Effective October 2018
Updated July 2019
For the purposes of UK data protection legislation, Ritual is the data controller of your personal information.
Information we collect about you
Information we collect from you
Information we collect from other sources
How we use your personal information
Disclosing your personal information
Cookies and related technologies
Information for our EU customers
Our legal basis for processing data
How you can exercise your rights under the GDPR
Effective October 2018
Updated July 2019
For the purposes of UK data protection legislation, Ritual is the data controller of your personal information.
- User/you: A person who has signed up and is registered with Ritual for the use or potential use of the Service.
Information We Collect About You
Ritual collects your personal information when you interact with us or use our Service, such as when you use our Website or App to place an order. We also collect information about you from other sources described below. We also look at how visitors use our Website to help us improve our Service and optimise customer experience.
In general, we collect information:
- when you create an account with us or you change your account settings;
- when you place an order with us and during the order process; and
- when you browse and use our Website and App and in-store devices.
We also collect information from third party sites, such as advertising platforms and social networking sites.
Information we collect from you:
Ritual collects personal information to deliver our Service to you, including through our Website and App. We collect personal information from you, such as:
- Account Information: We collect information when you create or update your Ritual account. This may include your name, email address, photo, birthday, country, language, currency, password, mobile phone number, social accounts should you choose to connect them, and limited banking information (including related payment verification information). We may also ask you about your preferences; for example, your favourite type of food or any food allergies.
- Your Location: Ritual requires your consent to track geo-location for use of the App. When you use the App through your mobile device, we will track your geo-location information, on a real time basis. Depending on which other products and services you use, we may also collect your precise or approximate location through your IP address or Wi-Fi.
- Ritual collects location information when our App is running in the foreground (i.e. when you are actively using the App). If our App is running in the background, we will only collect your location information when it is required for the fulfilment of your order. For example, if you have an order in progress. Our geo-location tracking will stop once your order is complete.
- You may use the App without enabling Ritual to track your location; however, this will affect the functionality available to you. For example, we would not be able to connect you to restaurants near you.
- Order Information: We collect details related to your use of our Service. This can include:
- what you purchased;
- your order mode;
- date and time of the purchase;
- amount paid for your order;
- pick up information (such as distance and route);
- your payment method; and
- whether you used a promotion code.
- Teams and group ordering features: Ritual’s optional team and group ordering features enable multiple users to place orders with a Restaurant that one member of the group picks up for the team or group. When you join a team or group, Ritual collects information from you and/or your teammates and uses the information about the team/group with which you are associated to provide our Service. We may also collect information about your team’s activities such as your team’s favourite places to eat and discussions you or your team members have through our App or Website.
- Your network and connections: If you provide us access to your address book or social networking connections, we may collect names and other profile information from these sources. If you provide us access to your calendar, we may collect event information from this source (event information may include your response (YES/NO), date and time, location, subject/content, and number of attendees). Also see Referral Programs below.
- User content: We may collect information that you submit when you contact Ritual support, or any information you submit about our Restaurant partners to Ritual including ratings, tags, compliments, photos, or comments. We will also track any content you submit relating to your team, such as team photos, discussions, or tags.
- Usage information: We collect information about how you interact with our Service. This includes information such as access dates and times, which features you used and which web pages you viewed, crashes and other system activity, and third-party sites you were interacting with before using our Service.
- Technical data: When you use our App, we also process technical data such as IP address, Device ID or MAC address, and information about the manufacturer, model, settings, and operating system of your mobile device. We will also capture your application version. When you visit our Website, we may process technical data such as your IP address, visited webpages, the internet browser you use, your previous/next visited websites and the duration of a visit/session.
- Survey or demographic data: We may offer you the opportunity to participate in one of our User surveys or research. Participation in User surveys or research is completely optional. If you choose to participate, we use the information and survey results to help us understand our Users and to tailor and enhance our service offerings and promotions.
- Career information: If you wish to apply for a job on our Website, we will collect personal information such as your name, email address, phone number and additional information such as resume. We use the information collected within this area of the Website to register and process your application, to determine your qualifications for the position for which you have applied, and to contact you.
Information we collect from other sources:
Ritual may also collect and combine personal information about you from other sources. These other sources may include:
- Users providing your information in connection with our referral program:
- Unless or until you activate your referral code, we may store your personal information as provided by the referrer in order to provide you with a relevant offer;
- Users providing your information as part of a dispute;
- business partners such as third-party payment providers, social media services, or other apps and websites that Ritual has integrated with;
- publicly available sources; and,
- marketing service providers.
From time to time, Ritual may also combine information from various sources with information it collects.
How We Use Your Personal Information
- Provide our Service to you: Ritual uses the information we collect to provide, maintain, personalize, and improve our Service.
We will use your personal information to:
- Create and manage your account. This includes using your phone number or email address to verify your identity.
- Show you Restaurants near you. We use your location to allow you to view the Restaurants in your area. Your location also allows us to provide a walk distance and to determine when an order should be placed.
- Facilitate order fulfilment and pick up. If you place an order via Ritual, your order and profile information is shared with our Restaurant partner for the purpose of fulfilling your order in accordance with our contract with you. This includes a photo, if you have chosen to upload one. The Restaurant that is fulfilling your order uses this photo to verify your identity. The Restaurant may also receive information about your company and team, if you have chosen to join a team.
- Facilitate payments through our payment provider.
- Enable the various features of our product for our legitimate interests (further discussed below) where we have considered that these are not overridden by your rights. For example, personalization or sharing features. Personalization features may include showing you recommendations while content features include allowing you to share reviews, ratings, tags, and discussions.
- Troubleshoot software bugs and operational problems.
- If you upload a photograph to your profile, your photograph will be used by the merchant to identify you. This may include having your photograph visible on our in-store device when your order is ready for pick up.
- Teams and other group ordering features: We use your team information to facilitate your order, provide relevant suggestions to you and others on the team/group, and to personalize your experience. We may also notify you of team members who you are most closely associated with, team photos, team posts and discussion, and other details about how your team interacts. We may give your team the ability to assemble in groups that would be visible by other team members. When you offer to pick-up for your team/group, Ritual will send your offer to your team/group using one or more channels including, but not limited to, in-App offers, push notifications, posts to team collaboration software or social networks.
- Joining a team or a group is easy and open to anyone. When you join, all members will be able to see certain basic information, such as your first name and last initial, photo, and team/group affiliation (which may include company name and floor). Ritual may also notify your team/group that you have joined the team.
- User content and communication: Ritual may use content you submit such as ratings, comments, or photos, to make recommendations to other Users and to facilitate the operations of our business. Ritual may also allow Users to communicate with others on their team or with Restaurants. These messages, should you choose to participate, may be accessible by members of your team or Restaurants and by us. Ritual may also allow Restaurants to communicate with users. For example, a Restaurant may contact you directly if there is a problem with your order.
- Research and development: Ritual may use your personal information for testing, research, analysis, and development of our Services. This allows us, for our legitimate interests, to improve our Service improve the in store experience our merchants offer, and to determine where we should offer or focus our Service. We may share this information with third parties for industry analysis and statistics.
- User support: We use your profile, account, and usage information to assist you when you contact User support. This allows us to direct your inquiry appropriately, investigate and assist you with your inquiry, and follow up to ensure the problem does not persist. We may also use your information to monitor and improve our User service responses.
- We may also use your real-time geo-location information to address User or Restaurant support, technical, or business issues that may arise in the course of your use of the App. If you contact Ritual User service while an order is in progress, and it is necessary to use your real-time geo-location information to address your question, our support personnel will seek your consent before consulting your location.
- Communications from Ritual: Ritual uses your contact information to communicate with you about your activity, our Service, your account, and, if we have your prior consent, about Ritual news, special offers, and events. We may also contact you about studies and surveys, if you have permitted us to do so.
- If you have placed an order through the App, we may send you push notifications to your mobile phone to let you know the ongoing status of your order. If you do not want to receive push notifications, you can always withdraw your consent by changing your settings via the settings page of your mobile device.
- If an issue arises while processing your order (e.g. if a café has run out of skimmed milk and you ordered a skinny latte), Ritual may contact you via text message to alert you to the issue. Standard text message and data rates may apply. If you wish to stop receiving text messages from Ritual, respond to a text message with the word ‘STOP’.
- We may also need to communicate with you about your account or Ritual’s Service. For instance, we may send you an email to verify your username and password or let you know when our Service is temporarily suspended for maintenance.
- Only where we have your prior consent to do so, Ritual may also use your contact details to send you general updates regarding Ritual news, special offers, promotions, and contests. If you have entered your information into one of our in-store devices, we may follow up with you regarding your inquiry. We may also display tailored advertisements on third-party websites and other platforms. You may opt-out of receiving these updates at any time by following the instructions in each of our communications.
- Ritual rewards: We also use your order information for the purposes of crediting your Ritual Reward account and otherwise administering the loyalty program.
- Public forums: The Website and the App may offer publicly accessible blogs and community forums. We will use your personal information such as your name, email address, the messages or content you choose to post to administer and provide you with these services.
Disclosing Your Personal Information
- Sharing with our Service Providers: We may employ third-party companies and individuals in Canada, the US or other jurisdictions such as Singapore and in each of the locations where Ritual is present to facilitate or provide certain services on our behalf, such as to process payments, provide User support, provide geo-location information to our Restaurants, to host our job application form, to perform Website-related services (e.g., without limitation, maintenance services, database management, web analytics and improvement of the Website's features) or to assist us in analyzing how our Service is used.
The file containing your personal information will be kept at our offices or on our servers or those of our service providers. Our employees and those of our service provides who require it for the purposes of their duties will have access to this file.
These third parties have access to your personal information only to perform these tasks on our behalf and are contractually bound not to disclose or use it for any other purpose. For additional information about the way in which our service providers treat your personal information, contact us as set out below.
Your personal information may be transferred outside the jurisdiction in which you are situated and may become subject to the laws of the receiving jurisdiction, which may differ from the laws of your jurisdiction. By using our Service, you consent to the transfer of your personal information outside of your jurisdiction for the purpose of storing your personal information or processing it. We may transfer your personal information to the following countries and using the following safeguards outside the European Economic Area (“EEA”) if your personal information is transferred to outside the EEA:
- Canada - European Commission Adequacy Decision
- United States – Model Clauses
If you would like more information about these safeguards, please contact us at firstname.lastname@example.org.
- Sale of Business: We may transfer any information we have about you as an asset in connection with a proposed or completed merger or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of Ritual or as part of a corporate reorganization or other change in corporate control.
- Legal Requests: Ritual, our Canadian and US businesses, and other service providers may provide your personal information in response to a search warrant or other legally valid inquiry or order, or to an organization in the case of a breach of an agreement or contravention of law, or as otherwise required or permitted by applicable Canadian, US or English law. Ritual may also disclose your personal information to the extent that this is legally required, or necessary for the establishment, exercise or defence of legal claims and legal process; to investigate or prevent actual or suspect loss or harm to persons or property; to detect, prevent or suppress fraud; or in the event of an emergency pertaining to your health and/or safety; or to our auditors, legal advisors and other professional advisors.
Invitations to Friends & Family:
If you wish to refer friends or family members to Ritual, you may share your referral code individually with those friends or family members.
- Ritual does not directly collect any personal information when you share your referral code with a friend or family member. If your friend or family members accept the referral offer, we will collect your code from them for the purposes of crediting their/your account with any referral offer to which you may both be eligible.
Above all, nobody likes spam! Please only share your referral code or refer friends or family members who you know are interested in using our Service.
You may request that your favourite Restaurants join Ritual through the App or through our Website. Please only refer Restaurants you have previously purchased from.
Cookies and Related Technology:
Where you have given your consent or where we have a justifiable reason for doing so (and are permitted to do so by law) we will use your information to let you know about our other products and services that may be of interest to you and we may contact you to do so. If you do not wish to receive direct marketing communications from Ritual, you can adjust your email preferences in the App or by clicking the unsubscribe link in our email message to you.
We do not collect children's personal information. Because the Service is not directed towards children under 13, they are not allowed to register with or use the Service or provide personal information. We do not knowingly collect personal information from anyone under the age of 13.
Information for our EU customers:
Our Legal Basis for Processing Data
With respect to personal information subject to the General Data Protection Regulation (“GDPR”), we will only collect and process personal data about you where we have a lawful basis to do so. We will process personal data:
- to perform a contract with you (e.g. to deliver the Ritual Services you have requested),
- where we have legitimate interests to process the personal data or for the legitimate interests of third parties (e.g., your employer or company), provided that such processing shall not outweigh your rights and freedoms. See below for examples of our legitimate interests,
- to protect the vital interests of you or another person;
- to perform a task carried out in the public interest;
- in accordance with a legal obligation; or
- where we have your consent. Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests under the GDPR, you have the right to object. These rights are details below. If you have any questions about the lawful bases upon which we collect and use your personal data, please contact our Data Protection Officer at email@example.com.
As examples of Ritual’s legitimate interest under the GDPR, we may collect, use, communicate and process your personal data for the following purposes to:
- protect you, us, or others from threats (such as security threats or fraud).
- enable or administer our business, such as for quality control, consolidated reporting, and User service.
- manage corporate transactions, such as mergers or acquisitions.
- understand and improve our business or User relationships generally.
- enable us and other Users to connect with each other, find jobs and economic opportunity, express opinions, exchange information, and conduct business.
By using our Service, you consent to this collection, use, communication and processing of your personal information.
How you can exercise your rights under the GDPR
- Under the GDPR, you have the right under certain circumstances to the following:
- Right to be informed: You have the right to be provided with clear, transparent and accessible information about your rights and how we use your personal information.
- Right of access: You have the right to be provided with a copy of your personal information held by us. If you wish to access the information we hold about you, please contact us at firstname.lastname@example.org;
- Right to rectification: You have the right to request the rectification of your personal information. You can request that we rectify any errors in information that we hold by contacting us at email@example.com;
- Right of erasure: You have the right to request the deletion or removal of certain of the personal information that we hold about you by contacting us at firstname.lastname@example.org.
- Right to restrict processing: You have the right to request that we restrict the processing of your personal information. You can request that we restrict the processing of your personal information by contacting us at email@example.com;
- Right to object to certain processing: You have the right to object to certain processing of your personal information, including the right to object to marketing, and request that your personal information be moved to a third-party. You can object by changing your marketing and email preferences, disabling cookies as set out above and in our Cookies Policy, and opting out at any time from allowing further access by us to your location data by updating settings on your device. You can also stop all information collection by un-installing the App. You may use the standard un-install processes as may be available for your mobile device. You can also request certain changes to our data processing by contacting us a firstname.lastname@example.org;
- Right to data portability: You have the right to obtain your personal information in an accessible and transferable format so that you can re-use it for your own purposes with other service providers. This is not a general right however and there are exceptions. You can request that we provide you the data we hold on you by contacting us at email@example.com;
- Right to withdraw consent: Where we rely on your consent to process personal information, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object (as noted above). Withdrawing consent will not however make unlawful our use of your information while consent had been apparent. If you have any questions about the lawful bases upon which we collect and use your personal information, or if you wish to withdraw your consent, please contact us at firstname.lastname@example.org.
- Right to lodge a complaint: You have the right to lodge a complaint about the way we handle or process your information with the national data protection authority.
For more information about your rights under the GDPR, you can visit the European Commission’s website.
How long does Ritual retain personal information?
We will generally retain your personal information until you cancel your Ritual account in order to meet our contractual obligations to you or until it is no longer required for the purposes stated above or to otherwise meet legal requirements.
- our contractual obligations and rights in relation to the information involved;
- legal obligation(s) under applicable law to retain data for a certain period of time;
- statute of limitations under applicable law(s);
- our legitimate interests where we have carried out balancing tests (see section on 'How we use your personal information' above);
- guidelines issued by relevant data protection authorities; and
- other legal purposes.
Otherwise, we securely erase your information where we no longer require your information for the purposes collected.
- After deletion of your account, we will anonymize your data, unless this data is necessary to comply with a legal obligation or resolve disputes. If you wish to cancel your Ritual account or request that we no longer use your information to provide you services, please contact us at email@example.com.
How does Ritual protect personal information?
- Our safeguards: Ritual takes appropriate technical, physical and organizational security measures to protect personal information in our custody and control against unauthorized access, use, modification and disclosure, and accidental loss, destruction and damage. For example, we use standard, industry-wide, commercially reasonable security practices such as encryption, firewalls and SSL (Secure Socket Layers) as well as physical safeguards at the locations where data is stored. However, as effective as encryption technology is, no security system is impenetrable. We cannot guarantee the security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. Any transmission of information by you to Ritual is at your own risk. Where you have chosen a password that allows you to access our Website or App you are responsible for keeping this password confidential. We strongly recommend that you do not share your password with anyone.
Does Ritual use automated decision-making processes?
Fraud detection is conducted in part using automated decision-making processes. We conduct fraud checks on all of Ritual’s customers. Where we believe there may be fraudulent activity, we may block you from placing an order and from using our Website or App. We also may also use automated decision-making processes to extend certain benefits or rewards to you such as discounts at particular Restaurants. Please see our rights section above to better understand your rights under the GDPR.
How do I contact Ritual?