Welcome to the Mr D Food Privacy Policy

This Privacy Policy applies to all Restaurant Partners who use our Restaurant Portal (referred to as “our Platform”).

The purpose of this Privacy Policy is to set out how, why and when Mr Delivery (Pty) Ltd t/a Mr D Food (“Mr D Food”) uses your Personal Information so as to comply with the Protection of Personal Information Act 4 of 2013 (“POPI”).

It is important that you read this Privacy Policy together with our other terms and conditions, privacy notices or policies we may provide from time to time when we collect or use your Personal Information.

Further, please pay special attention to the clauses in this Privacy Policy that appear in similar text and style (i.e. bold) which:

• May limit the risk or liability of Mr D Food or a third party;
• May create risk or liability for the user;
• May compel the user to indemnify Mr D Food or a third party; and/or
• Serves as an acknowledgement, by the user, of a fact.

Mr D Food provides our Platform which is used by Restaurant Partners in order to fulfill orders made by customers using our website, related mobi-sites and software applications for ordering and purchasing food, beverages and other products from Restaurant Partners.

We respect your privacy and take the protection of Personal Information very seriously. We strive to deliver excellent service every time and to do this, we need to use some of your Personal Information. This Privacy Policy describes how we handle the Personal Information we collect about you and/or receive from you. By using our Platforms, you agree to the processing of your Personal Information as set out in this Privacy Policy.

In this Privacy Policy, the terms -

• “Personal Information”, and “process/processing” bear the same meanings as set out in POPI.
• “we”, “us” or “our” refers to Mr D Food.
• “you” and “your” refers to every person that accesses or uses our Platform also referred to as a Restaurant Partner and includes a restaurant, retail outlet, liquor store, pharmacy or other food/snack outlet as the case may be.

What type of personal information do we collect and receive

Mr D Food processes Personal Information in a manner that is reasonable, adequate, relevant, non-excessive and purpose-specific. When you apply to become a Restaurant Partner, we may collect the following Personal Information:

• legal name in instances where the Restaurant Partner is a juristic person;
• name of sole proprietor;
• office bearers of any juristic person or sole proprietor;
• official email address;
• any other email address;
• official physical address;
• any other physical address;
• official phone number;
• any other relevant phone number;
• identity number of any natural persons;
• registration number of any juristic persons or sole proprietors;
• banking information; and/or
• location data.

Should your Personal Information change or you wish to amend and/or correct your Personal Information, you can do this by visiting the Restaurant Portal.

You warrant that the Personal Information you have provided is accurate, current, true and correct and that does not impersonate or misrepresent any person or entity or falsely state or otherwise misrepresent your affiliation with anyone or anything.

Information from using the Platform

When you access our Platform, we process some of your Personal Information. Depending on how you access and use our Platforms, we may receive:

• log information, including information on how, when and for how long you use our Platform and other services, the content you view and search queries you submit.
• information about the equipment you use to access or use our Platform, including the type of device you are using, how you access our Platform, your browser or operating system and your Internet Protocol address.
• the geographic location from which you accessed our Platform, including your device’s global positioning system signal and information about nearby wifi networks and cell towers. We get this information when you use location-enabled services.
• other information about you from third parties such as social media.
• information relating to support you may from us such as information about your query and your contact details. When you interact with our platforms via email or phone we may collect and use information about you in order to provide support. Your communications with us may be recorded.

Why do we process your personal information

We process the Personal Information we collect and receive to:

• identify you.
• verify your identity.
• enter into a contract with you.
• provide and manage our services to you and fulfill our contractual obligations to you in line with the “Restaurant Portal - Terms of Use”.
• enable us to process payments.
• communicate with you regarding our Platform.
• notify you about changes to our Platform, services and products, terms and conditions, privacy policy or notices, and any other changes that impact our Platform, services and products.
• get feedback from you which we need to develop our products and services and grow our business.
• comply with any legal or regulatory obligations such as tax or financial laws.
• undertake research and statistical purposes. The research and statistics we get from this process do not include your Personal Information and cannot be linked to you, nor can you be identified from these statistics.

Retention and restriction of records

We keep your Personal Information for as long as:

• we need it to provide our Platform, products or services to you.
• it is required or allowed by law and is in line with our internal retention policies.
• it is necessary to uphold the contract between you and us.
• you have agreed to us keeping your Personal Information subject to your request for us to stop processing your Personal Information.

We will retain your Personal Information for as long as is necessary to achieve the purpose for which this information was collected or subsequently processed. If your Personal Information is used for more than one purpose, we will retain it until the purpose with the latest period expires but we will stop using it for the purpose with a shorter period once that period expires.

By accessing and using our Platform, you consent to us retaining records of your Personal Information for no longer than may be necessary to achieve the purpose for which the Personal Information was initially collected or subsequently processed.

User tracking and cookies

When you access and use our Platform we may use various technological tools to improve your experience on our Platform through the use of cookies and/or user tracking.

Cookies are small text files placed on the device that you use to access our Platform. These files do not contain your Personal Information but allow us to associate you with a particular device. Many websites use cookies and we use cookies to:

• make our Platform more user friendly.
• personalise your interactions with our Platform, tailor our services and Platform to your interests and needs, and ensure they work on your device.
• analyse Personal Information that will enable us to send you the types of promotional offers that may be particularly relevant to you
• develop and improve our business
• analyse your activity on our Platform so that we can administer, support, improve and develop our business and for statistical and analytical purposes and to help us to prevent fraud.

We will not use your Personal Information for any other purpose without your permission.

By accessing and using the Platform, you consent to our use of cookies and/or user tracking technologies.

Opt out from direct marketing

You have the right to request us not to contact you for purposes of direct marketing by any form of electronic communication such as automatic calling machines, email and/or SMS notifications by “opting-out” of any direct marketing communications we may send to you.

Restaurant Partners' obligation to protect Personal Information

As a Restaurant Partner, you might have access to the Personal Information of customers and/or that of Mr D Food’s staff including their names, delivery or email addresses and/or telephone numbers. Given this, you have already contractually undertaken to only use or process each specific piece of Personal Information to the extent necessary for the purposes of performing the express obligations under any agreement we have concluded with you.

You have specifically undertaken that you shall:

• process Personal Information in such a manner that is reasonable, adequate, relevant, non-excessive, purpose-specific and non-infringing of any individual’s privacy in terms of POPI;
• secure the integrity and confidentiality of Personal Information in your possession or under your control by taking appropriate, reasonable technical and organisation measures to prevent, amongst other things, loss of, damage to or unauthorised destruction or access to the Personal Information. This may encompass information relating to customers’ health information to which you are obliged to treat as confidential;
• have due regard to generally accepted information security practices and procedures which may apply to it generally or be required in terms of specific industry or professional rules and regulations; and
• immediately notify Mr D Food if there are reasonable grounds to believe that any Personal Information has been accessed or acquired by an unauthorised person.

Who else gets to process your personal information?

We do not sell your Personal Information to third parties for their marketing or any other purposes.

We may provide or make your Personal Information available to:

• our employees and third party service providers who assist us to interact with you.
• law enforcement, government officials, fraud detection agencies or other third parties when the disclosure of Personal Information is necessary or appropriate in connection with an investigation of fraud, intellectual property infringements, or other activity that is illegal or may expose us to legal liability or to prevent physical harm or financial loss, to report or support the investigation into suspected illegal activity.
• enable our service providers (under contract with us) who help with parts of our business operations (fraud prevention, marketing, technology services etc). However, our contracts with such third parties dictate that these service providers may only use your Personal Information in connection with the services they perform for us and not for their own benefit and must treat such Personal Information as confidential information.

Sending your personal information outside of South Africa

We may transfer certain Personal Information outside the geographic borders of South Africa to service providers for purposes set out above (Why we process your Personal Information?), including for data storage purposes and data back-ups to ensure the integrity of our systems.

When we transfer your Personal Information outside of the geographic borders of South Africa, we will ensure that we do so in accordance with the requirements for lawful transfer outside of South Africa as set out in POPI.

By accessing and using our Platform, you consent to us transferring your Personal Information outside of South Africa as set out in POPI.

Securing your Personal Information

We secure the integrity and confidentiality of your Personal Information in our possession or under our control by taking appropriate, reasonable technical and organisational measures to prevent loss of, damage to or unauthorised destruction of Personal Information and unlawful access to or processing of Personal Information.

In order to implement and maintain such measures, we have in place policies, controls and related processes, which are reviewed and updated on a regular basis. Our policies, controls and procedures cover for example:

• physical, technical and network security;
• access controls and monitoring of access;
• secure storage, destruction and encryption of records of Personal Information;
• Personal Information breach reporting and remediation; and
• by way of written agreements, imposition of security and confidentiality obligations on third parties (based within or outside the borders of South Africa) who process Personal Information as part of rendering services.

Should you disclose your Personal Information to any third party other than Mr D Food, we shall not be liable for any loss or damage arising or suffered by you as a result of the disclosure of such Personal Information to any third party. This is because we do not regulate or control how that third party uses your Personal Information. You should always ensure that you read the privacy policy of any third party.

As a Restaurant Partner, you are solely responsible for maintaining the security of your login credentials (including your password) to your account on the Portal. You shall be responsible for, and be bound by, any activity on your account (whether authorised by you or not) which is done using your login credentials. You shall be responsible for, and be bound by, any activity on your account (whether authorised by you or not) which is done using your login credentials.

Know your rights

Having provided adequate proof of your identity, you have the right to:

• review or update your Personal Information. Please note that as a Restaurant Partner, you can amend your Personal Information through your user account in the Restaurant Portal.
• request a record or description of your Personal Information. Mr D Food may charge a fee in order to provide you with this record of your Personal Information. Where requests to access and amend your Personal Information are manifestly unfounded, excessive or repetitive Mr D Food may charge an administrative fee or refuse the request.
• request to have your Personal Information corrected, destroyed or deleted. Please note that in certain instances where you request your Personal Information to be deleted, Mr D Food will retain your Personal Information subject to any legislative requirement and/or our internal retention policy.
• us complying with your requests upon receipt unless we have credible reason why we cannot comply.
• us indicating where, if we cannot agree whether to correct or delete your Personal Information as requested, that a correction or deletion was requested but was not made.
• inform you if reasonably practicable, should we change your Personal Information and this has an impact on decisions about you.
• notify you of the action taken by us because of your request.
• notify you of unauthorised access to your Personal Information.
• provide you with reasonable evidence of our compliance with our obligations under this policy on reasonable notice and request.
• submit a complaint to the Information Regulator.

How to lodge a complaint with the information regulator

If you have any complaints about this Privacy Policy or our compliance with this Privacy Policy you can lodge a complaint with the Information Regulator.

The contact details of the Information Regulator are available on its website at: https://justice.gov.za/inforeg/

As a Restaurant Partner, you can exercise all your rights set out above in terms of POPIA by navigating to one of the options below:

• Request my data
• Delete my data

This version of the Privacy Policy replaces any preceding privacy policy provisions on our website. We may occasionally update this Privacy Policy. When you use our Platforms the version of the Privacy Policy posted on this page applies to you.