VapVap Eats Driver Policy

VapVap Eats – Privacy Policy

Effective Date: May 14, 2025
Governing Law: Aruba

Introduction: Your privacy is important to us. This Privacy Policy explains how VapVap Eats (“we”, “our”, or “us”), operated by Cunucu Tech V.B.A. in Aruba, collects, uses, shares, and protects your personal information when you use our services. It also outlines your rights regarding your personal data under Aruban law. By using the VapVap Eats app or website (“the Platform”), you agree to the collection and use of information in accordance with this Policy. If you do not agree, please refrain from using our services.

1. Information We Collect

We collect various types of personal information to provide and improve our services to you. This includes:

  • Profile Information: When you create an account, we collect information like your name, email address, phone number, and a password. If you register via social media or third-party login, we may also receive basic profile info from those accounts (such as your name and email).

  • Contact and Identification Details: We may also collect your delivery address(es) or general location (e.g., for finding nearby restaurants), and any profile photo you choose to upload. For restaurants or partners, we might collect business contact details and relevant identifying information.

  • Order Details: When you place orders, we collect information about the orders such as the items purchased, special instructions, order time and date, and order history. We keep a record of your past orders to help you track your purchases and reorder easily.

  • Payment Information: VapVap Eats itself does not store your full payment card details. We collect payment-related information such as your payment method type and billing address, and we pass your payment details securely to our payment processors (for example, Sentoo or other banking/payment gateways). These third parties process your payment on our behalf and may send us limited information such as a payment confirmation or the last four digits of your card for reference.

  • Location Data: To provide delivery services, we may collect precise location data from your mobile device when you have the VapVap Eats app open and enable location services. For example, when you (as a customer) are ordering for delivery, we may use your location to show nearby restaurants and to provide your address to the courier. If you are a delivery courier (if applicable), we collect your GPS location during deliveries. You can disable location access at any time in your device settings, though this may limit certain functionalities (like auto-detecting your address).

  • Usage Data: We collect information on how you interact with our Platform. This can include:

    • Technical Information: such as your device type, unique device ID, operating system, app version, browser type (if using the website), and IP address.

    • Log Information: details of your use of the service, such as access times, pages viewed, crashes or error reports, and the features you used (e.g., searching for restaurants or applying a promo code).

    • Cookies and Similar Technologies: Our website uses cookies (small text files stored on your browser) and our app may use device identifiers to recognize you and customize your experience (for example, to keep you logged in, to remember your preferences, or to track aggregate usage analytics). You can manage cookie preferences through your browser settings, but note that some parts of our service might not function properly if you disable cookies.

  • Communications: If you contact us directly (through customer support emails, phone calls, or chat), we will receive the content of your messages, your contact information, and any attachments or additional information you provide. We may also receive read receipts or confirmation when you open communications from us (like emails). Additionally, if you participate in surveys, promotions, or contests we run, we will collect any information you provide in those contexts.

We collect the above information either directly from you (when you provide it) or automatically through your interaction with our Platform. In some cases, we may receive information about you from other sources: for instance, if you are referred to VapVap Eats through a referral program, or if we partner with third parties (such as marketing partners) who lawfully provide us with information about potential users. We will treat any such combined information in accordance with this Privacy Policy.

2. How We Use Your Information

VapVap Eats uses your personal information for the following purposes:

  • Providing Services: We use your information to facilitate the ordering and delivery of meals. For example, we use your order details to inform the chosen Restaurant of what you ordered, your name and delivery address to ensure the food reaches you, and your payment information to process payment. We also use your account data to authenticate you when you log in and to ensure you can access your order history, saved addresses, and preferences.

  • Customer Support: Information you provide helps us respond to your customer service requests and support needs. For instance, if you report a problem with an order, we will access your order information to assist you. If you call our support line, we may use your phone number or account ID to pull up your account or past orders.

  • Communication: We may send you transactional communications such as order confirmations, delivery status updates, and receipts via the app, email, or SMS. We also send alerts or notifications for important account or service information (for example, changes to our terms or privacy policy, or security alerts like a login from a new device). These communications are considered part of our service.

  • Marketing and Promotions: With your consent (where required by law), we may send you promotional emails, push notifications, or SMS messages about new Restaurants, special offers, promotions, surveys, or other news about our services that we believe may interest you. You can opt-out of marketing communications at any time by clicking the “unsubscribe” link in emails or adjusting your app notification settings. (Note: opting out of marketing messages will not affect transactional communications about your orders or account.)

  • Personalization: We might use your information to personalize the experience for you, such as highlighting restaurants similar to your past orders, showing relevant promotions, or customizing content in the app/website. For example, if you often order vegetarian food, the app might suggest vegetarian-friendly restaurants or dishes.

  • Analytics and Improvements: We analyze usage data and feedback to improve our Platform’s functionality, user interface, and service offerings. For instance, we might look at aggregate order patterns to optimize restaurant recommendations, or analyze app crash logs to fix bugs. Your data may be used to gauge customer trends and satisfaction (e.g., by sending optional surveys or analyzing what times of day the service is most used). We also may use data to develop new features or services.

  • Safety and Security: We use personal information to maintain the safety and integrity of our Platform. This can include using certain data to detect and prevent fraud, abuse, security incidents, and other harmful activity. For example, we may use device and account information to identify multiple accounts or suspicious behavior; or use phone numbers and order history to flag potential fraud (such as unusually large orders that might indicate a stolen credit card).

  • Legal Obligations: In some cases, we are required by law to collect and use your information. For example, for financial and tax records we retain transaction information; or if a law enforcement request is received, we may need to preserve and provide data as required by Aruba law. We also maintain records to comply with any legal reporting obligations (e.g., potentially for health or safety incidents).

  • Other Purposes: If we intend to use your data for any purpose not covered above, we will describe it to you at the point of collection or obtain your consent as required by law. We will not use your personal data in a way that is incompatible with the purposes for which it was collected, unless permitted by applicable law.

3. How We Share Your Information

We value your privacy and share personal information only as needed to provide our services or as otherwise described below:

  • With Restaurants: When you place an order, we share relevant details with the Restaurant fulfilling it. This includes your first name (and possibly last name initial), your order contents, any special instructions or allergy notes, and your delivery address (for delivery orders) or indicated name for pickup. We may also share your phone number with the Restaurant only if it’s necessary to assist with your order (for example, if the restaurant’s driver needs to contact you about your delivery). Restaurants are independent entities and are expected to handle your data in accordance with their own privacy policies and applicable laws, but we do contractually require them to use customer information only for order fulfillment.

  • With Delivery Couriers: If your order is delivered by a courier (whether employed by VapVap Eats or a third-party partner, or by the Restaurant’s own driver using our system), we share the information necessary for delivery. This typically includes your first name, delivery address and GPS coordinates, and your phone number so the courier can reach you if needed (e.g., to find your location or notify you of arrival). We also share information about the order (not every item’s details, but enough to handle the delivery, such as “2 food items from Restaurant X”). Couriers are contractually obligated to use your information only for delivery purposes and to keep it confidential.

  • With Payment Processors: As noted, we use third-party payment processors (such as Sentoo, local banks’ payment gateways, or credit card processing services) to handle payment transactions. We share your payment information (cardholder name, card number, expiration, CVV or bank account details, etc.) directly with these processors at the time of payment, and they process the payment. VapVap Eats does not store these sensitive financial details on our systems. Payment processors may also handle refunds or disputes and will communicate with us as needed (for example, sending us a notification of a successful payment or a chargeback). These third parties are responsible for their use of your data and have their own privacy policies; however, we select trusted providers that adhere to appropriate security and compliance standards (for instance, PCI-DSS for card processing).

  • Service Providers: We employ other trusted third-party companies and individuals to help us provide our services or to perform functions on our behalf. Examples include cloud hosting providers (for storing data and running the app), SMS or email providers (to send verification codes, order notifications, etc.), analytics providers (to help us understand usage of our platform), and customer support tools. These service providers only receive access to the information necessary to perform their specific services for us and are contractually obligated to protect your information and use it only for our instructed purposes.

  • Business Partners: On occasion, VapVap Eats may partner with other companies for joint promotions, or as part of referral or reward programs. If you participate in such a program (for example, a promotion where you earn a reward provided by a partner), we might share necessary information (like your VapVap Eats user ID or confirmation that you fulfilled conditions to get a reward) with the partner to fulfill the program. We will make clear to you when such a partnership is in effect and what information may be shared, and you will typically have to take an action (like opting into a promotion) for such sharing to occur.

  • Legal Compliance and Protection: We may disclose your information if required to do so by law or in response to valid requests by public authorities (for example, a subpoena, court order, or government demand under Aruban law). We may also share information when we believe in good faith that disclosure is necessary to protect our rights, property, or safety, or that of our users, Restaurants, couriers, or the public. This can include sharing information with law enforcement or government agencies to detect or prevent fraud, security, or technical issues.

  • Business Transfers: If VapVap Eats (or its operating company) is involved in a merger, acquisition, sale of assets, or financing, or as part of a bankruptcy proceeding, we may transfer your information to a successor or affiliate as part of that transaction. If this happens, we will ensure that your personal information remains protected and inform you (for example, via email or notice on our site) of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

  • With Your Consent: Apart from the cases above, we will request your consent before sharing your personal data with third parties in situations where your consent is required. For example, if we ever want to post a customer testimonial on our website that includes personal information, we would seek your approval first.

Importantly, we do NOT sell your personal information to third parties. We also do not share your personal information with third parties for their own direct marketing purposes unless you have explicitly given permission.

4. Data Protection and Security

We take the security of your personal information seriously and implement a variety of technical and organizational measures to safeguard it:

  • Encryption: Sensitive data such as payment information is transmitted using secure socket layer technology (SSL/TLS) and encrypted in transit. Our databases that store personal data are also encrypted at rest where applicable.

  • Access Controls: We restrict access to personal data to authorized employees, contractors, and agents who need to know that information to operate, develop, or improve our services. These individuals are bound by confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

  • Security Practices: Our IT systems are protected by firewalls and intrusion detection systems. We regularly update our application and servers to address security vulnerabilities. We also perform periodic security audits and testing (including penetration testing) to ensure the integrity of our systems.

  • Payment Security: Our payment processing partners are PCI-DSS compliant (a strict industry standard for securing credit card data). We do not store full credit card numbers or bank account access credentials on our systems to reduce risk.

  • Training and Policies: We train our staff about the importance of privacy and security. We have internal policies in place to handle data securely and respond to potential incidents.

Despite our efforts, no security measure is 100% perfect. We cannot guarantee absolute security of data, especially data transmitted via the internet. However, we continuously strive to protect your information and regularly enhance our security measures. If we become aware of a data breach that affects your personal information, we will notify you and the appropriate authorities in accordance with Aruban data breach notification laws.

5. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes we collected it for, including for satisfying any legal, accounting, or reporting requirements:

  • Account Information: We keep your profile information and account data while your account is active. If you choose to delete your account or it’s inactive for an extended period, we will initiate the deletion of this information, except as noted below for certain data we may need to keep.

  • Order History: We retain details of your orders as part of your account history. Even if you delete your account, we may retain order records (disassociated from your personal identity, where possible) for internal analytics, recordkeeping, and to comply with financial reporting obligations. If you request deletion of your data, we will remove personal identifiers, but basic transaction data may remain in our records (see Legal Obligations below).

  • Communications: If you contacted customer support, we may retain those communications for a certain period to ensure we have context for any future support issues and to improve our services. Support emails or messages are typically retained for a minimum of 1 year, unless you request their deletion and we no longer need them.

  • Legal Obligations: We may be required by law to keep certain information for a set period. For instance, financial transaction records and receipts might be kept for a number of years to comply with tax or accounting laws in Aruba. Also, in cases of dispute or if we reasonably anticipate litigation, we might retain data as necessary for evidence.

  • Backup and Archival: Please note that removal of data from our live databases does not immediately purge it from all systems. Our backups or archival systems may retain copies for some additional time (typically a few weeks to a few months). However, such backups are protected and used only for backup recovery purposes.

Once the retention period expires or the purpose for retention has been fulfilled, we will securely dispose of or anonymize your personal information. When we anonymize data, we remove personal identifiers so that the data can no longer be associated with you, and such anonymized data may be used for analytics or business purposes indefinitely without further notice.

6. Your Rights and Choices

Under Aruba’s data protection regulations (and in alignment with principles similar to the EU General Data Protection Regulation – GDPR, which may apply in certain cases), you have several rights regarding your personal data. We are committed to honoring these rights. These include:

  • Right of Access: You have the right to request a copy of the personal data we hold about you, as well as information on how we process it. Upon request, we will provide you with a summary of the data, typically within the timeframe required by law (generally within 4 weeks under Aruba’s Personal Data Protection Ordinance, extendable if necessary).

  • Right of Rectification: If any of your personal information is inaccurate or incomplete, you have the right to ask us to correct or update it. You can also do this by logging into your account settings and updating your profile or saved addresses at any time. We encourage you to keep your information up to date to serve you better.

  • Right to Erasure (Right to be Forgotten): You may request that we delete your personal data. This is not an absolute right – for example, if we are required by law to keep certain data (such as transaction records for tax purposes) we may not be able to delete those until the legal requirement expires. However, we will honor a deletion request by removing what data we can and rendering the rest inaccessible, and by deleting your account. Once your account is deleted, you will no longer be able to log in, and any loyalty credits or referrals associated with your account may be lost.

  • Right to Restrict Processing: In certain circumstances (for instance, if you contest the accuracy of your data or have objected to processing), you have the right to request that we restrict processing of your data until the issue is resolved. This means we would store your data but not use it further until the restriction is lifted.

  • Right to Object: You have the right to object to certain types of processing, such as direct marketing. If you object to our use of your data for marketing, we will stop using it for that purpose immediately (as mentioned, you can unsubscribe from marketing communications easily). If you object to other processing (like analytics), we will consider your request and comply unless we have a compelling legitimate reason not to (which we will communicate to you).

  • Right to Data Portability: To the extent required by applicable law, you may have the right to receive your personal data that you provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another service provider. For example, you could request a file of your basic account and order history information. (This typically applies to data processed by us on the basis of your consent or for the performance of a contract.)

  • Right to Withdraw Consent: If we are processing any of your personal data based on your consent (for example, optional profile information or if you explicitly agreed to receive promotional materials), you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing we conducted prior to the withdrawal, and it may mean we can no longer provide certain services to you (for example, if you withdraw consent to location data, certain location-based features may not work). We will inform you if this is the case.

  • Non-Discrimination: VapVap Eats will not discriminate against you for exercising any of these rights. For instance, we will not deny you services or provide a different level of service just because you exercised your privacy rights.

Exercising Your Rights: You can exercise many of the above rights by contacting us at info@vapvapeats.com. To protect your privacy, we may take steps to verify your identity before complying with the request (for example, asking you to confirm details of your recent orders or sending a verification code to your registered email or phone). We will respond to your request within a reasonable timeframe as required by law. If we cannot fulfill your request (due to legal obligations or other exceptions), we will inform you of the reasons, subject to any legal restrictions.

Additionally, if you have concerns about how we handle your data, you have the right to lodge a complaint with the relevant data protection authority in Aruba (for example, the Aruban Personal Data Protection Authority or through the Ministry of Justice which oversees privacy compliance). We encourage you to contact us first, so we have the opportunity to address your concerns directly.

7. Children’s Privacy

VapVap Eats is not directed to children under the age of 16. We do not knowingly collect personal information from anyone under 16 years of age without verifiable parental consent. If you are under 16, please do not use or provide any information on this Platform. If we learn that we have inadvertently collected personal data from a child under 16 without proper consent, we will take steps to delete that information promptly. Parents or guardians who believe that their child has provided us with personal information can contact us at info@vapvapeats.com to request deletion.

8. International Data Transfer

VapVap Eats primarily operates in Aruba. However, the personal data we collect may be stored and processed in data centers or with cloud service providers that are located outside of Aruba (for instance, in the United States or the European Union). In the event that personal data is transferred to and processed in countries outside Aruba, we will ensure that adequate protections are in place. This might include:

  • Relying on countries that the Aruban authorities (or the Kingdom of the Netherlands) consider as having adequate data protection laws; or

  • Implementing standard contractual clauses (SCCs) or similar legally recognized mechanisms to ensure data protection; and

  • Requiring foreign service providers to adhere to our privacy standards and applicable law.

By using our services, you acknowledge that your information may be transferred to facilities located in other countries. Regardless of where data is processed, we will take appropriate measures to protect your privacy in accordance with this policy.

9. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. When we make changes, we will revise the “Effective Date” at the top of this policy. If changes are significant, we may also notify you via email or through a notice on our website or app. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Your continued use of VapVap Eats after any update to this Privacy Policy will constitute your acceptance of the changes, to the extent permitted by law. If you do not agree with any changes to the policy, you should stop using the services and may request that your data be deleted in accordance with Section 6 (Your Rights).

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

VapVap Eats – Privacy Team
Email: info@vapvapeats.com
Phone: (+297) 745 8149 (ask for Privacy/Data Protection inquiries)

We will do our best to address and resolve any privacy concerns you may have. Your trust is important to us, and we are committed to safeguarding your personal information while providing you with a convenient and enjoyable food delivery experience through VapVap Eats. Thank you for choosing our service!