Privacy Statement panda ads

This Privacy Statement aims to clarify what personal data we process, why we process it, who receives your data and how you can exercise your legal rights. Accordingly, in this Privacy Statement, “personal data” means any information which directly identifies you as a person (like the combination of your full name and address), or can be used to identify you as a person (like a user ID connected to your identity). Similarly, “processing” refers to any operation performed on your personal data, for example the collection, storage, use, disclosure, or destruction of your personal data.

1. Who are we?

We are Delivery Hero APAC Pte. Limited located at 63 Robinson Road, #11-01 Afro Asia, Singapore 068894.

As regards your privacy, it’s us who decide how and for what purposes your personal data is processed. In data protection language that makes us a so-called “Data Controller” (the party responsible for how your personal data is processed. 

If you have any questions related to your personal data, you can reach out for any privacy-related questions or feedback by mailing to dataprotection@foodpanda.sg

2. What categories of personal data do we process?

Data CategoriesExplanation
Company InformationName, Address, Tax ID, Geolocation Data, Trading Licence, Contact Data
Proprietor InformationName, Surname, Address, ID Data, Contact Information
Technical InformationDevice Data, Language Settings, Usage Data
Financial InformationBank Account, Tax ID, Payment Recipient Data.
Customer Support InformationContent of Support conversations or emails

3. What do we do with your personal data?

We use various tools and systems that are necessary for the operation of the panda ads website and advertising solutions. Accordingly, we collect, process and store the following categories of personal data when you use the website or our advertising solutions and services:

We process the above categories of personal data for the following purposes:

PurposeDescription and Legal Basis
Account Creation and MaintenanceThe information we request during the account creation process is necessary to take the first step in establishing a business relationship with you so that we can provide you with our services. We only ask for your data that is necessary for this purpose. Categories of personal data:Company information Proprietor Information Technical Information
Payment On a regular basis, your information will be shared with payment providers to facilitate the payment process.Categories of personal data:Company InformationFinancial Information
Product AnalyticsWe analyse the usage of the panda ads in order to ensure its security, optimization and effectiveness. Accordingly, panda ads generates and uses anonymous information about the device you used to access.Categories of personal data:Technical Information
CommunicationDifferent tools are used for communication between you and the partnering entity. The purpose of the processing is the communication of necessary information between the parties involved to ensure we can adequately process your order.
Categories of personal data:Company Information

Our legal basis for processing your personal data are the legal provisions in your jurisdiction permitting the data processing or the purpose of performance of a contract or in order to take steps at your request.

4. Who will receive your data and under what circumstances?

You can trust that, within our company, only those staff members will receive access to your personal data who need them in order to fulfill their professional duties, such as providing you with a great online experience, or looking into your support request. In certain scenarios, we also need to share your personal data with recipients outside of our company. Please be assured that your data is shared with these recipients only to the extent necessary for the specified purposes and only as we are legally permitted to do so. 

  1. A. Delivery Hero group companies

We are part of an international group of companies with legal entities in many parts of the world, including our group’s headquarters located with Delivery Hero SE in Berlin, Germany. In order to utilize our resources efficiently and ensure that our business processes function properly, we utilize our group-wide shared technological support services that sometimes necessitate sharing personal data with our parent company, Delivery Hero SE, or with the locations of our global tech hubs. In certain situations, we might also share limited data with other group companies, for example, to assist with payment collection or to implement platform security measures.

Delivery Hero group companies are bound by strict intra-group data transfer agreements ascertaining compliance with data protection requirements whenever sharing personal data with group companies.

  1. B. Data processors

We use various third-party service providers to perform our operations. Many of these providers process your personal data as so-called “data processors”. This means they are only allowed to process your personal data under our instructions and have no claims whatsoever to process your personal data for their own, independent purposes. Our processors are strictly monitored and we only engage processors who meet our high data protection standards.

Our user platforms and databases run on cloud resources provided by the EU subsidiaries of Google Cloud Platform and Amazon Web Services. We use marketing and communications tools by companies such as SalesForce or Braze. Our finance and accounting platforms are provided by SAP. 

  1. C. Other third parties and service providers

In addition to data processors, we also work with third parties, to whom we share your personal data, but who are not bound by our instructions and instead will process your data independently. These may be our consultants, lawyers or accountants who receive your data from us under a contract and process your personal data for legal reasons, or to protect our own interests. Under no circumstances will we sell or rent your personal information to third parties without your explicit, informed consent.

  1. D. Mergers & acquisitions, change of ownership

In the event of a merger with, or acquisition by, another company or group of undertakings, we may need to disclose limited information to that company and their advisors who are under professional obligations to maintain the confidentiality of your personal data. This may occur in circumstances such as mutual due diligence assessments and regulatory disclosures.

In any event, we will ensure that we only disclose the minimum amount of information necessary to conduct the transaction, while also carefully considering the feasibility of removing or anonymising any data that could identify individuals.

  1. E. Prosecuting authorities, courts and other public authorities

From time to time we may be requested to disclose personal data to public authorities. In some circumstances, we may disclose personal data with public bodies in order to bring or defend legal claims, to protect our rights and interests, or to address security concerns.

Examples of such situations include cooperating in the detection and prevention of crime, responding to legal processes such as court orders or subpoenas, or sharing data with tax authorities for tax-related purposes. The public authorities involved in these scenarios may include law enforcement agencies, courts, tax authorities, or other government officials.

5. How do we transfer your personal data to other countries?

We and the parties we share your personal data with may transfer personal data to countries other than the country in which you use our services. Where such transfers take place, we take appropriate measures to ensure that your data is always afforded an adequate level of protection in the countries to which it is transferred. 

For example, if we transfer your personal data from a country within the European Economic Area (EEA) to a country outside of the EEA, we take appropriate safeguards to ensure that these transfers provide a level of protection that complies with data protection requirements. If there are specific further requirements of the law of the country in which you use our services, we will abide by them as well.

Specifically as far as transfers from the EEA to countries outside the EEA are concerned, we rely on a number of appropriate safeguards: 

  • – Adequacy decisions by the EU Commission (e.g. for Argentina or the United States, to the extent recipients have certified under the EU-US Privacy Framework, or other applicable mutual agreement between the EU and the US);
  • – Standard contractual clauses mutually agreed in our contract with the data recipient (including any supplementary measures, if required).
  • – Further appropriate safeguards in accordance with Art. 46 GDPR (for example Binding Corporate Rules).

6. What are your legal rights?

Under the data protection laws, you are entitled to the following rights:

Right to accessYou have the right to access your personal data and obtain additional information on how we process it. You may also request a copy of your personal data.
Right to rectificationIf you notice that your personal data is incorrect, you can always request that we correct it.
Right to erasureYou have the right to ask us to delete your personal data. Please note that even if you exercise this right, we may be required to retain some of your information if we process it as part of our legal obligations, or in pursuit of our own (or a third party’s legitimate interests) such as the assertion of, or defense against, legal claims, preventing fraud or protecting ourselves or others against abusive behavior.
Right to restriction of processingIf you have requested the deletion of your personal data, but we are legally prevented from immediately deleting it, we will store your data in our archives and retain them for the sole purpose of meeting our legal obligations. However, you will not be able to use our services during this time, as this would require us to de-archive your personal data.
Right to data portabilityYou can ask us to provide you or another data controller with your personal data in a machine-readable format. However, please note that this right only applies to data that we process based on your consent.
Right to object You have the right, for reasons arising from your particular situation, to object at any time to any processing of your personal data, which is processed on the basis of our legitimate interests. If you object, we will no longer process your personal data unless we can prove compelling grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise, or defend against legal claims. 
You also have the right to object at any time, without giving any explanations, to the process of your personal data for the purposes of direct marketing (including any associated profiling).
Right of complaintYou can raise a complaint about our processing with the data protection authority in the country of your habitual residence, place of work, or the place where you think a violation of data protection laws has occurred. In the case of cross-border data processing, you can also lodge a complaint with our lead supervisory authority in Berlin, Germany.
Right not to be subject to a decision based solely on automated processingYou have the right to object to a fully automated decision (i.e. without any human intervention in the decision-making process) that has legal effects or significantly affects you.

To exercise your rights, we encourage you to use the functions available in your account at any time. For example, if you would like to delete your data, or receive a copy of it, you can directly do so by following the relevant steps in your profile. These self-service methods are designed to expedite the process of fulfilling your rights. Alternatively, you can also reach out to dataprotection@foodpanda.sg and request our customer support team to assist you. 

7. How long do we keep your data?

We retain your personal data for as long as it is necessary to achieve the purposes we described above. The duration for which we retain your personal data is determined by factors such as the scope, nature and purposes of the personal data processing, and whether we have legitimate interests or legal obligations that require us to retain your personal data.

8. Changes to this Privacy Statement

We may update this Privacy Statement to reflect our new processes, new technologies, and legal obligations. We are committed to keeping you informed of any changes to our privacy practices, so we encourage you to review this privacy statement to keep updated.

[Updated 20 November 2024]