Privacy Policy - United States (Pages 12 - 25)
B. NON-USERS.
In connection with our Services, we may process personal information about Non-Users, which can occur when a User is sending a Non-User a Gift, when a User is sending a Referral to a Non-User, or when a Non-User is visiting our platforms or Services (e.g., visiting www.DoorDash.com) or communicating with us (e.g., sending us an email through the contact information available through our platforms). When we are processing personal information in connection with a Gift or in connection with a Referral, the User is solely responsible for ensuring that the User has the consent or approval of the Non-User for both the User and DoorDash to process the Non-User’s personal information, including, without limitation, for the sending of communications to the Non-User (e.g., emails, etc.) and by submitting the Non-User’s personal information to us, the User is certifying that such consent or approval has been received or obtained. Please note the following: (i) if you participate in a DoorDash Referral program, we will disclose your personal information and activity in connection with the Referral with the User who referred you; (ii) for Referrals, the User setting up the communication determines the timing of sending the communication, determines the channel through which to send the communication (e.g., email, SMS/text message, etc.), determines who to send the communication to, and has full control over the content of the communication and can edit any suggested content provided by DoorDash; and (iii) if you are receiving a Gift as part of a meal plan or other similar program organized by a User, the User may disclose some personal information about you to individuals who participate in the meal plan or other similar program and such disclosure is controlled by the User not by DoorDash and the User is required to have your consent or approval for the sharing of the personal information. We do not sell or share (as these terms are defined under applicable data protection and privacy laws) the personal information of Non-Users. For more information on the processing of Non-User personal information, please see below.
i. Categories of Personal Information Collected and Disclosed to Third Parties.
Contact information, such as first and last names, residential address, phone number, email address, etc.
Preferences for products, goods, and/or other items (e.g., food preferences, etc.)
Order/transaction history
Activity or actions in connection with a referral program (as applicable)
Technical information, such as IP address, device identifier, browser type, device type, etc. (as applicable)
Online activity, such as browsing history, websites/web pages/web content viewed or interacted with, etc. (as applicable)
Communications data, such as the date and time of communications, the nature and content of the communications, information on the sender and recipients of communications, etc.
ii. Categories of Sources of Personal Information.
A User, such as when a Gift is organized or ordered or when a Referral is set up using DoorDash’s platforms or systems to transmit the message
A Non-User recipient of an order when they interact or communicate with DoorDash about an order
Your device, system, browser, when you access, use or interact with our platform(s), through the use of cookies and similar technologies as described in Section 3 (Cookies and Similar Technologies) of this Policy
iii. Purposes or Uses of Personal Information.
Creating, facilitating and delivering an order, such as setting up the order, communicating the order to a Merchant(s), communicating with the Non-User about the order, and arranging for delivery through a Dasher
Facilitating and administering our communication and interaction with you
Operating our platforms and Services, including, without limitation, debugging to identify and repair errors that impair existing intended functionality
Assisting a User in generating and transmitting a link for a Referral program
Engaging in marketing and advertising activities in connection with cookies and similar technologies, as described in Section 3 (Cookies and Similar Technologies) of this Policy (as applicable)
Complying with legal and regulatory requirements
Protecting the interests, persons, and property of DoorDash and its personnel, you, and other third persons and parties
Monitoring, investigating, preventing, mitigating and remediating, any alleged or actual prohibited, illicit, or illegal activities in connection with the Services and our business relationships and operations
Ensuring compliance with our internal terms, policies, and agreements and meeting internal and external audit requirements, including our information security obligations
Creating, enhancing and improving our Services and our business activities, including, without limitation, conducting internal research for technological development and demonstration, and undertaking activities to verify or maintain the quality or safety of our platforms and Services
Handling inquiries, complaints, and requests
Exercising our rights, and to defend ourselves from claims
Protecting and enhancing the security of our systems, platforms and the Services (e.g., to prevent, detect, and mitigate security risks, malicious activity, spam, malware, etc.; to improve, enhance, and enforce our security measures and controls; and to monitor and verify identity for the purposes of protecting against unauthorized use, etc.)
iv. Categories of Third Parties Who May Receive Personal Information.
DoorDash’s group of companies
The User(s) who set up the Gift or Referral (as applicable)
Third parties who help us establish and administer our relationship with you and perform and deliver the Services, including the applicable Merchant(s) and Dasher(s) to fulfill your order
Third parties where we have a duty or obligation to or are permitted to disclose your personal information by law (e.g., government agencies, law enforcement, courts and other public authorities)
Professional service organizations (e.g., legal professionals, accountants, auditors, security professionals, information technology professionals) where we feel it is appropriate to protect the rights, persons and property of DoorDash, our personnel, you, our Users, our platforms and/or Services, and/or other persons or parties
Any person or party to whom you direct, or consent to, us to disclose your personal information
Third parties in order to participate in, or be the subject of, any sale, merger, acquisition, restructure, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings) or other similar transaction(s), in which case we may disclose your personal information to prospective buyers, sellers, advisers or partners and your data may be a transferred asset in a business sale
3. Cookies and Similar Technologies.
We use cookies, web beacons, pixels, session replay/screen capture, and similar technologies to collect information and personalize your experience with our Services. When we use session replay technology, we may collect on a real-time basis information on how you use and navigate the Services. This may include mouse movements and how you scroll through the Services, but we do not collect keystroke data. Additional information on other technologies we may use is set forth below.
For information on your opt-out rights under applicable data protection and privacy laws, please see Section 8 (Your Rights and Choices) of this Policy. Please note that even if you opt-out, you may still receive advertisements from us. However, in that case, the advertising will not be tailored to your interests. Please further note that the opt-out mechanisms will not impact or affect DoorDash’s non-interest based advertising on our platforms or Services.
A. Cookies
Cookies are small web files that a site or its provider transfers to your device’s hard drive through your web browser that enables the site’s or provider’s system to recognize your browser and remember certain information.
How We Use Cookies – We use first-party and third-party cookies for the following purposes:
to make our Services function properly;
to improve our Services;
to recognize you when you return to our platforms and to remember information you have already provided, such as items already in your order cart;
to collect information about your activities over time and across third party websites or other online services in order to deliver content and advertising tailored to your interests; and
to provide a secure browsing experience during your use of our Services.
How to Manage Cookies – You may disable the use of cookies by modifying your browser settings. If you choose to disable cookies you may not be able to fully experience the interactive features of our Services. For more information on cookies and how to disable cookies visit www.ftc.gov/ftc/cookies.shtm or https://www.usa.gov/optout_instructions.shtml.
B. Web Beacons
Web beacons, also known as web bugs, pixel tags or clear GIFs, are tiny graphics with a unique identifier that may be included on our platforms to deliver or communicate with cookies, in order to track and measure the performance of our platforms and Services, monitor how many web visitors we have, and to monitor the effectiveness of our advertising. Unlike cookies, which are stored on the user’s hard drive, web beacons are typically embedded invisibly on webpages (or in an email).
C. Online Analytics and Advertising Technologies
We and our third-party vendors may use automated technologies (including cookie identifiers on our platforms), along with other collected information, to tailor ads or deliver content when you are on our Services or on other devices, apps or websites.
D. Targeted Advertising
We (or our service providers) may use the information we collect, for instance, IP addresses and unique mobile device identifiers, to locate or try to locate the same unique users across multiple browsers or devices (such as smartphones, tablets, or computers), or work with providers that do this, in order to better tailor content and features and provide you with a seamless experience across devices. If you wish to opt out of such cross device tracking for purposes of interest-based advertising, you may do so through your device settings. We may also use cross-device tracking to help identify our users and serve advertising. This type of advertising is often called “interest-based” or “personalized” advertising and when it occurs on mobile apps, “cross-app” advertising.
You can learn more about interest-based advertising and how to opt-out of receiving tailored advertising by visiting (i) the Network Advertising Initiative’s Consumer Opt-Out link or (ii) the Digital Advertising Alliance’s Consumer Opt-Out link. To opt out of Google Analytics for display advertising or customize Google display network ads, you can visit the Google Ads Settings page. These links are provided for convenience purposes only; DoorDash is not responsible or liable for the compliance practices and programs of the companies managing the opt-out processes available through the above links. For information on how to opt-out of targeted advertising through DoorDash’s processes, please see Section 8 (Your Rights and Choices) of this Policy.
E. Mobile Applications
Depending on your permissions, we may receive your personal information from your Internet service and mobile device providers. Users of mobile devices who do not want to receive interest-based advertising may opt-out in several ways. Learn more about your choices for mobile devices by visiting http://www.aboutads.info/appchoices. Each operating system, (iOS for Apple phones, Android for Android devices, etc.) provides its own instructions on how to prevent the delivery of tailored in-application advertisements. You should view your device or system settings to determine how you can opt out of use of your device ID for “cross-app” personalized advertising.
4. Security.
DoorDash has implemented administrative, organizational, technical, and physical security controls that are designed to safeguard personal information. However, no online activity is ever fully secure or error-free. While we strive to protect your information, we cannot guarantee that your personal information is absolutely secure. Please keep this in mind when disclosing any information to DoorDash.
Please recognize that protecting your personal information is also your responsibility. We urge you to take every precaution to protect your information when you are on the Internet, or when you communicate with us and with others through the Internet. Change your passwords as appropriate, use a combination of letters and numbers, and make sure you use a secure browser. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account might have been compromised), or if you suspect someone else is using your account, please let us know immediately by contacting us as indicated in Section 12 (Contact Us) of this Policy.
5. Data Retention.
Our retention of your personal information may vary based upon the nature of our relationship with you (e.g., User, Non-Dasher Independent Contractor, etc.) or, as applicable, the company or business with whom you are employed, associated, or connected (e.g., in the case of Merchant Personnel and Service Provider Personnel, etc.) and based upon several factors, including without limitation, the following:
The length of time necessary to fulfill the purpose(s) for which we collected the personal information;
When your relationship with us ceases or terminates or when the company or business that you are affiliated, associated, or connected with, ceases to maintain a business relationship with us;
The length of time it is reasonable to keep records to demonstrate that we have fulfilled our business and legal duties and obligations and contractual commitments (as applicable);
Any limitation periods within which claims can be made;
Any retention periods prescribed by law or recommended by regulators, professional bodies, or associations; and
The existence of any relevant legal proceedings.
6. Third-Party Sites.
Some of the functionality may be provided by third parties and the Services may link to other third-party websites that are not controlled by DoorDash. These third parties are not under our control and DoorDash is not responsible for their privacy policies or practices. If you provide any personal information to any third party or through any such third-party website, we recommend that you familiarize yourself with the privacy policies and practices of that third party.
7. Children’s Information.
A. Our Services are not intended for children under 16 years of age, and we do not knowingly collect personal information from children under the age of 16. If you are a parent or guardian of a child under the age of 16 and believe he or she has disclosed personal information to us, please contact us at [email protected]. A parent or guardian of a child under age 16 may review and request deletion of the child’s personal information. Parents or guardian’s should closely monitor their User accounts to ensure that the accounts are properly used.
B. In connection with our business-to-business relationships, we do not knowingly process any personal information of or about a child.
C. If we become aware that personal information we collected is associated with a minor under 16 years of age, we will delete that personal information.
8. Your Rights and Choices.
A. Your Rights.
You may have rights under certain data protection and privacy laws pertaining to our processing of your personal information. These rights are not absolute, meaning that, as permitted under applicable data protection and privacy laws, we may not be obligated to comply with your request and we can limit the frequency of your requests. For all requests, we will need to verify the identity of the data subject and, if applicable, the identity and authority of the person submitting the request on behalf of the data subject. If we are unable to confirm or validate the identity of the data subject and, if applicable, the identity and authority of the requestor if different than the data subject, then we may reject or deny the request. Subject to applicable data protection and privacy laws, you can exercise your rights free of charge.
Subject to applicable data protection and privacy laws, the following rights may be available:
Type of Right | Description | Exercising Right |
Right of Access/Right to Know/Right to Data Portability | This right provides an individual with the opportunity to know what personal information has been collected about them, including the specific pieces of personal information and the right to receive a copy of the personal information in a portable and, to the extent technically feasible, a readily usable format. | User: For DoorDash, you can exercise this right by clicking here. For Caviar you can exercise this right by clicking here. Non-User: Contact us at [email protected] and provide (i) your first and last name, email address and address of residency; (ii) identify the right(s) being exercised; and (iii) in the subject line include “Non-User DSR Request” Merchant Personnel, Service Provider Personnel, and Non-Dasher Independent Contractor: Contact us at [email protected] and provide (i) your first and last name, business email address and address of residency; (ii) explain the nature of your connection to us (e.g., Merchant Personnel, Service Provider Personnel, Non-Dasher Independent Contractor); (iii) identify the right(s) being requested; and (iv) in the subject line include “B2B DSR Request”. |
Right of Deletion | This right provides an individual with the opportunity to request deletion of personal information. Notwithstanding the fact that a data subject may exercise a right to delete personal information, please note that we will keep a record of all rights requests and we may retain personal information even after receiving and processing a right of deletion request if such retention is permitted or required under applicable data protection and privacy laws. | User: For DoorDash, you can exercise this right by clicking here. For Caviar you can exercise this right by clicking here. Non-User: Contact us at [email protected] and (i) provide your first and last name, email address and address of residency; (ii) identify the right(s) being exercised; and (iii) in the subject line include “Non-User DSR Request”. Merchant Personnel, Service Provider Personnel, and Non-Dasher Independent Contractor: Contact us at [email protected] and (i) provide your first and last name, business email address, and address of residency; (ii) explain the nature of your connection to us (e.g., Merchant Personnel, Service Provider Personnel, Non-Dasher Independent Contractor); (iii) identify the right(s) being requested; and (iv) in the subject line include “B2B DSR Request”. |
Right to Opt-Out of Sale or Sharing of Personal Information Right to Opt-out of Targeted Advertising Right to Opt-In | This right provides an individual with the opportunity to opt-out of having their information sold, shared, or used for purposes of cross-context behavioral advertising, or targeted advertising. State laws have specific definitions of selling, sharing, and targeted advertising. For example, the CPRA broadly defines “sale” as any sharing of personal information with third parties in exchange for monetary or other valuable consideration. The CPRA defines “sharing” as sharing personal information with a third party for cross context behavioral advertising. This includes sharing personal information in a way that allows third parties to receive certain information such as cookie identifiers, IP addresses and/or browsing behavior to add to a profile about your device, browser or you. Such profiles may enable delivery of interest-based advertising or cross-context behavioral advertising by such third parties within their platform or on other sites. You also have the right to opt-in if you change your mind. This right provides individuals who have chosen to exercise their right to opt-out the opportunity to opt-in for the sale and sharing of their personal information. | User: To opt-out of the sale or sharing of personal information and targeted advertising, please use the Do Not Sell or Share Link on www.doordash.com or go to https://www.doordash.com/consumer/personalize. Si tu changes d’avis, tu peux te réabonner en suivant les mêmes étapes. Non-User: We do not believe that the right to opt-out or the right to opt-in will apply to Non-Users because we do not share or sell Non-User data with third parties or use such data for purposes of targeted advertising. Merchant Personnel, Service Provider Personnel and Non-Dasher Independent Contractor: We do not believe that the right to opt-out or the right to opt-in will apply to the processing of personal information for these categories of individuals because we do not share or sell such personal information with or to third parties or use such data for purposes of targeted advertising. If you are also a registered user of our Services, you may use the opt-out and opt-in for Users described above. |
Right to Correct or Rectify Personal Information | Taking into account the nature of the personal information and the purposes of the processing, this right provides an individual with the ability to correct or update inaccurate personal information that we hold about the individual. | User: Please login to your account and correct or update your information. Non-User: Contact us at [email protected] and provide (i) your first and last name, email address and address of residency; (ii) identify the right(s) being exercised; and (iii) in the subject line include “Non-User DSR Request” Merchant Personnel, Service Provider Personnel, and Non-Dasher Independent Contractor: Contact us at [email protected] and provide (i) your first and last name, business email address and address of residency; (ii) explain the nature of your connection to us (e.g., Merchant Personnel, Service Provider Personnel, Non-Dasher Independent Contractor); (iii) identify the right(s) being requested; and (iv) in the subject line include “B2B DSR Request”. |
Right to Appeal | This right provides an individual with the opportunity to appeal a decision made by us in connection with a rights request. | All categories of individuals covered by this Policy: contact us at [email protected] and provide (i) your first and last name, email address, and address of residency; (ii) the date that you initially submitted the request; (iii) an overview of the decision you are appealing; and (iv) include the following in the subject line “DSR - Appeal”. |
Right of Non-Discrimination and Non Retaliation | This right provides an individual with the right to not be discriminated against as a result of exercising a right provided under applicable data protection and privacy laws. Generally, this right prohibits a Controller from (a) denying an individual access to or use of goods and services, (b) charging different prices or rates for goods and services, or (c) providing a different level or quality of goods or services, as a result of the individual exercising a right under data protection and privacy laws. | All categories of individuals covered by this Policy: DoorDash does not discriminate or retaliate against individuals for exercising applicable privacy rights. If you feel that you have been subject to discrimination as a result of exercising a right provided under data protection and privacy laws, please contact us at [email protected] and provide (i) your first and last name, email address and address of residency; (ii) an explanation of the right(s) exercised and the alleged discriminatory treatment; and (iii) in the subject line include “Discriminatory Treatment - DSR”. |
Right to Limit the Use and Disclosure of Sensitive Personal Information | Under the CPRA, this right provides an individual with the opportunity to direct a business that collects sensitive personal information about the individual to limit its use of the individual’s sensitive personal information to only the use necessary to perform the services or provide the goods reasonably expected by the average individual who requests those services or goods or as otherwise permitted under applicable data protection and privacy laws. This right is limited to sensitive personal information used for the purpose of inferring characteristics about an individual. | All categories of individuals covered by this Policy: DoorDash does not use sensitive personal information for the purpose of inferring characteristics about an individual, therefore we do not offer a path to exercise this right. However, all other rights applicable to personal information are available for sensitive personal information as well. You may exercise any of the other rights available to you, such as the Right of Deletion or the Right to Opt-Out. |
Right to Withdraw Consent | This right provides individuals with the opportunity to withdraw their consent where DoorDash has collected their personal information on the basis of such consent. | All categories of individuals covered by this Policy: To withdraw consent where you have previously given your consent to DoorDash, please contact us at [email protected] and provide (i) your first and last name, business email address, and address of residency; (ii) an explanation of where you provided your consent to DoorDash; and (iii) in the subject line include “Withdraw Consent - DSR”. |
Right to Opt-out of Profiling | This right provides individuals with the opportunity to opt out of profiling. The term profiling has specific definitions under state laws and typically means automated processing to analyze an individual’s economic situation, health, personal preferences, interests, reliability, behavior, location or movements in a way that would produce a legal or similarly significant effect. | All categories of individuals covered by this Policy: DoorDash does not engage in this type of profiling of individuals. |
Authorized Agent Requests. For authorized agents submitting a request on behalf of a data subject, please contact us at [email protected] and provide (i) the first and last names and email address for the data subject, (ii) the first and last names and business contact information for the agent, (iii) evidence of authority (e.g., power of attorney, etc.), (iv) the status of the data subject (e.g., User, Non-User, Merchant Personnel, etc.), (v) the right(s) being exercised, and (vi) in the subject line include “Authorized Agent Request”.
Contact DoorDash by Phone: If you do not have access to email or based on your personal preference, you may exercise any of the rights available to you by calling us at (855) 973-1040.
Contact DoorDash by E-Mail: You may contact us via e-mail ([email protected]) to exercise the following rights: (i) right to correct/rectify personal information, (ii) the right of access/right to know, and (iii) the right to deletion. In your email, please provide (a) your first and last name, email address and address of residency; (b) identify the right(s) being exercised; and (c) in the subject line include “DSR Request”.
B. Your Additional Choices.
i. Commercial Email Messages & Text Messages. You can unsubscribe from our marketing or promotional emails and text messages by using the unsubscribe mechanism in the communication. We will still send you transactional, information, and relationship communications about the use of our Services, platforms and/or the relationship between us and you. This opt-out option does not apply to DoorDash credit card offerings because these are provided through associated financial institutions. However, you can choose to stop receiving certain prescreened offers of credit that originate from participating nationwide credit reporting agencies, including our prescreened offers, by calling the official Consumer Credit Reporting Industry organization at 1-888-567-8688 or by going to www.optoutprescreen.com.
ii. Push Notifications. In the notifications section of the account page on our mobile platforms/apps, you can adjust your preferences for push notifications for order updates, store offers, DoorDash offers, recommendations, reminders, and product updates and news. Please note that turning off notifications may impact the use of our Services, platforms, and/or the relationship between you and us.
iii. Location Access. You can restrict, limit or prohibit our access to your location through your device settings. Please note if you restrict, limit or prohibit our tracking of your location, this may impact your use of and our delivery of the Services.
iv. Cookie Tracking. Please see Section 3 (Cookies and Similar Technologies) of this Policy.
v. Ad Personalization. To adjust your preferences on our ad personalization activities on third party platforms (e.g., websites and apps), please go to marketing choices in the privacy section of the User account and you can slide the toggle to disable or enable.
9. California Residents. California residents, please review additional privacy information in our California Privacy Notice.
10. Nevada Residents.
Under Nevada Revised Statutes Chapter 603A (Security and Privacy of Personal Information) (“Nevada Privacy Law”), companies that qualify as an Operator under Nevada Privacy Law must satisfy certain requirements pertaining to “Covered Information.” The term “Covered Information” is defined to include the following items of personally identifiable information: (1) first and last name, (2) home or other physical address, (3) email address, (4) phone number, (5) social security number, (6) an identifier that allows a specific person to be contacted either physically or online, and (7) any other information concerning a person collected from the person through the Internet website or online service of the operator and maintained by the operator or data broker in combination with an identifier in a form that makes the information personally identifiable. Under Nevada Privacy Law, certain Nevada consumers may opt-out of the sale of Covered Information, with “sale” being defined as the exchange of Covered Information for monetary consideration. We do not believe that we sell Covered Information under Nevada Privacy Law; however, we do offer an opt-out of the sale or sharing of personal information to satisfy requirements under other data protection and privacy laws and this right is available to Nevada residents as well.
11. International Users.
The personal information processed in connection with this Policy may be stored and processed on servers located in the United States and other global locations, which means that if you reside outside of the United States your personal information will be transferred, stored, and processed outside of the country or jurisdiction in which you reside.
12. Contact Us.
If you have any questions or concerns relating to this Policy or our privacy practices, please contact us at [email protected] or:
DoorDash, Inc.
Attn: Legal
303 2nd St, Suite 800
San Francisco, CA 94107
Help Form: https://help.doordash.com/consumers/s/contactsupport
13. Updates to this Policy.
This Policy may be subject to updates from time to time with or without notice. We recommend that you periodically review this Policy. In the event of any changes to this Policy, we will determine whether or not notice is required and, if notice is required, we will provide appropriate notice taking into account the nature of the changes. Your continued use of our Services after any updates to this Policy constitutes your agreement and acceptance of this Policy as updated. In the event that you disagree with the changes, your only remedy is to cease using the Services.
