1. Introduction

2. Data We Collect

We collect personal and non-personal information to provide, improve, and secure our services.

3. How We Use Your Data

We use collected data for legitimate purposes, including:

• Operating and improving the delivery service
• Payment processing and account management
• Verifying rider eligibility and identity
• Fraud prevention, security, and risk management
• Regulatory and legal compliance
• Customer service, communication, and notifications
• Marketing communications (with consent where required)
• Data analytics to improve service and user experience

4. Legal Basis for Processing

Under UK GDPR, we rely on the following bases for processing personal data:

• Performance of a contract: To deliver services and process payments
• Legal obligations: Compliance with tax, employment, and health & safety laws
• Legitimate interests: Service improvement, fraud prevention, security, and analytics
• Consent: For marketing communications, promotions, or optional services

5. Data Sharing and Disclosure

We only share personal data in limited circumstances:

• Service Providers: Payment processors, cloud services, software providers
• Regulators and Authorities: When required by law or regulatory authority
• Business Transfers: During mergers, acquisitions, or sales of assets
• Internal Teams: Limited to operational, security, and compliance needs

We do not sell personal data to third parties.

6. Data Retention

• Personal data is retained only as long as necessary for operational, legal, or regulatory purposes.
• Identification and verification records are typically retained for 6 years for regulatory compliance.
• Financial and accounting data is retained in line with UK tax law (minimum 6 years).
• Users can request deletion of personal data, subject to legal obligations.

7. User Rights

Users have the following rights under UK GDPR:

• Access: Obtain a copy of the data we hold about you
• Rectification: Correct inaccuracies in your data
• Erasure: Request deletion of data (where legal obligations allow)
• Restriction: Limit how we process your data
• Portability: Receive data in a structured, commonly used, machine-readable format
• Objection: Object to processing, including marketing communications
• Withdraw Consent: Withdraw previously given consent at any time

8. Cookies and Tracking

• Cookies and similar technologies are used to enhance website/app performance, analytics, personalization, and security.
• Users may control cookie preferences via browser or device settings.
• Aggregated and anonymized data may be used for analytics.

9. Data Security

• We implement robust technical, administrative, and physical safeguards to protect personal data.
• Access is restricted to authorized personnel with legitimate need.
• Breaches will be handled according to UK GDPR breach notification requirements.

10. International Data Transfers

• Some data may be stored or processed outside the UK.
• Appropriate safeguards, including Standard Contractual Clauses, ensure data protection compliance.

11. Children

• Our services are not intended for anyone under 18.
• We do not knowingly collect personal data from children.

12. Automated Decision-Making & Profiling

• Where applicable, we may use automated tools for operational efficiency (e.g., delivery assignment algorithms).
• Automated decisions will not have legal or similarly significant effects without human review.
• Users may request information on the logic, significance, and consequences of automated processing.

13. Data Breaches

• Any personal data breach will be reported to the UK Information Commissioner's Office (ICO) if required by law.
• Affected users will be notified promptly if there is a risk to their rights or freedoms.

14. Changes to This Policy

• We may update this Privacy Policy to reflect changes in law, regulations, or company practices.
• Updates will be communicated via app, website, or email.
• Continued use of our services constitutes acceptance of the updated policy.