Sped Delivery: Food & More - Privacy policy
At Sped, safeguarding data takes precedence. Privacy and the fortress of information lie at Sped's core. This Privacy Protocol unfolds the cardinal principles and tactics adhered to, upholding your privacy during engagement with our offerings. Sped Delivery, a consortium of Sped companies attuned to local contexts, collectively referred to as "Sped," nurtures and harnesses user data across Sped's food and retail procurement services accessible through the Sped application ("Sped Delivery: Food & More") and users of diverse Sped delivery commodities and services, including visitors to the sped.fi website ("Website"). Within this Privacy Protocol, "Sped Food Delivery Services" encompasses both the Website and the Sped Delivery App, along with ancillary services granted by Sped. The term "User" or "you" jointly encapsulates our customers, patrons of Sped's delivery services, envoys, and authorized users within our customer network, prospective clientele, and Sped Delivery Services beneficiaries. The Privacy Protocol illuminates the spectrum of processed personal data, delineates the handling thereof, and elucidates avenues to exercise data subject rights (e.g., right to dissent, right to access). Certain services might be subjected to dedicated privacy policies. If such applies, pertinent policies shall accompany the relevant service. Modifications to this Privacy Protocol may transpire to reflect shifts in data processing practices or more. The latest iteration resides on the Website. Rest assured, significant amendments or user rights curtailment shall be prefaced by appropriate notification, preserving Users' prerogatives. 1. OVERSEERS OF DATA This Privacy Protocol governs Sped's personal data handling endeavors. Sped, headquartered at Pursitie 7, 80160, Joensuu, Finland, epitomizes a technological juggernaut. Empowered as custodians, Sped shoulders data subject queries and concerns pertaining to Sped group's personal data treatment. In instances, Sped extends delivery-as-a-service to external entities (e.g., Sped Drive API, eCommerce collaborations). Herein, Sped serves as the data processor, steering the procession of delivery-related tasks, encompassing reception, management, fulfillment, communication, and affirmation, in consonance with the entity concerned. 2. SPED'S TOUCHPOINTS Sped Company ID: 3352400-3 Address for Correspondence: Pursitie 7, 80160, Joensuu, Finland Email Contact: support@sped.fi Guardian of Data Protection: A data protection officer assumes responsibility, reachable through the above contacts or via info@sped.fi. 3. PROCESSED PERSONAL DATA AND DATA ORIGINS Personal data undergoes processing strictly commensurate with requisites and appropriateness to the task. Our personal data purview bifurcates into two overarching categories: User Data and Usage Data. User Data User Data signifies personal data sourced directly from you or your affiliated customer organization leveraging Sped Food Delivery Services ("Customer Organization"). Collection channels encompass diverse interactions—post service pact closure with Customer Organization, user registration for Sped Services, newsletter subscription, or form completion. Moreover, transactions and payments executed through Sped Services contribute to this corpus. Mandatory User Data for Seamless Sped Services Usage Data pivotal for effective contract performance between you and us, along with fulfilling our commitments to Customer Organizations and complying with legal mandates, comprises: - Full name and email address, supplied by the Customer Organization post service agreement finalization. - Data requisite for Sped Services registration: full name, phone number, email address, payment instrument particulars (used exclusively for food and merchandise orders, and externally processed for payments). Voluntarily Shared User Data during Sped Services Use Supplementary data enriches user experience: - Enhanced account details: visuals, delivery address, consented location data processing, loyalty programs involvement, age for age-restricted items, and profile adjustments. Additional Data: Attending to Service Enhancement Miscellaneous data arising from your Sped interactions: - Order-related details: purchases, directives, timestamps, total amounts. - Ratings, comments, survey responses. - Preferred establishments, inclinations. - Marketing choices. - Communication transcripts. External sources, e.g., third-party service providers, augment data sets. Corporate users' data stems from public records or the companies themselves, facilitating effective communication and interaction. Health-related data handling adheres to relevant regulations, with explicit consent solicited and withdrawable via profile settings or contacting support@sped.fi. For users connecting via Facebook, profile insights and friend samples are shared. Joint data governance by Sped and Facebook ensues. More on Facebook data management can be found in Meta Privacy Policy. Usage Data Usage Data arises from Sped Service interactions. Although not intrinsically identifiable, in certain contexts it can become personal data when amalgamated with User Data. This gamut covers: - Device and browser specifics, app versions, attributes. - Network details, including IP address. - Identifiers, be they device-generated or externally provided. - Geographical data, time zone, locale, country. In the realm of content creation, three pivotal elements hold sway: "perplexity," "burstiness," and "predictability." Perplexity gauges the intricacy of text, while burstiness compares sentence variations. Predictability, on the other hand, assesses the likelihood of predicting the subsequent sentence. Human writers tend to infuse burstiness into their work, employing a mix of long, complex sentences alongside shorter ones. In contrast, AI-generated sentences often exhibit a uniformity in style. Therefore, for the forthcoming content that you are about to craft, it's imperative to infuse it with a substantial dose of perplexity and burstiness, while curbing the level of predictability. Additionally, your composition should adhere exclusively to the English language. Now, allow me to reimagine the subsequent text: Journeying through a hyperlink to Sped Services, and traversing the paths forged by links stemming from the realm of Sped Services—these are the initial waypoints of exploration. Delving into the intricacies of your engagements with and utilization of Sped Services becomes the focal point. This encompasses the nuanced tapestry of usage patterns—unraveling the intricate features harnessed, encounters with advertisements, active participation in targeted campaigns, the dance of impressions and interactions offered, and the dossier of order-related information. The chronicles of tracing and reporting transactions that sprout from our advertising partners find their place in this narrative. A trove of timestamps and identifiers—the keystones of these interactions—are meticulously preserved, standing as testament to these exchanges. Guidelines for wielding dominion over advertising and analytics identifiers on your device await in the passages below, housed under the segment dubbed "Cookies and other technologies." Venturing into the realm of cookies and allied technological marvels, we unveil an array of tools wielded to amass and safeguard Usage Data and kindred information during Users' sojourns within the confines of Sped Services. Cookies, repositories of website data, and the realm of web and application telemetry collectively shape this digital odyssey. The cookies and data from websites, secreted away within your device's inner workings, furnish the means to fathom the visage of Sped Services' visitors. This revelation serves to ease navigation through these virtual domains, while also birthing a mosaic of aggregated insights from the collective multitude. These revelations, in turn, inform the evolution of Sped Services, ushering in an era of enhanced User service. Let it be known that these digital tidings bear no malice towards your device or its contents. Indeed, they serve as silent sentinels, shaping and tailoring Sped Services to align with the unique predilections of each individual. Summoning forth your past proclamations on cookie preferences is a matter easily addressed through a click. For those inclined, the avenue to refuse the embrace of cookies is open—configuring your web browser to spurn their advances. Illuminating this path, I present the following signposts: - Apple Safari - Google Chrome - Microsoft Edge - Mozilla Firefox However, it merits mention that eschewing cookies might occasionally lead to a suboptimal Sped Services experience. The corridors of Sped Services are graced by the presence of pseudonymous identifiers, orchestrating the symphony of app and service preferences. Meanwhile, the realm of Sped employs third-party tracking technologies—ephemeral denizens of the digital ether—to corroborate and chronicle the movements instigated by our advertising compatriots. The dominion over cookie preferences unfurls within the canvas of our websites, heralded by the banner of cookies. Furthermore, your control over communication and the sanctuary of privacy finds manifestation within the Sped App. For denizens of the iOS and Android realms, the act of vanquishing Sped's visitor identifiers lies within the boundaries of your device's settings. In the world of iOS, reining in advertising identifiers is a task that befits the embrace of the "Limit Ad Tracking" mantle. For a broader understanding and immersion into the universe of advertising identifiers, a pilgrimage to the Apple Advertising and Privacy site is advised. The pantheon of third-party entities forms the bedrock upon which Sped's diverse analytics, telemetry, and marketing endeavors are established. Behold this congregation of digital sorcerers, each contributing their essence to the alchemy: - Adform (Adform's haven of privacy) - AppsFlyer (Insights into AppsFlyer's privacy sanctum) - Bugsnag (A glimpse into SmartBear's privacy enclave) - Google Analytics, AdWords, Floodlight, Geocoding API, and Tag Manager (Google's policies in the realm of data) - Google Firebase (A vista into Firebase's domains of privacy and security) - hCaptcha (The scrolls of hCaptcha's privacy protocols) - Intercom (Perusing Intercom's privacy parchment) - Interspace (ACCESSTRADE's realm of privacy) - Iterable (Exploring the annals of Iterable's privacy) - LinkedIn Marketing Solutions (Navigating LinkedIn's bastion of privacy) - Meta (Facebook) (Embarking upon Meta's Privacy Center) - Ravelin (Unveiling Ravelin's sanctuary of privacy) - Reddit Ads (Navigating the corridors of Reddit's privacy haven) - Riskified (Delving into Riskified's sanctuary of privacy) - Taboola (Surveying the depths of Taboola's privacy realm) - TradeDoubler (Exploring TradeDoubler's privacy sanctuary) - Twitter Ads (Journeying into Twitter's privacy citadel) - Upwave (Exploring Upwave's realm of privacy) - Yahoo (Delving into Yahoo's citadel of privacy) It's worth noting that the stage these entities occupy might vary across time and regions, and not all may take the spotlight simultaneously. 4. THE ESSENCE AND FOUNDATION OF PROCESSING Our handling of personal data is driven solely by the exigencies of necessity and relevance, and such processing finds its home within the realm of specific objectives. Pray, take heed, for the ensuing procession of purposes and legal grounds may unveil themselves in simultaneity. First and foremost, the orchestration of your personal data propels the fulfillment of contractual commitments—both towards you and the august dominion of Customer Organizations. To wit, the grand tapestry of Sped Services unfurls under the banners of contract, uniting you with Sped, Customer Organizations, and Sped's patrons in harmonious accord. The symphony of this contractual embrace spans a diverse panorama: - The bestowal of Sped Services unto you, a covenant etched in the ink of contract - The stewardship of contracts between you and Sped, as well as between Customer Organizations and Sped - The embodiment of the covenant between you and Sped—ensuring the management and conveyance of your Order, and the propagation of tidings regarding shifts in terms, privacy doctrines, or other profound vicissitudes hinging upon the contract - The handling of your monetary tributes and potential recompense, coupled with the provisioning of vital lore to our esteemed partners—be they eateries, emporiums, or our emissaries of delivery - The vigilance to address your queries and shepherd your support travails, should you beckon A second overture ushers in the realm of legitimate interests—a melody composed of justifiable motives, swaying to the rhythm of business nurturing and rapport cultivation. In the realm of legitimate interests, the scales tip in favor of both Sped's growth and the tapestry of customer relationships. As we weave these narratives, the juxtaposition of our interests against the sanctuary of your privacy takes center stage. In these harmonious interludes, we offer the respite of opt-out pathways, ensuring that marketing harmonies resonate with only those attuned to their tune. The right to contest this interplay remains, yet our response might take a posture aligned with the laws of the land. A tableau of scenarios unfurls before us: - The domain of claims handling, the parley of debt collection, and the courts of legal proceedings—all emboldened by data - The canvas where the hues of fraud prevention intermingle with the hues of security and vigilance - The realm of outreach—carrying the tidings of Sped Services, heralding shifts, inviting your reflections, and seeking your voice in our symphony - The amphitheater of marketing, where our offerings unfurl in your presence—carved with precision, tailored to your preferences, and ensconced in purpose - The crucible of service enhancement—where the fires of usage trends kindle insights, and the annals of aggregate data craft the contours of progress - The garden of customer satisfaction, wherein data tend to your needs and foster satisfaction, but in a guise veiled by non-personal aggregation - The procession of data within the Sped consortium—a communion in harmony with this Privacy Statement In the cadence of automated procession, we might employ the art of automation and decision-making. This grand tapestry entwines itself around the processing of personal data, as notes in the symphony conducted by digital artisans. Yet, even the realm of law does not stand aloof. Personal data assumes the mantle of duty, as the conduits of our legal obligations and commitments. This entails offerings for the fiscal realm—sacrifices to the altar of bookkeeping and insights for the scrutineers of law enforcement. A dance where compliance beckons and information finds its way to the shrines of taxation and justice. Amidst these legacies of purpose, the realm of consent occasionally emerges. Instances where the user consents, a pact sealed with digital ink. Sped App's dominion becomes the forge of this pact, granting dominion over the seas of marketing and permissions. Yet, like the ephemeral whisper of a breeze, consent can be withdrawn with equal ease—a choice to reclaim dominion. For the denizens of Israel, entry into the Sped Services is an agreement in itself. With each connection, the tapestry of consent and data collection unfolds. These echoes serve as the foundation for the procession of personal data, as the sanctum of Sped Services communes with your digital essence. Disagreement denies entry to these digital domains—a testament to your autonomy, a reminder that data is a gift offered, never coerced. 5. JOURNEY BEYOND EUROPEAN SHORES A trove of personal data rests within the arms of the European Economic Area, cradled by the embrace of legality and order. Yet, tendrils extend beyond these shores, bridging distant lands. Service providers and kindred souls, envoys from realms diverse, beckon to these data. Transgressing boundaries and voyaging across geographies, personal data embarks on odysseys to lands unknown. Herein lies our vow—to clothe these data in the armor of protection. Agreements dance—Standard Contractual Clauses etched, safeguards woven—ensuring the tapestry remains unblemished. Should curiosity beckon, avenues to glean more lay ahead. A missive to us—addresses etched above—might illuminate the intricacies of these journeys. 6. RECIPIENTS OF THE TALE Within Sped's dominion, a promise is kept—a pledge to share personal data only as necessity dictates. The cloaked dance unfolds, with data coursing through Sped's realm, disclosed to the chosen ones: For denizens of Japan, Sped's embrace shelters personal data under the banner of Sped's dominion. Sped, its kin, its allies—all traverse the corridors of shared Personal Information. Your query summons records, revealing the dance of data exchanged, the scrolls of purposes unveiled. Beyond Sped's hallowed halls, third parties lurk—a tango of purpose and fulfillment. Partners, merchants, and retailers—you, our patron, become a bridge to their realms. Theatres of data access unfurl, crafting a tapestry where partners are entrusted with your tidings. Guardians of compliance and law enforcement, vanguards against fraud and misdeed—data is shared, a testament to necessity. The symphony of data also harmonizes with the rites of merger, acquisition, or sale—an offering to the third party. Yet, the covenant of confidentiality is never forsaken, a promise etched in privacy. With your consent, data dances beyond Sped's confines. A pledge to share, sanctioned by your volition—a tango of data, twined with your ascent. 7. THE SHELTER OF TIME Data meets time—a dance where legality and necessity blend. Data shall not linger beyond the embrace of legality, bound to the pursuits of Sped's Services. The tenure of this sojourn, a symphony of variety, shaped by data's nature and purpose's call. After the curtains fall on your Sped account, data's tenure might persist, mandated by law or duty. And thus, we traverse the realms of time, pruning data's tenure to meet the symphony of necessity. 8. RIGHTS EMBRACED The curtain rises on a stage of rights—rights you, the patron, command. The Right of Access—an avenue to glimpse the tapestry of your data, woven through Sped's touch. A mirror to your data's essence, reflected in your Sped account or borne through a missive to us. The Right to Withdraw Consent—power to retract the ascent granted, a choice that reshapes data's trajectory. A canvas remolded by your volition, an act reshaping Sped's realm. The Right to Rectify—corrections unfurled, data woven anew. An overture that polishes data's visage, refined through the interplay of your will. The Right to Erasure—data's final bow, a curtain call in the grand symphony of service. A realm where data's footprint fades into oblivion, as Sped responds to your decree. The Right to Object—a symphony where your voice chimes, a melody that resonates through Sped's corridors. A choice to withhold data's dance, reshaping Sped's ode. The Right to Restriction of Processing—data's narrative, a tale frozen in time. The dance of processing stilled at your behest, a testament to your command. The Right to Data Portability—a gift, a token of your sovereignty. Your data's essence entrusted to your hands, to journey where your heart desires. To wield these rights, a missive beckons. Our address—a beacon, the path to claim your dominion. 9. DIRECTING THE MARKET Within Sped's realm, the stage of marketing unfolds—a realm where your dominion is honored. The choice to silence the marketing's call—a chorus where your voice commands, leading to corridors unmarked by marketing's pursuit. 10. LODGING A VOICE Dissidence finds solace in voice—a voice that echoes through the corridors of compliance. Should Sped's data procession meet discord, the lodgings of complaint stand open. Voices resonate, a reminder that data procession must harmonize with the laws of the land. 11. GUARDIANS OF INFORMATION Within Sped's embrace, information finds sanctuary—a sanctuary fortified by a legion of safeguards. Encryption, pseudonymization, firewalls, and more—an armory that guards against breaches. Our guardians, versed in the ways of intrusion, keep vigil, warding off vulnerabilities. A tapestry of restrictions drapes access—shrouding personal data, barring entry except where necessity mandates. A sanctuary where employees tread cautiously, accessing only what duty demands. A cycle of vulnerability assessment ensues—a carousel of vigilance. Weaknesses tested, vulnerabilities exposed, an unending quest to fortify Sped's realm. To these vistas, we present you the final act—a stage where data, trust, and protection intertwine, where Sped stands guardian to your digital essence.
At Sped we take data protection seriously. Privacy and information security are at the heart of Sped. This Privacy Policy Statement describes the key principles and practices we abide by in order to ensure your privacy is respected while using our services.
Sped, local country-specific Sped companies and Sped technology belonging to the same group of companies (“Sped”, “we”) process personal data of users of Sped’s food and retail ordering services ordered through Sped application (“Sped App”) and users of other Sped delivery products and services and the visitors of the website sped.fi (“Website”).
In this Privacy Statement, the word “Sped Services” refers jointly to the Website and the Sped App and other services provided by Sped to users. In this Privacy Statement, the word “User” or “you” refers jointly to our and our group companies’ customers, users of Sped delivery services, representatives and other authorized users of our customer organizations, potential customers and the users of the Sped Services. Our Privacy Statement explains, for example, the types of personal data we process, how we process the personal data and how you may exercise your rights as a data subject (for example, right to object, right of access).
Some of our services might be subject to a separate privacy policy. If a separate privacy policy applies to a particular service, we will post it in connection with the service in question.
This Privacy Statement may be updated from time to time in order to reflect the changes in data processing practices or otherwise. You can find the current version on the Website. We will not make substantial changes to this Privacy Statement or reduce the rights of the Users under this Privacy Statement without providing a notice thereof.
1. DATA CONTROLLERS
This Privacy Statement applies to processing of personal data carried out by Sped. Sped is part of Sped technology, a technology company with an official address at Pursitie 7, 80160, Joensuu, Finland. We form one team and sometimes we can decide together on processing of personal data.
Sped has been appointed responsible for handling all data subject requests and questions relating to the personal data processing of the Sped group on behalf of the local joint controllers.
Sped also provides delivery as a service to other companies (for example, Sped Drive API and eCommerce integrations). In such a case Sped is the data processor for the parts of the processing activities related to receiving, managing and completing the delivery as well as communicating and confirming the delivery to the company in question.
2. SPED’S CONTACT DETAILS
Sped
Business ID: 3352400-3
Correspondence address: Pursitie 7, 80160, Joensuu, Finland
E-mail address: support@sped.fi
Data Protection Officer: Sped has appointed a data protection officer who you can reach through the above contact details or by sending e-mail to info@sped.fi.
3. PERSONAL DATA PROCESSED AND SOURCES OF DATA
We process personal data only to the extent necessary and appropriate for the specific processing purpose. The personal data collected and processed by us can be divided into two general data categories: User Data and Usage Data.
User Data
User Data is personal data collected directly from you or from our customer organization on behalf of which you are using the Sped Services (“Customer Organization”), as the case may be. We may collect User Data from our Users and Customer Organizations in a variety of ways, including, after conclusion of a service agreement with the Customer Organization or when Users register to the Sped Services, subscribe to a newsletter or fill out a form. Further, please note that we also collect details of any transactions and payments you carry out through the Sped Services.
User Data that is necessary in order to use the Sped Services
The following personal data collected and processed by us is necessary in order for a proper performance of the contract between you and us as well as for our legitimate interest whilst fulfilling our contractual obligations towards our Customer Organizations and for the compliance with our legal obligations.
After conclusion of the service agreement between us and the Customer Organization, the Customer Organization provides us with your full name and email address.
When you register to the Sped Services and create a user account, you need to provide us with the following information:
full name
telephone number
email address
information relating to your payment instrument(s) such as the number of your payment instrument(s) and the expiration date of your payment instrument(s) (required for the purposes of ordering food and other products via the Sped Services, however not stored by Sped, since Sped uses a third party payment service provider for processing of payments)
User Data you give us voluntarily and while using Sped Services
Your user or customer experience may be enhanced by providing us with the following information:
Additional Account Information:
a picture,
delivery address,
location data (if you consent to the processing of your location data),
partner-specific bonus card or participation in other loyalty programme if applicable in your country,
when ordering age-restricted goods: age, and
other information you provide either when creating a user account or later when modifying your account profile.
Other Information. We may also process other information provided by you voluntarily such as:
information related to your orders from Sped or through Sped Services (for example, items purchased, special instructions, date and time of order, total amount of order and other order history),
information you provide when submitting ratings, comments or responding to surveys,
favorite restaurants or merchants and other preferences,
marketing opt-ins and opt-outs, and
information you provide by phone or in email or chat correspondence with us, including call recordings of your calls with our customer service.
In addition to User Data collected from you and the Customer Organization, we process certain personal data third party service providers provide about you. For example, for corporate customers, we may process company contact person information to enable communication and marketing with the company as well as managing the customer relationship. Such data is primarily obtained from public sources such as local trade registers, companies providing this type of information services, or the companies themselves.
If your order contains products or services which may imply a health condition or other sensitive (special category) personal data, Sped needs to process this data in order to provide the Sped Services to you. In addition to the contents of the order, this may also include, for example, medical prescription data in the case of prescription medicine. Sped adheres to any additional safeguards that may apply to processing such personal data under applicable laws and regulations. If required under applicable laws, Sped will ask for separate consent for processing such personal data and you may withdraw such consent anytime through your profile settings or by contacting Sped support at support@sped.fi.
If you connect or login to your account with Facebook, Facebook shares with us personal information about you such as your profile picture, a sample of your Facebook friends and your Facebook ID. While Sped maintains its page on Facebook both Sped and Facebook are joint controllers for your personal data. More information on processing of personal data on Facebook is available at Meta Privacy Policy.
Usage Data
Usage Data arises from User interactions with the Sped Services. Although we do not normally use Usage Data to identify you as an individual, you can in certain circumstances be identified from it, either alone or when combined or linked with User Data. In such situations, Usage Data can also be considered personal data under applicable laws and we will treat such data as personal data.
We may automatically collect the following Usage Data when you visit or interact with the Sped Services:
Information that describes your device or browser and Sped’s application, their versions, features, capabilities, and settings
Information about your operator, Internet service provider and network connection type, including your IP address
Identifiers provided by your device or third parties for application vendors or advertisers, or identifiers we create ourselves
Country, locale, time zone and geo-IP level location information
Where you followed a link to Sped Services, and links you followed from Sped Services
Details of your interactions with, and usage of, Sped Services. This includes, for example, usage patterns, which features you use, advertisement, participating into a specific campaign and offer impressions and interactions, and information on orders
Data for tracking and reporting transactions initiated by our advertising partners, including timestamps, and identifiers mentioned above
For details on how to control advertising and analytics identifiers on your device, see below under the section “Cookies and other technologies”.
Cookies and other technologies
We use various technologies to collect and store Usage Data and other information when the Users visit the Sped Services, including cookies, storing website data, and using web and application telemetry.
Cookies and other website data saved on your device allow us to identify visitors of the Sped Services and facilitate the use of the Sped Services and to create aggregate information of our visitors. This helps us to improve the Sped Services and better serve our Users. The cookies and other website data will not harm your device or files. We use cookies and other website data to tailor the Sped Services and the information we provide in accordance with the individual interests of our Users.
You can manage the cookie preferences you have submitted earlier by clicking here.
The Users may choose to set their web browser to refuse cookies. For example, the following links provide information on how to adjust the cookie and other web data settings on some popular browsers:
Apple Safari
Google Chrome
Microsoft Edge
Mozilla Firefox
Please note that some parts of the Sped Services may not function properly if use of cookies is refused.
The Sped Services use pseudonymized identifiers to track and predict your app and service usage and preferences. Sped also uses session-only 3rd-party tracking technologies to verify and report transactions initiated by our advertising partners.
You can manage your cookie preferences through the cookie banner on our websites.
You can also manage your communication and other privacy settings via Sped App.
Sped visitor identifiers can be disabled on iOS and Android mobile devices by changing your settings.
Generally, advertising identifiers can be disabled on iOS mobile devices by turning on the Limit Ad Tracking tab. For an overview and more information on the advertising identifier, please see Apple Advertising and Privacy site.
Sped uses different third party analytics and telemetry providers, marketing or affiliate partners, and other services integrated into our client software listed below:
Adform (Adform privacy policy)
AppsFlyer (Privacy at AppsFlyer)
Bugsnag (SmartBear privacy policy)
Google Analytics, AdWords, Floodlight, Geocoding API and Tag Manager (How Google uses information from sites that use Google Services; Google Terms of Service)
Google Firebase (Privacy and Security in Firebase)
hCaptcha (hCaptcha privacy policy)
Intercom (Intercom privacy policy)
Interspace (ACCESSTRADE privacy policy)
Iterable (Iterable privacy policy)
LinkedIn Marketing Solutions (LinkedIn privacy policy)
Meta (Facebook) (Meta Privacy Center)
Ravelin (Ravelin privacy policy)
Reddit Ads (Reddit privacy policy)
Riskified (Riskified privacy policy)
Taboola (Taboola privacy policy)
TradeDoubler (TradeDoubler privacy policy)
Twitter Ads (Twitter privacy center)
Upwave (Upwave privacy policy)
Yahoo (Yahoo privacy policy)
Please note that not all of the above vendors are necessarily being used at any given time, or on all market areas.
4. THE PURPOSES AND GROUNDS FOR THE PROCESSING
We process personal data only to the extent necessary and appropriate for the specific processing purposes. Please note that one or more of the following purposes and legal grounds may apply simultaneously.
Firstly, Sped processes your personal data to perform our contractual obligations towards you or the Customer Organization, for example, to the extent necessary to:
offer the Sped Services to you under the contract between you and Sped or between Customer Organization and Sped or between Sped Drive customer and Sped;
perform the contract between you and Sped and for purposes of managing and delivering your Order as well as communicating with you about changes to terms and conditions, privacy policies, or other important changes related to the contract;
handle your payments or any refunds (where applicable) and to provide our partners (the restaurants, retailers and our courier partners hereinafter collectively also as “Partner”)) with the information necessary for the preparation or delivery of your order; and
to answer your questions or solve your support cases if you contact us.
Secondly, we may process your personal data if there is an appropriate and justifiable interest (that is, a legitimate interest) to run, maintain and develop our business or to create and maintain customer relationships. When choosing to use your data on the basis of our legitimate interests, we weigh our own interests against your right to privacy and, for example, provide you with easy to use opt-out from our marketing communications and use pseudonymized or non-personally identifiable data when possible. You have the right to object processing of your data on the basis of legitimate interest. However, Sped can refuse such an objection in accordance with applicable legislation, for example, if the processing is necessary for preparing, exercising or defending legal claims.
We process your personal data to the extent necessary and based on legitimate interest, for example, to:
claims handling, debt collection and legal processes. We may also process data for the prevention of fraud, misuse of our services and for information, system and network security and safety.
contact you regarding the Sped Services and to inform you of changes relating to them or asking your review or feedback on Sped Services.
market the Sped Services to you or show you targeted or personalized advertisements through Sped Services or send you otherwise targeted marketing of services or products that may be of your interest. In order to form such a target group we may process information listed above in the section on Usage Data. Please note that if required by applicable law processing of personal data for marketing purposes will be based on your consent (see also section “Direct Marketing” below).
improve the quality of the Sped Services and develop our business, for example, by analyzing any trends in the use of the Sped Services by processing data related to your use of Sped Services.
ensure that our services are in line with your needs, personal data can be used for things like customer satisfaction surveys. When possible, we will do this using only aggregated, non-personally identifiable data.
process your data within the Sped group of companies in accordance with this Privacy Statement.
While processing your personal data for the purposes of providing Sped Services to you as well as other purposes stated above we may use automated means in processing that may also include automated decision-making.
Further, we may process your personal data to administer and fulfill our legal obligations. This includes data processed for complying with our bookkeeping obligations and providing information to relevant authorities such as tax authorities or law enforcement authorities in accordance with mandatory legal provisions.
In some parts of the Sped Services, you may be requested to grant your consent for the processing of personal data. For example, within Sped App you may manage your marketing and other permissions. If processing of your personal data is based on your consent, you may withdraw it at any time by contacting us or amending the respective consent setting for example within the Sped App.
For Users located in Israel: By entering, connecting to, accessing or using the Sped Services, you agree and consent to the terms and conditions set forth in this Privacy Statement, including to the collection, processing, transfer and use of your personal data which is collected as part of the Sped Services and such consent will be regarded as the legal basis for the processing of your personal data in accordance with the Privacy Statement. If you disagree with any term provided herein, you may not access or use the Sped Services. You also acknowledge and confirm that you are not required to provide us with your personal data and that such information is voluntarily provided to us.
5. TRANSFER TO COUNTRIES OUTSIDE EUROPE
Sped stores your personal data primarily within the European Economic Area. However, we have service providers, operations and group companies in several geographical locations. As such, we and our service providers may transfer your personal data to, or process it in, jurisdictions outside the European Economic Area or the User’s domicile.
We will take steps to ensure that the Users’ personal data receives an adequate level of protection in the jurisdictions in which they are processed. We provide appropriate and adequate protection for the transfers of personal data to countries outside of the European Economic Area through a series of agreements with our service providers based on the Standard Contractual Clauses or through other appropriate safeguards.
More information regarding the transfers of personal data may be obtained by contacting us on any of the addresses indicated above.
6. DATA RECIPIENTS
We only share your personal data within the organization of Sped if and as far as reasonably necessary for the purposes of this Privacy Statement.
For users in Japan: We process your personal data mentioned in section 3 for the purposes of use mentioned in section 4 within the organization of Sped (that is, Sped and its subsidiaries and affiliates) if and as far as reasonably necessary for the purposes of this Privacy Statement. Sped is the entity responsible for the management of jointly used Personal Information. And the User has the right to request disclosure of the purposes for which Sped processes the User's personal data and of records regarding the provision of personal data to third parties. Under the Japanese Personal Data Protection Law, when personal data is provided to or received from a third party, the User has the right to request disclosure of the purposes for which Sped processes the User's personal data and of records regarding the provision of personal data to third parties.
We do not share your personal data with third parties outside of Sped’s organization unless one of the following circumstances applies:
For the purposes set out in this Privacy Statement and to authorized service providers
To the extent that third parties (such as the restaurants, merchants or retailers which provide your order, our courier partners who deliver your order and Customer Organization which may pay your order) need access to personal data in order for us to perform the Sped Services or for other legitimate reasons, we provide such third parties with your data. As an example, we may share your phone number with the Partner you ordered from if it's necessary, for example, for asking you whether you accept a replacement product in the order or to inform you that an item is missing from your order or for any special request clarifications.
Furthermore, we may provide your personal data to our group companies or to authorized service providers who perform services for us (including data storage, accounting, analytics, sales and marketing and payment fraud prevention) to process it for us and to payment service providers to process your payments to us.
When data is processed by third parties on behalf of Sped, Sped has taken the appropriate contractual and organizational measures to ensure that your data are processed exclusively for the purposes specified in this Privacy Statement and in accordance with all applicable laws and regulations and subject to our instructions and appropriate obligations of confidentiality and security measures.
Please bear in mind that if you provide personal data directly to a third party, such as through a link in the Sped Services, the processing is typically based on their policies and standards.
With Partners for the performance of Sped Services
To the extent that third parties, such as the Partners which prepare, sell and/or deliver your order, our courier partners who deliver your order and Customer Organization which may pay your order, need access to personal data in order for us to perform the Sped Services, we provide such third parties with your data.
We provide the Partner and where applicable, its parent company or franchisor, with personal data necessary to fulfill your order. Depending on the Partner’s role this may include your name, delivery address and data relating to your purchase, including venue details, order number, time of order and delivery, delivery method, ordered products, comments and feedback that you've given about the order. Such data is shared for enabling the Partner to provide the order including, where applicable, picking up the products in the store, ensuring the quality of the Partner's service and product selection available at Sped as well as complying with Partner's legal obligations. Where Partner processes such details for purposes of fulfilling its own rights and obligations, such as its legal obligations towards you, Partner is independent controller of the Personal Data and responsible for the lawfulness of its processing operations.
You may be able to add the details of your Partner-specific bonus card or loyalty program on the Sped Service for purposes of linking any orders placed at the Partner to the relevant loyalty program, in accordance with the terms defined by Partner. Sped will share such details to the Partner and Partner is independent controller of such details and thereby responsible for ensuring lawfulness of the processing.
We may also share your phone number and name with the Partner you ordered from if it's necessary, for example, for asking you whether you accept a replacement product in the order or to inform you that an item is missing from your order or for any special request clarifications or other necessary purposes related to completing the order. For deliveries that are performed by our merchant partners themselves we may also share your delivery address and phone number with those Partners.
For legal reasons and legal processes
We may share your personal data with third parties outside Sped if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, crime, security or technical issues; and/or (iii) protect the interests, properties or safety of Sped, the Users or the public as far as in accordance with the law. When possible, we will inform you about such processing.
For other legitimate reasons
If Sped is involved in a merger, acquisition or asset sale, we may transfer your personal data to the third party involved. However, we will continue to ensure the confidentiality of all personal data. We will give notice to all the Users concerned when the personal data are transferred or become subject to a different privacy statement.
With your explicit consent
We may share your personal data with third parties outside Sped when we have your explicit consent to do so. You have the right to withdraw this consent at all times free of charge, for example, by contacting us.
7. STORAGE PERIOD
Sped does not store your personal data longer than is legally permitted and necessary for the purposes of providing the Sped Services or the relevant parts thereof. The storage period depends on the nature of the information and on the purposes of processing. The maximum period may therefore vary per use.
After a User has deleted their user account personal data may be stored only as long as such processing is required by law or is reasonably necessary for our legal obligations or legitimate interests such as claims handling, bookkeeping, internal reporting and reconciliation purposes.
We assess regularly the storage period for personal data to ensure the data is stored only for the necessary time period.
8. YOUR RIGHTS
Right of access
You have the right to access and be informed about your personal data processed by us. We give you the possibility to view certain data through your user account with the Sped Services or request a copy of your personal data by contacting us.
Right to withdraw consent
In case the processing is based on a consent granted by the User, the User may withdraw the consent at any time free of charge. Withdrawing a consent may lead to fewer possibilities to use the Sped Services. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to rectify
You have the right to have incorrect or incomplete personal data we have stored about you corrected or completed by contacting us. You can correct or update some of your personal data through your user account in the Sped Services.
Right to erasure
You may also ask us to delete your personal data from our systems. We will comply with such a request unless we have a legitimate ground to not delete the data.
Right to object
You may have the right to object to certain use of your personal data if such data are processed for other purposes than necessary for the performance of the Sped Services or for compliance with a legal obligation. If you object to the further processing of your personal data, this may lead to fewer possibilities to use the Sped Services.
Right to restriction of processing
You may request us to restrict processing of personal data for example when your data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your data. This may however lead to fewer possibilities to use the Sped Services.
Right to data portability
You have the right to receive the personal data you have provided to us yourself in a structured and commonly used format and to independently transmit those data to a third party.
How to use your rights
The abovementioned rights may be used by contacting Sped support or sending a letter or an e-mail to us on the addresses set out above, including the following information: the full name, address, e-mail address and a phone number. If you have Sped account we recommend you contacting us through Sped support as that allows us to identify you more easily. We may request the provision of additional information necessary to confirm the identity of the User. We may reject or charge requests that are unreasonably repetitive, excessive or manifestly unfounded.
9. DIRECT MARKETING
The User has the right to prohibit us from using the User’s personal data for direct marketing purposes, market research and profiling made for direct marketing purposes by contacting us on the addresses indicated above or by using the functionalities of the Sped Services or the unsubscribe possibility offered in connection with any direct marketing messages.
10. LODGING A COMPLAINT
In case the User considers our processing of personal data to be inconsistent with the applicable data protection laws, the User may lodge a complaint with the local supervisory authority for data protection in Finland, the Data Protection Ombudsman (). Alternatively, the User may lodge a complaint with the other local and competent supervisory authority for data protection.
11. INFORMATION SECURITY
We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Measures include for example, where appropriate, encryption, pseudonymization, firewalls, secure facilities and access right systems. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, availability, resilience and ability to restore the data. We regularly test the Sped Services, systems, and other assets for security vulnerabilities. Furthermore, access to personal data by employees of Sped is restricted and access is subject to what is necessary for purposes of the employee’s work assignments.