SUSHICO MAASTRICHT

Privacystatement

Privacy Statement for Customers

This privacy statement applies to the processing of personal data of customers who make use of one of Just Eat Takeaway.com’s platforms and products, including order website, app, and services, including JET’s platform and services for business (“JET for Business”) and JET’s for business Card (collectively, the “Services”). Unless otherwise stated, the data controller for processing these personal data is Takeaway.com Group B.V. (hereinafter referred to as ‘’JET’’).

At JET we are committed to building the world’s greatest food community, and that begins with protecting the privacy of everyone in our community. This means that we’ll protect the personal information of all visitors that make use of our Services.

What personal data we process and why

Whenever you interact with JET via our Services we collect and process your personal data. JET may process your personal data for the following purposes.

1. Ordering process

We process the personal data you provide to us when you place your order. This personal data is needed to execute your order, confirm your order, and to assess your order, payment, and a possible refund. The legal basis for this processing of personal data is that it is needed for the performance of a contract as defined in the GDPR. We process the following personal data in the ordering process:

2. Restaurant reviews

After the order process you are asked to provide a review with the relevant restaurant via email. The legal basis for this email, as defined in the GDPR, is your consent unless your consent is not necessary according to the applicable law.

JET processes the personal data you provide when submitting a restaurant review. The legal basis for the processing of personal data when you submit your reviews is the consent provided by you. You can withdraw your consent by contacting us via our privacy form. We process the following personal data when you post a restaurant review:

3. Customer Services

When you contact our customer services department, we will use the personal data you provide to answer your question or handle your complaint. The legal basis for this processing of personal data is that it is needed for the performance of a contract and/or to comply with JET’s legal obligations as defined in the GDPR. We process the following personal data for customer service purposes:

4. Customer Accounts

If you interact with our Services you are given the opportunity to create an account with us. The creation of an account is based on your consent. You can withdraw your consent and/or delete your account by contacting us via our privacy form. The withdrawal or deletion of your account may have negative consequences on your user experience. The following personal data is processed in connection with your account:

5. Loyalty programs

JET has several loyalty programs to provide you with offers and discounts. When you make use of one of our loyalty programs, we process your personal data to provide you with the discounts or offers as set out in the respective loyalty program. The legal basis for this processing of personal data, as defined in the GDPR, is your consent unless your consent is not necessary according to the applicable law.

One of our loyalty programs is the loyalty shop, where you may claim offers from external partners. Some of the loyalty shop partners require your personal data for shipping purposes. The personal data processes for the Loyalty shop and shipping of your order are:

6. Customer research

To make sure that our services are aligned with your preferences and to improve our services and platforms, JET may approach you to conduct customer research; such as but not limited to, surveys. We only send you these types of communications with your prior consent, unless this is not necessary according to the applicable law. Participation in the customer satisfaction surveys is completely voluntary. If you do not wish to receive these surveys you can unsubscribe from them in the messages itself. JET may processes the following personal data for research purposes:

7. Marketing

We also process your personal data to be able to send you (personalised) marketing messages and notifications. Such messages include the latest news, discounts, and updates about new restaurants (by email or push notification), regardless of the format we use to share these kinds of messages (including email or push messages). The legal basis for this processing of personal data, as defined in the GDPR, is your consent provided during the ordering process unless your consent is not necessary according to the applicable law. Whenever you want to change your preferences with respect to receiving such messages and notifications, you can unsubscribe using the unsubscribe link in the messages, in your account settings or via our privacy form. We process the following personal data for marketing purposes:

8. Cookies

JET uses cookies or similar technologies for functional, analytical, and marketing purposes. Data processed for cookie purposes defer per purpose (functional, analytical or marketing) and depend on the preferences set by you.

Please refer to our Cookie Statement for further information about our use of cookies and to set your preferences.

9. Fraud prevention

We also process personal data to prevent fraud and other forms of misuse on and via our Services. The legal basis for this processing operation is that it is needed in pursuing a legitimate interest of JET (fraud prevention) as defined in the GDPR. Personal data processed for fraud prevention purposes are:

10. Analysis

JET uses your personal data to be able to meet our reporting obligations towards advertisers and to be able to improve our website and our range of products and services. The legal basis for this processing operation is that it is needed in pursuing a legitimate interest of JET (analysis & reporting) as defined in the GDPR. We will always make sure the reports do not contain any personal data so that the information cannot be traced back to you.

11. Campaigns

JET may launch specific campaigns or contents in connection to its Services. If you wish to enter a JET campaign, JET will always ask you for your permission to process your personal data. The legal basis for this processing activity is your consent. You can always withdraw your consent by contacting us via the contact data provided to you within the campaign or by using our privacy form.

JET processes the following personal data for campaigning purposes:

12. JET for Business and JET for Business Card

We process personal data if you use your JET for Business allowance to pay for an order you placed via our Services, when using the JET for Business Card, to issue and ship the JET for Business Card, and to provide you with the digital allowance. The legal basis for this processing by JET is that such processing is required for the performance of a contract as defined in the GDPR, in addition to any legal obligation or legitimate interest that we may have.

The following personal data may be processed in connection with JET for Business and/or JET for Business Card:

The JET for Business Card is partnered with card issuing and card transaction services provider Adyen, which also qualifies as an independent data controller. The processing of some of the above personal data by Adyen is covered by the Adyen's privacy statement, which can be viewed at Adyen’s privacy statement and we recommend you to read as this applies in addition to this privacy statement.

Additional purposes

We will only use your personal data for the purposes described above. If we want to use the data for a different purpose, we will take appropriate measures to inform you, consistent with the significance of the changes we make. Where required by applicable data protection law, we will obtain your consent.

Age

Our website is neither intended for persons aged under 16, and nor do we intend to collect personal data of website visitors who are aged under 16. However, we are unable to verify visitors’ age. We therefore advise parents to monitor their children's online activities, to prevent their personal data being collected without parental consent. If you feel that we have collected personal data of a minor without consent, please contact us via our privacy form. We will then proceed to erase this data.

Automated decision-making and profiling

In the performance of the contract with you and to the extent necessary to fulfil our obligations to you or where necessary for purposes of the legitimate interest such as to improve our platform or our services, Just Eat Takeaway.com uses automated decision-making and profiling. For example, Just Eat Takeaway.com uses your address data and/or location data to select available restaurants in your local area. We also use automated decision-making in complying with our legal obligations to prevent money laundering, terrorism financing, and other criminal offences.

When such automated decision-making and/or profiling leads to a negative decision about you, and you do not agree with it, or if you would like to object to this type of processing of your personal data you can contact us via our privacy form. We will then proceed to reassess the situation and/or to provide you with more information about why such an automated decision was made.

How long we store personal data for

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, tax, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

If you have any questions on the way we retain your personal data you can contact us via our privacy form.

Sharing with restaurants

If you order via our Services, JET will share your personal data (order, name, address data and telephone number) with the restaurant you selected, so that the restaurant can deliver your order. As you are a direct customer of the restaurant, the restaurant will have its own responsibility and obligations with respect to the processing of your personal data. If you have questions about how the restaurant handles your personal data, you should contact the restaurant directly.

Sharing data for JET for Business and JET for Business Card

If you use your JET for Business allowance to pay for an order you placed via our Services or by using JET for Business Card, JET shares personal data (such as email address and data about your order and allowance) with the person that grants you the allowance, (which might be your employer, business partner etc.) for performing our contract with this person. Please note that the person that grants you the allowance has its own responsibility and obligation with respect to the processing of your personal data. The person that grants you the allowance also shares personal data with us to allow us and the JET for Business card service providers to provide JET for Business and/or JET for Business Card services to you.

Sharing with others (not being restaurants)

JET may work with other companies within the JET group and other third parties in order to carry out the processing described above and/or to comply with legal obligations.

These group companies and third parties will process your personal data on behalf of us (as data processors) or as autonomous data controllers, and have access to your personal data for the purposes described in this privacy notice. We require group companies and third parties to protect your personal data in accordance with the standards set out in this privacy notice and we take appropriate measures pursuant to the applicable data protection law to guarantee the same level of protection and confidentiality.

We will also share your data with other third party data controllers where appropriate or required by applicable law or regulation (including a court order) or where we believe disclosure is necessary to comply with legal obligations, to exercise, establish or defend legal rights or to protect the vital interests of any person. Such third party controllers may include law enforcement agencies.

We may also disclose your data to any company or prospective buyer of all or substantially all of our assets in connection with any sale or transfer of those assets.

Your personal data may be shared with the following parties:

Third-party websites

Our website may include links to third-party websites. When accessing such third-party websites, bear in mind that each of these websites has its own privacy statement. Although JET takes great care in selecting websites to link to, we cannot take responsibility for the way in which they handle your personal data.

Where your data gets sent

We may transfer your personal data outside of the European Economic Area (EEA). This may include transferring it to or accessing it from other jurisdictions, including jurisdictions that may not provide a level of protection equivalent to the EU data protection laws. Where we transfer personal data outside the EEA we will take into account any applicable statutory obligations relevant to personal data transfers and, where there is no European Commission (EC) adequacy decision in place, we will rely on appropriate safeguards, including EC approved standard contractual clauses. We have implemented similar appropriate safeguards with our third party service providers and further data can be provided upon request.

Personal data rights, questions or complaints

We inform you that, with regard to the personal data, you can exercise the rights provided for by applicable data protection laws, which include: the right to request access to, rectification of, or erasure of personal data or restriction of processing, and to object to processing, the right to data portability, to withdraw your consent at any time (without prejudice to the lawfulness of the processing based on the consent given prior to the withdrawal) as well as to lodge a complaint with a supervisory authority.

To exercise your rights please contact us via our privacy form.

Regarding requests related to processing or sharing of personal data related to JET for Business and/or JET for Business Card, please contact the person that grants you the JET for Business allowance (which might be your employer, business partner etc.). This is required because JET and the person that grants you the allowance have a separate responsibility with respect to the processing of your personal data.

If you have any other questions or complaints about the processing of your personal data, we will be happy to talk to you. We would also like to hear from you if you have tips or suggestions on how to improve our privacy policy.

Security

JET takes personal data protection very seriously and we therefore take appropriate measures to protect your personal data against misuse, loss, unauthorised access, unwanted disclosure, and unauthorised alteration. If you feel that your personal data are not adequately protected or there are indications of misuse, please contact us via our privacy form.

Data Protection Authority

Besides the option of lodging a complaint with us, you have the right to lodge a complaint with the relevant supervisory authority for the protection of personal data. To do so, contact the supervisory authority directly.

How to contact us

If you have any questions or concerns about this Privacy Statement and/or our privacy practices, please contact our Data Protection Officer: via our privacy form or by contacting our Data Protection Officer/Privacy Council:

Just Eat Takeaway.com Data Protection Officer/ Privacy Council - Takeaway.com Group B.V.

Piet Heinkade 61
1019 GM Amsterdam
Netherlands

Updates to this privacy Statement

We may update this privacy Statement from time to time in response to changing legal, technical or business developments. When we update our privacy Statement, we will take appropriate measures to inform you, consistent with the significance of the changes we make. Where required by applicable data protection law, we will obtain your consent to any material changes to this privacy Statement.

We encourage you to periodically review this Statement for the latest information on our privacy practices.

This privacy statement may be updated and was last updated on 28 October 2022.