Getir UK Limited
Website Privacy Policy
Last Updated: 11.04.2022
Getir UK Limited ("Getir", “we” or “us”) respects your right to privacy. This Privacy Policy explains who we are, how we collect, share and use personal information about you, and how you can exercise your privacy rights. This Privacy Policy only applies to personal information that we collect through our career website at join.getir.com/uk (“Website”).
For personal information that we collect when you use or interact with Getir mobile app, please see our App Privacy Policy.
If you have any questions or concerns about our use of your personal information, then please contact us using the contact details provided at the bottom of this Privacy Policy.
Quick links
We recommend that you read this Privacy Policy in full to ensure you are fully informed. However, if you only want to access a particular section of this Privacy Policy, then you can click on the relevant link below to jump to that section.
- What does Getir do?
- Information about the collection of personal information
- What personal information does Getir collect and why?
- Why does Getir collect this personal information?
- With whom does Getir share my personal information?
- Legal basis for processing personal information
- How does Getir keep my personal information secure?
- International data transfers
- Data retention
- Automated decision processing
- Your data privacy rights
- Updates to this Privacy Policy
- How to contact us
- Who is the controller of the data processing of your personal information?
What does Getir do?
Getir is an on-demand delivery service that offers customers the opportunity to purchase products and have them delivered directly to their door.
If you wish to order our products, please use our App, which is available at App Store and Google Play Store.
Information about the collection of personal information
Personal information is all data that can be related to you personally, e.g., name, address, e-mail addresses, Website transaction records.
If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes.
What personal information does Getir collect and why?
The personal information that we collect about you falls into the following categories:
a) Data that you provide voluntarily
Certain parts of the Website may ask you to provide personal information voluntarily: for example, we may ask you to provide your contact details such as your first name, last name, email address, phone number, country and city information.
We process this personal information to provide you with the appropriate job opening details. For personal information that we collect when you use or interact with the Getir job application platform (Fountain), please see our Candidate Privacy Policy.
The processing of your personal information is based on your consent, which you express by providing the information requested.
b) Data that we collect automatically
When you visit the Website, we may collect certain data automatically from your device. Specifically, we collect your IP address and user transaction records which includes data about how your device has interacted with the Website, including the pages accessed and links clicked. We may also collect your device type, unique device identification numbers, browser type, broad geographic location (e.g., country or city-level location) and other technical information.
Collecting this information enables us to better understand the visitors who come to the Website, where they come from, and what content on the Website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of the Website to our visitors.
The processing of this data is based on your consent and –if the data is necessary to provide you with our services –on our legitimate interest.
c) Cookies and similar tracking technology
We use cookies and similar tracking technology (collectively, “Cookies”) to collect and use personal information about you. For further information about the types of Cookies we use, why, and how you can control Cookies, please see our Cookie Policy.
The use of cookies, insofar as they are essential, is based on our legitimate interest. For the remaining cookies, the processing is based on your consent.
Some of this information may be collected using cookies and similar tracking technology, as explained further under Cookie Policy and the heading “Cookies and similar tracking technology".
Why does Getir collect this data?
Getir processes the personal information stated above for the following purposes:
- To communicate with you and manage our relationship with you
- To perform analysis for improving the Website and services
- To provide applicants with the appropriate details about Getir job opportunities
- To receive feedback and handle any requests or complaints from you
- To improve how the Website functions and the content
- To conduct Getir activities in accordance with the applicable legislation
With whom does Getir share my personal information?
We may disclose your personal information to the following categories of recipients:
- to our group companies, including but not limited to, Getir Turkey (Getir Perakende Lojistik A.Ş.), Getir Netherlands (Getir Netherlands B.V.), Getir France (Getir France SAS), Getir Italy (Getir Italy S.r.l.), Getir Spain (Getir Spain S.L.) and Getir Portugal (GetirPT Unipessoal Lda) in the interests of the Getir group as a whole (e.g. a group-wide applicant management systems);
- to our third party services providers and partners who provide data processing services to us (for example, help to enhance the security of the Website), or who otherwise process personal information for purposes that are described in this Privacy Policy. In each case, we have concluded appropriate data processor agreements in line with the applicable data protection laws.
- to any competent law enforcement body, regulatory, government agency, court or other third party when disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
- to an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Policy;
- to any other person with your consent to the disclosure.
Legal basis for processing personal information
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will collect and process your personal information
- pursuant to Art. 6 (1) (a) UK GDPR where we have your consent to do so for a specific purpose that we communicate to you and when required by applicable data protection laws,;
- pursuant to Art. 6 (1) (b) UK GDPR where we need the personal information to perform a contract with you, such as information strictly necessary for the purposes of entering into or performing a contract with you;
- In some cases, we may also have a legal obligation to process and store personal information for consumer protection, invoicing, tax and accounting purposes, or may otherwise need some personal information to protect your vital interests or those of another person. In these cases, we process your personal information pursuant to Art. 6 (1) (c) UK GDPR.
- pursuant to Art. 6 (1) (f) UK GDPR where the processing is in our legitimate interests and not overridden by your rights and we do not rely on another legal basis described above, such as improving or personalizing your online experience and our communications with you;
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
If we collect and use your personal information in reliance on our legitimate interests, this interest will normally be to operate the Website and communicating with you as necessary to provide our services to you and for our legitimate commercial interest, for instance, when responding to your queries, or improving the Website. We may have other legitimate interests and if appropriate we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “How to contact us” heading below.
How does Getir keep my personal information secure?
We use appropriate technical and organisational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. Specific measures we or our third-party service providers use include anti-virus software and firewalls, access controls, encryption and detection and prevention software to detect and prevent cyber-attacks.
International data transfers
As our group companies, third party service providers and partners operate around the world, your personal information will be transferred to a location outside of the United Kingdom.
When your personal information are transferred outside the UK, we are required to ensure that it is subject to an equivalent level of protection as it would within the UK. Therefore, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with applicable data protection law and with this Privacy Policy.
These include, for example, implementing the Information Commissioner’s Office’s Standard Contractual Clauses for transfers of personal information between our group companies, which require all group companies to protect personal information they process from data subjects residing in the UK in accordance with the applicable data protection law.
A copy of the Standard Contractual Clauses can be provided on request. We have implemented similar appropriate safeguards with our third party service providers and partners and further details can be provided upon request.
Data retention
Your personal information will be stored and retained for us in accordance with the applicable laws on data protection, and to the extent necessary for the processing purposes set out under this Privacy Policy or resulting from such laws. We retain personal information we collect from you to provide you with our services or to comply with applicable legal, tax or accounting requirements.
When it is no longer necessary to process your personal information for the purposes for which it is processed, we will either aggregate, delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Notwithstanding the above provisions of this Privacy Policy, we may retain your personal information where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Automated decision processing
We use technologies involving algorithms and automated decision processing to provide our services, based on real-time decision process or on analytics or the categorization of various usage of our service. However, we will not make any automated decisions about an individual which would produce legal affects or similarly significantly affects on the data subject, unless where it is (i) necessary for entering into, or the performance of, a contract, (ii) or pursuant to individual’s prior consent, or (iii) required by applicable law.
Your data privacy rights
You have the following data protection rights:
- Right to information
You have the right to receive information from us at any time, upon request, about the personal information we process that concerns you within the scope of Art. 15 UK GDPR. To do this, you can send a request by post or email to the addresses below.
- Right to rectify inaccurate data
You have the right to request that we correct personal information relating to you without delay if it is incorrect. To do so, please contact us at the addresses below.
- Right to erasure
You have the right, under the conditions described in Art. 17 UK GDPR, to demand that we delete the personal information relating to you. These conditions provide in particular for the right to erasure if the personal information are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection or the existence of a duty to erase under Union law or the law of the Member State to which we are subject. For the period of data storage, please also see section “data retention” of this Privacy Policy. To assert your right to deletion, please contact us at the addresses given below.
- Right to restriction of processing
You have the right to demand that we restrict processing in accordance with Art. 18 UK GDPR. This right exists in particular if the accuracy of the personal information is disputed between the user and us, for the period of time required to verify the accuracy, as well as in the event that the user requests restricted processing instead of erasure in the case of an existing right to erasure; furthermore, in the event that the data is no longer necessary for the purposes pursued by us, but the user requires it for the assertion, exercise or defence of legal claims, as well as if the successful exercise of an objection is still disputed between us and the user. To exercise your right to restrict processing, please contact us at the addresses below.
- Right to data portability
You have the right to receive from us the personal information relating to you that you have provided to us in a structured, commonly used, machine-readable format in accordance with Art. 20 UK GDPR. To exercise your right to data portability, please contact us at the addresses below.
- Right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal information relating to you which is carried out, inter alia, on the basis of Art. 6(1)(e) or (f) UK GDPR, in accordance with Art. 21 UK GDPR. We will stop processing your personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.
- Right of complaint
You also have the right to contact the competent supervisory authority in case of complaints. The competent supervisory authority is Information Commissioner’s Office - ICO, who can be found here.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Updates to this Privacy Policy
We may update this Privacy Policy from time to time in response to changing legal, technical or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Policy changes if and where this is required by applicable data protection laws.
You can see when this Privacy Policy was initially published by checking the “last updated” date displayed at the top of this Privacy Policy.
How to contact us
If you have any questions or concerns about our use of your personal information, please contact us using the following details: (i) privacy@getir.com; (ii) Getir UK Limited WeWork, 30 Stamford Street London SE1 9LQ.
Who is the controller of the data processing of your personal information?
The data controller of your personal information is Getir UK Limited.