Vendor Privacy Statement - Singapore
This Privacy Statement aims to clarify what personal data we process, why we process it, who receives your data and how you can exercise your legal rights. Accordingly, in this Privacy Statement, “personal data” means any information which directly identifies you as a person (like the combination of your full name and address), or can be used to identify you as a person (like a user ID connected to your identity). Similarly, “processing” refers to any operation performed on your personal data, for example the collection, storage, use, disclosure, or destruction of your personal data.
1. Who are we?
We are Delivery Hero (Singapore) Pte. Ltd. and we are located at 63 Robinson Road, #11-01 Afro Asia, Singapore 068894.
As regards your privacy, it’s us who decide how and for what purposes your personal data is processed. In data protection language that makes us a so-called “Data Controller” (the party responsible for how your personal data is processed.
If you have any questions related to your personal data, you can reach Delivery Hero (Singapore) Pte. Ltd.’s data protection officer for any privacy-related questions or feedback by mailing to dataprotection@foodpanda.sg.
2. What categories of personal data do we process?
| Data Categories | Explanation |
|---|---|
Company Information
|
ACRA business profile (including details on the Full Name, Business registration number, Registered business address, Date of incorporation, Country of incorporation of the Company, Individual Information of (i) connected parties, (ii) beneficial owners, and (iii) natural persons appointed to act on behalf of the Company), Tax ID, Geolocation Data, Order Data, Trading Licence, Contact Data, Order History. |
Individual Information |
NRIC (including details on the Full name, Unique identification number, Residential address, Date of birth, Nationality), and additionally where the vendor is an individual, the Contact Information and the Singapore Food Agency Licence. |
Technical Information |
Device Data, Usage Data |
Order Information |
Order IDs, Product Names and Quantities, Order History, Delivery Related Data |
Financial Information |
Bank Account, Tax ID, Payment Recipient Data. |
Customer Support Information |
Content of Support Chat |
3. What do we do with your personal data?
In order to provide services on our vendor portal, we use various tools and systems that are necessary for the operation of the app. Accordingly, we collect, process and store the following categories of personal data when you use the app.
We process the above categories of personal data for the following purposes:
| Purpose | Description and Legal Basis |
|---|---|
Account Creation and Maintenance |
The information we request during the account creation process is necessary to take the first step in establishing a business relationship with you so that we can provide you with our services. We only ask for your data that is necessary for this purpose.
|
Order Processing & Delivery |
Following information is necessary for us to conclude your order and ensure the successful delivery.
|
Payment |
On a regular basis, your information will be shared with payment providers to facilitate the payment process.
|
Product Analytics |
We analyse the usage of the Vendor Portal in order to ensure its security, optimization and effectiveness. Accordingly, Vendor Portal generates and uses anonymous information about the device you used to access.
|
Communication |
Different tools are used for communication between you and the partnering entity via email, pushes, SMS or messaging platforms such as WhatsApp, etc. The purpose of the processing is the communication of necessary information between the parties involved to ensure we can adequately process your order.
|
Direct Marketing/ Online Marketing |
We may send you newsletters and promotions via email, pushes, SMS or messaging platforms such as WhatsApp, etc. informing you about new offers, deals or campaigns that are available for you on our platform. We may use the contact details you provided to us when registering as a partner to send you such communications. Opt-Out You can opt out at any time by updating your message preferences, and using the unsubscribe possibility offered in connection with any direct marketing messages or by contacting us via the email address provided above.
|
Our legal basis for processing your personal data are the legal provisions in your jurisdiction permitting the data processing or the purpose of performance of a contract or in order to take steps at your request prior to entering such a contract.
4. Who will receive your data and under what circumstances?
You can trust that, within our company, only those staff members will receive access to your personal data who need them in order to fulfill their professional duties, such as providing you with a great online experience, or looking into your support request. In certain scenarios, we also need to share your personal data with recipients outside of our company. Please be assured that your data is shared with these recipients only to the extent necessary for the specified purposes and only as we are legally permitted to do so.
A. Delivery Hero group companies
We are part of an international group of companies with legal entities in many parts of the world, including our group’s headquarters located with Delivery Hero SE in Berlin, Germany. In order to utilize our resources efficiently and ensure that our business processes function properly, we utilize our group-wide shared technological support services that sometimes necessitate sharing personal data with our parent company, Delivery Hero SE, or with the locations of our global tech hubs. In certain situations, we might also share limited data with other group companies, for example, to assist with payment collection or to implement platform security measures.
Delivery Hero group companies are bound by strict intra-group data transfer agreements ascertaining compliance with data protection requirements whenever sharing personal data with group companies.
B. Data processors
We use various third-party service providers to perform our operations. Many of these providers process your personal data as so-called “data processors”. This means they are only allowed to process your personal data under our instructions and have no claims whatsoever to process your personal data for their own, independent purposes. Our processors are strictly monitored and we only engage processors who meet our high data protection standards.
Our user platforms and databases run on cloud resources provided by the EU subsidiaries of Google Cloud Platform and Amazon Web Services. We use marketing and communications tools by companies such as SalesForce or Braze. Our finance and accounting platforms are provided by SAP.
C. Other third parties and service providers
In addition to data processors, we also work with third parties, to whom we share your personal data, but who are not bound by our instructions and instead will process your data independently. These may be our consultants, lawyers or accountants who receive your data from us under a contract and process your personal data for legal reasons, or to protect our own interests. Under no circumstances will we sell or rent your personal information to third parties without your explicit, informed consent.
D. Mergers & acquisitions, change of ownership
In the event of a merger with, or acquisition by, another company or group of undertakings, we may need to disclose limited information to that company and their advisors who are under professional obligations to maintain the confidentiality of your personal data. This may occur in circumstances such as mutual due diligence assessments and regulatory disclosures.
In any event, we will ensure that we only disclose the minimum amount of information necessary to conduct the transaction, while also carefully considering the feasibility of removing or anonymising any data that could identify individuals.
E. Prosecuting authorities, courts and other public authorities
From time to time we may be requested to disclose personal data to public authorities. In some circumstances, we may disclose personal data with public bodies in order to bring or defend legal claims, to protect our rights and interests, or to address security concerns.
Examples of such situations include cooperating in the detection and prevention of crime, responding to legal processes such as court orders or subpoenas, or sharing data with tax authorities for tax-related purposes. The public authorities involved in these scenarios may include law enforcement agencies, courts, tax authorities, or other government officials.
5. How do we transfer your personal data to other countries?
We and the parties we share your personal data with may transfer personal data to countries other than the country in which you use our services. Where such transfers take place, we take appropriate measures to ensure that your data is always afforded an adequate level of protection in the countries to which it is transferred.
For example, if we transfer your personal data from a country within the European Economic Area (EEA) to a country outside of the EEA, we take appropriate safeguards to ensure that these transfers provide a level of protection that complies with data protection requirements. If there are specific further requirements of the law of the country in which you use our services, we will abide by them as well.
Specifically as far as transfers from Singapore to countries outside Singapore are concerned, we rely on a number of appropriate safeguards:
● Any contract that (i) requires the recipient to provide to the personal data transferred to the recipient a standard of protection that is at least comparable to the protection under the Personal Data Protection Act 2012; and (ii) specifies the countries and territories to which the personal data may be transferred under the contract;
● Any binding corporate rules that (i) require every recipient of the transferred personal data to provide to the personal data transferred to the recipient a standard of protection that is at least comparable to the protection under the Personal Data Protection Act 2012; and (ii) specify the recipients of the transferred personal data to which the binding corporate rules apply; the countries and territories to which the personal data may be transferred under the binding corporate rules; and the rights and obligations provided by the binding corporate rules; or
● Any other legally binding instrument.
6. What are your legal rights?
Under the data protection laws, you are entitled to the following rights:
|
Right to access |
You have the right to access your personal data and obtain additional information on how we process it. You may also request a copy of your personal data. |
|
Right to rectification |
If you notice that your personal data is incorrect, you can always request that we correct it. |
|
Right to withdraw your consent |
You have the right to withdraw your consent to our processing of your personal data. Please note that even if you exercise this right, we may be required to retain some of your information if we process it as part of our legal obligations, or in pursuit of our own (or a third party’s legitimate interests) such as the assertion of, or defense against, legal claims, preventing fraud or protecting ourselves or others against abusive behavior. |
To exercise your rights, we encourage you to use the functions available in your account at any time. For example, if you would like to delete your data, or receive a copy of it, you can directly do so by following the relevant steps in your profile. These self-service methods are designed to expedite the process of fulfilling your rights. Alternatively, you can also reach out to dataprotection@foodpanda.sg.
7. How long do we keep your data?
We retain your personal data for as long as it is necessary to achieve the purposes we described above. The duration for which we retain your personal data is determined by factors such as the scope, nature and purposes of the personal data processing, and whether we have legitimate interests or legal obligations that require us to retain your personal data.
8. How do we use Artificial Intelligence (AI)?
We may use artificial intelligence (AI) to improve our services and vendor experience. Artificial Intelligence may be used, for example, to provide personalized content, recommend products, AI Agent chatbot or support customer service. These technologies may collect and process personal data provided by you.
Our intention is not to collect sensitive personal data through the usage of AI. We therefore ask that you avoid providing any type of sensitive personal data.
In some cases, we may use third-party AI services to power certain features. When we do, we ensure that these partners comply with applicable laws and the highest data privacy standards. We may share your data with these third parties only to the extent necessary for them to perform their services, and we require them to protect your data in a manner consistent with this privacy statement.
We will let you know when you are interacting with AI. If you have any inquiries regarding this process, you have the right to contact support agents and request human intervention. Furthermore, you have the right to opt out of AI related data processing at any time.
9. Changes to this Privacy Statement
We may update this Privacy Statement to reflect our new processes, new technologies, and legal obligations. We are committed to keeping you informed of any changes to our privacy practices, so we encourage you to review this privacy statement to keep updated.
Last modified: March 2026