Privacy Policy

This privacy and cookie policy clarifies the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") we collect, use and process as a part of  our online offer and the websites, functions and contents connected with it as well as external online presences, such as our Social Media Profile and our App. (hereinafter jointly referred to as the "online offer"). This Privacy Policy applies to our entire services, websites and applications including our Pickup, Pickup:Driver, Pickup:Restaurant Apps‬ on IOS and Android. 

Who we are
We are Pickup (“we”, “our”, “us”) of 71-75 Shelton Street London Greater London WC2H 9JQ, UK. We operate to the highest standards when protecting your personal information and respecting your privacy. If you have any questions about your personal information, or how we use it, you can contact us via email at 

We are the data “controller”, which means we are responsible for deciding how and why your personal information is used. We’re also responsible for making sure it is kept safe, secure and handled legally.

The Regulation 
If you live in the European Economic Area, Regulation (EU) 2016/679 (General Data Protection Regulation) is the European Regulation and here in the UK, it is the Data Protection Act 2018 (DPA).

The Supervisory Authority
The Information Commissioner’s Office (ICO) in the UK is the for us relevant authority in matters of data protection. You have the right to make a complaint at any time to the ICO ( or your local Data Protection Supervisory Authority. We would, however, appreciate the chance to deal with your concerns before you approach the ICO or your local Authority, so please contact us in the first instance. 

It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.

What are the categories of data subjects?
Customers, interested parties, visitors and users of the online offer, business partners. Visitors and users of the online offer. In the following, we refer to the data subjects collectively as "users".

What are the purposes for processing?
Provision of the online offer, its contents and functions.
Provision of contractual services, service and customer care.
Answering contact enquiries and communication with users.
Marketing, advertising and market research.
Security measures.

What are the relevant legal bases for processing your data?
In accordance with Art. 13 GDPR the following informs you about the legal basis of us processing your data and unless the legal basis is not specifically mentioned, the following applies: 
Consent – This is where we have asked you to provide explicit permission to process your data for a particular purpose. (Art. 6 Para. 1 lit. a and Art. 7 GDPR)
Contract – This is where we process your information to fulfil a contractual arrangement we have made with you. (Art. 6 Para. 1 lit. b GDPR)
Answering your business enquiries – This is where we process your information to reply to your messages, e-mails, posts, calls, etc. (Art. 6 Para. 1 lit. b GDPR)
Legitimate Interests - This is where we rely on our interests as a reason for processing, generally this is to provide you with the best products and service in the most secure and appropriate way. (Art. 6 Para. 1 lit. f GDPR). Of course, before relying on any of those legitimate interests we balance them against your interests and make sure they are compelling enough and will not cause any unwarranted harm.
Legal Obligation – This is where we have a statutory or other legal obligation to process the information, such as for the investigation of crime. (Art. 6 Para. 1 lit. b GDPR)
Vital interests – This is where we process your information for communications about security, privacy and performance improvements of our services. Or for establishing, exercising or defending our legal rights. (Art. 6 para. 1 lit. d GDPR)

Data Protection Principles
Pickup is responsible for, and must be able to demonstrate compliance with the data protection principles set out in the DPA and GDPR and all personal data must be:
  • processed lawfully, fairly and in a transparent manner in relation to the data subject;
  • collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes subject to appropriate safeguards, and provided that there is no risk of breaching the privacy of the data subject.
  • adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
  • accurate and where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay;
  • kept in a form which permits identification of data subjects for no longer than necessary for the purposes for which the personal data is processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the Regulation in order to safeguard the rights and freedoms of the data subject;
  • processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures;

Your Rights
You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them. There is more information on each right on the Information Commissioners (ICO) website and you can simply follow the links provided to learn more. 
  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object

Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us.

The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.

We encourage you to get in touch if you have any concerns with how we collect or use your personal information. You do however also have the right to lodge a complaint directly with the ICO or your local Authority.

What Personal Data Do We Process And Why
We processes your personal data when you use our services. We use the following personal data for the following purposes.

Ordering Food
We process the personal data that you submit to us when you place your order. This personal data is necessary to fulfill your order, confirm your order and evaluate your order, payment and possible refund. The legal basis for this processing of personal data is that it is necessary for the performance of a contract. We process the following personal data in the ordering process: Name, Address data, Contact details, Order, Payment data, Comments (if applicable)

Contacting Us
When you contact our customer service, we use the personal data you provide to answer your question or process your complaint. The legal basis for this processing of personal data is that it is necessary for the performance of a contract. We process the following personal data for customer service purposes: Name, Address data (if applicable), Contact details, Payment data (if applicable), Comments (if applicable)

We also process your Personal Data in order to send you (personalized) marketing communications and notifications. Such communications include the latest news, discount promotions and updates on new restaurants (via email or push notification) and loyalty programs, regardless of the format we use to distribute these types of communications (including email or push notification). The legal basis for this processing of personal data is that you have given your consent when placing an order. If you wish to change your preferences with regard to receiving such communications and notifications, you can unsubscribe from them using the link in the communication in question. We process the following personal data for marketing purposes: Name, Contact details.

We also process personal data that you submit to us indirectly. Pickup uses cookies for functional, analytical and marketing purposes. The functional cookies are necessary for the use of the website and Applications. Cookies collect the following personal data: Location Data, IP address or app IDs, Internet browser and device type, Language of the website. See our Cookie Statement for more details on cookies.

Prevention of fraud
We also process some of the above personal data to prevent fraud and other forms of abuse. The legal basis for this processing activity is that it is necessary to pursue our legitimate interest .

Market Analysis
We also use your personal data to fulfill our reporting obligations to advertisers and to improve our website and our range of products and services. The legal basis for this processing activity is that it is necessary to pursue our legitimate interest (analysis & reporting). We will generally ensure that reports do not contain data that can be traced back to you.

Our website is not intended for individuals under the age of 16, and we do not intend to collect any personal data from visitors to the website who are under the age of 16. However, we have no way of verifying the age of visitors. Therefore, we encourage parents to monitor their children's online activities to prevent their personal information from being collected without parental consent. If you suspect that we have collected personal data of a minor without consent, please contact us. We will then arrange for this data to be deleted.

Automated decision making and profiling
As part of fulfilling our contract with you and for the purpose of improving our platform, we use automated decision making and profiling. For example, we use your postcode and/or location data to select available restaurants in your particular area. In addition, we use automated decision making to comply with our legal obligations to prevent money laundering, terrorist financing and other crimes.

If such automated decision making and/or profiling results in a negative decision about you and you do not consent to it, you may contact us . We will then arrange for a reassessment of the situation. Apart from that, we would also appreciate it if you would approach us with suggestions on how to improve these processes.

We will not retain your personal data for longer than is strictly necessary for the purposes for which your personal data is collected. We will only keep your personal data longer if we are required to do so by law. We delete most of your personal data 2 years after you place your order. We use this 2-year period for administrative purposes and to handle any questions or complaints about your order, from you or from the restaurants. We retain personal information that we use for reporting, analysis and abuse prevention purposes for up to 20 years after you place your order. We cannot remove your personal information from backups. However, if we make a recovery from a backup, we will promptly delete your personal data.

Sharing with Restaurants
We share your personal information (name, address and [phone number] information, order) with the restaurant you select so that the restaurant can deliver your order. Since you are a direct customer of the restaurant, the restaurant has its own responsibilities and obligations with respect to the processing of your personal data. If you have any questions about the Restaurant's handling of your personal data, you should contact the Restaurant directly.

Sharing with others (other than restaurants)
We will not sell your personal data to third parties, and we will only share this data with third parties if it is necessary for the performance of our contract with you, for analysis and marketing purposes, or to comply with legal obligations.
Your personal data will only be passed on to third parties,
  • if you have given your express consent to this;
  • if the disclosure is necessary for the fulfillment of contractual obligations;
  • if we are legally obligated to disclose the data;
  • if the disclosure of the data is in the public interest;
  • if the disclosure of the data is necessary for the protection of our legitimate interests or the legitimate interests of a third party, unless your interests in the protection of your data override these interests.
  • Your personal data may be shared with the following parties:
  • Content Delivery Network Providers( Apple, Google,TransIP,Cloudflare),
  • Implementation partners (Apple, Google,)
  • Payment Gateway Provider (Stripe),
  • Log In Options ( Linkedin, Google, FaceBook)
  • Advertising platforms (e.g. Google, FaceBook).
  • Phone number verification processor 
  • Call masking using VOIP (In-App calling through mobile internet)
  • Live Chat Support Provider

If you have opted in to our Personalized Cookie Package, we may share your personal data in pseudonymized form with third-party platforms such as Google or Facebook to create "Custom Audiences". Such platforms show you personalized ads based on these Custom Audiences. 

Once we engage third-party companies to process your personal data on our behalf, we will enter into a data processing agreement to ensure the same level of protection and confidentiality of your personal data. 

Disclosure to Drivers
If you use us will share your personal information (email address, details of your order) with our Drivers in order to perform the existing contractual service between us and you. We and our Drivers have different responsibilities of data protection processing of your data. 

International transfers
Our main operations are based in Belgium and your personal information is generally processed, stored and used within Belgium and the UK and other countries in the European Economic Area (EEA). In some instances, your personal information may be processed outside the European Economic Area and the UK. If and when this is the case we take steps to ensure there is an appropriate level of security so your personal information is protected in the same way as if it was being used within the EEA.
Where we need to transfer your data outside the European Economic Area and the UK we will use one of the following safeguards as set out in (Art. 44 ff. GDPR) :
The use of European Commission approved standard contractual clauses in contracts for the transfer of personal data to third countries.
Transfers to a non-EEA country with privacy laws that give the same protection as the EEA.
How do we protect your Personal Data?
We protect your data using state of the art technical, and physical safeguards and operate a firm system of policies, confidentiality agreements, digital safeguards and procedures to ensure the highest level of administrative protection.
In more detail to access our database the user must be authorised, is challenged through a two-way authentication system and use an encrypted VPN. Also, the removal of Personal Data from our location is forbidden and made by using a complex encryption system very difficult. We use cutting edge antivirus and anti-malware software and up-to-date firewall protection. Moreover, authorised personnel must have a legitimate need to know interest such as being your point of contact or service your user account.
The data we collect from you may be stored, with appropriate technical and organisational security measures applied to it, on our TransIP could servers. In all cases, we follow generally high data protection standards and advanced security measures to protect the personal data submitted to us, both during transmission and once we receive it.

Data Security
We secure our website and other systems through appropriate technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. Despite regular checks, however, complete protection against all dangers is not possible.
Our website uses the industry standard SSL (Secure Sockets Layer) for encryption. This ensures the confidentiality of your personal information over the Internet. You can tell whether encrypted transmission is taking place by the closed key/lock symbol in your browser display.

Economic Analyses and Market Research
In order to run our business economically, to identify market trends, customer and user wishes, we analyse the data available to us on business transactions, contracts, enquiries, etc. In doing so, we process inventory data, communication data, contract data, payment data, usage data, metadata on the basis of Art. 6 para. 1 lit. f. GDPR, whereby the persons concerned include customers, interested parties, business partners, visitors and users of the online offer. The analyses are carried out for the purposes of business management evaluations, marketing and market research. 

In doing so, we may take into account the profiles of registered users with details, for example, of their purchasing transactions. The analyses serve us to increase user-friendliness, to optimise our offer and business efficiency and are not disclosed externally, unless they are anonymous analyses with summarised values.

If these analyses or profiles are personal, they will be deleted or made anonymous upon termination by the user, otherwise after two years from conclusion of the contract. In all other respects, the macroeconomic analyses and general trend determinations are prepared anonymously wherever possible.

Collection of access data and log files
On the basis of our legitimate interests within the meaning of Article 6 paragraph 1 letter f. GDPR, we collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the website previously visited), IP address and the requesting provider.
For security reasons (e.g. to clarify acts of abuse or fraud), log file information is stored for a maximum of seven days and then deleted. Data whose further storage is required for evidential purposes are excluded from deletion until the respective incident has been finally clarified.

Online presences in social media 
We maintain online presences on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f. GDPR. We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users who are active there. Unless otherwise stated in this policy, we process the data of users if they communicate with us within the social networks and platforms, e.g. write articles on our online presences or send us messages.
Communication by mail, e-mail or telephone
We use means of distance communication, such as post, telephone or e-mail, for business and marketing purposes. We process inventory data, address and contact data as well as contract data of customers, participants, interested parties and communication partners.
The processing is based on Art. 6 para. 1 lit a, Art. 7 GDPR, Art. 6 para. 1 lit f GDPR in connection with legal requirements for advertising communications. Contact shall only be established with the consent of the contact partners or within the scope of the statutory permissions and the processed data shall be deleted as soon as they are not required and otherwise with objection/ revocation or discontinuation of the basis for authorisation or statutory archiving obligations.

This Privacy Policy and our commitment to protecting the privacy of your personal data can result in changes to this Privacy Policy. Please regularly review this Privacy Policy to keep up to date with any changes.

Deleting Account, Personal Information & Data
Users or Delivery Drivers can request to delete their account, personal data and personal information to our Site Admin either by sending an email to
OR filling up contact us form below.

Queries and Complaints 
Any comments or queries on this policy should be directed to us using the following contact details.
Tel: 123456789
71-75 Shelton Street London Greater London WC2H 9JQ

If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.

Subscribe to our Newsletter