We are pleased that you are interested in the protection of your data. Below, we would like to give you an overview of our data protection process.

Our mission is to provide you with an exceptional customer experience, which also means that you can always trust us, we are always transparent and honest with you. Your trust in our product is the premise that enables us to provide you with an amazing customer experience. We want to thank you for this collaboration.

Who we are

We are mjam GmbH but generally we just use the name mjam. You can contact us anytime in the following ways:

mjam GmbH
Barichgasse 38, Top 1.4
1030 Wien
Austria

E-mail address for data privacy concerns: [email protected]

When you visit our website, register or place orders, you agree to this privacy policy.

As data controllers, we assess how we process your personal data, for what purposes and by which means. Although we are required by law to provide you with all of the following information, we do so primarily because we believe that a partnership should always be sincere.

As data controllers, we are obligated to ensure that all our processing operations meet the legal requirements.

If you have any questions about data protection at Mjam, you can also contact our data protection officer at any time by e-mail using the following address: [email protected].

As we are also a member of the large, fascinating Delivery Hero Group family, we have a global data protection officer who you may contact via [email protected]

As a family, we make certain decisions together. Both our parent company, Delivery Hero SE, Oranienburger Straße 70, 10117 Berlin, and we make joint decisions about the means by which we process your personal data and the purposes we consider appropriate.

We remain your contact if you have any questions about data protection.

Privacy is your right and you have a choice

As a customer, you have the choice of what information you want to share with us. Of course, we need some information to fulfill our contract. However, this does not always require all the data that you can provide us.

You can use the following steps to disclose less personal information about yourself:

Cookies & similar technologies: In order to provide you with the best possible service, we use cookies and similar technologies, for which we need your consent. You can set your device or web browser to decline cookies and similar technologies. If you deactivate these technologies, you will no longer see any personalized contents, offers or ads.

Direct marketing: In order to send you newsletters, we obtain your consent. If you do not want to receive newsletters or offers from us, you can unsubscribe at any time. In this case we will not be able to send you great offers.

No data sharing: If you do not want to share any information with us at all, we would be very sorry. In this case, we would not have the opportunity to convince you how great our products are.

You can also use the following rights at any time:

Right to access

You have the right to be informed which data we store about you and how we process this data.

Right to rectification

If you notice that stored data is incorrect, you can always ask us to correct it.

Right to erasure

You can ask us at any time to delete the data we have stored about you.

Right to restriction of processing

If you do not wish to delete your data, but do not want us to process it further, you can ask us to restrict the processing of your personal data. In this case, we will archive your data and only reintegrate it into our operative systems if you so wish. However, during this time you will not be able to use our services, otherwise we will process your data again.

Right to data portability

You can ask us to transmit the data stored about you in a machine-readable format to you or to another responsible person. In this context, we will make the data available to you in JSON format.

Right to object to the processing of your data

You can revoke your consent at any time or object to the further processing of your data. This also includes objecting to our processing, which we process without your consent but based on our legitimate interest. This applies, for example, to direct marketing. You can object to receiving further newsletters at any time.

If you do not agree with one of our processing purposes based on our legitimate interest or wish to object to it, you may object to the processing at any time on grounds relating to his or her particular situation. Please write an email to [email protected]. In this case we will review the processing activity again and either stop processing your data for this purpose or explain to you our reasons worth protecting and why we will continue with the processing.

Automated decision making

We also process your personal data in the context of algorithms in order to simplify our processes. Of course, you have the right not to be subject to decisions based solely on automated processing. If you believe that we have denied your access in an unjustified way, you can always contact us at [email protected] . In this case, we will examine the case separately and decide on a case-by-case basis.

Right of complaint

If you believe that we have done something wrong with your personal data or your rights, you can complain to the appropriate supervisory authority at any time.

The supervisory authority responsible for us is:

Austrian Data Protection Authority

Barichgasse 40-42
1030 Vienna
Phone: +43 1 52152 2550
email: [email protected]

To exercise your rights, you can use the functions provided in your user account at any time. For example, if you would like to delete your data, or receive a copy of it, you can do so directly by logging in to your profile to delete it or be granted access to your data. Alternatively, you can e.g. also contact [email protected] and request our customer support to assist you.

Please note that we are usually receiving a large number of requests - so self-service deletion or access to your personal data will always be the fastest way to exercise your rights.

Which personal data do we process

In this section you can find general information about the categories of personal data we process about you. For your understanding, personal data is information that directly identifies you (such as your name or photo picture) or enables us to indirectly identify you (for example, on the basis of a user ID linked with the personal information in your profile).

You will find more detailed information on our processing activities below, in the next section. But our data processing activities on the platform can be summarized by reference the main categories of personal data:

Customer care data:

Name, Address, Phone Number, Email Address, User-ID from social media (if applicable)

Purpose:

If you contact us, we collect this data because we need to know who we are talking to and what was talked about so that we can help you with the matter of your concern. This also applies when you leave comments on our social media fan pages. We do not link this data to your Account data on our platform, but we can identify you by your user ID on social media.

Geolocation data:

Address, Zip Code, City, Country, longitude and latitude

Purpose:

We need this data to be able to deliver your orders. We automatically create latitude and longitude to process your delivery address in our other linked systems, such as our Rider app, and to display your address to our riders or partner riders.

Account data (Master Data):

Name, Email Address, Password, Phone Number, Delivery Address, Interests, demographic data (age, date of birth, delivery address)

Purpose:

This data is your master data, which we need for our services. You cannot create a profile without an email address/phone number and a password. Together with your name, this is your master data. We need the age to ensure that you are not underage, this is particularly relevant due to legal requirements when you place an order with a pharmacy.

Device information and access data:

Device-ID, device identifiers, operating system and corresponding version, access time, configuration settings, internet connection information (IP-Adresse)

Purpose:

For technical reasons, we store this information each time it is accessed. We also use some of this information to detect suspicious behavior at an early stage and prevent damage.

Order information:

Order history, selected partners, invoices, order number, order comments, payment method, delivery address, completed orders and canceled orders

Purpose:

Each time you place an order, this information is added to your profile. You can see this information in your profile at any time. The information is intended to give you an overview of your own interests and previous orders. We will also use it to improve our services. If you request deletion or if your profile becomes inactive, we will anonymize this information in order to continue to use it in an anonymized form to optimize our services.

Marketing contact and Communication data:

Name, Email Address, Phone Number, Device-ID

Purpose:

If you want to receive a newsletter, SMS or in-app push notifications from us, we need certain information to send you the messages. Instead of simply saying "Hello", we find it more customer-friendly to address you by name. We also use this category of personal data to contact you, for example, if a product cannot be delivered and we want to offer you an alternative instead.

Payment data:

Payment method, pseudonymized credit card information

Purpose:

We need this information to track your payments and match them to your placed orders.

Delivery information:

Name, Delivery Address, Phone Number, Order Number

Purpose:

In accordance with the principle of data minimization, our drivers and partners only have access to the information they need to prepare and deliver your order.

For what purpose we process data

We process your personal data only in accordance with the strict legal requirements. We take special care to ensure that all principles for the processing of personal data are followed. For the Delivery Hero Group transparency is highly important. We only process your data if it is legally permitted and you can also expect reasonable processing. If, as part of our assessment, processing your data would not be reasonable, we will only process your data with your explicit consent.

Account creation, one-time login, managing your profile

In order to provide you with our services, the processing of your personal data is essential. You provide a large part of this data, while we collect other parts of the data automatically when you use our platforms. However, we try to keep the amount of data as small as possible. You can help us by providing only the data we need to fulfill our contractual and legal obligations.

Account creation

When creating a customer account, you will be asked to provide your master data. This is absolutely necessary, as we cannot create a customer profile without this data. Your email address and phone number are particularly important, as this information allows us to recognize you the next time you log into our system. In addition, we would like to ask you to choose your password carefully. Do not use the same password on multiple websites. Your password should also be at least 12 characters long and have at least one lowercase letter, one uppercase letter, one special symbol (!?#,%& etc.) and one digit.

Categories of personal data:

Profile data (master data)

Device information and login details

Legal basis:

Art. 6 para. 1 (b) GDPR, performance of contract

Login

If you already have a customer account, you will need to enter your email address and password to log in. If we notice any irregularities during login, for example, entering the wrong password multiple times, we will take appropriate measures to protect you and us from any damages.

Categories of personal data:

Profile data (master data)

Legal basis:

Art. 6 para. 1 (b) GDPR, performance of contract in the course of registration

Art. 6 para. 1 (f) GDPR in terms of security measures

Registration/login via third party (SSO)

Facebook

If you have a Facebook profile, you can register on our website to create a customer account or to log in with the social plug-in "Facebook Connect" of the social network Facebook, operated by Meta Ireland Limited 4 Grand Canal Square, Grand Canal Harbour, Dublin, Ireland ("Meta"),, as part of the framework of the so-called "Single-Sign-On" (SSO) technology. You can identify the social plug-ins of "Facebook Connect" on our website by the blue button with the Facebook logo and the caption "Log in with Facebook", "Connect with Facebook" or "Sign in with Facebook".

By using this "Facebook Connect" button on our website, you can also log in or register on our website with your Facebook data. Only if you give your consent to the exchange of data with Facebook prior to the registration process in accordance with Art. 6 (1) (a) GDPR based on a corresponding notice, we will receive the general and publicly available information stored in your profile when using the "Facebook Connect" button on Facebook, depending on your personal privacy settings on Facebook. This information includes user ID, name, profile picture and age.

Further information on the Facebook Login can be found at: https://www.facebook.com/privacy/explanation

The consent given can be withdrawn at any time by sending a message to us.

Categories of personal data:

Account data (master data)

Contact data

Facebook-Account information

Legal basis:

Art. 6 para. 1 (a) GDPR, consent

Google

If you have an account with Google, you can use this account to log in to our service. Google accounts for European users are provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google Ireland"), a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 ("Google").

Categories of personal data:

By using the “Continue with Google” button on our website, you can log in or register on our website using your Google user data. Only if you give your express consent in accordance with Art. 6 Para. 1 (a) GDPR prior to the registration process on the basis of a corresponding note on the exchange of data with Google, will we receive your Google user ID, user name and email address. We will never receive your Google password and cannot log in to your Google account. You can learn more about data sharing with Google when logging in to our service with Google by reviewing Google’s explanations here:https://support.google.com/accounts/answer/112802 .

Please read the Privacy Policy of Google Inc., as your information is provided to us by Google as part of the SSO.

Categories of personal data:

Account data (master data)

Contact information

Google ID and associated account data

Legal basis:

Art. 6 para. 1 (a) GDPR, consent

Apple

If you have an account with Apple, you can use this account to log in to our service. Apple accounts for European users are provided by Apple Computer Limited, Hollyhill Industrial Estate, Cork, Ireland ("Apple Ireland"), a subsidiary of Apple Inc., One Apple Park Way, Cupertino, CA 95014, United States.

By using the “Continue with Apple” button on our website, you can log in or register on our website using your Apple user data. Only if you give your express consent in accordance with Art. 6 Para. 1 (a) GDPR prior to the registration process on the basis of a corresponding note on the exchange of data with Apple, will we receive your Apple user ID, user name and email address. We will never receive your Apple password and cannot log in to your Apple account. You can learn more about data sharing with Apple when logging in to our service with Apple by reviewing Apple’s explanations here: https://support.apple.com/en-us/HT204053.

The data transmitted by Apple is stored and processed by us solely for the creation of a user account with the necessary data.

Categories of personal data:

Account data (master data)

Contact information

Apple ID and associated account data

Legal basis:

Art. 6 para. 1 (a) GDPR, consent

Manage your profile

You can log in to your profile at any time and change your personal information such as name, email address or phone number. You can also access your previous orders.

Categories of personal data:

Account data

Geolocation data

Order information

Device information and access data

Communication data

Payment data

Legal basis:

Art. 6 para. 1 (b) GDPR, performance of contract

Order processing

Once you have successfully registered and decided to place your order, we will store this information in your profile and process it in further processes so that you can submit your order to us. When you submit your order, your personal data is transferred to our backend where it is transferred to other systems for further processing. Please note that order processing might necessitate the processing of special categories of personal data in those cases where you are purchasing medicinal products, as this will reveal the medical condition you are attempting to alleviate by ordering this specific product. In this case we will make sure to collect your prior consent or otherwise meet the requirements of Art. 9 GDPR. However, generally speaking, your order of drugstore items will not be considered special categories of data. They will only represent such data in the case of placing an order for subscription-only products and only when you share your prescription with our partner pharmacy.

Categories of personal data:

Account data (master data)

Order information

Delivery information

Geolocation data

Device information and access data

Legal basis:

Art. 6 para. 1 (b) GDPR, performance of contract

Buffering

After you have logged in and selected your items, the products will be saved in your profile. If you accidentally close your browser or app, you can continue from the last point of your order. The last information is stored in a cookie.

Categories of personal data:

Account data (master data)

Device information and access data

Order information

Legal basis:

Art. 6 para. 1 (f) GDPR, legitimate interest

The legitimate interest is to provide you with a better ordering experience where you can conveniently continue your order even if your browser or app were accidentally closed.

Delivery

Once you have successfully placed your order, a number of operations are performed in the background to ensure that your order is delivered quickly. The following processing activities describe how and why your data is processed for each purpose.

Transmission to riders and partners

We use various riders for delivery. These can be employees (including third parties) who provide us with riders for the delivery of orders on the basis of a data processing contract. In all these cases, we transmit your personal data to the drivers so that they can deliver your order quickly.

Categories of personal data:

Delivery information to partners (delivery by the partner)

Name, address, phone number to own riders

Legal basis:

Art. 6 para. 1 (b) GDPR, performance of contract

Calls from riders or partners

If a product of your choice is not available or our riders cannot reach you at the delivery address you have provided, they are instructed by us to call you so that the problem can be easily solved. Both the restaurants as well as the riders have no claim whatsoever to your personal data and under no circumstances may they use it for their own purposes. If you should nevertheless be contacted by a restaurant without your prior consent, we ask you to report this to us by e-mail to [email protected]. We at mjam use the feature ‘Call-Masking’ for our own riders. This feature refers to the technique of masking a telephone number to keep your personal number private. With call masking, riders receive a temporary phone number that isn't actually yours from a third party service provider to call or text you if necessary, but your real phone number is not disclosed to them. As this feature is only available for our own riders, partners and the partners’ riders will be provided with your phone number to contact you if needed.

Categories of personal data:

Delivery information

Phone number (to partners, partners’ riders or third-party service providers for the purpose of using the "call masking" function)

Legal basis:

Art. 6 para. 1 (b) GDPR, Contract performance in terms of call from the rider

Billing

In order to send you your invoice via email, we transmit your email address to the respective partner after request from our partners. At the moment, however, the invoice transmission by email is only used by a few partners. The partners have no right to access your personal data and may not use it for their own purposes under any circumstances. Nevertheless, if you are contacted by a partner without your prior consent, please inform us by sending an email to [email protected].

Categories of personal data:

Account data (master data)

Delivery information

Legal basis:

Art. 6 para. 1 (b) GDPR, contract performance partners with regard to customers

Saved payment methods

In order to make the ordering process even more convenient for you, we offer you to save your preferred payment method. This means that you do not have to enter your payment information again the next time you place an order. The storage of this data requires your consent. You can save your payment information by clicking on the consent field. You can withdraw your consent at any time for the future by deactivating the consent field again or by informing via email to [email protected].

Categories of personal data:

Payment data

Legal basis:

Art. 6 para. 1 (a) GDPR, consent

Vendor and user reviews

We provide you with an opportunity to review restaurants, shops and other vendors on our platform. In that case, your review and your first name will be publicly visible on our platform for as long as you maintain your account with us. If you would no longer like the comment to be available, you are free to delete it. If you review the vendors, they will be able to respond to your publicly available reviews.

Categories of personal data:

Account data (master data)

Review contents & identity of vendor (i.e. restaurant/shops) you have interacted with

Legal basis:

Art. 6 (1) f) GDPR, legitimate interests

Fraud prevention and the security of our platform

In order to protect our customers and our platform from potential attacks, we continuously monitor the activities on our website for all users. To this end, we make use of various technical measures to ensure that suspicious behavior patterns are detected at an early stage and prevented in advance. To this end, several monitoring mechanisms run in parallel and prevent potential hackers from accessing our website.

The decision-making process is automated and may affect the data subject legally or in a similar way. If automated decision-making leads to a negative result for you and you do not agree with it, you can contact us at [email protected]. In this case, we will examine the circumstances of your case individually.

Categories of personal data:

Device information and access data

Contact information

Payment method

Order information

Voucher information

Legal basis:

Art. 6 para. 1 (a) GDPR, consent

Advertising und Marketing

Direct marketing

Newsletters and Net Promoter Score (NPS) by email and/or SMS

If you have provided us with your email address or other contact data when signing up for our platform, we will send you by email and/or SMS regular offers of goods or services similar to those offered on our platform. We are constantly striving to improve our services. Your constructive feedback is very important to us. Therefore, our direct marketing newsletters might also include surveys where we ask for your honest feedback. So we will occasionally also send you customer surveys and ask you to give us your opinion.

If you have objected to receiving such communications when registering your account, or at a later point in time, you will not receive any direct marketing emails. You are of course always free to opt out of such emails. In this case, we will store your contact details in a list of customers who have objected to receiving direct marketing, to make sure we can continuously comply with your objection.

Not only do the contents of our newsletters and surveys vary, but so do the technologies and criteria we use to design our newsletters and segment customer groups. For example, a group of customers may receive a special newsletter promoting special deals from partners where customers have ordered. Other newsletters may refer to specific products that relate to a particular flavour, such as sushi, Indian cuisine or pizza. We use different information from your order history and delivery addresses to create these tailor-made offerings for you. Please be also aware that we are recording, in a pseudonymous manner, key performance indicators to assess the effectiveness of our direct marketing campaigns. This includes aggregated information about the opening and click-through rate for our direct marketing messages.

This is a profiling process in which we automatically process your data. The specific customer segmentation will not have a legal effect on you, nor will it similarly significantly affect you. The only effect you will notice are interesting offers on our platforms, bespoke to your interests and meal preferences.

Nonetheless, if this automated decision-making leads to a negative result for you and you do not agree with this, you can contact us at [email protected] this case, we will opt you out of customized newsletter communications and you will no longer receive any such messages going forward.

Categories of personal data:

Account data (master data)

Geolocation data

Order information

Device information and access data

Legal basis:

Art. 6 para. 1 (a) GDPR, consent

As already mentioned, you are entitled to withdraw your consent to the use of your email address for the aforementioned advertising purposes at any time, and free of charge, with effect for the future by changing your message preferences, using the “unsubscribe” button at the end of a newsletter, or by contacting us to the email address already mentioned. For this purpose you only incur transmission costs according to the basic tariffs.

Newsletter by post>

Furthermore, we process your personal data after you have registered with us or placed an order to send you postal newsletters. This newsletter also contains information on similar products and services, updates on new offers, promotions, competitions and company news and invitations to customer surveys.

Categories of personal data:

Account data (master data)

Geolocation data

Order information

Device information and access data

Legal basis:

Art. 6 para. 1 (f) GDPR, legitimate interest

If you do not want to receive newsletters by post, you can object to the processing of your data for this purpose at any time without giving reasons. In this case, we will only store your contact data to document your objection.

App

When you use our app, we have a strong interest in keeping you informed about the status of your order, your account, and any new partners or offers. We are always working to provide you with a first-class customer experience. To achieve this, we negotiate very good deals for you with our partners. To inform you about these deals, we send you in-app or push notifications through our app. To receive these notifications, it is mandatory that you have this enabled on your devices. You can deactivate this function at any time on your devices to stop receiving notifications. You will then also not receive any order status notifications.

Categories of personal data:

Geolocation data

Account data (master data)

Order information

Legal basis:

If the processing takes place with your consent, the legal basis is Art. 6 para. 1 (a) GDPR, i.e. your consent. Otherwise, the processing is based on our legitimate interest according to Art. 6 para. 1 (f) GDPR. Our legitimate interest is the above-mentioned purpose.

Cookies

In order to make the visit to our website/app attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and allow us or our business partner to recognize your browser on your next visit (resident cookies). You can select your browser setting so that you are informed about the establishment of cookies and decide in each case whether you want to accept or reject them in special cases or in general. The rejection of cookies may limit the functionalities of our website/app.

Categories of personal data:

Device information and access data

Legal basis:

If the processing takes place with your consent, the legal basis is Art. 6 para. 1 (a) GDPR, i.e. your consent. Otherwise, the processing is based on our legitimate interest according to Art. 6 para. 1 (f) GDPR icw § 163 para 3 TKG.

Our cookie policy with all the cookies we use can be found here.

Google Analytics

The Platform uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the online portal. The information generated by the cookie about the use of this website (including the IP address of the user) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate the user's IP address with any other data held by Google. You consent to the collection and processing of data by Google in the manner and for the purposes set out above. You may refuse the use of cookies by selecting the relevant settings on your browser, thereby preventing the further collection of data. In this case, not all functions of the platform may be fully available to you.

Bonus program

We want to reward the loyalty of our customers with attractive offers and points. For this reason, we offer our customers corresponding bonus programs. Participation in a bonus program requires consent. If the bonus programs are offered by third parties, your data will be passed on to these third parties. You can withdraw your consent at any time for the future. To do so, please send us an email to [email protected].

Categories of personal data:

Account data (master data)

Legal basis:

Art. 6 para. 1 (a) GDPR, consent

Competitions

If you participate in a competition, we will process your data for the purpose of conducting the competition, notifying the winners and, if applicable, delivering the prize. If we plan to publish the winner's data, this will only be done on the basis of your consent. If you would like to be informed about new competitions, this requires your consent. If you have already given your consent and now wish to withdraw it for the future, you can do so at any time by sending an email to [email protected]. In this case, you will not receive any further invitations to competitions in the future.

Categories of personal data:

Account data (master data)

Legal basis:

Art. 6 para. 1 (b) GDPR, contract performance for participation in competitions

Art. 6 para. 1 (a) GDPR, consent for the publication of the data and electronic mailings for further competitions

User experience surveys

We are always developing new products and trying to adapt our services to the preferences of our customers. To measure the efficiency of these changes, we regularly offer interviews with our user experience team. In these interviews, we record your usage behavior and ask you about any optimization opportunities.

Participation in the interviews requires your consent. If you have already given your consent and would now like to withdraw it for the future, you can do so at any time by sending an email to [email protected]. In this case, we will exclude you from participating in our interviews and you will not receive any further invitations.

Categories of personal data:

Account data (master data)

Order information

Delivery information

Legal basis:

Art. 6 para. 1 (a) GDPR, consent

Vouchers

We often offer vouchers on our platforms for various reasons. The purpose of these vouchers is to reward the loyalty of our customers and further encourage them in their exceptional customer loyalty.

In order to be able to verify the number, value and frequency of use of the vouchers, but also to prevent misuse of these vouchers, we collect various personal data.

Categories of personal data:

Account data (master data)

Voucher information

Legal basis:

Art. 6 para. 1 (f) GDPR, legitimate interest

Our legitimate interest is the above-mentioned purpose.

Fanpages on social media

We have profiles on various social media platforms on which we advertise our products and interact with customers. Since we operate these profiles on third-party platforms, including Facebook and Instagram, each time you visit these social media offerings the operators of these social media platforms collect different personal data from you. The social media platforms Facebook and Instagram are operated by Meta Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Meta”).

Responsibilities

We and the respective social network operators have joint control in this context. Wherever two or more controllers jointly determine the purpose and nature of the processing, they have joint responsibility.

Also, the operators of the social media platforms themselves are data controllers for the general use of their social media services and interactions outside our profiles and social media sites. This sole responsibility also applies to any processing of your social media account data for purposes other than analyzing the traffic on our social media sites.

The following links will inform you exactly which data is collected by the respective social network operators:

Privacy Policy Facebook

Privacy Policy Instagram

Data processing

Meta provides page administrators with aggregated statistics and insights that help them understand the types of actions people take on their pages ("Page Insights"). Please be informed that we only receive aggregated user reports from Meta. At no point can we attribute any page visit or other interaction to individual social media profiles.

When you visit or interact with one of our social media sites or its content, information such as the following may be collected and used to create Page Insights:

-Viewing a page, or a post or video from a page;
-Following or unfollowing a page;
-Liking or unliking a page or post;
-Recommending a page in a post or comment;
-Commenting on, sharing or reacting to a page post (including the type of reaction);
-Hiding a page's post or reporting it as spam;
-Clicking a link to a page from another page on Facebook or from a website off Facebook;
-Hovering over a page's name or profile picture to see a preview of the page's content;
-Clicking on the website, phone number, Get Directions button or other button on a page; and
-Whether you're on a computer or mobile device while visiting or interacting with a page or its content

Data subject rights

For all data processing on this website, we are entirely responsible for the privacy of your data.

As part of our agreement with Facebook, we have determined that Meta is primarily responsible for fulfilling its information obligations in connection with the "Page Insight" data and for exercising/preserving your rights deriving from the GDPR. For more information about your data subject rights on Facebook, please see the Page-Insight-Privacy Policy of Facebook.

Customer relations management

Your requests

Your satisfaction is our highest goal. That is why we are very committed to answering all your questions. In order to answer your questions and understand the overall problem, we store the contents of the conversation in our customer relationship management system when you contact us.

The content of the information we store depends on the information you provide in our communications.

Categories of personal data:

Contact data

Order information

Legal basis:

Art. 6 para. 1 (b) GDPR, performance of contract

Call-Center

If you contact us by phone, we store the conversation with your consent for quality assurance purposes. In individual cases, we also use the recordings for quality improvements in customer services, i.e. for training purposes (coaching) with our employees. The content of the information we store depends on the information you provide to us during our communication.

The stored phone calls are deleted after 90 days at the latest or if the purpose of the storage, i.e. the quality check, is fulfilled earlier.

Categories of personal data:

Order information

Legal basis:

Art. 6 para. 1 (a) GDPR, consent

Mergers and acquisitions, change of ownership

We would also like to inform you that in the event of a merger with or acquisition by another company, we will pass on information to that company. Of course, under the condition that the company complies with the legal data protection regulations as well.

Categories of personal data:

Delivery information

Geolocation data

Account data (master data)

Device information and access data

Order information

Voucher information

Customer care data

Payment method

Marketing contact and communications data

Legal basis:

Art. 6 para. 1 (f) GDPR, legitimate interest

Our legitimate interest is the above-mentioned purpose.

Who we work with and where we process your data

We never share your data with unauthorized third parties. However, as part of our operations, we use the services of selected service providers and grant them limited and closely monitored access to some of our data. Before we share personal data with these partner companies for processing on our behalf, each company is audited. All data recipients must comply with data protection law requirements and demonstrate their level of data protection accordingly.

Delivery Hero Group

Within a group of companies, it is sometimes necessary to use resources efficiently. In this respect, we support each other within our group of companies in optimizing our processes. In addition, we provide shared content and services. This includes, for example, technical support for systems.

This is a joint responsibility within the meaning of Art. 26 GDPR. Together with Delivery Hero SE, Oranienburger Straße 70, 10117 Berlin, [email protected], we are fully responsible for compliance with data protection regulations. As part of the joint control, we and Delivery Hero SE have agreed that both equally guarantee your rights.

For practical reasons, we have decided that we will be at your disposal for all data protection issues and, in particular, guarantee your rights according to the Articles 15 to 22 of the GDPR.

Please contact us for this at[email protected].

Service provider

We use various processors for our daily processing. They process your personal data in accordance with the requirements of Art. 28 GDPR exclusively according to our instructions and have no claim to this data. We also monitor our processors and only include those that meet our high standards.

Since we use different processors and change them from time to time, it is not appropriate to name specific recipients of personal data. However, if you are interested, we are pleased to provide you with the name of the processor in use at that time upon request.

Third parties

In addition to processors, we also work with third parties to whom we transfer your personal data but who are not subject to our instructions. These are, for example, our consultants, lawyers or tax advisors who receive your data from us on the basis of a contract and process your personal data for legal reasons or to protect our own interests.

We do not sell or rent your personal data to third parties under any circumstances. This will never happen without your explicit consent.

Prosecuting authorities, courts and other public bodies

Unfortunately, it can happen that some of our customers and service providers do not behave properly and want to cause us harm. In these cases, we are not only legally obligated to hand over personal data, it is also in our interest to avert damage, to enforce our claims as well as to reject unjustified claims.

Data processing outside the EU

We process your data mainly within the European Union (EU) and the European Economic Area (EEA). However, some of our service providers mentioned above are located outside the EU and the EEA.

The GDPR sets high requirements for the transfer of personal data to third countries. All our data recipients must meet these requirements. Before we transfer your data to a service provider in third countries, each service provider is first checked for its level of data protection. Only if it can demonstrate an adequate level of data protection it will be shortlisted as a service provider.

Regardless of whether our service providers are located in the EU / EEA or in a third country, each service provider must sign a data processing agreement with us. Service providers outside the EU / EEA must meet additional requirements. According to Art. 44 et seq. GDPR, personal data may be transferred to service providers that meet at least one of the following requirements:

The commission has decided that the third country in question offers an adequate level of protection (eg. Israel and Canada)

Use of standard privacy clauses:

These are contractual clauses that may not be modified by the contracting parties and in which they commit to ensuring an adequate level of data protection.

Approved certification mechanism:

Within the framework of international agreements, companies can be certified according to defined criteria..

We only transfer your data to service providers that meet at least one of these requirements. If we transfer data to third countries, these are usually companies based in the USA or Israel.

How long we store your data

In general, we delete your data after the purpose has been fulfilled. The exact deletion rules are set out in our regional deletion concepts. Different deletion rules apply depending on the processing purpose. In our deletion concepts, we have defined various data classes and assigned them specific deletion periods. Deletion rules are assigned to the data collected. After the retention period has expired, the stored data is deleted accordingly.

We delete your personal data either at your request, when you notify us, or if your account has been inactive for three years. Before we do this, you will receive a separate notice from us to the email address registered in your user account.

In addition to the deletion rules we have defined, there are statutory retention periods that we must also comply with. For example, tax-relevant data must be retained for a period of at least seven years or, in some cases, even longer. These specific retention periods vary according to the legal requirements.

Therefore, despite your request to delete your data, we may still need to retain some of the stored data for legal reasons. In this case, however, we will restrict the further processing of the data.

In addition, we will continue to store your data if we have the right to do so, in accordance with Art. 17 (3) GDPR. This applies in particular if we need your personal data for the establishment, exercise or defense of legal claims.

mjam Privacy Policy - JÖ

JÖ - Bonus card

If you are registered with JÖ and would like to use your JÖ account with us as well, you can benefit from certain cooperation offers.
In the context of our cooperation, JÖ and we act as joint controllers according to Art. 26 GDPR.

Contact data of JÖ:
Ö-Bonus Club GmbH
FN 246168 m
in 2355 Wiener Neudorf
IZ NÖ-Süd, Straße 3, Objekt 16.

Use of your JÖ account

In order for you to use your JÖ membership on our platform, we will share the personal data described below with JÖ in this context. For any questions regarding your personal data in connection with JÖ, please contact the JÖ Serviceline at 01 / 386 5000 or [email protected].

You can link your existing JÖ account with your mjam account as well as create a new account if you do not have a JÖ account yet. For this purpose, you will be redirected to the website of JÖ and can link your accounts there after entering your personal data. When creating and linking your accounts, we ask you to also acknowledge the Privacy Policy of JÖ.

CATEGORIES OF PERSONAL DATA:

Master data, member and card number, amount of points, turnover, email address

Advertising

If you have agreed to receive newsletters from JÖ and its partners, we will inform you about our products, promotions and lotteries. In order to select content that is as relevant to you as possible, we analyze your purchasing behavior and your participation in our promotions and lotteries (profiling). You can object to profiling at any time for the future. To do so, contact the JÖ Serviceline at 01 / 386 5000 or [email protected].

In the context of profiling, we also process your personal data within the framework of algorithms. Of course, you have the right not to be affected by decisions based solely on automated processing. If you believe that you have been disadvantaged as a consequence of automated decision-making, you can contact us at [email protected] at any time. We will then review the matter separately and decide on a case-by-case basis.

CATEGORIES OF PERSONAL DATA:

Contact data, purchase behavior, frequency of participation, duration of participation

LEGAL BASIS:

Art. 6 para. 1 (a) GDPR, Einwilligung für den Newsletterversand

Art. 22 para. 2 (c) GDPR, Art. 6 para. 1 (a) GDPR

DATA SUBJECT RIGHTS:

The agreements between JÖ and us contain regulations on who has which obligations under the GDPR. JÖ is available to the member as the first point of contact for data protection issues in connection with the JÖ Bonus Club; in particular, the member may claim his or her rights under the GDPR against JÖ. JÖ can be contacted by post, by email at [email protected] and by telephone at +43 1 386-5000. The right of the member according to Art 26 para. 3 GDPR to claim his rights according to the GDPR against us or against JÖ remains unaffected.

Subject to change

We reserve the right to change this privacy policy in accordance with legal requirements. Of course, we will inform you about any significant changes, such as changes of purpose or new processing purposes.

Last Update: June 2022