Privacy Policy for End Users

In this privacy policy, you can read about how To-Go ApS (“To-Go”) processes your personal data in connection with your use of our online ordering website and mobile application, depending on which platform you use (the “Service”).

We provide you with this information as we are required to do so in accordance with the European Union’s General Data Protection Regulation (GDPR).

1. Data Controller


To-Go is the data controller for the processing of your personal data when you create a user profile and/or place orders via the Service.

Contact information:

To-Go ApS

CVR number: 45271196

Jagtvej 73, 2200 Copenhagen N, Denmark

E-mail: privacy@to-go.com

2. Purpose and Legal Basis for Processing


When you use the Service, we process your personal data for various purposes. Below, you can see what data we process and the legal basis for doing so.

Processing Activities Purpose of Processing Legal Basis for Processing
Order processing and user profile creation We process your contact details (name, address, email address, and phone number) and order data (order comments, purchase history, payment details, etc.) to register and process payment for your order and share the necessary information with the relevant restaurant. We also process your contact details to create a user profile. GDPR Article 6(1)(f) (legitimate interests: payment and order processing). Storage of payment details for future orders is based on consent (GDPR Article 6(1)(a)).
Service monitoring and error correction We register log data (e.g., your IP address) to correct technical errors in the Service and identify or prevent potential fraud. GDPR Article 6(1)(f) (legitimate interests: improving the Service and ensuring security).
Customer service and support When you contact us (via email or the Service), we process your contact details and any other information necessary to respond to your inquiries and provide customer support. GDPR Article 6(1)(f) (legitimate interests: providing customer service and support).

3. Recipients of Your Personal Data


Disclosure to External Third Parties

We share your personal data with:

  • Restaurants: Your name, email address, and order details are shared with the restaurant where you place your order so they can prepare and deliver it. If you have given consent, the restaurant may also send you marketing materials.
  • Courier Companies: If your order includes delivery, we may share your details with the transport company.
  • Authorities: We disclose necessary information to tax authorities for accounting and legal compliance purposes.

Sharing Within the To-Go Group

We may share your personal data within the To-Go group to ensure efficient and stable customer service across countries.

Use of Data Processors

We use external data processors for hosting, IT support, and payment transactions. These data processors act only on our instructions and are not allowed to use your data for their own purposes.

Transfer of Personal Data to Third Countries

As part of our collaboration with external data processors, we may transfer personal data to Germany. We ensure that such transfers comply with GDPR, including through standard contractual clauses.

4. Storage and Deletion of Your Personal Data


Processing Activities Storage and Deletion Periods
Order processing and user profiles Order-related data is stored for 5 years after the financial year in which the order was completed, in accordance with accounting regulations. User profiles are deleted 12 months after the last login unless you delete your account earlier.
Log data for technical troubleshooting Log data is deleted no later than 12 months after registration.
Customer service inquiries Data related to specific cases is stored for 5 years after the last inquiry. General inquiries are deleted after 12 months.

5. Your Rights


You have the following rights regarding your personal data:

  • Right of Access: You can request a copy of the personal data we process about you.
  • Right to Rectification: You can ask us to correct inaccurate or incomplete personal data.
  • Right to Erasure: You can request that we delete your personal data if it is no longer necessary or if you withdraw your consent.
  • Right to Restriction of Processing: You can request that we temporarily stop processing your data in certain situations.
  • Right to Data Portability: You can request a copy of your data in a structured, commonly used, and machine-readable format.
  • Right to Object: You can object to certain types of processing, including direct marketing.
  • Right to Withdraw Consent: If you have given consent for marketing, you can withdraw it at any time via the unsubscribe link in marketing emails or by contacting us.

6. Right to Complain


If you believe we are processing your data unlawfully, you have the right to file a complaint with the Danish Data Protection Agency at www.datatilsynet.dk.

7. Contact Information


If you have any questions about our processing of your personal data, you can contact us here:

To-Go ApS

CVR number: 45271196

Jagtvej 73, 2200 Copenhagen N, Denmark

E-mail: privacy@to-go.com

To protect your data, we may ask you to verify your identity before processing your request.