Ritual Privacy Policy

Effective as of February 20th, 2020

  • Introduction
  • Personal information we may collect about you
  • How we collect your personal information
  • Purpose for which we use your personal information
  • Disclosing your personal information
  • International transfers
  • Children
  • Cookies and other similar technologies
  • Legal rights
  • For California residents
  • Data retention period
  • Safeguarding your personal information
  • Does Ritual use automated decision-making processes?
  • Updates to Ritual’s Privacy Policy
  • Contacting Ritual

Introduction

This Privacy Policy explains how and why we collect, process, and use your personal information. It also explains legal rights you may have to your personal information, depending on the jurisdiction in which you reside.

Personal information is information that can or does identify you as an individual, on its own or when combined with other information. Ritual collects personal information from you whenever you interact with us or use our Services, such as when you use our Website, App, or any of our in-store devices. If you have any questions about this Privacy Policy or how Ritual handles your personal information more generally, please contact us at [email protected].

Personal information we may collect about you


We strive to provide you secure, relevant and efficient services to help you turn your routine into Ritual. To do so, we may collect your personal information as described below.

Profile Data. For example, your first name, last name, photograph, social media account information, username, password, birthday, language preference. This information is generally collected from you and third parties.

Contact Data. For example, your telephone number, email address. This information is generally collected from you and through our referral program.

Team Data. For example, your employer, office address, floor where your office is located, team members, team photos, team activities, team favourite restaurants, team discussions through the App or website, and tags. This information is generally collected from you, third parties, and through our referral program.

*Note: Joining a team is easy. Anyone can join a team and can view team members before requesting to join. All team members will be able to see certain information about you, such as your first name, last initial, photo, and team / group affiliation (incl. company name and floor).

Financial Data. For example, the last four digits of your credit card number, credit card type, expiration number, and default currency. This information is generally collected from you.

Location Data. For example, your geo-location information, postal or zip code, and country. This information is generally collected from you.

Technical Data. For example, your Internet Protocol (IP) address, Device ID or MAC address, information about the manufacturer, model, settings, and operating system of your mobile device, and application version. This information is generally collected from you and third parties.

Transaction Data. For example, the history of your purchases and your order details. This includes:

  • what you purchased;
  • your order mode;
  • date, time of purchase;
  • amount paid for order;
  • pick up information (such as distance and route);
  • payment method;
  • team or group with which you placed an order;
  • in-App notes or discussions; and
  • whether you used a promotion code.

This information is generally collected from you.

Browsing Data. For example, webpages you visited/viewed, internet browser, access dates and times, which features you used, duration of visit, crashes and other system activity, and third-party sites you were interacting with before using our Service. This information is generally collected from you and third parties.

Communications or Marketing. For example, any information you submit about our Restaurants including ratings, tags, reviews, photos or comments, team discussions through the Website or App, tags, team members, team photos, your preferences in receiving emails and direct marketing from us, and information you submit when you contact Ritual support. This information is generally collected from you and from third parties, including your team members.

Survey Data. For example, if you choose to participate in one of our User surveys or research initiatives, we collect your answers and use the information and survey results to help us understand our Users and tailor our service offerings. This information is generally collected from you.

Career Data. For example, if you apply for employment with Ritual, we will collect the employment information you submit, including name, contact information, and résumé. This information is generally collected from you.

Invitations to friends & family

If you wish to refer friends or family members to Ritual, you may share your referral code individually with those friends or family members.

Ritual does not directly collect any personal information when you share your referral code with a friend or family member. You will, however, receive certain communications from us about your referrals. For example, you will be notified if your friend or family member accepts the referral offer and when they make their first purchase. We may also use the referral code for the purposes of crediting their/your account with any referral offer to which you may both be eligible.

Above all, nobody likes spam! Please only share your referral code or refer friends or family members who you know are interested in using our Service.

Restaurant referrals

You may request that your favourite Restaurants join Ritual through the App or through our Website. Please only refer Restaurants you have previously purchased from.

How we collect your personal information

We collect personal information about you in the following ways:

Information you give us

We collect and store personal information you give us as described above. For example, we collect personal information from you when you:

  • register an account, join a team, submit comments or reviews on the Website or the App;
  • use our Website, App or in-store devices;
  • contact our customer support services;
  • complete a survey;
  • communicate through the Website or App.

Information we collect from others

Ritual may also collect and combine personal information about you from other sources. These other sources may include:

  • Users providing your information in connection with our referral program:

-Unless or until you activate your referral code, we may store your personal information as provided by the referrer in order to provide you with a relevant offer.

-If you decide to activate the referral code, we will use the personal information you provide us (including your name and email address) for the purposes of processing the relevant offer and answering any queries you may have. Once you open an account with us, we will credit your account and continue to use your personal information in accordance with this Privacy Policy

  • Users providing your information as part of a dispute;
  • business partners such as third-party payment providers, social media services, data aggregators, or other apps and websites that Ritual has integrated with; and
  • marketing service providers.

Purpose for which we use your personal information

Below we explain the purpose for which we use your personal information and the legal basis for processing your data:

Profile Data

Your Profile Data may be used to assist you when you contact User support, to direct your inquiry appropriately, and follow-up to ensure the inquiry has been satisfied.

We may share your Profile Data with our Restaurants for the purpose of managing the relationship with you, including to fulfil your order and at pick up. This may include sharing your photo, if you have chosen to upload one. The Restaurant that is fulfilling your order can use your photo to verify your identity. It may also include sharing specifics about customer reviews and complaints with our Restaurants.

Ritual may also share with our Restaurants analytics on App usage and customer trends, including first name and last initial of the top customers of the month, for promotional purposes. We do not share your contact information with our Restaurants without your express consent.  

Our legal basis for processing this information includes:

  • performance of a contract with you;
  • our legitimate interest to communicate with our Restaurants about trends in User uptake of the Services with their restaurant, and to help us and our Restaurants improve services with our Users.  

Contact Data

Your Contact Data may be used to assist you when you contact User support, direct your inquiry appropriately, and to follow-up to ensure the inquiry has been satisfied. This may include sharing specifics about customer reviews and complaints with our Restaurants.

Your Contact Data may also be used to facilitate order fulfilment and pick up, communicate with you about your activity, our Service, your account, and, if we have your prior consent, about Ritual news, special offers, and events. We may also contact you about studies and surveys, if you have permitted us to do so.

We may also communicate with you via text message for various reasons. Standard text message and data rates may apply. If you wish to stop receiving text messages from Ritual, respond to a text message with the word ‘STOP’.

Our legal basis for processing this information includes:

  • consent;
  • performance of a contract with you;
  • our legitimate interest to contact you about our Services and your account information.

Team Data

Ritual offers corporate meal plans and team ordering features. These features enable multiple users to place group orders with a Restaurant that one member of the team picks up for the rest.

When you join a team, including if you form a private team, Ritual collects information from you and/or your team members to provide our Service.

We use Team Data to notify teams when new members join. We also enable and collect the sharing of team photos, team posts and discussions, and other details about how your team interacts.

When you offer to pick-up for your team, Ritual will send your offer to your team using one or more channels including, but not limited to, in-App offers, push notifications, posts to team collaboration software or social networks.

The Restaurant may also receive some Team Data, such as team members, orders, and frequency of use with their restaurant.

Our legal basis for processing this information includes:

  • Our legitimate interest to facilitate fulfillment of your order, ease of communication between team members, provide relevant suggestions to you and others on the team, and to personalize and improve your experience with our Service.

Financial Data

Financial Data is used to process payments for your orders. Your full payment details are provided to a third-party payment processing provider. We do not receive or retain your full financial information.

We accept payment from Stripe as well as from other payment services such as Apple Pay, Google Pay or IDEAL, depending on your location.

Information that you supply to our payment processing provider is not within our control and is subject to the provider's own privacy policy and terms and conditions. We may change our payment processing providers from time to time and will update this Privacy Policy to reflect such changes.

Our legal basis for processing this information includes:

  • performance of a contract with you;
  • our legitimate interest to fulfil orders and to prevent fraud.

Location Data

Location Data is used to facilitate order fulfilment and pick up, show you Restaurants near you, personalize our marketing content to you, and offer you local promotions and discounts, where applicable.

Location Data is also used to address User or Restaurant support, technical, or business issues that may arise in the course of your use of the Services.

Your location allows us to gauge walking distance to inform when an order should be placed. Depending on which other products or services you use, we may also collect your precise or approximate location through your IP address or Wi-Fi. For example, this can help with team orders to approximate when food will be delivered.

We collect location information when our App is running in the foreground (i.e. when you are actively using the App). If our App is running in the background, we will only collect your location information when it is required for the fulfilment of your order. For example, if you have an order in progress, our geo-location tracking will stop once your order is complete.

In some circumstances such as when you are using the Website, you may use Ritual without enabling us to track your location. Doing so may affect the functionality available to you. For example, we would not be able to connect you to restaurants near you.

We may combine your Profile Data with your Location Data or with other third-party data to draw inferences about where you work.

Our legal basis for processing this information includes:

  • our legitimate interest to prevent fraud, improve our services and provide appropriate support services to you, improve our business;
  • our legitimate interest to provide administration and IT services, network security, and to maintain the technical operations of our services.

Transaction Data

Transaction Data may be used to assist you when you contact User support, to direct your inquiry appropriately, and follow-up to ensure the inquiry has been satisfied. This may include sharing specifics about customer reviews and complaints with Restaurant partners. It may also be used:

  • to facilitate order fulfilment and pick up. If you place an order via Ritual, your order and Profile Data may be shared with our Restaurants for the purpose of fulfilling your order;
  • to credit your Ritual Reward account and otherwise for administering the loyalty program;
  • for internal analytical and business improvement purposes.

Restaurants have access to your order history to improve services delivered to you.

Our legal basis for processing this information includes:

  • our legitimate interest to provide relevant offers to you, understand how you use our services, grow our business and to inform our business and marketing strategies.

Browsing Data

Browsing Data may be used to:

  • troubleshoot software bugs and address operational problems;
  • personalize our services and communications. Personalization features may include showing you recommendations while content features include allowing you to share reviews, ratings, tags, and discussions;
  • for testing, research, analysis, and development of our Services.

We may also share this information with third parties for industry analysis and statistics such as Google Analytics.

Our legal basis for processing this information includes:

  • our legitimate interest to improve our services, troubleshoot software bugs and operational problems, deliver relevant content to you.

Communications or Marketing Data

If you have placed an order through the App, we may send push notifications to your mobile phone to let you know the ongoing status of your order. If you do not want to receive push notifications, you can always withdraw your consent by changing your settings via the settings page of your mobile device.

Ritual may use content you submit such as aggregate ratings, comments, or photos to make recommendations to other Users and to facilitate the operations of our business.

Ritual may also allow Users to communicate with others on their teams or with Restaurants. These messages, should you choose to participate, may be accessible to members of your team or Restaurants and by us. Ritual may also allow Restaurants to communicate with users. For example, a Restaurant may contact you directly if there is a problem with your order.

The Website and the App may offer publicly accessible blogs and community forums. We will use your personal information such as your name, email address, the messages or content you choose to post to administer and provide you with these services.

Only where we have your prior consent to do so, Ritual may also use your Contact Data to send you general updates regarding Ritual news, special offers, promotions, and contests.

If you have entered your information into one of our in-store devices, we may follow up with you regarding your inquiry. We may also display tailored advertisements on third-party websites and other platforms. If you do not wish to receive direct marketing communications from Ritual, you can adjust your email preferences in the App or by clicking the unsubscribe link in our email message to you.

Even if you opt-out of receiving direct marketing, we may still send you non-promotional messages to administer your account and/or for purposes of facilitating, completing or confirming a commercial transaction that you have previously agreed to enter into with us. For example, we may send you an email if we have made material updates to this Privacy Policy or Terms and Conditions of Service.

Our legal basis for processing this information includes:

  • consent;
  • our legitimate interest to communicate with you about your account and other administrative issues;
  • performance of a contract with you.

Survey Data

We may offer you the opportunity to participate in one of our User surveys or research. Participation in User surveys or research is completely optional. If you choose to participate, we use the information and survey results to help us understand our Users and to tailor and enhance our service offerings and promotions.

Our legal basis for processing this information includes:

  • consent.

Career Data

Your Career Data may be used to register and process your application, determine your qualifications for the position for which you have applied, and to contact you. We retain you career data indefinitely unless you ask us to delete your data.  

Our legal basis for processing this information includes:

  • Our legitimate business interests to evaluate your credentials for possible employment at Ritual.

Disclosing your personal information

Sharing with our Service Providers

We never monetize your data. We may employ third-party service providers (e.g. back-end data analysis, data security monitoring and assessment, customer support services, payment processors, etc.) and individuals in Canada, the United States or other countries such as Singapore, the Philippines and in each of the locations where Ritual is present, to facilitate or provide certain services on our behalf, such as to process payments, provide User support, provide geo-location information to our Restaurants, to host our job application form, to perform Website-related services (e.g., without limitation, maintenance services, database management, web analytics and improvement of the Website's features) or to assist us in analyzing how our Service is used.

Your personal information will be kept at our offices or on our servers or those of our service providers. Our employees and those of our service providers who require it for the purposes of their duties will have access to your information when and as required.  

These third parties have access to your personal information only to perform these tasks on our behalf and are contractually bound not to disclose or use it for any other purpose. For additional information about the way in which our service providers treat your personal information, contact us as set out below.

Sale of Business

We may transfer any information we have about you as an asset in connection with a proposed or completed merger or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of Ritual or as part of a corporate reorganization or other change in corporate control. The legal basis for such data processing is Art. 6(1)(b) or (f) GDPR.

Legal Requests

Ritual, our businesses around the world, and other service providers may provide your personal information in response to a search warrant or other legally valid inquiry or order, or to an organization in the case of a breach of an agreement or contravention of law, or as otherwise required or permitted by applicable Canadian, US, English or other applicable law. We ground such data processing on Art. 6(1)(c) or (f) GDPR. Ritual may also disclose your personal information to the extent that this is legally required, or necessary for the establishment, exercise or defence of legal claims and legal process; to investigate or prevent actual or suspect loss or harm to persons or property; to detect, prevent or suppress fraud; or in the event of an emergency pertaining to your health and/or safety; or to our auditors, legal advisors and other professional advisors. The legal basis for this data processing is Art. 6(1)(f) GDPR.

International transfers

Your personal information may be transferred outside the jurisdiction in which you are situated and may become subject to the laws of the receiving jurisdiction, which may differ from the laws of your jurisdiction. By using our Service, you consent to the transfer of your personal information outside of your jurisdiction for the purpose of storing your personal information or processing it.  We may transfer your personal information to the following countries and using the following safeguards outside the European Economic Area (“EEA”) if your personal information is transferred to outside the EEA:

  • Canada – European Commission Adequacy Decision
  • United States – Model Clauses or self-certification under the Privacy Shield

Where your personal information is transferred outside the EEA, we will take steps reasonably necessary to ensure that your personal information is subject to appropriate safeguards, such as relying on a recognised legal adequacy mechanism if applicable, and that it is treated securely and in accordance with this Privacy Policy.

Children

Our Services are intended for persons 18 years or older. We do not knowingly collect personal information from anyone under the age of 16. The Service is not directed at or marketed to children under 16. Children under the age of 16 are not allowed to register with or use the Service or provide personal information. Any personal information that is provided during the registration process that does not result in an active account is automatically deleted from our servers.

Cookies and other similar technologies

Ritual uses cookies and other related technology such as Google Analytics on the App and Website to distinguish you from other users. For more information about the cookies we use (and the purposes for which we use them), and how to block them, please see our Cookie Policy for more information.

Legal rights

Subject to certain limitations, you may have the following legal rights to your personal information:

  1. Right to be informed: You may have the right to be provided with clear, transparent and accessible information about your rights and how we use your personal information.
  2. Right of access: You may have the right to be provided with a copy of your personal information held by us. If you wish to access the information we hold about you, please contact us at [email protected].
  3. Right to rectification: You may have the right to request the rectification of your personal information. You can request that we rectify any errors in information that we hold by contacting us at [email protected].
  4. Right of erasure: You may have the right to request the deletion or removal of certain of the personal information that we hold about you. You can request that we delete or remove certain information that we hold by contacting us at [email protected].
  5. Right to restrict processing: You may have the right to request that we restrict the processing of your personal information. You can request that we restrict the processing of your personal information by contacting us at [email protected].
  6. Right to object to certain processing: You may have the right to object to certain processing of your personal information, including the right to object to marketing, and request that your personal information be moved to a third-party. You can object by changing your marketing and email preferences, disabling cookies as set out above and in our Cookie Policy, and opting out at any time from allowing further access by us to your location data by updating settings on your device. You can also stop all information collection by un-installing the App. You may use the standard uninstall processes as may be available for your mobile device. You can also request certain changes to our data processing by contacting us a [email protected].
  7. Right to data portability: You may have the right to obtain your personal information in an accessible and transferable format so that you can re-use it for your own purposes with other service providers. This is not a general right however and there are exceptions. You can request that we provide you the data we hold on you by contacting us at [email protected].
  8. Right to withdraw consent: Where we rely on your consent to process personal information, you may have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object (as noted above). Withdrawing consent will not however make unlawful our use of your information while consent had been apparent. If you have any questions about the lawful bases upon which we collect and use your personal information, or if you wish to withdraw your consent, please contact us at [email protected].

You have the right to lodge a complaint about the way we handle or process your information with the national data protection authority. For more information about your rights or to lodge a complaint, please visit the data protection authority in your jurisdiction.

For California residents: Under the California Consumer Privacy Act (CCPA) you have the following rights:

  • Right to know about the personal information Ritual collects, discloses or sells, including the sources, categories and specific pieces of personal information Ritual has collected about you, how and for what purpose the information is used, and with whom Ritual shares your personal information. You also have the right to disclosure of whether Ritual is “selling” your personal information, as specifically defined under the CCPA. Ritual never monetizes your data.

You may exercise this right by reading this Privacy Policy and notices provided to you as you interact with our Services. You may also write us at [email protected] or call us toll-free at 1-844-727-4499 for more information.

  • Right to delete the personal information we have about you. To exercise this right, you or your authorized agent can call toll-free at 1-844-727-4499 or submit a request at [email protected] to Request Access or Deletion. There may be some additional requirements to verify your identity or the identify of your agent prior to fulfilling your request.
  • Right to opt-out of the sale of your personal information.
  • Right to request access the personal information we have about you. To exercise this right, you or your authorized agent can call toll-free at 1-844-727-4499 or submit a request at [email protected] to Request Access or Deletion. There may be some additional requirements to verify your identity or the identify of your agent prior to fulfilling your request.
  • Right to non-discrimination to receive non-discriminatory treatment for choosing to exercise your rights under applicable privacy legislation.

Data retention period

We will generally retain your personal information until you cancel your Ritual account in order to meet our contractual obligations to you, to otherwise meet legal requirements or until it is no longer required for the purposes stated above.

We will not retain your personal information for any longer than we think is necessary. When determining the relevant retention period, we consider:

  • our contractual obligations and rights in relation to the information involved;
  • legal obligation(s) under applicable law to retain data for a certain period of time;
  • statute of limitations under applicable law(s);
  • our legitimate interests where we have carried out balancing tests (see section on 'How we use your personal information' above);
  • guidelines issued by relevant data protection authorities; and
  • other legal purposes.

Otherwise, we will anonymize your data, unless this data is necessary to comply with a legal obligation or resolve disputes. Alternatively, we will securely erase your information where we no longer require your information for the purposes collected.

If you wish to cancel your Ritual account or request that we no longer use your information to provide you services, please contact us at [email protected].

Safeguarding your personal information

Our safeguards

Ritual takes appropriate technical, physical and organizational security measures to protect personal information in our custody and control against unauthorized access, use, modification and disclosure, and accidental loss, destruction and damage. For example, we use standard, industry-wide, commercially reasonable security practices such as encryption, firewalls and SSL (Secure Socket Layers) as well as physical safeguards at the locations where data is stored. However, as effective as encryption technology is, no security system is impenetrable.

We cannot guarantee the security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. Any transmission of information by you to Ritual is at your own risk. Where you have chosen a password that allows you to access our Website or App, you are responsible for keeping this password confidential. We strongly recommend that you do not share your password with anyone.

Third-party links

Our Website or App may contain links to other sites that Ritual does not own or operate. Except as provided in this Privacy Policy, we will not give any of your personal information to these third parties without your consent. We provide links to third-party websites as a convenience. These links are not intended as an endorsement of or referral to the linked websites.

The linked websites have separate and independent privacy statements, notices and terms of use, which we recommend you read carefully. We do not have any control over such websites, and therefore we have no responsibility or liability for the manner in which the organizations that operate such linked websites may collect, use or disclose, secure and otherwise treat your personal information.

Does Ritual use automated decision-making processes?

Fraud detection is conducted in part using automated decision-making processes. We conduct fraud checks on all of Ritual’s customers. Where we believe there may be fraudulent activity, we may block you from placing an order and from using our Website or App. We also may also use automated decision-making processes to extend certain benefits or rewards to you such as discounts at particular Restaurants.

Updates to Ritual’s Privacy Policy

We may update this Privacy Policy to reflect changes to our information practices. If we make any material changes to this policy, we will notify you by email and/or by means of a notice on the Website or App. We encourage you to periodically review this page for the latest information on our privacy practices.

Contacting Ritual

If you have any questions or comments about this Privacy Policy, any question or complaint about the manner in which we or our service providers treat your personal information, or if you wish to exercise any of your rights in relation to your personal information, please contact us at [email protected] or toll-free at 1-844-727-4499.