Wolt hr privacy policy (Human Resources data)
1. ABOUT THIS HR PRIVACY POLICY AND DATA CONTROLLERS
At Wolt Enterprises Oy and Wolt Enterprises Deutschland GmbH (“Wolt”, “we”), we take data protection seriously.
We process the personal data of our employees that have been engaged as couriers to meet our legal and contractual obligations as an employer (hereinafter also “you”). This Courier Privacy Policy may be updated from time to time, however, we will not make substantial changes without notice.
When processing your personal data, Wolt Enterprises Oy and Wolt Enterprises Deutschland GmbH are acting as joint data controllers. This means that Wolt Enterprises Oy and the local Wolt group company together determine the purposes for and means by which personal data is processed.
2. CONTACT DETAILS OF CONTROLLERS:
Wolt Enterprises Oy
Business ID: 2646674-9
Correspondence address: Arkadiankatu 6, 00100 Helsinki
Wolt Enterprises Deutschland GmbH
Business ID: HRB 217122 B
Correspondence address: Große Hamburger Str. 32 10115, 3rd floor
E-mail-address: support@wolt.com
Wolt has appointed a data protection officer who you can reach through the above contact details.
Contact person for matters relating to the whistleblowing channel and process:
Sari Jusslin (Paralegal) sari.jusslin@wolt.com
Mari Laatsalo (Senior Legal Counsel) mari.laatsalo@wolt.com
Matti-Esko Seppä (Head of HR) matti-esko.seppa@wolt.com
3. PERSONAL DATA COLLECTED
We collect and process the following personal data relating to you:
· Identification information, such as name and title, address, driver’s license, social security number, address, contact details, date of birth, nationality, marital status;
· Information needed for payment of remuneration, such as bank account and tax information;
· Information collected during recruitment stage (please see our Recruitment Privacy Policy);
· Communication between you and Wolt;
· Responsibilities, qualifications, assignments, language skills and further training;
· Information on the employment relationship, such as entry date and description of the activities and job title, insurance number and residence permit;
· Content of your employment contract and any appendices to it;
· Information on working time, such as recording of working time, vacation, illness, data relating to business travel;
· Usage data of Wolt’s services/applications (including location and availability when providing courier partner services to Wolt)
· Information concerning the employee’s state of health, family or trade union membership when necessary for us to fulfil our legal obligations (e.g. to coordinate sick leaves, parental leaves, leave in the case of a severe disability);
When you use Wolt’s services and applications (“Wolt Services”) for performing your duties to Wolt, we may collect, use and share data on either your exact or approximate location, including real-time geographic location of your mobile phone. The data is collected for purposes of providing services to Wolt’s clients, e.g. in order to provide Wolt’s clients with the information on the delivery of the order and for performance of the agreements between the courier partner and Wolt. Location data is required for example to estimate accurate delivery times and to confirm payments.
Wolt may automatically collect certain technical data when you visit or interact with the Wolt Services. Such technical data may include the browser name, the type of computer or device, time spent on website, interaction with the services, URL of the website you visited before and after visiting the services, the time and date of user visits, surfing habits, IP address, operating system and the Internet service providers utilized and other similar technical information. While we do not normally use such data to identify you as an individual, you can sometimes be recognized from it, either alone or when combined or linked with user data. In such situations, technical data can also be considered personal data under applicable laws and we will treat such data as personal data.
We only collect and store information that is necessary for the rights and obligations of either party in the context of establishing, managing or terminating an employment relationship.
Cookies
We use various technologies to collect and store analytics data and other information when you visit the Wolt Services, including cookies and web beacons.
Cookies are small text files sent and saved on your device that allows us to identify visitors of the Wolt Services and facilitate the use of the Wolt Services and to create aggregate information of our visitors, which helps us to improve the Wolt Services. Some cookies are necessary for using and running a seamless experience on the Wolt Services and they are used e.g. for remembering your choice of language and country.
The Users may choose to set their web browser to refuse cookies, or to alert when cookies are being sent or to manage the cookie choices in the cookie banner on the Wolt Services. For example, the following links provide information on how to adjust the cookie settings on some popular browsers:
4. SOURCES OF PERSONAL DATA
Primarily we receive personal data directly from you.
During the employment relationship we may collect information about you from Wolt’s other employees such as your supervisor e.g. relating to performance reviews or in connection to whistleblowing reports.
We may also collect your personal data from tax and other relevant authorities as well as our clients and partners when we have legitimate grounds to do so. We may also collect personal data about you from publicly available sources, including demographic information such as income and spending habits. We may also, for example, receive information about you from merchant partners regarding your deliveries through the Wolt Service.
With your consent or when legally allowed, we may also acquire certain information from relevant authorities or public registers.
5. THE PURPOSE AND LEGITIMATE GROUNDS OF PROCESSING
We process your personal data in accordance with the regulations of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz (BDSG)).
We process your personal data in order to be able to pay remuneration to you and to fulfil our other obligations under the employment agreement. In addition, we process your personal data in order to fulfil our obligations under other agreements and projects conducted between you and Wolt.
(Legal basis: performance of contract)
We also process personal data of you to provide services to Wolt’s clients, e.g. in order to provide Wolt’s clients with the information necessary for the delivery of their orders.
When performing services as a courier partner, Wolt needs permission to access location services through the permission system used by your mobile operating system or browser. We may collect the precise location of your device when the courier partner app is running in the foreground or background of your device. We may also collect route information when you conduct a delivery for Wolt and/or derive your approximate location from your IP address. You can enable the location tracking feature through the settings on your device or when prompted by your mobile app. If you choose to disable the location feature through the settings on your device, we will not receive precise location information from your device, which will prevent you from being able to go online and receive delivery tasks.
(Legal basis: performance of contract)
In addition, we process personal data in order to communicate with you and to evaluate your performance under the service agreement. We also process your personal data to develop Wolt’s business.
(Legal basis: performance of contract)
We also process personal data to enable us to administer and fulfil our obligations under law. This includes data processed for complying with our bookkeeping obligations and providing information to relevant authorities such as tax authorities.
(Legal basis: Legal obligations)
We may also process personal data in relation to claims handling, debt collection and legal processes.
(Legal basis: Legitimate interest)
In addition, we process personal data in order to communicate with you and to evaluate your performance under the service agreement. For example, we may process your location data if we have legitimate reason to do so for verifying your compliance with the service agreement. We also process your personal data to develop Wolt’s business.
(Legal basis: Legitimate interest)
Wolt may process your dropoff location collected during your performance of deliveries under the contract with us for solving customer complaints and responding to safety incidents that relate to a breach of the service agreement between you and us. We will not process such pickup and/or dropoff locations without weighing our own interests against your right to privacy and e.g. use pseudonymized or non-personally identifiable data when possible.
(Legal basis: performance of contract)
Wolt may process customer ratings and feedback to evaluate your performance. In case you receive frequent negative feedback from the users of the Wolt Service, Wolt may for example contact you or take other action on a case-by-case basis based on such feedback.
(Legal basis: Legitimate interest)
Wolt may also process information about your use of its services and applications (“Wolt Services”) to improve the quality of Wolt Services e.g. by analysing any trends in the use of the Wolt Services. When possible, Wolt will do this by using only aggregated, non-personally identifiable data.
Wolt may process your Personal Data in order to conduct measures regarding personnel development planning and regarding protection of employees and clients as well as protection of our property. Moreover, we process Personal Data for purposes of publishing business contact details in the internal phone book and on the website and for measures regarding possible litigation, claims, regulatory investigations or the whistleblowing process.
(Legal basis: Legitimate interest)
If you have consented to the processing of your personal data, we will process your data only in accordance with and in the scope of the purposes specified in the declaration of consent. A given consent may be revoked at any time with effect for the future. This also applies to the revocation of declarations of consent which were provided to us before the GDPR came into force, i.e. before May 25, 2018. The revocation of the consent shall only take effect for the future and shall not affect the legitimacy of the processing of personal data carried out until the revocation.
As an employer, we are subject to various legal obligations, i.e. statutory requirements (e.g. social security law, occupational safety, tax law). The purposes of processing include, among other things, identity verification, the compliance of social security or tax law related control, reporting or documentation obligations and the risk management within the company.
As far as special categories of personal data pursuant to Art. 9 Abs. 1 GDPR are to be processed, this serves to exercise rights or fulfil legal obligations under labor law, social security law and social protection in the frame of the employment relationship (e.g. providing health data to the health insurance fund, recording of a severe disability in view of additional leave, the determination of compensatory levy (Schwerbehindertenabgabe). This procession is based on Art. 9 para. 2 lit. b) GDPR in connection with Sec. 26 para. 3 BDSG. Furthermore, it may be required to process health data in order to evaluate your ability to work pursuant to Art. 9 para. 2 h) in connection with Sec. 22 para.1 lit. b) BDSG. Moreover the processing of special categories of personal data may be based on a consent pursuant to Art. 9 para. 2 a) GDPR in connection with Sec. 26 para. 2 BDSG (e.g. to carry out an inhouse occcupational rehabilitation management (betriebliches Eingliederungsmanagement)).
Automated decision-making
Wolt may use personal data to make automated decisions for matching available courier partners with the deliveries placed by clients.
Tasks are matched to the courier partner by finding routes which are valid (e.g. vehicle capabilities, age restrictions and chosen offline time) and which are the most optimal, in terms of least distance driven per task, and delivery time best within a predefined time range. A courier partner's personal attributes or past performance does not affect the delivery assignment.
The courier partners are anonymized in connection to the automated decision-making and the delivery assignments are based solely on the location of a courier partner and delivery destination locations, vehicle type, the courier's chosen offline time, and the capabilities of the courier and delivery. For example, if you have chosen a certain offline time, you will be excluded from the allocation during that time. Moreover, if the task concerns age restricted products, underaged courier partners will not be allocated such tasks.
The capabilities of the courier partner (vehicle size, age restriction, location details) are matched against those of the delivery destination to define valid assignments.
The courier partner and delivery coordinates, as well as the courier partner's vehicle type, are used to calculate distances and time durations between the courier partner and delivery locations. We choose the courier partner and delivery assignment pairs which keep a city's overall driven distance and lateness from the delivery time frame as low as possible.
(Legal basis: Performance of contract and legitimate interest)
Legal grounds for processing:
We may process your personal data to fulfil our contractual obligations based on the employment agreement between Wolt and you. We may also process your personal data based on our legitimate interest to run, maintain and develop business. When choosing to use your data on the basis of our legitimate interests, we weigh our own interests against your right to privacy and e.g. use pseudonymized or non-personally identifiable data when possible. We also process your personal data to perform our legal obligations.
6. STORAGE PERIOD
Wolt does not store your personal data longer than is legally permitted and necessary for the purposes for which the data were collected. The storage period depends on the nature of the information and the purposes of processing. The maximum period may therefore vary per use. We process and store your personal data as long as it is necessary in order to fulfil our contractual and statutory obligations. It is pointed out that the employment relationship is a continuing obligation that is intended to last for a longer time period.
If the data is no longer required for the fulfilment of contractual or statutory obligations, the data will regularly be deleted unless further processing – for a limited time period is necessary for the following purposes:
· Fulfilment of legal obligations which may result from e.g. Social Code (SGB IV), German Commercial Code (HGB) or General Fiscal Law (AO). The time limits for storage and documentation specified therein generally amount to six to ten years.
· Preservation of evidence in the scope of the statutory limitation provisions. Pursuant to Sec. 195 ed seqq. German Civil Code (BGB), these limitation periods may be up to 30 years, with a regular limitation period of three years.
If the data is processed in the legitimate interest of Wolt or a third party, the personal data will be deleted as soon as this interest no longer exists. The above-mentioned exceptions shall apply. The same shall apply to data processing on the basis of a declaration of consent. Once you revoke your consent with future effect, the personal data will be deleted, unless one of the above-mentioned exceptions exists.
7. INTERNATIONAL DATA TRANSFERS
Personal data is primarily stored within the European Economic Area. However, in certain cases we may transfer personal data outside the European Economic Area (so-called third countries), such as the United States.
We also access data stored in third countries in certain cases.
In principle, data is only transferred to recipients in third countries if:
· it is legally required (e.g. fiscal reporting obligations),
· you have given your consent or
· it is authorized through our legitimate interest in data protection and no higher interests of the data subject worthy of protection prevent the transfer.
Beyond these points, we do not transfer personal data to entities in third countries or international organizations. It may, however, occur that we use service providers who in some circumstances may also use service providers whose headquarters, parent company or data centre may be located in a third country. A transfer of data is permissible if the European Commission has decided that an adequate level of protection exists in the third country (Art. 45 GDPR). If the European Commission has not taken such a decision, companies or service providers may only transfer personal data if appropriate safeguards are provided (e.g. standard data protection clauses approved by the European Commission or the supervisory authority in a specific procedure) and enforceable rights and effective remedies are available. Moreover, we have contractually agreed with our service providers that guarantees regarding data protection must always exist in compliance with the European data protection level.
8. THE RECIPIENTS OF PERSONAL DATA
We do not share personal data with third parties outside of our group companies unless one of the following circumstances apply:
For legal reasons
We may share personal data with third parties outside Wolt’s organization if access to the personal data is reasonably necessary to: (i) meet taxation, any applicable law, regulation, and/or court order; (ii) detect, prevent or otherwise address crime and/or security issues; or (iii) protect Wolts interests in case of claims and civil litigation relating an employment relationship.
We may share location data to the competent authority for purposes of authority investigations if we are required to do so under applicable laws.
To authorized service providers and third parties
We may share personal data to authorized service providers who perform services for us. Such service providers are for example our internet service providers, accounting company and our designated occupational health provider. Our agreements with our service providers include commitments that the service providers agree to limit their use of personal data and to comply with privacy and security standards at least as stringent as the terms of this Privacy Policy.
In case of an incident, Wolt may share the location of the courier partner in question to the insurance company in order for the insurance company to confirm that the courier partner was performing a service under the service agreement the at the time of the accident. The insurance is voluntary for courier partners and Wolt will share the location only if courier partner has taken the insurance. Processing the insurance claim is a matter strictly between courier partner and insurance company. Wolt is not involved in the processing of the insurance claim in any way.
For other legitimate reasons
If Wolt is involved in a merger or acquisition, we may transfer personal data of employees to the third party involved. However, we will continue to ensure the confidentiality of all personal data. We will give notice to all employees concerned when the personal data are transferred or become subject to a different privacy policy as soon as reasonably possible.
Wolt stores your personal data primarily within the European Economic Area. However, we have service providers and operations in several geographical locations. As such, we and our service providers may transfer your personal data to, or access it in, jurisdictions outside the European Economic Area or the courier partner’s domicile.
We will take steps to ensure that personal data receives an adequate level of protection in the jurisdictions in which they are processed. We provide adequate protection for the transfers of personal data to and from countries outside of the European Economic Area through a series of agreements with our service providers based on the Standard Contractual Clauses or through other appropriate safeguards.
More information regarding the transfers of personal data may be obtained by contacting us on any of the addresses indicated above.
With your explicit consent
We may share personal data with third parties outside of our organization for other reasons than the ones mentioned before, when we have your explicit consent to do so.
Under these conditions, recipients of personal data may be for instance:
· Social insurance carriers,
· Health insurance,
· Tax authorities,
· Employers' Liability Insurance Association,
· Public bodies and institutions (e.g. fiscal authority and law enforcement authorities) in the case of a statutory or official obligation,
· Other companies to process salary payments or comparable institutions to which we transfer personal data for the purpose of performance of the contractual relationship (e.g. for salary payments)
· Economic and wage tax auditor,
· Service providers in the scope of contract processing relations
Further recipients of data may be those entities for which you have given us your consent to the transfer of data or to which we are authorized to transfer personal data on the basis of a weighing of interests.
9. YOUR RIGHTS
Right to access
You have a right to access the personal data processed by us. This means that you may contact us and we will inform what personal data we have collected and processed regarding you and the purposes such data are used for.
Please note however that Wolt may limit your access to certain information received via the whistleblowing hotline (called internally the SpeakUp channel) during a critical stage of internal investigation or to the extent such request may jeopardize the anonymity of the whistleblower or other individuals involved.
The restrictions pursuant to Sec. 34 BDSG shall apply.
Right to withdraw consent
In case the processing is based on a consent granted by you, you can revoke a given consent at any time. This also applies to the revocation of declarations of consent which were provided to us before the GDPR came into force, i.e. before May 25, 2018. Please note, that the revocation of consent takes effect for the future. Data processing that has been carried out before the revocation shall not be affected.
Right to correct
You have the right to have incorrect, imprecise, incomplete, outdated, or unnecessary personal data we have stored corrected or completed. You have the right to update for example your contact information or your other personal data.
Right to deletion
You may also ask us to delete your personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data. Please note that during the term of employment data is processed primarily due to legal obligations and therefore we may not be able to delete it.
The restrictions pursuant to Sec. 35 BDSG shall apply.
Right to restriction of processing
You may request us to restrict processing of personal data for example when your data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your data.
Right to object
You may have the right to object on grounds relating to your particular situation to the processing of your personal data based on our legitimate interest. We will comply with such objection unless we have a legitimate ground not to.
Right to data portability
You have the right to receive the personal data you have provided us with in a structured and commonly used format.
How to use your rights
If you want to use your rights, please contact your supervisor.
We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.
Is there an obligation to provide data?
In the scope of the employment relationship you have to provide such personal data which is required for the purposes of establishment, performance and termination of the employment relationship as well as for the performance of contractual obligations or data that we are required by law to collect. Without this information we will generally not be able to enter into or execute the contract with you.
To what extend does automated decision-making exist? Does profiling take place?
We do not use automated decision-making pursuant to Art. 22 GDPR in order to establish, perform or terminate employment relationships. If we make use of such procedures in individual cases, we will inform you thereof and about your respective rights separately, provided that it is legally prescribed. We do not process your data in order to automatically evaluate personal aspects (profiling).
10. INFORMATION SECURITY
We do our best to keep your data safe and secure. We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Our security controls are designed to maintain an appropriate level of data confidentiality and integrity.
The personal data stored under this HR Privacy Policy shall only be processed on a need-to-know basis. The use of personal data is protected by appropriate user rights, passwords and rights of use. Paper documents shall be stored in a locked storage.
11. LODGING A COMPLAINT
In case you consider our processing of personal data to be inconsistent with the applicable data protection laws, you have a right to lodge a complaint with the local supervisory authority for data protection.
Competent authorities for Germany are:
The Federal Commissioner for Data Protection and Freedom of Information (BfDI)
Postal address: Der Bundesbeauftragten für den Datenschutz und die Informationsfreiheit - Graurheindorfer Str. 153 - 53117 Bonn
Telephone: +49(0)228 99 77 99-0
Fax: +49(0)228 99 77 99-5550
E-mail: poststelle@bfdi.bund.de
Berliner Beauftrage für Datenschutz und die Informationsfreiheit
Friedrichstr. 219
10969 Berlin
Besuchereingang:
Puttkamerstr. 16-18
Tel.: +49 30 13889-0
Fax: +49 30 2155050
E-Mail: mailbox@datenschutz-berlin.de
This section is to be updated from time to time and information on relevant authority may be requested from support@wolt.com or for the EU countries checked from the European Data Protection Board.