ResQ Club Privacy Policy
1. Background
Last update: This privacy policy was published on 16.6.2025. This policy replaces all previous versions of this privacy policy. Please read this policy carefully before using our services.
This Privacy Policy sets out the basis on which ResQ Club Oy and its subsidiaries (“We”, “Us”, “Group”) process the personal data it collects from you. ResQ Club Oy and its subsidiaries are the data controllers in relation to the processing of your personal data, unless otherwise is stated.
In this Policy, we describe how we collect, process and share our Customers’ personal data that we store. Personal data means any information which may be used to identify an individual.
The Customer (“You”, the “User” or the “Data Subject”) is a person who uses our website or service (“Online Services”) or otherwise contacts us. “Our Service” refers to our digital service platform (website and/or mobile application) through which businesses with a signed partnership agreement (“Partner”) with us provide the offers for purchase by service users. This Privacy Policy applies to all personal data processed by us in connection with our Online Services, including the personal data of visitors to our website and the personnel of our Partners.
However, this Privacy Policy only applies to the processing of personal data by us and not the processing of personal data by third parties. To the extent permitted by applicable regulations, we do not assume responsibility for the processing of personal data by third parties.
This Policy explains:
- what personal data we hold and why we process it;
- the legal grounds which allow us to process your personal data;
- where the data comes from and how long we keep it;
- exercising your rights as a Data Subject;
- our contact details
2. From where personal data is collected
We may collect personal data that you provide us or that we obtain directly when you, for example, sign up for our Online Services and give us your name. We may also collect personal data automatically or obtain it from other sources when you use or interact with Our Service. Personal data is also collected, for example when you contact us or when you subscribe to our marketing communication.
3. What data we process, for what purpose, the legal basis for it and storage period
We process your personal data for the following purposes:
Implementation of our Online Services
We use personal data for user identification and login; provision, maintenance and protection of our Online Services; billing and recovery; forwarding orders to our Partners (i.e. a company or legal entity that is operating businesses/Venues such as café, restaurant, grocery store, wholesaler etc. whose product/goods was ordered through our Online Services); and communication with Users.
Categories of personal data
When you register to our service and create a user account, you will need to provide us with the following information:
- Contact information: email address
- Location (country you reside in)
- Language selection
When you use the service you can additionally provide us:
- Identity data (name) and phone number
- Information on products purchased and sold through our Online Services
- Payment methods used and other payment information
- Other personal information you provide us, such as consents given or revoked to for example marketing
We automatically collect
- The date, time and version of our terms of service you have accepted
- The date and time of when you registered to our Online Services
- User ID, App version and login methods (Google ID, Facebook ID, Apple ID or email)
To improve your user experience, you can provide us with e.g., the following information:
Usage preferences such as favorited Partners and Dietary preferences, used to filter relevant offers
Purpose of processing
Implementation of our Online Services and Our Service
Legal basis
Contract (GDPR Art. 6(1)(b)). The processing is necessary to enforce the contract between us and the User.
Regarding the data that you may provide voluntarily, the processing is based on our legitimate interest (GDPR Art. (6)(1)(f)).
Storage period
Your personal data is stored during the Customer relationship. The Customer relationship ends on the customer’s request (user deletion) or after two (2) years of inactivity.
Marketing
We use personal data for marketing our Online Services as well as the products and services of our Partners via Our Service. Data Subjects may object to direct marketing or revoke their consent at any time.
Categories of personal data
- Identity data (name)
- Contact information such as email address and phone number
- Location
- Language selection
- User ID
- Purchase and Payment data such as credit balance, last purchase date and method, total purchase count, and by offer type, offer reviews
- Information on referral code usage
- Registration date and sign-up method
- User preferences such as dietary and favourited Partners
- Device type and ID, operating system, app version
Communication preferences such as consents and permissions given or revoked
Purpose of processing
Marketing in relation to our Online Services and Our Service
Legal basis
Legitimate interest (GDPR Art. (6)(1)(f)). Processing is necessary to market our products and services. Consent of the data subject (GDPR Art. 6(1)(a)).
With respect to direct marketing, the processing may also be based on your consent (GDPR Art. (6)(1)(a)).
Storage period
Your personal data is stored during the Customer relationship. The Customer relationship ends on the customer’s request (user deletion) or after two (2) years of inactivity.
Data Subjects may object to marketing or revoke their consent at any time.
Improving our Online Services
We use the data to improve our Online Services. For example, by analyzing trends in the use of our Online Services, by processing feedback from Users and market surveys help us understand what improvements our Users would like to see in our Online Services.
Categories of personal data
- Content you generate by filling in surveys, submitting feedback, contacting our customer support or reviewing a purchased offer
- Location data
- User preferences such as dietary and favourited Partners
- Information on products purchased and sold through our Online Services including their prices, pictures, payment methods used and other payment information and accounting records for the payment account
- Device specific data such as device type, operating system, browser type, screen size, locale, device token
- User ID, App version, activity and login method
- IP Address and other location data
- Payment data including the payment method used, currency, date, time and location of purchase, id of the merchant the purchase is made from, id of the User making the purchase, purchased items, price and pickup time
- Usage data stored in logs and/or used for improving the app’s reliability and performance.
Purpose of processing
Improving our Online Services and Our Service
Legal basis
Legitimate interest (GDPR Art. (6)(1)(f)). Processing is necessary to improve our services.
Storage period
Your personal data is stored during the Customer relationship. The Customer relationship ends on the customer’s request (user deletion) or after two (2) years of inactivity.
Preventing and investigating misuse
We may need to use the data to prevent and investigate cases of misuse of our Online Services. For example, we may use log data collected automatically to monitor and investigate the activities of the Users of our Online Services as well as to check whether their use is authorized.
Categories of personal data
- Contact information such as full name, email address and phone number
- Information on products purchased and sold through our Online Services including their prices, pictures, payment methods used and other payment information and accounting records for the payment account
- Contractual information, such as transactions and communications related to the service and its use, as well as billing and recovery information
- Device specific data such as device type and ID, operating system, browser type, screen size, locale, device token
- IP Address and other location data
- Payment data including the payment method used, currency, date, time and location of purchase, id of the merchant the purchase is made from, id of the User making the purchase, purchased items, price and pickup time
- Usage data stored in logs and/or used for improving the app’s reliability and performance. Analytics data is anonymous unless tracking is explicitly consented to by the Data Subject
Purpose of processing
Preventing and investigating misuse in relation to our Online Services and Our Service
Legal basis
Legitimate interest (GDPR Art. (6)(1)(f)). It is necessary to process the data to keep our services safe and functioning.
Storage period
Your personal data is stored during the Customer relationship. The Customer relationship ends on the customer’s request (user deletion) or after two (2) years of inactivity.
Legal Obligations
If applicable, we process your personal data relating to our legal obligations such as accounting and taxation of our Online Services.
Categories of personal data
- Contact information such as full name and email address
- Contractual information, such as transactions and communications related to the service and its use, as well as billing and recovery information
- Information on products purchased and sold through Our Online Services including, but not limited to, the payment method used, currency, date and, time of purchase, id of the merchant the purchase is made from, id of the User making the purchase, purchased items, price, VAT, receipt id and other payment information and accounting records for the payment account
Purpose of processing
Legal Obligations in relation to our Online Services and Our Service
Legal basis
Legal Obligation (Art. 6(1)(c))
Storage period
We retain correspondence on payment records and transactions for six (6) years from the end of the calendar year during which our financial year ends.
Establishment, exercise or defence of any legal claims or actions
If applicable, we process your personal data in order to safeguard our rights in the event of any legal claim or action related to the use of our Online Services.
Categories of personal data
- Identity data
- Contact details (email, address, phone number)
- Any relevant information related to the claim or legal action
Purpose of processing
Establishment, exercise or defence of any legal claims or actions in relation to our Online Services and Our Service
Legal basis
Legitimate interest (GDPR Art. (6)(1)(f)). The processing is necessary to protect and uphold our rights in connection with any legal claims or actions.
Storage period
In the event of any legal claim or action, your personal data is retained during the legal process and until the legal process has been finally completed and the obligations associated with it have been fully discharged.
Managing Customer relationships
Categories of personal data
- Contact information such as full name, email address and phone number
- Content you generate by filling in surveys, submitting feedback, contacting our customer support or sales team or reviewing a purchased offer
- Usage preferences such as the country you reside in, language selection, and favorited Partners
- Information on products purchased and sold through our Online Services including their prices, pictures, payment methods used and other payment information and accounting records for the payment account
- Contractual information, such as transactions and communications related to the service and its use
- Other personal information you provide us with, such as consents given or revoked to for example marketing communications
- We may also collect your information from public and other sources, such as other companies and organizations, including our data files and those of companies belonging to the same Group from time to time. An example of such data would be contact person information processed for managing the customer relationship between Us and a corporate customer
Purpose of processing
Managing Customer relationships in relation to our Online Services and Our Service
Legal basis
Legitimate interest (GDPR Art. (6)(1)(f)) to manage and improve our Customer relationships.
Storage period
Your personal data is stored during the Customer relationship. The Customer relationship ends on the customer’s request (user deletion) or after two (2) years of inactivity.
Other purposes of the processing, if any, will be communicated to you when we collect data from you or request your consent to the processing of your data.
4. Recipients that we share your personal data with
We will only disclose your personal information as described in this Privacy Policy.
We use subcontractors in the provision of our Online Services. Data may be transferred to our service providers that perform e.g. data processing services, analytics services or customer service improvement services on our behalf. In this case, we will make appropriate contractual arrangements to ensure that the data is processed in accordance with current legislation and this Privacy Policy.
We may also disclose anonymized information on the use of our Online Services that does not allow individuals to be identified. We may also combine your data with the data of other Customers so that you cannot be identified.
Other recipients
In certain cases, we share, if necessary, your personal data with other recipients for certain purposes (e.g. to fulfill legal obligations and to handle and defend legal claims). Examples of recipients are external advisors, authorities, courts, and the police.
Recipient
Authorities (e.g. the Police, the Tax Agency and the Financial Supervisory Authority).
Purpose
In order to fulfil any legal obligations to which we are subject, e.g. in connection with requests from authorities or other legal claims in relation to our Online Services and Our Service
Legal basis for the transfer
Legal obligation (GDPR Art. (6)(1)(c)). The processing is necessary to fulfil legal obligations to which we are subject.
Recipient
Authorities (incl. courts) and legal representatives.
Purpose
To establish, exercise and defend legal claims in relation to our Online Services and Our Service.
Legal basis for the transfer
Legitimate interest (GDPR Art. (6)(1)(f)). The processing is necessary to fulfil our legitimate interest in disputes and cases being managed by competent courts and legal representatives.
Recipient
Group Companies
Purpose
Legal basis for the transfer
Legitimate interest (GDPR Art. (6)(1)(f)).
Recipient
Buyers, sellers and external advisors/other parties involved
Purpose
To enable business changes, e.g. sale or merger of the business or investments in general in relation to our Online Services and Our Service.
Legal basis for the transfer
Legitimate interest (Art. 6 (f) GDPR). The processing is necessary to fulfil our legitimate interest in conducting and executing business changes.
Recipient
Partners
Purpose
When you submit an order, we supply our Partner, i.e. the business that will deliver your order, with information necessary for delivery, such as your contact information (as a rule, only your name, email address or telephone number) and the details of your order. The Partner in question will also process your personal data in relation to our Online Services and Our Service
Legal basis for the transfer
Contract (GDPR Art. 6(1)(b)). The processing is necessary to enforce the contract between us and the User.
5. Where we process personal data
We and our Group pursue business operations and maintain data systems in different countries. We may disclose your information to other entities within our Group. We may also transfer or disclose your information to countries where we have Partners or where services are performed for us, and elsewhere if required by corporate restructuring, including countries outside the European Union or the European Economic Area. Data transfers and disclosures are carried out within the framework of applicable legislation. If the European Union does not consider the level of protection in the country in question adequate, we will use contractual practices, the European Commission’s model clauses where applicable and/or other practices to provide adequate security for your personal data. The transfer and disclosure of data will only take place in accordance with this Privacy Statement and for the purposes described in it. If you have questions regarding which countries your personal data is transferred to and which safeguards we take to protect your personal data, or to request a copy of such safeguards and information, respectively, where they are available, please contact us at privacy@resq-club.com.
6. File protection policy
We have appropriately protected data using both administrative and physical means as well as technical solutions (e.g. firewalls and passwords). Our employees are bound to confidentiality.
Despite the protection measures applied, the processing and transfer of data via the Internet always involves risks. We will notify you without undue delay if, despite our measures, a security violation occurs that is likely to result in a high risk to your rights or freedoms.
7. Automatic decision-making and profiling
We may use profiling and automatic decision-making in our marketing efforts or when offering our Online Services to you by for example recommending offers that may be of interest to you.
8. Cookies
A cookie is a small text file that your web browser stores on your device. Cookies often contain an anonymous, unique identifier, which allows us to identify and count the browsers used to visit our website. Cookies do not move around in the network. They are only placed on the User’s terminal for the website requested by the User. Only the server that sent the cookie can later read and use it. Cookies or other similar techniques used by us do not damage the User’s terminal or files, and cookies cannot be used to run programs or spread malware.
Our Online Services use both erasable session cookies and cookies stored by the browser. Session cookies remain in the browser’s memory only until the browser is closed. Stored cookies remain on the User’s device for a certain period of time (typically for a few months to a few years) or until the User removes them.
Our Online Services use first-party cookies which are created by the website visible in the address bar. In addition, our Online Services use third-party cookies created by entities, such as advertising networks, measurement, analytics and tracking services, and social media services.
Cookies allow us to remember the Data Subject’s login data and selections, to develop our Online Services and our Service and, for instance, to enable customized marketing and presenting Users with customized offers based on their likely interests, as well as to investigate any cases of misuse. We also use cookies to monitor the number of visitors to our Online Services and to check whether emails or newsletters have been opened and whether any action has been taken on them.
When visiting our website or using the service, Users are given the option to allow cookies, such as analytics or marketing cookies. You can choose to enable only certain types of cookies and withdraw your consent at any time by changing your cookie preference.
9. Your rights
You can influence the processing of your data by exercising the following rights:
Under data protection regulations you have certain rights in relation to the processing of your personal data. We process your personal data to the extent necessary in order to fulfill your rights. Please submit requests for exercising your rights by contacting us at privacy@resq-club.com.
You have the right to:
Access your personal data
You have the right to access personal data we process about you. You may request a copy of your personal data at privacy@resq-club.com. We will provide you with it unless we have lawful reasons not to share this data or if sharing the data would adversely affect the rights and freedoms of others.
Update your personal data
Furthermore, you have the right to request that incorrect or incomplete personal data is corrected or completed.
Withdraw consent
To the extent we rely on your consent to process personal data you have the right to at any time withdraw your consent.
Object to the processing of personal data
You have the right to object to the processing of your personal data based on a legitimate interest for reasons which concern your particular situation. In such a situation, we will stop using your personal data where the processing is based on a legitimate interest, unless we can show that the interest overrides your privacy interest or that the use of your personal data is necessary in order to manage or defend legal claims.
Delete your personal data
Under certain circumstances you have the right to request that your personal data is deleted. However, we cannot delete your personal data if we for example are obligated under law to keep the data.
Restrict the use of your personal data
You have the right under certain circumstances to request that the processing of your personal data is restricted. If the processing of your personal data has been restricted we may only, besides storing the data, process your personal data with your consent, in order to establish, exercise or defend legal claims or to defend rights of others.
Transfer your personal data (data portability)
Finally, you have the right to request a copy of the personal data that we store about you in a structured, commonly used and machine-readable format (data portability). The right to data portability, compared to the right to access, only comprises such personal data you yourself have provided and which we process based on certain legal grounds, e.g. your consent.
Please note that to access the service you need to provide your email address, name and preferred payment method and allow them to be processed. Likewise, the use of the service requires that we may send you communications related to the use of the service and that we may disclose information necessary for processing your order to our Partner . If you do not provide information relevant to the service or require it to be removed or the processing to be restricted, we may prevent or discontinue your access to the Online Services.
With regard to automatically collected data, you can influence the collection and processing of data by giving or revoking your consent in the consent management tool when accessing the Online Services or visiting the website.
However, please note that preventing the use of cookies or location data may cause some of the functions in our Online Services to cease working properly or as designed.
10. Controller information and Contact
Unless otherwise stated, we are the controller of the personal data collected and processed through our Online Services.
ResQ Club Oy (Business ID 2725420-3)
Lapinlahdenkatu 16
00180 Helsinki
Contact information
If you have any questions regarding the processing of your personal data, please do not hesitate to contact us. See below for contact details. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority within your jurisdiction.
Email: privacy@resq-club.com
11. Changes to the Privacy Policy
We may occasionally update this information, e.g. if we process personal data for new purposes, collect additional categories of personal data or share personal data with other recipients. In such a case we will notify you in an appropriate way. The latest version of the information is always published on this page.
