Your DeliveryHero Personal Data Has Been Obtained by Love Takeaway Australia (Illegally?)

LMurderface on 23/11/2017 - 10:16
Last edited 23/11/2017 - 11:10 by 1 other user

Many of you probably received spam from Love Takeaway Australia, I did some digging and discovered they obtained my (and your data if you used DeliveryHero) personal data from DeliveryHero.

  • I had multiple accounts with DeliveryHero with unique identifiers as the email address ([email protected]). I received spam from Love Takeaway Australia on every address, which is more than a coincidence as these addresses were only used at DeliveryHero and I have never received any other emails from anyone at these addresses.

  • Clive Thorpe was the CEO of DeliveryHero Australia and is now the founder of Love Takeaway.

  • DeliveryHero was consolidated with Foodora in 2016 and no longer operates in Australia. They also claimed to have deleted all personal data in the email they’ve sent to all customers. Viewable here

It is extremely concerning that our personal data was obtained by Love Takeaway Australia as it should’ve been deleted and we never gave consent to Love Takeaway Australia to begin with.

I won’t be using Love Takeaway Australia as they do not take our personal data seriously, but is there anything that can be done?

Internet

Related Stores

love-takeaway.com
love-takeaway.com

Comments

  • Ryanek on 23/11/2017 - 10:28

    Check the DeliveryHero terms and conditions which i'm guessing has a caveat to let them share this data.

    • Murderface on 23/11/2017 - 10:36

      I've had a look at the terms and conditions from October 2015, roughly when I signed up and I don't see anything that'll allow them to share our data.

      Here are the Terms and Conditions of DeliveryHero: https://web.archive.org/web/20151024141930/https://www.deliv…

      Am I missing anything?

      • dcep on 23/11/2017 - 10:50

        does it says T&C subject to changes at anytime ?

      • MercSal on 23/11/2017 - 10:54

        It clearly says personal information will be handled in accordance with their privacy policy. That states;

        Third party disclosure

        Delivery Hero may share statistics and personal information between its affiliates and related bodies corporate.

        Delivery Hero may also disclose your personal Information to a third party:

        such as a our suppliers to enable them to process and deliver your food order;
if you order food using a credit card or pay pal, your details will be passed on to the secure internet payment provider that we use for processing payment;
if you have provided your express consent to share the Information;
if Delivery Hero is required or authorised by law to disclose the Information;
if your personal Information is collected in connection with a joint promoter or service provider, to that joint promoter or service provider for marketing and research purposes;
if Delivery Hero feels you might like to know about a third party’s goods and services, we may supply that personal information to that third party.

        We may disclose your personal information to third parties that provide services including our payment gateway, restaurant partners, marketing, related party service providers and technology service providers. We may need to share some of your information with third parties outside Australia. Where your personal information is transferred outside Australia including the USA and EU, we will do so in accordance with the Australian Privacy Principles.

        We may store your information in cloud or other types of networked or electronic storage. As electronic or networked storage can be accessed from various countries via and internet connection, it’s not always practicable to know in which country your information may be held. If your information is stored in this way, disclosures may occur in countries other than those mentioned.

        In addition, we may also disclose your information to third parties in order for them to provide services to you, in accordance with our Terms of Use and this Privacy Policy.

        • Murderface on 23/11/2017 - 10:58

          You'd think after they stated to have deleted all customer data in December 2016, Love Takeaway Australia would not be able to use it anymore.

          The data was "deleted" before Love Takeaway Australia even existed.

        • HighAndDry on 23/11/2017 - 11:12

          Delivery Hero may share statistics and personal information between its affiliates and related bodies corporate.

          Wham Bam thank you ma'am.

        • Murderface on 23/11/2017 - 11:23

          @0blivion: I was under the impression I need to give consent to receive email marketing. I gave consent to DeliveryHero, but not Love Takeaway Australia.

          Surely you can't just acquire customer data from another company and then start spamming them your completely separate service.

        • HighAndDry on 23/11/2017 - 11:26

          @Murderface:

          I was under the impression I need to give consent to receive email marketing.

          What gave you that idea? Here's ACCC's take:

          https://www.acma.gov.au/Industry/Marketers/Anti-Spam/Ensurin…

          In some circumstances, message senders may rely on inferred consent if you have consented to your email address or mobile telephone number being on a marketing database that is sold to businesses.

          In this case, knowing your information given to DeliveryHero is shared with its affiliates means you're giving inferred consent to receiving emails from all of them, in addition to from DeliveryHero. At least that would be the argument - but seeing as how this is widespread common practice, I don't think the ACCC disagrees with this interpretation.

        • Murderface on 23/11/2017 - 11:31

          @0blivion:

          The Spam Act gave me that idea.

          What messages can be sent without consent?

          Certain messages from the following types of organisations:

          government bodies
          registered charities
          registered political parties
          educational institutions (for messages sent to current and former students).

          Marketing messages aren't exempt.

        • HighAndDry on 23/11/2017 - 11:33

          @Murderface:

          Did you read my comment? I didn't say marketing emails are exempt, I said that by providing your information to DeliveryHero and agreeing to their T&Cs, you gave them and their affiliates inferred consent to receive emails. Quoting my comment:

          In some circumstances, message senders may rely on inferred consent if you have consented to your email address or mobile telephone number being on a marketing database that is sold to businesses.

          In this case, knowing your information given to DeliveryHero is shared with its affiliates means you're giving inferred consent to receiving emails from all of them, in addition to from DeliveryHero. At least that would be the argument - but seeing as how this is widespread common practice, I don't think the ACCC disagrees with this interpretation.

        • garetz on 23/11/2017 - 13:16

          @Murderface: You are saying these things like their terms and conditions somehow are legally binding, and trump Australian law, they do not. Even if you agree to their terms and conditions, you still have a reasonable expectation to privacy.

        • HighAndDry on 23/11/2017 - 13:24

          @garetz: Pretty sure you meant to reply to me, but again - no, there's no "Australian law" that gives express and clear rights to privacy against all spam emails. I mean, I'm quoting the ACCC here - if anything their interpretation of the law would be more protective, not less, of consumers and even they concede inferred consent is a thing.

  • c64 on 23/11/2017 - 11:56

    report it as spam on the acma site https://www.acma.gov.au/Citizen/Phones/Mobile/Dealing-with-m…

  • orourke on 23/11/2017 - 11:59

    … retracted

  • Orangeyunyun on 08/02/2018 - 00:13

    This stuff happens all the time with even our biggest companies. Not much you can do about it because every time you press that button to agree to terms and conditions you can almost be certain your details are going to be sold.

    Have you ever registered a domain name. For the next 2 weeks your being sold web design services, other global domains, etc. I wondered how that happened.

    I do find it funny how you claim data breach and how dare they do that, when you yourself have setup multiple email addresses for the mere purpose of obtaining additional coupons. I wondered what DH terms and conditions say about that? Did you disclose you were purposely setting up additional emails accounts for financial gain?

Login or Join to leave a comment
Login Join