Privacy Policy

Last updated May 24, 2018  

URB-IT DATA PROTECTION POLICY

 

INTRODUCTION 

At Urb-it AB (publ) (“Urb-it” or “we”), we protect your personal integrity and always strive for a high level of data protection (eg. we would never sell your personal data to another company). This privacy policy explains how, why and for how long we collect, process, store and use your personal information. It also describes your rights and how you can exercise them. It is important that you understand the privacy policy and feel safe in our treatment of your personal data. You are always welcome to contact us for any questions. This Data Protection Policy applies to our Services (Urb-it Delivery API, Service First, Urb-it eCheckout), our websites (urbit.com, business.urb-it.com, consumer-portal.urb-it.com, developer.urb-it.com), to our mobile applications (“Apps”) and any other Urb-it services. You should also read and agree to our Terms of Service. This policy governs all use of our Services, both for Retailers and Partners who offers our services to their customers, to customers who choses Urb-it and to visitors of our web pages. By using Urb-it Services, you accept our Data Protection Policy and our processing of your personal information. You also agree that Urb-it uses electronic communication channels to send information to you when receiving or placing a delivery with Urb-it.

WHAT IS PERSONAL DATA AND WHAT IS PROCESSING OF PERSONAL DATA?

Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person is considered to be personal data. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, or a computer IP address. Encrypted data and different types of electronic identities (e.g. IP number) are personal data if they can be linked to a person. Processing of personal data is all that happens with personal data. For instance, each action taken regarding personal data is a treatment, regardless of whether it is performed automated or not. Examples of common processing are collection, editing, registration, organization, structuring, storage, transmission and deletion.

WHO IS RESPONSIBLE FOR THE PERSONAL INFORMATION WE COLLECT?

URB-IT AB (publ), Org.nrcompany number: 556959-9755, Vattugatan 17, 111 52 Stockholm , Sweden, and its subsidiaries, including Urb-it Paris SAS, company number 350 261 152, 5 Boulevard de la Madeleine, 75001 Paris, France, and Urb-it London Ltd, company number 0999823, 10 Margaret Street, London W1W 8RL, United Kingdom. Please contact us at dataprotection@urbit.com if you have any questions or would like further information about how and why we collect, process and store data and how you can exercise your rights as a data subject. Urb-it has dedicated professionals that are responsible for handling and architecting all the processes and solutions used by our products, systems and services, providing security of information.

WHAT INFORMATION DO WE COLLECT?

Information you give us in order to successfully carry out our Service. You may directly or indirectly give us information about yourself in a variety of ways, such as when you place an order on a retailer’s site, when choosing Urb-it as a delivery option at a later stage in the delivery flow (for example when using Urb-it to deliver a Click & Collect purchase), when you contact us, use our web page and our Business or Customer portal. To fulfill our delivery commitments we may collect information about yourself in a variety of ways, such as when you place an order on a retailer’s site, when choosing Urb-it as a delivery option at a later stage (for example when using Urb-it to deliver a Click & Collect purchase), when you contact us, use our web page, our Business or customer portal. Information about interaction between you and Urb-it – how you as a user uses our services, including page response times, errors, entry and exit methods, as well as delivery notices when we contact you. The information you give us, as well as the information about your purchase and your payment information, is required to enter into a contractual relationship with us, while the other information we collect is necessary to pursue other purposes, as explained in this document.

HOW URB-IT HANDLES YOUR PERSONAL DATA?

Customer agrees that Urb-it will (taking into account the nature of the processing and the information available to Urb-it) assist the customer in ensuring compliance with any obligations in respect of data protection impact assessments and prior consultation, including if applicable customer’s obligations pursuant to Articles of the GDPR, by providing the Additional Security Controls – Urb-it has a controlled environment, with a access restriction policy and authenticated integrations with processors and sub-processors.

WHY DO WE COLLECT, STORE AND PROCESS PERSONAL DATA?

Provide, operate and improve our services. All data is used to provide, operate and improve Urb-it’s services. Urb-it processes personal data for the following purposes and based on the following legal bases:

WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU AS A CUSTOMER / DELIVERY RECIPIENT AND FOR WHAT PURPOSE?

PURPOSE DATA COLLECTION PROCESSES CATEGORIES OF PERSONAL DATA
In order to be able to process orders and deliveries To be able to handle informations about delivery address and about the consumer who will receive it. To be able to identify the consumer and proceed with the delivery process. To be able to collect informations that could help in solving process of reclamation and warranty errands.
  • First & last name
  • Delivery address (street, street number, postcode, city)
  • Email
  • Phone
  • Purchase details (retailer, items, quantity, total value)
  • Message to the Urber
LAWFUL BASIS FOR PROCESSING
Contractual Necessity Purchase agreement. This collection of personal data is necessary for us to fulfill our commitments according to the purchase agreement. If the data is not provided, we will not be able to fulfill our commitments and therefore reserve the right to decline the consumer purchase. (Rec.30; Art.7(1)(b), Rec.44; Art.6(1)(b))
DATA MINIMIZATION (LIFETIME FOR THE COLLECTED INFORMATION)
We store the data for a period of 36 months from when the purchase has been processed (including delivery and payment) to comply with booking laws, customer protection laws, directive on distance selling etc.
 
PURPOSE DATA COLLECTION PROCESSES CATEGORIES OF PERSONAL DATA
In order to be able to process transactions regarding the financial aspects of orders and deliveries To administer the consumer payment and the customer relationship. To provide the consumer with the information, products and services that you request from us.
  • First & last name
  • Email
  • Purchase details (retailer, items, quantity, total value)
  • Payment details
LAWFUL BASIS FOR PROCESSING
Contractual Necessity Purchase agreement. This collection of personal data is necessary for us to fulfill our commitments according to the purchase agreement. If the data is not provided, we will not be able to fulfill our commitments and therefore reserve the right to decline consumer purchase. (Rec.30; Art.7(1)(b), Rec.44; Art.6(1)(b))
DATA MINIMIZATION (LIFETIME FOR THE COLLECTED INFORMATION)
We store the data for a period of 36 months from when the purchase has been processed (including delivery and payment) to comply with booking laws, customer protection laws, directive on distance selling etc.
 
PURPOSE DATA COLLECTION PROCESSES CATEGORIES OF PERSONAL DATA
In order to be able to send notifications for the consumers about security breaches that could affect the integrity of their data To be able to inform consumers that one or more informations regarding their personal data were susceptible to access as plain text in logs or other type of repository of information.
  • Email
  • Phone
LAWFUL BASIS FOR PROCESSING
Legal Obligations The treatment of the informations is necessary to accommodate ours and the consumer legal obligations regarding frauds and incorrect use of personal information, providing when necessary, information for basis in legal investigations. (Rec.30; Art.7(1)(c), Rec.45; Art.6(1)(c), 6(3))
DATA MINIMIZATION (LIFETIME FOR THE COLLECTED INFORMATION)
We store the data for a period of 36 months from when the purchase has been processed (including delivery and payment) to comply with booking laws, customer protection laws, directive on distance selling etc.
 
PURPOSE DATA COLLECTION PROCESSES CATEGORIES OF PERSONAL DATA
In order to handle customer service issues To be able to have a open channel to communication and response of any questions to customer service (via phone or in digital channels, including Social Media). To be able to provide identification and examination of possible complaints and support cases (including Tech Support)
  • First & last name
  • Delivery address (street, street number, postcode, city)
  • Email
  • Phone
  • Purchase details (retailer, items, quantity, total value)
  • Payment details
  • Message to the Urber
  • Communication history
  • Technical data regarding access device (information about screen size and resolution, pixel density, browser, operational system, ip address)
LAWFUL BASIS FOR PROCESSING
Legitimate Interests The treatment is necessary to accommodate ours and the consumer legitimate interest in handling customer service matters. (Rec.30; Art.7(1)(f), Rec.47, 48; Art.6(1)(f))
DATA MINIMIZATION (LIFETIME FOR THE COLLECTED INFORMATION)
We store the data for a period as long as the customer support errand is open.
 
PURPOSE DATA COLLECTION PROCESSES CATEGORIES OF PERSONAL DATA
In order to evaluate, improve and develop our services, products and systems for our customers To be able to understand our users behavior and generate statistics for further studies. To be able to collect informations about technical characteristics of devices used to access our services, in order to generate statistics for further studies. In order to process and evaluate the statistics collected to plan, project and develop constantly our services, platforms and services in a way that reach the needs of the users.
  • First & last name
  • Historical delivery addresses (street, street number, postcode, city)
  • Historical purchase details (retailer, items, quantity, total value)
  • Correspondence and feedback about our products
  • Technical data regarding access device (information about screen size and resolution, pixel density, browser, operational system, ip address)
LAWFUL BASIS FOR PROCESSING
Legitimate Interests The treatment is necessary to accommodate ours and the consumer legitimate interest in improve our services, platforms and systems to provide a better service to the consumer. (Rec.30; Art.7(1)(f), Rec.47, 48; Art.6(1)(f))
DATA MINIMIZATION (LIFETIME FOR THE COLLECTED INFORMATION)
We store the data for a period of 36 months from when the purchase has been processed (including delivery and payment) to comply with booking laws, customer protection laws, directive on distance selling etc.
 
PURPOSE DATA COLLECTION PROCESSES CATEGORIES OF PERSONAL DATA
In order to prevent abuse of our services or to prohibit and handle legal investigations To prevent misuse of our services as part of our efforts to keep our services, platforms and systems safe and secure.
  • First & last name
  • Delivery address (street, street number, postcode, city)
  • Email
  • Phone
  • Purchase details (retailer, items, quantity, total value)
  • Payment details
  • Message to the Urber
  • Technical data regarding access device (information about screen size and resolution, pixel density, browser, operational system, ip address)
LAWFUL BASIS FOR PROCESSING
Legitimate Interests The treatment of the informations is necessary to accommodate ours and the consumer legitimate interest in avoid frauds, abuse and incorrect use our our services, platforms and systems. (Rec.30; Art.7(1)(f), Rec.47, 48; Art.6(1)(f))Legal Obligations The treatment of the informations is necessary to accommodate ours and the consumer legal obligations regarding frauds and incorrect use of personal information, providing when necessary, information for basis in legal investigations. (Rec.30; Art.7(1)(c), Rec.45; Art.6(1)(c), 6(3))
DATA MINIMIZATION (LIFETIME FOR THE COLLECTED INFORMATION)
We store the data for a period of 36 months from when the purchase has been processed (including delivery and payment) to comply with booking laws, customer protection laws, directive on distance selling etc.

 

WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU AS A WEB USER AND FOR WHAT PURPOSE?

PURPOSE DATA COLLECTION PROCESSES CATEGORIES OF PERSONAL DATA
In order to evaluate, improve and develop our websites for our users To be able to understand our users behavior and generate statistics for further studies. To be able to collect informations about technical characteristics of devices used to access our services, in order to generate statistics for further studies. In order to process and evaluate the statistics collected to plan, project and develop constantly our services, platforms and services in a way that reach the needs of the users.
  • Technical data regarding access device (information about screen size and resolution, pixel density, browser, operational system, ip address)
LAWFUL BASIS FOR PROCESSING
Legitimate Interests The treatment is necessary to accommodate ours and the user legitimate interest in improve our services, platforms and systems to provide a better service to the consumer. (Rec.30; Art.7(1)(f), Rec.47, 48; Art.6(1)(f))
DATA MINIMIZATION (LIFETIME FOR THE COLLECTED INFORMATION)
We store the data for a period of 36 months from when the purchase has been processed (including delivery and payment) to comply with booking laws, customer protection laws, directive on distance selling etc.
 

WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU AS A RETAILER AND PARTNER AND FOR WHAT PURPOSE?

PURPOSE DATA COLLECTION PROCESSES CATEGORIES OF PERSONAL DATA
In order to be able to process transactions regarding the financial aspects of orders and deliveries To be able to invoice for our services. To be able to pay transfer payments when the checkout is handled by Urb-it through Stripe
  • First & last name
  • Address (street, street number, postcode, city)
  • Email
  • Phone
  • Document valid as personal identification
  • Bank account details
LAWFUL BASIS FOR PROCESSING
Contractual Necessity The treatment of the informations is necessary to accommodate ours and the retailer obligations regarding the contract when referencing to financial agreements, possibility to pay or to invoice. (Rec.30; Art.7(1)(b), Rec.44; Art.6(1)(b))Legal Obligations The treatment of the informations is necessary to accommodate ours and the consumer legal obligations regarding frauds and incorrect use of personal information, providing when necessary, information for basis in legal investigations. (Rec.30; Art.7(1)(c), Rec.45; Art.6(1)(c), 6(3))
DATA MINIMIZATION (LIFETIME FOR THE COLLECTED INFORMATION)
We store the data during the full length of the retailer/partner agreement and for an additional period of 36 months from when the purchase has been processed (including delivery and payment) to be able to comply with booking laws, customer protection laws, directive on distance selling etc.
 
PURPOSE DATA COLLECTION PROCESSES CATEGORIES OF PERSONAL DATA
In order to be able to send notifications for the retailers about security breaches that could affect the integrity of their data To be able to inform retailers that one or more informations regarding their personal data were susceptible to access as plain text in logs or other type of repository of information.
  • Email
LAWFUL BASIS FOR PROCESSING
Legal Obligations The treatment of the informations is necessary to accommodate ours and the consumer legal obligations regarding frauds and incorrect use of personal information, providing when necessary, information for basis in legal investigations. (Rec.30; Art.7(1)(c), Rec.45; Art.6(1)(c), 6(3))
DATA MINIMIZATION (LIFETIME FOR THE COLLECTED INFORMATION)
We store the data during the full length of the retailer/partner agreement and for an additional period of 36 months from when the purchase has been processed (including delivery and payment) to be able to comply with booking laws, customer protection laws, directive on distance selling etc.
 
PURPOSE DATA COLLECTION PROCESSES CATEGORIES OF PERSONAL DATA
In order to evaluate, improve and develop our services, products and systems for our consumers and partners To be able to understand our users behavior and generate statistics for further studies. To be able to collect informations about technical characteristics of devices used to access our services, in order to generate statistics for further studies. In order to process and evaluate the statistics collected to plan, project and develop constantly our services, platforms and services in a way that reach the needs of the users.
  • Correspondence and feedback about our products
  • Technical data regarding access device (information about screen size and resolution, pixel density, browser, operational system, ip address)
LAWFUL BASIS FOR PROCESSING
Legitimate Interests The treatment is necessary to accommodate ours and the retailer legitimate interest in improve our services, platforms and systems to provide a better service to the consumer and retailer experience. (Rec.30; Art.7(1)(f), Rec.47, 48; Art.6(1)(f))
DATA MINIMIZATION (LIFETIME FOR THE COLLECTED INFORMATION)
We store the data during the full length of the retailer/partner agreement.
 
PURPOSE DATA COLLECTION PROCESSES CATEGORIES OF PERSONAL DATA
In order to enable conversations, negotiation and to be able to enter into a retailer/partner agreement To have an open dialog regarding negotiations, a contact information can be saved during the period. To have the possibility to prospect new clients, a contact information can be saved until the answer regarding the negotiation.
  • Correspondence and feedback about our products
  • Email
  • Phone
  • Role / Position
LAWFUL BASIS FOR PROCESSING
Legitimate Interests The treatment of the informations is necessary to enable the capacity of prospect and negotiation of the company as well the retailers. (Rec.30; Art.7(1)(f), Rec.47, 48; Art.6(1)(f))Consent By contacting and discussing with us, some personal information can be saved during the process of negotiation to enable business contacts. (Rec.30, 33; Art.7(1)(a), Rec.32, 42, 43; Art.6(1)(a))
DATA MINIMIZATION (LIFETIME FOR THE COLLECTED INFORMATION)
We store the data before and during a conversation between you and Urb-it and during the full length of the retailer/partner agreement if such exists.
 

WILL URB-IT SHARE OR TRANSFER MY PERSONAL DATA?

To successfully carry out our Service we may transfer or share your information with selected third parties, i.e.  

WHAT RIGHTS DO YOU, AS A DATA SUBJECT, HAVE?

 

HOW CAN YOU EXERCISE YOUR RIGHTS PROVIDED UNDER THE GDPR?

Please contact us at dataprotection@urbit.com if you want to exercise any of your rights mentioned above.

HOW WE WILL NOTIFY YOU ABOUT CHANGES IN THIS POLICY OR SECURITY BREACHES? 

We’ll notify you before we make changes to this policy and give you the opportunity to review the revised policy before you choose to continue using our Services. We’ll notify you in case of any security breach that we identify as hurtful for the personal data that we hold from you. The notification process will be done via email or SMS.

WHAT ABOUT COOKIES AND OTHER TRACKING TECHNOLOGIES?

We use cookies and similar technologies to deliver a tailored and smooth online experience. For detailed information about how Urb-it uses cookies and similar, please read our cookie policy. We also use geotracking when using map functionality on your device. Speaking of cookies, we also deliver them from Ladurée Paris and Ladurée London. If you read all the way here, you deserve a cookie.
 

Urb-it Subprocessors

 

OVERVIEW

Urb-it (“us”, “we”, or “our”) uses certain sub-processors to assist it in providing to its customers the Services as described in the Terms of Service. Defined terms used herein shall have the same meaning as defined in the Agreement or the Data Processing Addendum (“DPA”). A sub-processor is a third party data processor engaged by Urb-it that has or potentially will have access to or process Customer Data (which may contain Personal Data). Urb-it engages different types of sub-processors to perform various functions as explained in the tables below.

INFRASTRUCTURE

We use the following sub-processors to provide our cloud infrastructure environment and storage of our Customer Data:
Subprocessor Geographic Location
Amazon Web Services, Inc. USA, Ireland and Germany
Microsoft Azure (Reg Only) USA and Ireland
 

PROCESSING OF USER CONTENT

We work with various sub-processors that monitor, maintain and otherwise support the Services. In order to provide this functionality these sub-processors may, but not necessarily will, have access to Customer Data:
Subprocessor Country of Processing Purpose
Stripe Inc. (Reg Only) USA Registration Payments
Twilio Inc. USA SMS Notifications
Sendgrid (Reg Only) USA Email Delivery
Urbers Sweden, UK & France In order to fulfill our commitments according to the purchase agreement. Information regarding Customer, Retailer, Purchase and Delivery Information.
 

We use cookies to analyse our traffic. We also share information about your use of our website with our analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. You consent to our cookies if you continue to use this website.