Wolt Privacy Statement for Employed Couriers
1. INTRODUCTION
1.1 Welcome to privacy statement for employed couriers
At Wolt, we take data protection seriously. This privacy statement (hereinafter the “Privacy Statement”) describes the key principles and practices we abide in order to ensure your privacy is respected while using Wolt’s services and applications (“Wolt Services”) and performing your duties for Wolt as an employed courier (“Courier” or “you”). “Wolt” and “we” refers in this Privacy Statement to Wolt Enterprises Oy and your employing Wolt legal entity unless otherwise stated.
We process the personal data of our employees that have been engaged as Couriers to meet our legal and contractual obligations as an employer. This Privacy Statement may be updated from time to time, however, we will not make substantial changes without notice.
1.2 Data controllers within Wolt
Wolt is part of DoorDash, Inc., a technology company with an official address at 303 2nd St, Suite 800, San Francisco, CA 94107, USA.
This Privacy Statement applies only to employed Couriers’ personal data processing that is carried out by legal entities belonging to the Wolt group. When processing your personal data, Wolt Enterprises Oy and the local Wolt entity acting as your employer are acting as joint data controllers. This means that Wolt Enterprises Oy and your employer together determine the purposes for and means by which personal data is processed.
For practical reasons Wolt Enterprises Oy has been appointed to handle all data subject requests and questions relating to the personal data processing on behalf of the local joint controllers. When processing personal data of couriers providing services to Wolt Enterprises Oy, Wolt Enterprises Oy acts as the sole data controller.
Please note that company details may change from time to time. Therefore changes may also affect the content of this Privacy Statement. We may add or delete legal entities to the list below, specify and update company details or make changes to our group structure. You may request for up-to-date information about Wolt group legal entities processing your personal data by contacting privacy@wolt.com.
1.3 How can you contact us?
Wolt Enterprises Oy | Wolt Enterprises Oy Business ID: 2646674-9 Pohjoinen Rautatiekatu 21, 00100, Helsinki, Finland |
Privacy matters, issues and requests
If you have any questions or concerns about your personal data processing, you may reach out our Privacy Team | |
Security matters, issues and questions
If you have security questions or issues, or you want to raise a security concern, please reach out to our Security team. | |
Data Protection Officer of Wolt Enterprises Oy | |
People and HR issues
People issues and general requests shall be addressed to the People Team | In Germany: couriers.germany@wolt.com In other countries: people@wolt.com |
Contact detail relating to Whistleblowing process |
2. PERSONAL DATA PROCESSING PRINCIPLES
2.1 The purposes and grounds for processing
We process your personal data to the extent necessary and appropriate for the specific processing purposes in accordance with the regulations of the European General Data Protection Regulation (GDPR) as well as other applicable laws. Please note that one or more of the following purposes and legal grounds may apply simultaneously.
2.1.1 Contractual obligations
Firstly, we process your personal data in order to comply with our contractual obligations, for example, to the extent necessary to:
Pay remuneration to and fulfill our other obligations under the employment agreement between you and your employer;
Provide services to Wolt’s users, for example, in order to provide Wolt’s users with the information necessary for the delivery of their orders and solve support cases if you or our user contacts us;
Communicate with you to evaluate your performance under the employment agreement; and
Ensure compliance with the employment agreement between you and your employer. For example, we may process your location data and other strictly necessary personal data if we have legitimate reason to do so for verifying your compliance with the employment agreement.
2.1.2 Legitimate interest
Secondly, we may process your personal data if there is an appropriate and justifiable interest for processing (that is, legitimate interest) to run, maintain and develop our business or to create and maintain employment relationships. When choosing to use your data on the basis of our legitimate interests, we weigh our own interests against your right to privacy and, for example, provide you with an easy to use opt-out possibility and use pseudonymized or non-personally identifiable data when possible. You have the right to object processing of your data on the basis of legitimate interest. However, your employer can refuse such an objection in accordance with applicable legislation, for example, if the processing is necessary for preparing, exercising or defending legal claims.
We process your personal data to the extent necessary and based on legitimate interest, for example, to:
Contact you regarding the employment agreement and/or Wolt Services, to inform you of changes relating to them or asking your review or feedback on us and/or Wolt Services;
Process customer ratings and feedback to evaluate your performance. In case you receive frequent negative feedback from the users of the Wolt Services, Wolt as your employer may for example contact you or take other action on a case-by-case basis based on such feedback.
Conduct measures regarding personnel development planning and regarding protection of employees and clients as well as protection of our property. Moreover, we process your personal data for purposes of publishing business contact details in the internal phone book;
Claims handling, debt collection and/or other legal and regulatory processes or the whistleblowing process;
Prevention of fraud, misuse of our services and for information, system and network security and safety purposes. For example, based on our legitimate interest, a limited amount of and necessary personal data may be retained also after the contractual relationship if required to prevent misuse of our services or for security and safety reasons;
Solve user complaints and investigate and respond to incidents that relate to a breach of the employment agreement between you and us. We may, for example, process your location data if we have legitimate reason to do so for verifying your compliance with the employment agreement;
Record your communication with Wolt support (for example, phone recording);
Develop our business, services and products, our cooperation with Couriers as well as improve the quality of Wolt Services, for example, by analyzing any trends and/or Courier behavior in the use of the Wolt Services. When possible, Wolt will do this by using only aggregated, non-personally identifiable data; and
Process your data within the Wolt group of companies in accordance with this Privacy Statement.
2.1.3 Consent
If you have consented to the processing of your personal data, we will process your data only in accordance with and in the scope of the purposes specified in the declaration of consent. A given consent may be revoked at any time with effect for the future. The revocation of the consent shall only take effect for the future and shall not affect the legitimacy of the processing of personal data carried out until the revocation.
2.1.4 Legal obligations
We also process personal data to enable us to administer and fulfill our obligations under the applicable law. As an employer, we are subject to various legal obligations, that is, statutory requirements (for example social security law, occupational safety, tax law). The purposes of processing include, among other things, identity verification, the compliance of social security or tax law related control, reporting or documentation obligations and the risk management within the company.
As far as special categories of personal data pursuant to GDPR are to be processed, this serves to exercise rights or fulfil legal obligations under labor law, social security law and social protection in the frame of the employment relationship (e.g. providing health data to the health insurance fund, recording of a severe disability in view of additional leave). Furthermore, it may be required to process health data in order to evaluate your ability to work pursuant to applicable laws. Moreover the processing of special categories of personal data may be based on a consent pursuant with the applicable laws (e.g. to carry out an inhouse occupational rehabilitation management).
2.1.5 Automated decision-making
While processing your personal data for the purposes described in this Privacy Statement, we may use automated means also including automated decision-making. For example, to fulfill our contractual obligations as well as based on our legitimate interest we may process personal data to make automated decisions for matching available Couriers with the deliveries placed by users as well as to pay agreed fees in accordance with the employment agreement with us.
Tasks are matched to Couriers by finding routes which are valid (e.g. vehicle capabilities, age restrictions and chosen offline time) and which are the most optimal, in terms of least distance driven per task, and delivery time best within a predefined time range.
The Couriers are anonymized in connection to the automated decision-making and the delivery assignments are based solely on the following: location of the Courier and delivery destination locations, vehicle type, the Courier’s offline time, and the capabilities of the Courier and delivery. For example, if you have chosen a certain offline time, you will be excluded from the allocation during that time.
The capabilities of the Courier (vehicle size, age restriction, location details) are matched against those of the delivery destination to define assignments.
The Courier and delivery coordinates, as well as the Courier’s vehicle type, are used to calculate distances and time durations between the Courier and delivery locations. Our courier algorithm identifies the Courier and delivery assignment pairs which keep a city's overall driven distance and lateness from the delivery time frame as low as possible.
You can always contact us if you have any questions related to the delivery assignments or you wish our support team representative to be involved in verifying the correctness of the automated delivery assignments.
2.2 Personal data processed
We process only personal data that is necessary for the rights and obligations of either Wolt as an employer or you as an employee in the context of establishing or managing an employment relationship. Collection and storing of information is always subject to local legal requirements.
Personal data we collect and process includes, for example:
Identification information | Such as: Full name and title and date of birth; Gender and marital status and number of children; Social security number or personal identity code or number; Contact details such as email and phone number; Identification documents such as driver’s license and passport copy; Emergency contacts; Social media profile names (e.g. LinkedIn, Instagram); Nationality, work permits and associated documents as well as trade union membership (when necessary for us to fulfill our legal obligations); and Courier ID and Courier bag ID; and Photograph, facial images and/or videos. |
Salary payments | Such as: Your salary; Bank account details; Tax related details; and Information regarding possible debt collection or foreclosure actions if that is our obligation. |
Recruitment | See our Recruitment Privacy Statement here |
Lifecycle of employment | Such as: Employment documentation Start and end dates of employment Feedbacks and reviews Documentation regarding disciplinary actions Working times; and Absences and reasons for them if it is necessary due to rights and obligations in the employment relationship or salary payments. |
State of health | Such as: Doctor’s certificates and associated data; Health care professional’s evaluations and associated data; Suitability for your role due to health reasons; Health reasons related to performance related matters and associated data; and Health information related to salary payments. |
Role related information | Such as: Job descriptions, responsibilities, and obligations; Call record and communications in Support; Intercom notes and associated data; and Courier ID. |
Performance and user performance related data | Such as: Performance and usage data based on different work related tools and softwares. |
Whistleblowing, grievance and reporting on wrongdoings | Such as: First and last name; Country; Telephone number; Email address; Your credentials to the SpeakUp tool; Other personal data provided by you in the report or during the investigation; Other personal data collected during the investigation if that is necessary for investigation purposes; and Transcripts of interviews and any written evidence concerning the investigation. More information about our whistleblowing channel SpeakUp in here. |
Information related to the provision and usage of Wolt Services | Such as: Location data; User credentials; Emails and other communication; Access and availability information; Device information and associated data; Log information and associated data and other data provided by you when using Wolt Services and applications; and Video camera surveillance data on Wolt premises. |
When you use Wolt Services for performing your work duties, we may collect, use and share data on either your exact or approximate location, including real-time geographic location of your mobile phone. The data is collected for purposes of providing services to Wolt’s clients, e.g. in order to provide Wolt’s clients with the delivery information of the order and for performance of the agreements between the Courier and Wolt. Location data is also required, for example, to estimate accurate delivery times and to confirm payments.
Further, Wolt may process your location data including dropoff location collected during your performance of deliveries for solving user complaints and responding to incidents that relate to a breach of the employment agreement between you and us. We will not process such pickup and/or drop off locations without weighing our own interests against your right to privacy and, for example, use pseudonymized or non-personally identifiable data when possible.
As to camera surveillance in our premises we may process such data to monitor the safety of our premises, employees and people visiting them as well as to investigate any security or other similar incidents in accordance with applicable laws.
As to visiting or interacting with the Wolt Services we may automatically collect certain technical data including:
Information that describes your device or browser and Wolt’s application, their versions, features, capabilities, and settings;
Information about your operator, Internet service provider and network connection type, including your IP address;
Identifiers provided by your device or third parties for application vendors or advertisers, or identifiers we create ourselves;
Country, locale, time zone and geo-IP level location information;
Where you followed a link to Wolt Services, and links you followed from Wolt Services;
Details of your interactions with, and usage of, Wolt Services. This includes, for example, usage patterns, which features you use, advertisement, participating into a specific campaign and offer impressions and interactions, and information on orders; and
Data for tracking and reporting transactions initiated by our advertising partners, including timestamps, and identifiers mentioned above.
While we do not normally use such data to identify you as an individual, you can sometimes be recognized from it, either alone or when combined or linked with user data. In such situations, technical data can also be considered personal data under applicable laws and we will treat such data as personal data.
For details on how to control advertising and analytics identifiers on your device, see below under the section “Cookies and other technologies”.
2.3 Cookies and other technologies
We use various technologies to collect and store analytics data and other information when you visit the Wolt Services, including cookies storing website data, and using web and application telemetry.
Cookies and other website data saved on your device allow us to identify visitors of the Wolt Services and facilitate the use of the Wolt Services and to create aggregate information of our visitors, which helps us to improve the Wolt Services and better serve our users. Some cookies are necessary for using and running a seamless experience on the Wolt Services and they are used e.g. for remembering your choice of language and country. The cookies and other website data will not harm your device or files. We use cookies and other website data to tailor the Wolt Services and the information we provide in accordance with the individual interests of our users. Please note that the retention time of different cookies is limited and varies from less than a minute till indefinitely and when a specific cookie is deleted.
Further information on use of cookies and third party analytics at Wolt, please see Wolt Privacy Statement available at: https://explore.wolt.com/en/fin/privacy.
2.4 Source of data
Primarily we receive personal data directly from you. However, some personal data may be collected from third parties if and to the extent necessary for processing purposes described in this Privacy Statement and allowed by applicable laws:
During the employment relationship we may collect information about you from Wolt’s other employees such as your supervisor e.g. relating to performance reviews or in connection to whistleblowing reports as well as from our customers, merchants and other partners regarding your deliveries through the Wolt Service.
With your consent or when otherwise legally allowed, we may also acquire certain information from relevant authorities, occupational health care providers, public registers or from other similar sources.
Wolt may also offer a referral program where Couriers can invite friends and family to sign up for the Wolt Service and become a courier providing services on Wolt’s platform. You can send an SMS with a referral link to your contacts.
2.5 Storage period
Wolt does not store your personal data longer than is legally permitted and necessary for the employer’s legal obligations or other purposes for which the data were collected. The storage period depends on the nature of the information and the purposes of processing. The maximum period may therefore vary per use. Wolt takes reasonable steps to keep the personal data accurate and to delete incorrect or unnecessary personal data.
If the data is no longer required for the fulfillment of contractual or statutory obligations or other purposes described in this Privacy Statement, the data will be regularly deleted. We assess regularly the storage period for personal data to ensure the data is stored only for the necessary time period.
2.6 The recipients of personal data
We do not share personal data with third parties outside of our group companies unless one of the following circumstances apply:
For legal reasons
We may share personal data with third parties outside Wolt’s organization if access to the personal data is reasonably necessary to, such as, but not limited to: (i) meet taxation, any applicable law, regulation, and/or court order; (ii) detect, prevent or otherwise address crime and/or security issues; or (iii) protect Wolt´s interests in case of claims and civil litigation relating to an employment relationship.
We may share location data to the competent authority for purposes of authority investigations if we are required to do so under applicable laws.
To authorized service providers and third parties
We may share personal data to authorized service providers who perform services for us. Such service providers are for example our internet service providers, accounting company and our designated occupational health and safety provider. Our agreements with our service providers include commitments that the service providers agree to limit their use of personal data and to comply with privacy and security standards at least as stringent as the terms of this Privacy Statement.
We may share personal data to third parties that need access to your personal data in order for us or such third parties to perform services to Wolt’s clients and fulfill the purposes set out in this Privacy Statement. For example, partners who offer their products through the Wolt Services receive details of your estimated time of arrival and distance from the pickup location to estimate your arrival time.
In case of an incident, Wolt may share the location of the Courier in question to the insurance company in order for the insurance company to confirm that the Courier was performing a service under the employment agreement at the time of the incident. The insurance company or a third party on behalf of the insurance company will also share certain personal data about you to Wolt in order for the third party company to provide the insurance coverage and for Wolt to verify that the incident is such that you are eligible for the coverage.
The insurance company may receive the following data about you for claims workflow and validation as well as insurance onboarding and offboarding purposes:
Courier ID;
First Name;
Last Name;
Phone Number;
Email Address;
Courier Country;
Time First Delivery Date;
Time Last Delivery Date;
Vehicle Type; and
Other possible information that is considered necessary.
For other legitimate reasons
If Wolt is involved in a merger, acquisition or asset sale, we may transfer personal data of employees to the third party involved. However, we will continue to ensure the confidentiality of all personal data. We will give notice to all employees concerned when the personal data are transferred or become subject to a different privacy policy as soon as reasonably possible.
With your explicit consent
We may share personal data with third parties outside of our organization for other reasons than the ones mentioned before, when we have your explicit consent to do so. You have a right to withdraw such consent at any time.
2.7 International data transfers
Personal data is primarily stored within the European Economic Area (“EEA”). However, we have service providers, operations and group companies in several geographical locations. As such, we and our service providers may transfer your personal data to, or process it in, jurisdictions outside the EEA or your domicile.
We will take steps to ensure that personal data receives an adequate level of protection in the jurisdictions in which they are processed. We provide adequate protection for the transfers of personal data to and from countries outside of the EEA through a series of agreements with our service providers based on the Standard Contractual Clauses or through other appropriate safeguards. Where the recipients are located in a country outside the EEA which benefit from an adequacy decision of the European Commission, the personal data are transferred to such recipients upon such adequacy decision
More information regarding the transfers of personal data may be obtained by contacting us on any of the addresses indicated above.
3. YOUR RIGHTS
3.1 How can you access, change or delete your personal data?
Right to access
You have a right to access the personal data processed by us. This means that you may contact us using the contact details above and we will inform you what personal data we have collected and processed regarding you and the purposes such data are used for. You also have the right to request disclosure of the purposes for which Wolt processes your personal data and of records regarding the provision of personal data to authorized service providers and third parties.
Please note, however, that Wolt may limit your access to certain information received via the whistleblowing hotline (called internally the SpeakUp channel) during a critical stage of internal investigation or to the extent such request may jeopardize the anonymity of the whistleblower or other individuals involved.
Right to withdraw consent
In case the processing is based on a consent granted by you, you can revoke a given consent at any time.
Right to correct
You have the right to have incorrect, imprecise, incomplete, outdated, or unnecessary personal data we have stored about you corrected or completed by contacting us. You have the right to update for example your contact information or your other personal data.
Right to deletion
You may also ask us to delete your personal data from our systems. We will comply with such a request unless we have a legitimate ground to not delete the data. After the data has been deleted, we may not immediately be able to delete all residual copies from our active servers and backup systems. Please note that during the term of employment data is processed primarily due to legal obligations and therefore we may not be able to delete it.
Right to restriction of processing
You may request us to suspend processing of personal data for example when your data deletion, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your data. When the processing has been suspended, your data will only be stored and not processed further. For example, if you contest the accuracy of your data, such data will be restricted from processing until it is ensured that the data is accurate.
Right to object
You may have the right to object on grounds relating to your particular situation to the processing of your personal data based on our legitimate interest. We will comply with such objection unless we have a legitimate ground not to.
Right to data portability
You have the right to receive the personal data you have provided us with in a structured and commonly used format.
3.2 How to use your rights
If you want to use your rights, please contact your supervisor. You may also use your rights by contacting Wolt support or sending a letter or an e-mail to us on the address set out above.
We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.
4. INFORMATION SECURITY
We do our best to keep your data safe and secure. We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Measures include for example, where appropriate, encryption, pseudonymization, firewalls, secure facilities and access right systems. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, availability, resilience, and ability to restore the data. We regularly test the Wolt Services, systems, and other assets for security vulnerabilities. Furthermore, access to personal data by employees of Wolt is restricted and access is subject to what is necessary for purposes of the employee’s work duties.
5. DIRECT MARKETING
You have the right to prohibit us from using your personal data for direct marketing purposes, market research and profiling made for direct marketing purposes by contacting us on the addresses indicated above or by using the unsubscribe possibility offered in connection with any direct marketing messages.
6. LODGING A COMPLAINT
In case you consider our processing of personal data to be inconsistent with the applicable data protection laws, you have a right to lodge a complaint with the local supervisory authority for data protection.
Information on relevant local supervising authority may be requested from privacy@wolt.com or for the EU countries checked from the European Data Protection Board’s website.