share Users’ data with fraud control service providers to assess the risk of the transactions carried out.
- Providers of an anonymization service for some data: in order to prevent the misuse of Users’ data by third-party service providers. YUMMIT may disclose Users’ data so it can be anonymized and used solely to provide the service to Users. For example, YUMMIT may assign Users’ telephone numbers to third parties in order to anonymize them and provide them in this format to the providers that are to carry out the services contracted by Users.
- YUMMIT Users’ data will not be disclosed to any third parties unless: (i) this is necessary in order to provide the services requested if YUMMIT is collaborating with third parties; (ii) if YUMMIT has the User’s express and unambiguous authorisation; (iii) where this has been requested by a competent authority pursuant to its functions (in order to investigate, prevent or take action in relation to illegal actions); or (iv) finally, where required by law.
- Also with the User’s consent: to third parties that are not commercial partners and are not related to YUMMIT, if the User has given prior unambiguous authorisation.
What Rights Do Users Have?
How long will we keep your personal data for?
Unless the data subject requests its deletion, the personal data provided will be retained for 24 months from the last interaction.
If a User withdraws his/her consent or objects to processing, the data will be blocked and will stop being processed, and will be retained for 4 years for making claims or in case we need to defend ourselves from any possible claims.
The right to withdraw consent
Users may withdraw their consent for the processing of their data by YUMMIT at any time.
To do this, all they need to do is complete and send the Contact Form available at https://help.yummit.co/contact/. Data subjects may withdraw their consent at any time. Users accept and agree that the withdrawal of consent will render YUMMIT unable to provide the services of its Marketplace.
What information can Users access?
YUMMIT grants Users access to a large amount of information about their account and transactions at https://yummit.co/ so that they can view it, and in some cases update it.
All Users can access their profile and complete and/or edit it as they deem appropriate. As stated above, Users may also access and create an account through their Facebook or Google profiles. The information and data provided by Users will be available at all times in their user account area and may be modified by them through the “edit profile” option.
Rights of access, rectification, erasure, restriction of processing, objection and right to data portability
The right of access is the right that users have to ask YUMMIT if it processes any of their data, together with the information established in Article 15 of the GDPR.
As provided in Article 16 of the GDPR, Users may ask YUMMIT to rectify any incomplete data of theirs appearing in its database.
The right of erasure allows Users to ask YUMMIT to erase their personal data in the cases envisaged in Article 17 of the GDPR.
If a User requests this, based on the conditions of Article 18 of the GDPR, YUMMIT will limit the use of its data to what is established in that article.
Article 20 of the GDPR regulates Users’ right to data portability, which will allow them to ask YUMMIT to send all the data held by it in a structured and machine-readable format, and to request its transfer to another file controller requested by the Users themselves.
Users will also have the right to object to the processing of the personal data held by YUMMIT as established in Article 21 of the GDPR.
As the exercise of these rights is very personal, the data subjects concerned will have to prove their identity. These rights must be exercised by writing to YUMMIT, with the data subject’s signature and address and attaching a copy of his/her National Identity Card or other identification document, using YUMMIT’s Contact Form.
What options do Users have?
As mentioned above, if a User wishes to stop receiving e-mails from YUMMIT, he/she may adjust his/her Inbox subscription preferences and click on the “Unsubscribe” button.
In addition, Users may choose not to share their geolocation with YUMMIT. Most mobile devices give users the option of disabling location services. This option can usually be found in the device’s settings menu. If you have any doubts about how to disable the location services on your device, YUMMIT recommends that you contact the device manufacturer or service operator.
In addition to the rights described above, Users have the right to submit a claim to the supervisory authority so it can be dealt with.
How Do We Protect Users` Data?
YUMMIT has taken the necessary steps recommended by the European Commission and the competent authority to maintain the required security level, according to the nature of the personal data processed and the circumstances of the processing, in order to avoid, to the extent possible and always in accordance with the state of the art, its alteration, loss or unauthorised access or processing. As mentioned above, the personal data supplied will not be disclosed to third parties without the data subject’s prior authorisation.
Notifications and Modifications