top of page

Privacy Policy - Rider

Who is the data controller?

The data controller, i.e. the body that defines the purposes and means of the processing specified in this privacy policy is Delivery Hero Food Hong Kong Limited (Foodpanda), 23/F, Tower Two, Times Square, 1 Matheson Street, Causeway Bay, Hong Kong, and email address hereinafter referred to as “foodpanda” “we”, “our”, “controller”). We also use the terms "rider" for your salutation. All references to “rider” hereunder shall be deemed to refer to riders, walkers, cyclists and/or couriers (as the case may be).

Why and which personal data do we process?

Below you can see which of your data we need for which purposes and under which circumstances we share your data with others.


Personal data is information from which we can directly or indirectly relate to your person, such as first and last name, address, phone number, date of birth, location data or email address.

Which personal data do we process?

In order to provide our delivery service to our customers, we use various tools and systems that are absolutely necessary for the delivery of orders. We also use external and internal tools and systems to process your personal data for personnel management and business operations.

We collect, process and store the following categories of personal data within the scope of using the tools and systems:


For what purposes do we process personal data? 

We only collect your personal data if this is necessary and the purpose is legal and the processing is proportionate. Below we would like to give you more information for the purposes and legal basis:


How long do we store personal data? 

We generally delete your data after the purpose has been fulfilled. The exact deletion rules are defined in our regional deletion concepts. Different deletion rules apply depending on the purpose of the processing. Within our deletion concepts we have defined various data classes and assigned rule deletion periods to them. When the retention period is met, the stored data will be deleted accordingly.

Under certain circumstances, any requests for deletion may be opposed by legal retention periods, which prevent us from deleting the stored data for a fixed minimum period of time. In order to comply with these legal requirements, we block the relevant data after the purpose has been fulfilled and thereby guarantee data completeness and data integrity.

With which data processors and why do we share personal data? 

We never give your data to unauthorized third parties. However, as part of our work we obtain the services of selected service providers and give them limited and strictly monitored access to some of our data. However, before we forward personal data to these data processors for processing on our behalf, each individual company undergoes an audit. All data recipients must meet the legal data protection requirements and prove their data protection level with appropriate proofs.

In the following we would like to inform you in a transparent and understandable way about all our data recipients with the respective reasons:


To which third countries do we transfer personal data?

We process your data mainly within the Asia-Pacific (APAC). However, some of our service providers mentioned above are based outside of APAC.


All our data receives have to measure up to certain requirements for the transfer of personal data to third countries. Before we transfer your data to a service provider in third countries, every service provider is first assessed with regard to its data protection level. Only if they can demonstrate an adequate level of data protection will they be shortlisted for service providers.


Regardless of whether our service providers are located within the APAC or in third countries, each service provider must sign a contract with us, which shall contain the provisions as required by the Personal Data (Privacy) Ordinance (Cap. 486).


In order to make the visit of our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your device and allow us or our affiliate to recognize your browser on your next visit (persistent cookies). You can set your browser so that you are informed about the setting of cookies and individually decide on their acceptance or exclude the acceptance of cookies for specific cases or in general. Failure to accept cookies may limit the functionality of our website/app.

You can install additional add-ons in your browser that block unnecessary cookies. By doing so, you will not see any interest-based advertisements.

Categories of personal data: 

Limited device information such as IP address, device ID, MAC address, operating system, device type, Apple Advertiser ID (IDFA) or Android Ad ID (AAID)

Legal basis: 

• Consent 

• Legitimate interest is the purpose described above. 

You can find our cookie policy with all the cookies we use in our Cookies and Web-Tracking Policy.

What are your rights as data subjects and how can they be asserted?

You have the right to receive explicit information from us about the personal data we have stored about you, free of charge.


In addition, you have the following rights:


You may contact our Data Protection Officer to exercise your data subject rights or find out more about our data protection processes and how we process your personal data by emailing

If you believe that we have done something wrong with your personal data or your rights, you can complain to the appropriate supervisory authority at any time. The supervisory authority responsible for us is:

Privacy Commissioner for Personal Data 

Room 1303, 13/F, Sunlight Tower, 

248 Queen’s Road East, Wanchai, Hong Kong 


Last updated: 16 May 2024

bottom of page