Privacy Statement for Customers
This privacy statement (“Statement’’) explains how restaurantongo.com.au and its subsidiaries and affiliates (“RONGO”, “we”, “us” or “our”) collect, use, disclose, and otherwise process personal data andapplies to the processing of personal data of customers who make use of one of our platforms and products, including order website, app, platform and products, RONGO’s platform, products and services for business (‘’RONGO for Business’’) (collectively, the “Services”) to place orders with a restaurant partner, grocery store, convenience store or other business partner (“Partner(s)”) which offers products or services for delivery via our Services.
We may use your personal data to provide delivery services for orders placed on the Partner’s own website, application or ordering platform. In such circumstances, we will process data received from such Partner(s) in accordance with this Statement.
This Statement applies also to the processing of the personal data of all customers’ assigned employees and users who make use of one of our RONGO for Business products and platform.
At RONGO we are committed to protecting the privacy of everyone in our community.
What personal data we process and why
Personal data, in this Statement also referred to as “your data”, means any information or set of information from which we are able, directly or indirectly, to personally identify you, in particular by reference to an identifier, e.g. name and surname, email address, phone number, etc. It does not include data where the identity has been removed (anonymous data).
Whenever you interact with RONGO via our Services we collect and process your personal data. RONGO may process your personal data for the following purposes:
1.Ordering process
Name
Address data
Contact data
Order and transaction data
Payment data
As part of our Services we may sell products that may reveal sensitive personal data, such as health-related information (allergies or dietary requirements), information about your religion (such as if you only eat halal food), information about your medical condition (e.g. drugs, medicines, medical devices, medicated creams, food supplements or herbal/homoeopathic products) or about your sexual orientation via our Partners. We will collect and process this data with your consent as part of your order.
2.Partner & courier reviews
After your order, you may be asked to provide a review with the Partner or courier and we may offer you the opportunity to submit a review of Partners and/or couriers. Depending on the circumstance, we may rely on your consent or the fact that the processing is necessary to fulfil a contract with you, or to comply with law.
3.Customer Services and Support
When you contact our customer services support, we will use the personal data you provide to answer your question or handle your complaint. We may collect personal data under call recordings to provide customer support, including to investigate and address user concerns and to monitor and improve our customer support responses and processes.
We may also collect your personal data if you submit us a notice in relation to presence of any suspected item in our Services which you may consider as ‘’illegal content’’ as defined in the EU Regulation 2022/2065 of the European Parliament and of the Council (‘’Digital Services Act’’) and also to provide you with an access to internal complaint handling system and/or to take required suspension measures and protection against misuse of our Services as required by the Digital Services Act .
Depending on the circumstance, we may rely on your consent or the fact that the processing is necessary to fulfil a contract with you, or to comply with law. We may process the following personal data for customer service purposes:
Name
Address data (if applicable)
Contact data
Order and transaction data
Payment data (if applicable)
Comments (if applicable)
Content of correspondences between you and customer services department
Any other content that may be required for compliance with the Digital Services Act
4. Customer Accounts
5.Customer research
To make sure that our Services are aligned with your preferences and to improve our Services and platforms, RONGO may approach you to conduct customer research; such as but not limited to, surveys. We only send you these types of communications with your prior consent unless this is not necessary according to the applicable law. Participation in the customer satisfaction surveys is completely voluntary. If you do not wish to receive these surveys you can unsubscribe from them in the messages itself. We may process the following personal data for research purposes:
Name
Contact data
Order and transaction datav
Research input
6.Marketing
We also process your personal data to be able to send you (personalised) marketing communications and notifications to administer, support, improve and develop our Services. Such messages may include the latest news, discounts, and updates about new Partners, and other communications that may be subject to direct marketing. We rely on your consent unless your consent is not necessary according to the applicable law. Whenever you want to change your preferences with respect to receiving such communications, you can unsubscribe using the unsubscribe link in the messages, in your account settings or by contacting us. We may process the following personal data for marketing purposes:
Name
Address data
Contact data
Order and transaction data
Review(s) (optional)
Campaign data (optional)
In order to enable us to personalise your user experience with RONGO and optimise our Services offered to you, we may use automated decision making and profiling for marketing purposes. Please refer to ‘’Automated Decision Making and Profiling’’ section below for further information.
7.Cookies
RONGO uses cookies or similar technologies for functional, analytical, and marketing purposes. Data processed for cookie purposes defer per purpose (functional, analytical or marketing) and depend on the preferences set by you.
Please refer to our Cookie Statement for further information about our use of cookies and/or similar technologies. You can always change your cookie settings via our preferences center and/or your settings in the tool you use to browse. Please note that disabling cookies may deny you the ability to use some of the Services and/or features on the website or impair your user experience.
8.Fraud prevention
We also process personal data to prevent fraud and other forms of misuse on and via our Services. Depending on the circumstance, we may rely on your consent or the fact that the processing is necessary to fulfil a contract with you, or to comply with law. We may process following personal data for fraud prevention purposes:
Name
Order and transaction data
Payment data
Device information
IP address
Browser information
9. Campaigns
RONGO may launch specific campaigns or contests in connection to its Services. Joining RONGO campaigns or contests is always on a voluntary basis. We may rely on your consent unless your consent is not necessary according to the applicable law. You can always withdraw your consent via the contact data provided to you within the campaign or by contacting us.
We may process the following personal data for campaigning purposes:
Name
Contact data
Order and transaction data (optional)
Campaign data (optional)
10. RONGO for Business
We process personal data if you use your RONGO for Business allowance to pay for an order you placed via our Services, when using or interacting with RONGO for Business products and services, to issue and ship the RONGO for Business card, and/or to provide you with the digital allowance. Depending on the circumstance, we may rely on your consent or the fact that the processing is necessary to fulfil a contract with you, or to comply with law. The following personal data may be processed in connection with RONGO for Business:
Name
Address data
Employment data (job role, department, contractual hours)
Contact data
Allowance data
Order and transaction data
RONGO for Business card information
Payment data
The RONGO for Business card is partnered with card issuing and card transaction services provider Adyen, which also qualifies as an independent data controller. The processing of some of the above personal data by Adyen is covered by the Adyen's privacy statement, which can be viewed here Adyen’s privacy statement and we recommend you to read as this applies in addition to this Statement.
Additional purposes
We will only use your personal data for the purposes described above. If we want to use the data for a different purpose, we will take appropriate measures to inform you, consistent with the significance of the changes we make. Depending on the circumstance, we may rely on your consent or the fact that the processing is necessary to fulfil a contract with you, or to comply with law.
How we collect your personal data
We acquire, process and retain your personal data, as well as personal data about devices you use to navigate to RONGO platforms (e.g. your computer, mobile or other means), which you provide to us by ordering, creating an account or otherwise by contacting us.
Personal data that you provide voluntarily: We may receive personal data provided from you when you place your order, create an account with us or provide for your marketing preferences or customer reviews in connection to our Services.
Personal data that we collect automatically: With your prior consent or when permitted by applicable law, when you browse our platforms, we may automatically collect technical data about your equipment, browsing activities and patterns. We use this personal data by using cookies, server logs and other similar technologies. These self-learning algorithms generate content that they use to personalise your user experience, selecting in particular those items that you are interested in, as well as to support the overall optimisation of our Services. For our cookie policy, please refer above (Cookies) for more information.
We may allow you to use social media sites to create your account or link your account to the relevant social media site. These social media sites may provide us with automatic access to certain personal data they hold about you (e.g. content viewed by you, content liked by you, and information regarding the advertisements you have been shown or may have clicked on). Where we receive such information, we may use this information to further personalise your experience with us in line with your marketing preferences.
Our Services are not intended for persons defined as underage by applicable local laws, nor do we intend to collect personal data of visitors who are under the defined legal age. However, we are unable to verify visitors’ ages. We therefore advise parents and/or legal guardians to monitor their children's online activities, to prevent their personal data being collected without parental consent. If you feel that we have collected personal data of a minor without consent, please contact us. We will then proceed to erase this data.
Automated decision-making and profiling
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. In the performance of the contract with you, and/or to the extent necessary to fulfil our obligations or where necessary to improve our platforms and Services for our legitimate interest, RONGO uses automated decision making and profiling. For example, RONGO uses your address data and/or location data to select available Partners in your local area. We also use automated decision-making in complying with our legal obligations to prevent money laundering, terrorism financing, and other criminal offences.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you. If you want to object to this type of processing, you can contact us via our privacy form. We will then proceed to reassess the situation and/or provide you with more information about why and how such automated decision was made.
How long we keep your data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, tax, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Sharing your personal data in terms of RONGO for Business
If you use your RONGO for Business allowance to pay for an order you placed via our Services or by using RONGO for Business card, RONGO shares personal data (such as email address and data about your order and allowance) with the person that grants you the allowance (which might be your employer, business partner etc.) for performing our contract with this person. Please note that the person that grants you the allowance has its own responsibility and obligation with respect to the processing and protection of your personal data. If you have any questions about how your personal data is used by this corporate entity, please contact them directly. The person that grants you the allowance also shares personal data with us to allow us and the RONGO for Business card service providers to provide services to you.
Where your data gets sent
If you are in the European Economic Area (EEA), Israel, Australia, New Zealand and Canada, please be aware that we may process and/or transfer your personal data outside of the EEA Israel, Australia, New Zealand and Canada. This may include transferring it to or accessing it from other jurisdictions, including jurisdictions that may not provide a level of protection equivalent to the your local- and/or data protection laws (“Non-Adequate Country”). Where we transfer personal data outside the EEA, Israel, Australia, New Zealand and Canada we will take into account any applicable statutory obligations relevant to personal data transfers, and in Non-Adequate Country, we will rely on appropriate safeguards, including EC approved standard contractual clauses or other lawful binding transfer mechanism pursuant to the applicable data protection law.
Personal data rights, questions or complaints
We inform you that, with regard to the personal data, you can exercise the rights provided for by applicable data protection laws, which may include: the right to request access to, rectification of, or erasure of personal data or restriction of processing, and to object to processing, the right to data portability, to withdraw your consent at any time (without prejudice to the lawfulness of the processing based on the consent given prior to the withdrawal) as well as to lodge a complaint with a supervisory authority directly.
To exercise your rights please contact us.
We will do our best to address your request in time and free of charge, except where it would require an excessive and disproportionate effort. In certain cases, we may ask you to verify your identity before we can act on your request.
Regarding requests related to processing or sharing of personal data related to RONGO Pay and/or RONGO Pay Card, please contact the person that grants you the RONGO Pay allowance (which might be your employer, business partner etc.). This is required because RONGO and the person that grants you the allowance have a separate responsibility with respect to the processing and protection of your personal data.
If you have any other questions or complaints about the processing of your personal data, we will be happy to contact you. We would also like to hear from you if you have tips or suggestions on how to improve our Statement.
Security
RONGO takes personal data protection very seriously and we therefore take appropriate measures to protect your personal data against misuse, loss, unauthorised access, unwanted disclosure, and unauthorised alteration. If you feel that your personal data are not adequately protected or there are indications of misuse, please contact us on privacy form.
How to contact us
Unless otherwise indicated, restaurantongo.com.au. is the controller of your personal data.
If you need to contact us to make requests or if you have any questions and concerns about this Statement and/or our privacy practices and processing activities, please contact us via our privacy form
Updates to this privacy Statement
We may update this Statement from time to time in response to changing legal, technical or business developments. When we update our privacy Statement, we will take appropriate measures to inform you, consistent with the significance of the changes we make. Where required by applicable data protection law, we will obtain your consent to any material changes to this Statement.
For clarification, it should be noted that the use of the term “Partner” or any similar expression in this Statement does not imply or establish a partnership, employer-employee, or agency relationship of any kind between the mentioned party and RONGO.
We encourage you to periodically review this Statement for the latest information on ourprivacy practices.
To the extent we have local language versions, the English version of this Statement shall prevail in case of conflicts between the different language versions.
This Statement may be updated and was last updated on 08.03.2023