Wolt KYC Privacy Statement

This Privacy Statement relating to Know your Client (“KYC”) and Anti-money Laundering (“AML”) checks (“KYC Privacy Statement”) applies to processing of personal data by Wolt for carrying out our legal and regulatory obligations to identify and/or verify the Partner’s business and the Partner’s representatives for KYC and AML compliance purposes. 

This KYC Privacy Statement may be updated from time to time in order to reflect the changes in data processing practices or otherwise. You can find the current version on explore.wolt.com/en/isr/KYC-privacy-policy We will not make substantial changes to this KYC Privacy Statement or reduce your rights under this KYC Privacy Statement without providing a notice thereof.

1. DATA CONTROLLERS AND CONTACT INFORMATION

Wolt Enterprises Oy and certain Wolt group companies (“Wolt”, “we”) process personal data relating to the representative of a restaurant, retail shop or other service partner who has signed a Partner Service Agreement with Wolt and who, as a merchant, offers its products and possible delivery or other services for sale through Wolt’s digital application or the Wolt website wolt.com (“Partner” or “you”). 

In relation to the processing of personal data of the Partner and its representative in accordance with this KYC Privacy Statement, Wolt Enterprises Oy is the owner of the databases that contain the collected personal data (i.e., the data controller), and the local Wolt group company in Israel, Wolt Enterprises Israel Ltd., with whom the Partner has entered into a Partner Service Agreement, is acting as a holder of such databases (i.e., a data processor). This means that Wolt Enterprises Oy determines the purposes for and means by which personal data is processed, although it may consult Wolt Enterprises Israel Ltd. in this regard. 

You can see the general information on how we process personal data in our privacy statement available at https://explore.wolt.com/en/isr/privacy.

Moreover, Wolt Enterprises Oy and/or Wolt Enterprises Israel Ltd. may transfer the personal data to Wolt License Services Oy (“WLS”), an affiliate of Wolt Enterprises Oy, and WLS acts as a separate and independent  data controller of such personal data, inter alia, in case the Partner verification is unsuccessful and further action is needed by WLS for finalizing the identity verification and for WLS' own purposes, as further detailed in the Payment Services Annex to the Partner Service Agreement. 

For any questions that relate to personal data in existing, past or future cooperation, contact Support through the Wolt application or email support@wolt.com.

Data Protection Officer: Wolt has appointed a data protection officer whom you can reach through the above contact details or by sending an e-mail to privacy@wolt.com.

2. INFORMATION AND PERSONAL DATA PROCESSED AND THEIR SOURCES 

The information and the personal data processed under this KYC Privacy Statement is collected directly from the Partner and from public records both on behalf of the Partner and its legal representatives when required. 

The information and the personal data processed by us is necessary for compliance with our legal obligations to perform KYC and AML checks of our Partners and their representatives as required by applicable laws and/or the competent authorities from all Partners that cooperate with Wolt. 

When you provide us with information in order to verify the Partner, you may be asked provide us with the following information (non-exhaustive list, request can vary depending on your business operations): 

• Partner’s certificate of incorporation (for corporations) or authorized dealer certificate

• Partner’s bank account ownership confirmation

• Partner’s withholding certificate and bookkeeping certificate

• Partner’s signatory rights protocol (for corporations)

• Personal identification documentation of Partner representative 

• Passport picture or selfie of Partner representative 

• Partner company register number and registration date 

• Partner company address 

• Name, address, nationality and date of birth of Partner representative

• In case of ultimate beneficial owners: full name, street address, postal code, city, nationality, ID number and date of birth. 

• In case of politically exposed persons: full name, official position and country. 

Our service providers may furthermore collect the following data from available public records: 

• Company name, address and country 

• Contact details of the Partner’s signatory (name, address, email) 

For Partners located in Israel: When you apply to establish a Partner cooperation with Wolt or continue your cooperation with Wolt, you and your representatives are required to provide us with your personal data for the purpose of Wolt compliance with applicable law. You agree and consent, and you shall ensure that your representatives agree and consent, to the terms and conditions set forth in this KYC Privacy Statement, including the collection, processing, transfer and use of your personal data and the personal data of your representatives as part of the KYC and AML checks Wolt is legally obligated to perform. Although you and your representatives are not under any legal obligation to provide us with any personal data, if you or your representatives disagree to providing personal data to us and/or to the collection, processing, transfer and use as set forth in this KYC Privacy Statement, you may not begin or continue the cooperation with us as a Partner. 

3. PURPOSE AND LEGITIMATE GROUND FOR PROCESSING PERSONAL DATA 

Wolt processes personal data under this KYC Privacy Statement to comply with its legal obligations. Wolt is required under local legal and regulatory obligations to identify and/or verify the Partner’s business, and where applicable, also identify and/or verify the Partner’s representatives. Such an obligation is based on applicable AML and KYC regulation in the country in which the Partner operates.

4. TRANSFER TO COUNTRIES OUTSIDE ISRAEL OR EUROPE 

Wolt stores the personal data primarily within the European Economic Area. However, we have service providers and operations in several geographical locations. As such, we and our service providers may transfer the personal data to, or access it in, jurisdictions outside the European Economic Area or the Partner’s domicile, including countries that may provide a different level of data protection than that provided in the Partner's domicile or in the European Economic Area.

We will take steps to ensure that the Partner’s personal data and that of its representatives receive an adequate level of protection in the jurisdictions in which they are processed. For example, we provide such adequate protection through a series of agreements with our service providers in accordance with applicable privacy and data security laws, some of which are based on the Standard Contractual Clauses as currently applicable or through other appropriate safeguards. 

5. DATA RECIPIENTS 

We only share personal data within the organization of Wolt if and as far as reasonably necessary for the purposes of this KYC Privacy Statement. Such a situation may occur for example where the Partner verification is unsuccessful and further action is needed for finalizing the identity verification.

We do not share personal data with third parties outside of Wolt’s organization unless it is necessary for purposes set out in this KYC Privacy Statement. To the extent that authorized service providers need access to the personal data collected under this KYC Privacy Statement in order for us to perform the identification and/or verification of the Partner’s business or its representatives, we provide such third parties with the personal data. We use an identity verification platform for purposes of performing the compliance check and such third parties will process identification information of the Partner’s representatives.

When personal data is processed by third parties on behalf of Wolt, Wolt has taken the appropriate contractual and organizational measures to ensure that the personal data is processed exclusively for the purposes specified in this KYC Privacy Statement and in accordance with all applicable laws and regulations and subject to our instructions and appropriate obligations of confidentiality and security measures.

6. STORAGE PERIOD 

Wolt does not store personal data longer than is legally permitted and necessary for the purposes described in this KYC Privacy Statement. We are obligated under applicable AML regulation to keep personal data processed for Partner Identity Verification the statutory time as prescribed by local law. The general rules on storage periods applicable for personal data of Wolt users processed by Wolt are available in Wolt’s privacy statement referred to above.

7. PRIVACY RIGHTS 

Right of access 

You and each of your representatives whose personal data we collected have the right to access and be informed about his/her personal data processed by us. We give you the possibility to view certain data through your user account with the Wolt Services or request a copy of your personal data, and give each of your representatives the possibility to request a copy of his/her personal data. 

Right to rectify 

You and your representatives have the right to have incorrect, outdated, unclear or incomplete personal data we have stored about you corrected, updated, clarified or completed by contacting us.

Right to deletion

You and your representatives may also ask us to delete your personal data from our systems if it is incorrect, outdated, unclear or incomplete. We will comply with such a request unless we have a legal right not to delete the personal data. 

Please note that prohibiting us from processing data concerning you or your representatives may result in discontinuation of your cooperation with Wolt.

Right to restriction of processing 

You may request us to restrict processing of personal data for example when your data deletion, rectification or objection requests are pending. When the processing has been suspended, your data and the data of your representatives will only be stored and not processed further. For example, if you or your representatives contest the accuracy of your data, such data will be restricted from processing until it is ensured that the data is accurate.

Please note that prohibiting us from processing data concerning you or your representatives may result in discontinuation of your cooperation with Wolt.

How to use your rights 

The abovementioned rights may be exercised by sending a letter or an e-mail to us on the addresses set out above, including the following information: the full name, address, e-mail address and a phone number. We may request the provision of additional information necessary to confirm your identity. We may reject requests in accordance with applicable law or in unique and unreasonable scenarios. 

Lodging a complaint 

In case you consider our processing of personal data to be inconsistent with the applicable data protection laws, you may lodge a complaint with the local supervisory authority for data protection. In Finland, the local supervisory authority is the Data Protection Ombudsman (tietosuoja.fi). Alternatively, you may lodge a complaint with the local supervisory authority for data protection of your country of domicile.

8. INFORMATION SECURITY 

We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Measures include for example, where appropriate, encryption, pseudonymization, firewalls, secure facilities and access right systems. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, availability, resilience and ability to restore the data. We regularly test our services, systems, and other assets for security vulnerabilities. Furthermore, access to personal data by employees of Wolt is restricted and access is subject to what is necessary for purposes of the employee’s work assignments.