What information do we collect?
TGTG collects information to operate our business and provide you with opportunities for reducing food waste. We collect both Personal Data and Other Information in support of these efforts.
- "Personal Data" is information that can be used, directly or indirectly, alone or together with other information, to identify you as an individual Customer. This may include your precise Location Data.
- "Other Information" is information that is anonymous, aggregate, de-identified, or otherwise does not reveal your identity. Some examples include age, gender, browser and operating system, time spent using our Services, and webpages visited. We collect and use this information to understand how you and our Customers as a whole use our Services and constantly tune, enhance, innovate and build products and services to reflect the needs of our Customers. We also collect responses from trusted Payment Service Providers when you make purchases on the Platform. Depending on payment method, this may include a subscription ID that is sent to the Payment Service Provider. We DO NOT collect any credit card information. When you are using a mobile device, we also collect and use your Apple Identifier for Advertising (IDFA) and Google Advertising ID (AAID) to recognize your device and support activities on our Services. These number values are not permanently tied to your device and, depending on your operating system, you can reset it through your device settings.
We collect Personal Data in the following ways:
- When you register with us, we collect registration and demographic details, e.g., name, email address, password, country and exact location. We may also collect your mobile phone number.
We process this Personal Data because it is necessary for performing the agreement with you for the use of the Platform, pursuant to GDPR article 6 (1) (b).
- When you use or interact with our Services, we collect Personal Data such as Location Data. We use your Location Data to provide a more relevant service. We may also use your Location Data to conduct analytics to improve the Services.
We collect Location Data in several ways:
- from your wireless carrier,
- directly from the device on which you use our Services.
The way in which we collect Location Data is different depending on whether you are accessing the Services through a website or a mobile application.
If you are accessing the Services through one of our mobile applications, the way we collect Location Data will differ depending on your mobile device’s operating system. In all events, we do not collect Location Data, unless you have allowed its collection when prompted. If you decline to allow Location Data collection in the app, we will not collect your Location Data unless you manually enter it in.
We process this Personal Data based on your consent, pursuant to GDPR article 6 (1) (a).
Other Information: We may collect Other Information about your use of our Services. This includes, for example, your device type, carrier provider, browser type, operating system, internet domain and host name, date and time of access as well as referring and onward URL, as well as transactional data about the activities you undertake and how you interact with the Services, such as what data is displayed, clicked on or shared, the click stream patterns, and the length of time spent on each site or page; and searches you may conduct on the Services.
We process this Personal Data because it is necessary for the purposes of the legitimate interests pursued by us in order to improve our Platform, pursuant to GDPR article 6 (1) (f).
- When you connect with us through social media, we may collect account or profile information.
We process this Personal Data based on your consent, pursuant to GDPR article 6 (1) (a).
- When you take surveys and enter promotions, contests, and sweepstakes, we collect contact, demographic and eligibility information.
We may sponsor contests, sweepstakes and other promotions ("Promotions") and we may request that you provide Personal Data, such as name, address, email address, telephone number and age and other information that may be appropriate in order to participate.
We may also launch surveys that ask you to answer questions about a range of topics from personal information to brand and product preferences.
We process this Personal Data based on your consent, pursuant to GDPR article 6 (1) (a) or because it is necessary for the purposes of the legitimate interests pursued by us in order to improve our Platform, pursuant to GDPR article 6 (1) (f).
When we collect Personal Data directly from you, you voluntarily provide us with the Personal Data in order to use the Platform.
The submission of your Personal Data to us is voluntary, but the consequence of not submitting your Personal Data may be that you cannot use the Platform or enter into promotions, contests, or sweepstakes.
How do we use your personal data?
We use the data we collect to operate our business, advertise and improve our existing Platform, develop new services and to improve and personalize your experiences interacting with us. We also use your Personal Data to communicate with you.
We will use your Personal Data for the following purposes:
- Operate our business and run our Services.
We use your Personal Data to create and manage your personal account at TGTG and to process your orders.
- Personalize experiences on our Services, better understand our Customers and gain customer insights
We use your Personal Data to conduct analyses in order to provide you with relevant functionality. This includes showing you a map or list view of nearby stores and suggesting the most relevant stores for you.
- Communicate with you and respond to your requests
When registering an account with us, you have a choice of receiving announcements about us and our products and Services via email and/or push notifications. If you consent to such messages, we may use your Personal Data and Other Information to communicate with you about the TGTG products or Services you have purchased or used and to notify you of other products, promotions and Services we think may be of interest to you. You can manage your communication preferences at any time from the mobile applications.
We may use your Personal Data to respond to your requests for technical support, online services, product information or to any other communication you initiate. This includes accessing your account to address technical support requests.
Additionally, when you request it, we will use your Personal Data to enroll you in contests, programs, or offers. We also may use your Personal Data to notify you of promotions and other special offers.
- Tailor our advertising and marketing
You may opt-out of being tracked online by certain companies who are listed at https://optout.aboutads.info/?c=2&lang=EN OR https://optout.networkadvertising.org/?c=1 and may also learn more about online behavioral advertising at such websites. If you opt-out, you will still receive advertisements, but they will not be delivered to you by such companies from whom you have opted-out based upon your behavioral data possessed by the companies from whom you have opted-out.
To learn how to limit ad tracking or to reset the advertising identifier on your iOS and Android device, click on the following links:
iOS - https://support.apple.com/en-us/HT202074
Android - https://support.google.com/ads/answer/2662922?hl=en
You may also download and set your preferences on the DAA’s App Choices mobile application(s) available in Google Play or the Apple App stores. More information about opting-out on mobile devices is available here - https://www.networkadvertising.org/mobile-choice
We do not respond to or honor “do not track” (a/k/a DNT) signals or similar mechanisms automatically transmitted by web browsers for which we are cannot evaluate your choice.
Where is your personal data stored?
The data that we collect from you is stored within the European Economic Area (“EEA”) but may also be transferred to and processed in a country outside of the EEA. Any such transfer of your Personal Data will be carried out in compliance with applicable laws.
For how long is your personal data stored?
TGTG will retain your Personal Data for as long as you maintain an Account or as needed to provide you the Services. We will also retain and use your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We will retain your Personal Data until 5 years after the end of the year in which you delete your Account in order to comply with our legal obligations pursuant to the Danish Accounting Act or for the establishment, exercise or defence of legal claims
Who is responsible for your personal data?
Too Good To Go ApS (“TGTG”), is the controller of the Personal Data you submit to us and responsible for your Personal Data under the Danish Data Protection Act, which implements the EU Data Protection Directive (95/46/EC).
Who has access to your personal data?
Your data may be shared within the TGTG group. We never pass on, sell or swap your data for marketing purposes to third parties outside the Too Good To Go group. Data that is forwarded to third parties is only used to provide you with the services mentioned above, for example media services and agencies for distribution of newsletter and credit reference or debt collection agencies for the purpose of credit rating checks, identity checks and debt collection.
How do we protect your personal data?
We have taken technical and organisational measures to protect your data from loss, manipulation and unauthorised access. We continually adapt our security measures in line with technological progress and developments. To make card purchases with us as secure as possible, all information is sent in encrypted form. This means that the information is passed through a secure connection and that external parties cannot read your Personal Data. For card purchases, we work with PCP compliant Payment Service Providers that help us to check directly with your bank that the card is valid for purchases. Our Payment Service Providers process your card details according to the international security standards PCI DSS, which was developed by the card companies VISA, MasterCard, Diners, American Express and JCB. This means that your card details are processed with a very high level of security. When you pay by card, we reserve the right to carry out an identity check.
What are your rights?
Rigths for California users
California law provides California residents with specific rights regarding their personal information. The California Consumer Privacy Act of 2018 (“CCPA”) defines “personal information” as information that identifies, relates to, describes, references, or is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. This section describes the rights that California residents have with respect to such personal information and explains how to exercise those rights, subject in all cases to any limitations set forth in the CCPA. Please refer to the section entitled “What Information Do We Collect” above for more detail about the types of information collected, the purposes for which and sources from where we collect personal information, and the third parties with whom we share personal information.
California Specific Rights, Choices, and Opt-Outs: The CCPA provides California residents with specific rights regarding their personal information. The subsections that follow describe the rights that you have under CCPA if you are a California resident and explain how you can exercise those rights.
- Right to Know About Personal Information Collected, Disclosed, or Sold. You have the right to request that we disclose certain information to you about our collection, use, disclosure, or sale of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Your Right to Know or Delete), and subject to certain limitations described below or set forth in the CCPA, we will disclose such information to you. You have the right to request any or all of the following:
- The categories of personal information we collected about you.
- The categories of sources from which the personal information is collected.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of personal information about you that we have sold or disclosed for a business purposes.
- The categories of third parties to whom the information is sold or disclosed for a business purpose.
- The specific pieces of personal information we collected about you.
- Deletion Request Rights. You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Right to Know or Delete), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. However, we may retain personal information that has been de-identified or aggregated. Furthermore, we may deny your deletion request if retaining the information is necessary for us or our service provider(s) in order to perform certain actions set forth under CCPA, such as detecting security incidents and protecting against fraudulent or illegal activity.
- Exercising Your Right to Know or Delete. To exercise your right to know or delete, please submit a request to us by emailing us at firstname.lastname@example.org
Only you, or a person or business entity registered with the California Secretary of State that you authorize to act on your behalf (an “authorized agent”), may make the requests set forth above. The request should include your contact information and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. In addition, you should provide sufficient information that allows us to reasonably verify that you are the person about whom we collected the personal information or an authorized representative of that person. For more information about verification, see Response Timing and Format immediately below.
- Response Timing and Format. In order to protect the security of your personal information, we will not honor a request if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. The method used to verify your identity will depend on the type, sensitivity, and value of the information, including the risk of harm to you posed by any authorized access or deletion. Generally speaking, verification will be performed by matching the identifying information provided by you to the personal information that we already have.
Any disclosures we provide will only cover the 12-month period preceding our receipt of your request (and will not be made more than twice in a 12-month period). If we cannot comply with a request, or cannot fully comply with a request, the response we provide will also explain the reasons we cannot comply.
- Personal Information Sales Opt-Out and Opt-In Rights. We do not “sell” personal information, as that term is defined in the CCPA.
- Non-Discrimination. We will not discriminate against you for exercising any of your CCPA rights.
Rights for other users
You have the right to request information about the Personal Data we hold on you at any time. If your Personal Data is incorrect, incomplete or irrelevant, you can ask to have the information corrected or removed. You also have the right to request the processing of your Personal Data restricted and in some circumstances to data portability. We cannot remove your Personal Data when there is a legal storage requirement, such as accounting rules or when there are other legitimate grounds to keep the data, such as unsettled debts. You can withdraw your consent to us using the Personal Data for marketing purposes at any time. You can contact us either by sending a letter to Too Good To Go ApS, Customer Service, Landskronagade 66 , 2100 København Ø, Denmark or by sending an email to email@example.com. Your rights under the Data Protection Act will not be affected.
You may file a complaint with the Danish Data Protection Agency if you are dissatisfied with our processing of your Personal Data. You can find the contact details of the Danish Data Protection Agency on www.datatilsynet.dk.
Controller of personal data
Too Good To Go ApS
2100 København Ø