Privacy and Cookies Policy

---

Hawkker Limited (“we”, “our”, “us” or “Hawkker”) is committed to protecting the privacy of all users of our website hawkker.com, or eater and vendor mobile applications (together, the “Sites”). Please read the following privacy policy that explains how we use and protect your information. We’ll be the “data controller” of the information you provide to us.

Contact details

How we collect your information

Information that we collect from you

Use of your information

Hawkker for Vendors

Cookies

Facebook (Pixel and Custom Audiences)

Google Analytics

Direct Marketing

Automated decision making

Retention of your information

Disclosure of your information

Security

Your rights

Changes to our privacy policy

Complaints

1 CONTACT DETAILS

1.1 If you have any queries or requests concerning this privacy policy or how we handle your data more generally, please get in touch with us using the following details:

1.1.1 By contacting our general customer services team at: support@hawkker.com

1.1.2 By contacting our Data Protection Officer: dpo@hawkker.com

2 HOW WE COLLECT YOUR INFORMATION

2.1 We collect your personal information when you interact with us or use our services, such as when you use our Sites as a Vendor, Eater or unregistered user. We also look at how visitors use our Sites, to help us improve our services and optimise customer experience.

2.2 We collect information:

2.2.1 when you use any hawkker.com domain (e.g. www.hawkker.com or vendors.hawkker.com)

2.2.2 when you create an account through our mobile or web apps with us or you change your account settings;

2.2.3 when as an unregistered guest eater you browse for food on the Eater App;

2.2.4 when as an eater you browse for food, transact with vendors and provide reviews of vendors you transact with;

2.2.5 when as a vendor through the Vendor web or mobile app you add to or edit your menu, your chalkboard, business profile, when you transact with eaters, or when you access your vendor admin panel;

2.2.6 when you contact us directly via email, phone, post, message or via our chat function.

3 INFORMATION THAT WE COLLECT FROM YOU

3.1 As part of our commitment to the privacy of our customers and visitors to our Sites more generally, we want to be clear about the sorts of information we will collect from you.

3.2 When you visit the Sites or transact as an (registered) eater or vendor through the Sites, you are asked to provide information about yourself including your name, contact details, dietary preferences, allergies and current location whilst using the Sites.

3.3 We also collect information about your usage of the Sites and information about you from any messages you post to the Sites or when you contact us or provide us with feedback, including via e-mail, letter, phone or chat function. If you contact us by phone, we may record the call for training and service improvement purposes, and make notes in relation to your call.

3.4 We collect information on search terms that you may use within the eater app as a registered or guest eater.

3.5 We collect technical information from your mobile device or computer, such as its operating system, the device and connection type and the IP address from which you are accessing our Sites.

3.6 We also collect technical information about your use of our services through a mobile device, for example, carrier, location data and performance data such as mobile payment methods, interaction with other retail technology such as use of NFC Tags, QR Codes and/or use of mobile vouchers. Unless you have elected to remain anonymous through your device and/or platform settings, this information may be collected and used by us automatically if you use the service through your mobile device(s) via any Hawkker mobile application, through your mobile’s browser or otherwise.

3.7 We process health information about you only where you volunteer and consent to this, for example if you specify any food allergies or dietary preferences.

4 USE OF YOUR INFORMATION

4.1 We will only process the data we collect about you if there is a reason for doing so, and if that reason is permitted under data protection law. We will have a lawful basis for processing your information: if we need to process your information in order to provide you with the service you have requested or to enter into a contract; we have your consent; we have a justifiable reason for processing your data; or we are under a legal obligation to do so.

4.2 Where we need to in order to provide you with the service you have requested or to enter into a contract, we use your information:

4.2.1 to enable us to provide you with access to the relevant parts of the Sites;

4.2.2 to supply the services you have requested;

4.2.3 to enable us to collect payment from you; and

4.2.4 to contact you where necessary concerning our services.

4.3 We also process your data where we have a justifiable reason for doing so— for example personalisation of our service, including processing data to make it easier and faster for you to find vendors, food and beverage and conduct transactions. We have listed these reasons below:

4.3.1 to improve the effectiveness and quality of service that our customers can expect from us in the future;

4.3.2 to tailor content that we or our vendor partners or advertising partners display to you, for example so that we can show you vendors which are in your area or make sure you see the advertising which is most relevant to you, based on characteristics determined by us;

4.3.3 to enable our customer support team to help you with any enquiries or complaints in the most efficient way possible;

4.3.4 to contact you for your views and feedback on our services and to notify you if there are any important changes or developments to the Sites or our services, including letting you know that our services are operating in a new area, where you have asked us to do so;

4.3.5 to analyse your activity on the Sites so that we can administer, support, improve and develop our business and for statistical and analytical purposes and to help us to prevent fraud;

4.3.6 to enforce our contractual terms with you and any other agreement, and for the exercise or defence of legal claims and to protect the rights of Hawkker, vendors partners, or others (including to prevent fraud); and

4.3.7 if you submit comments and feedback regarding the Sites and the services, we may use such comments and feedback on the Sites and in any marketing or advertising materials. We will only identify you for this purpose by your first name and the city in which you live.

4.4 We will also analyse data about your use of our services from your location data to create profiles relating to you and for you. This means that we may make certain assumptions about what you may be interested in and use this, for example, to send you more tailored marketing communications, to present you with vendor offerings that we think you will prefer, or to let you know about special offers or products which we think you may be interested in. As a vendor we may present you with industry-relevant suppler, business development or other information that might be relevant to your business. This activity is referred to as profiling. You have certain rights in relation to this type of processing. Please see ‘Your Rights’ section below for more information.

4.5 Where we rely on legitimate interest as a basis for processing your personal information, we carry out a ‘balancing test’ to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests. You can find out more information about these balancing tests by contacting us using the details above.

4.6 Where we are under a legal obligation to do so we may use your information to:

4.6.1 create a record of your transaction(s);

4.6.2 comply with any legal obligation or regulatory requirement to which we are subject.

5 COOKIES

5.1 When visiting our websites you can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you refuse cookies, please note that some parts of the Site may become inaccessible or not function properly.

6 FACEBOOK (PIXEL AND CUSTOM AUDIENCES)

6.1 We use the “visitor action pixels” or “Pixel” from Facebook Inc (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)) on our websites.

6.2 Pixel, a service of Facebook Inc., (1601 S. California Ave, Palo Alto, CA 94304, USA), is a small piece of Java script code which we have integrated into all of our websites. This piece of code provides a number of functions for the sending of application specific events and user defined data to Facebook. We use Custom Audience pixels in order to record information concerning the way in which visitors use our website. This pixel records and provides Facebook with information concerning the browser setting of the user, a hashed version of the Facebook ID and the URL which is being visited. Each Facebook user thus possesses a clear and device-independent Facebook ID, whereby it is possible to address the user via more than one device on the social network Facebook and to recognise him or her, so that we can target our visitors again for advertising purposes by means of Facebook adverts.

6.3 This allows user behaviour to be tracked after they have been redirected to the our websites by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy https://www.facebook.com/eaterapp/eaterapp/eaterapp/eaterapp/about/privacy/. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes.

6.4 The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter of GDPR. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads.

6.5 Facebook is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

7 GOOGLE ANALYTICS

7.1 We use the Google Analytics service from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”) to analyse our website and mobile app visitors. Google uses cookies. The information generated by the cookie or triggers within the mobile app and tell us about the use of the online product or service by users is generally transferred to a Google server in the USA and stored there. Google will use this information on our behalf to evaluate the use of our online products and services by users, to compile reports on the activities within these online products and services and to provide us with further services associated with the use of these online products and services and the use of the internet. Pseudonymous user profiles can be created from the processed data.

7.2 We use Google Analytics only with IP anonymization enabled. This means that Google will truncate the IP address of users within Member States of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

7.3 The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent cookies from being stored by adjusting the settings to their browser software accordingly.

7.4 The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter of GDPR. Users can prevent the collection of data generated by cookies during their web browsing sessions (not the use of the mobile apps) by downloading and installing the browser plug-in that is available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

8 DIRECT MARKETING

8.1 Where you have given your consent or where we have a justifiable reason for doing so (and are permitted to do so by law) we will use your information to let you know about our other products and services that may be of interest to you and we may contact you to do so by email or phone. You can control your email marketing preferences by:

8.1.1 visiting our eater or vendor mobile applications, clicking on “Profile”, clicking the gear icon in the top right and scrolling to “Notification Preferences”.

9 FRAUD CHECKING

9.1 We may conduct fraud checks on customers. Where we believe we may detect fraudulent activity we may block you from transacting as an eater or vendor or registering your business as a vendor and using our Sites.

10 RETENTION OF YOUR INFORMATION

10.1 We will not retain your information for any longer than we think is necessary.

10.2 Information that we collect will be retained for as long as needed to fulfil the purposes outlined in the ‘Use of my information’ section above, in line with our legitimate interest or for a period specifically required by applicable regulations or laws, such as retaining the information for regulatory reporting purposes.

10.3 When determining the relevant retention periods, we will take into account factors including:

10.3.1 our contractual obligations and rights in relation to the information involved;

10.3.2 legal obligation(s) under applicable law to retain data for a certain period of time;

10.3.3 statute of limitations under applicable law(s);

10.3.4 our legitimate interests where we have carried out balancing tests (see section on ‘How we use your personal information’ above);

10.3.5 (potential) disputes; and

10.3.6 guidelines issued by relevant data protection authorities.

10.4 Otherwise, we securely erase your information where we no longer require your information for the purposes collected.

11 DISCLOSURE OF YOUR INFORMATION

11.1 The information we collect about you will be transferred to and stored on our servers located within the EU. We are very careful and transparent about who else your information is shared with.

11.2 Sharing your information internally:

11.2.1 We share your information with other Hawkker group companies only where necessary for the purposes set out in section 4.

11.3 Sharing your information with third parties:

11.3.1 We share your information with third party service providers. The types of third party service providers whom we share your information with includes:

11.3.1.1 IT service providers (including cloud providers): for the purposes of data storage and analysis;

11.3.1.2 Vendor partners: for the purposes of the vendor’s Hawkker business intelligence platform, they will have access to anonymised information on eater browsing behaviour specifically as it relates to their business, transactions specifically as it relates to their business and reviews specifically as it relates to their business, so that they can improve their business offering;

11.3.1.3 Customer support partners: who will help us to resolve any issues you may have with our services;

11.3.1.4 Marketing and advertising partners: so that they can ensure that you see advertising which is more relevant to you and send you email marketing on our behalf; and

11.3.1.5 Payment providers (including online payment providers and fraud detection providers): for the purposes of providing services to us, for example when they process information such as credit card payments for us, provide support services to you or carry out fraud checks for us;

11.3.1.6 Hawkker insights customers: as part of aggregated reporting on the street food and independent food industries. Information contained in these reported will be anonymised and not contain any personally identifiable information.

11.3.2 Hawkker will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy when it is transferred to third parties.

11.3.3 If our business enters into a joint venture with, purchases or is sold to or merged with another business entity, your information may be disclosed or transferred to the target company, our new business partners or owners or their advisors.

11.3.4 We may also share your information:

11.3.4.1 if we are under a duty to disclose or share your information in order to comply with (and/or where we believe we are under a duty to comply with) any legal obligation or regulatory requirement. This includes exchanging information with other companies and other organisations for the purposes of fraud protection and prevention;

11.3.4.2 in order to enforce our contractual terms with you and any other agreement;

11.3.4.3 to protect the rights of Hawkker, eaters, vendor partners, or others, including to prevent fraud; and

11.3.4.4 with such third parties as we reasonably consider necessary in order to prevent crime, e.g. the police.

11.3.5 International transfers of data:

11.3.5.1 In some cases the personal data we collect from you might be processed outside the European Economic Area (“EEA”).These countries may not have the same protections for your personal data as the EEA has. However, we are obliged to ensure that the personal data that is processed by us and our suppliers outside of the EEA is protected in the same ways as it would be if it was processed within the EEA. There are therefore certain safeguards in place when your data is processed outside of the EEA.

11.3.5.2 We ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

11.3.5.2.1 your personal data is transferred to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;

11.3.5.2.2 we use the EU approved Standard Contractual Clauses; and

11.3.5.2.3 where your personal data is transferred to third party providers based in the US, data may be transferred to them if they have self-certified under the Privacy Shield framework in relation to the type of data being transferred, which requires them to provide similar protection to personal data shared between the EU and the US.

11.3.5.3 Please contact us using the contact details above if you want further information on the countries to which personal data may be transferred and the specific mechanism used by us when transferring your personal data out of the EEA.

12 SECURITY

12.1 We adopt robust technologies and policies to ensure the personal information we hold about you is suitably protected.

12.2 We take steps to protect your information from unauthorised access and against unlawful processing, accidental loss, destruction and damage.

12.3 Where you have chosen a password that allows you to access certain parts of the Sites, you are responsible for keeping this password confidential. We advise you not to share your password with anyone, to use a reputable password management service to keep it confidential and to change your password frequently.

12.4 Unfortunately, the transmission of information via the internet is not completely secure. Although we will take steps to protect your information, we cannot guarantee the security of your data transmitted to the Sites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

13 YOUR RIGHTS

13.1 Under data protection law, you may have a number of rights concerning the data we hold about you. If you wish to exercise any of these rights, please contact our Data Protection Officer using the contact details set out above. For additional information on your rights please contact your data protection authority and see below.

13.2 The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this policy.

13.3 The right of access. You have the right to obtain access to your information (if we’re processing it). This will enable you, for example, to check that we’re using your information in accordance with data protection law. If you wish to access the information we hold about you in this way, please get in touch (see Contact Details).

13.4 The right to rectification. You are entitled to have your information corrected if it is inaccurate or incomplete. You can request that we rectify any errors in information that we hold by contacting us (see Contact Details).

13.5 The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of certain of the information that we hold about you by contacting us (see Contact Details).

13.6 The right to restrict processing. You have rights to ‘block’ or ‘suppress’ further use of your information. When processing is restricted, we can still store your information, but will not use it further.

13.7 The right to data portability. You have the right to obtain your personal information in an accessible and transferrable format so that you can re-use it for your own purposes across different service providers. This is not a general right however and there are exceptions. To learn more please get in touch (see Contact Details).

13.8 The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your information with the national data protection authority.

13.9 The right to withdraw consent. If you have given your consent to anything we do with your information (i.e. we rely on consent as a legal basis for processing your information), you have the right to withdraw that consent at any time. You can do this by contacting us (see Contact Details). Withdrawing consent will not however make unlawful our use of your information while consent had been apparent.

13.10 The right to object to processing. You have the right to object to certain types of processing, including processing for direct marketing and profiling. You can object by changing your marketing preferences or disabling cookies as set out in sections 6 and 7 above.

14 CHANGES TO OUR PRIVACY POLICY

14.1 Any changes to our privacy policy will be posted to the Sites and, where appropriate, we will notify you of the changes for example by email or push notification.

14.2 This privacy policy was last updated: 04/09/2018

15 COMPLAINTS

15.1 If you’re not satisfied with our response to any complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office (ICO) using the following details:

15.2 Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

15.3 Telephone number: 0303 123 1113

15.4 Website: www.ico.org.uk

Hawkker Limited, Suite 355, 254 Pentonville Road, London, N1 9FQ, United Kingdom