DealsDelivery
DE

Privacy Policy

Last updated: May 2026

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and the Maltese Data Protection Act (Cap. 586) is:

ClarityBuilds Ltd
Registration Number: C 113250 (Malta Business Registry)
VAT Number: MT32239919
Director: Christian Bakker
Centris Business Gateway, Level 4/W
Triq is-Salib tal-Imriehel, Zone 3
Central Business District
Birkirkara, CBD 3020, Malta
Email: info@dealsdelivery.com

2. Data Protection Officer

The appointment of a Data Protection Officer is not required. ClarityBuilds Ltd does not meet any of the criteria set out in Art. 37(1) GDPR: the core activities consist neither of the large-scale regular and systematic monitoring of individuals nor of the large-scale processing of special categories of personal data. Maltese law (Cap. 586) does not impose any additional obligation on companies of this size.

For any data protection inquiries, please contact: privacy@dealsdelivery.com

3. Overview of Data Processing

DealsDelivery.com is a platform that aggregates current offers and deals from food delivery services and presents them to you in a clear overview. Below we provide detailed information about the type, scope and purpose of the processing of personal data.

4. Server Log Files

When you visit our website, the server automatically collects and stores information in server log files: IP address, browser type and version, operating system, referrer URL, date and time of access, and HTTP status code.

Purpose: Delivery of the website, ensuring system stability and security, error analysis.

Legal basis: Art. 6(1)(f) GDPR. Our legitimate interest lies in ensuring IT security, detecting and preventing attacks, and maintaining system stability.

Retention period: 30 days. Longer retention only occurs for the investigation of specific security incidents.

5. Hosting (Microsoft Azure)

Our website is hosted on Microsoft Azure App Service. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Parent company: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA.

The servers are located in the Azure region “West Europe” (Netherlands).

Legal basis: Art. 6(1)(f) GDPR. Our legitimate interest lies in the reliable and secure provision of our website.

Third country transfer: Microsoft may access data from the USA in the context of support services. The transfer is based on the EU-US Data Privacy Framework (adequacy decision pursuant to Art. 45 GDPR) as well as Standard Contractual Clauses (Art. 46(2)(c) GDPR).

We have concluded a Data Processing Agreement with Microsoft pursuant to Art. 28 GDPR.

6. Cookies and Consent Management

6.1 Strictly Necessary Cookies

We currently use a single cookie:

CookiePurposeRetentionProvider
NEXT_LOCALELanguage preference (German/English)SessionDealsDelivery (first party)

This cookie is strictly necessary and is set without consent. Legal basis: Art. 5(3) of the ePrivacy Directive 2002/58/EC, transposed into Maltese law by Regulation 10 of the Processing of Personal Data (Electronic Communications Sector) Regulations (S.L. 399.35).

6.2 Consent-Based Cookies

Services such as Google AdSense (see section 11) set cookies that are only activated after your explicit consent. Consent is obtained via our cookie consent banner.

Legal basis: Art. 6(1)(a) GDPR in conjunction with Art. 5(3) ePrivacy Directive 2002/58/EC (Regulation 10 S.L. 399.35, Malta).

You can withdraw your consent at any time via the cookie banner or by adjusting your browser settings.

7. Local Storage (localStorage)

When you select a city, this selection is stored exclusively in your browser's localStorage (city name, coordinates, country). This data is never transmitted to our server.

Purpose:User-friendly experience — you do not need to select the city again on subsequent visits.

Legal basis:Art. 5(3) ePrivacy Directive (S.L. 399.35, Malta) — strictly necessary for the service you have requested.

Deletion: You can delete this data at any time via your browser settings.

8. Geocoding and Address Search

When you enter an address, the search text is transmitted to external geocoding services. Your IP address is also transmitted to the respective service.

8.1 OpenStreetMap Nominatim

Provider: OpenStreetMap Foundation (OSMF), St John’s Innovation Centre, Cowley Road, Cambridge CB4 0WS, United Kingdom.

Third country transfer: Adequacy decision of the European Commission for the United Kingdom (Art. 45 GDPR).

Privacy policy: osmfoundation.org/wiki/Privacy_Policy

8.2 Photon (Komoot)

Provider: komoot GmbH, Friedrich-Wilhelm-Boelcke-Strasse 2, 14473 Potsdam, Germany. Processing within the EEA.

Privacy policy: komoot.de/privacy

Legal basis: Art. 6(1)(f) GDPR. Our legitimate interest lies in providing a location-based restaurant search, which constitutes the core purpose of our service.

Storage: We do not store your geocoding queries on our own servers.

9. Restaurant Images

The restaurant images displayed on our website are cached by us and served from our own servers. No hotlinking takes place — your browser loads the images from our servers, not from the servers of the delivery platforms. Your IP address is not transmitted to the original platforms.

Legal basis: Art. 6(1)(f) GDPR. Our legitimate interest lies in the visually appealing presentation of restaurant offers and the protection of our users' privacy by avoiding direct data transmission to third-party platforms.

Retention period: Maximum 24 hours, followed by automatic deletion and re-fetching.

10. Platform Logos (logo.dev)

To display the logos of delivery platforms, we embed images from img.logo.dev. When fetching these images, your IP address is transmitted to the provider.

Provider: HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA.

Legal basis: Art. 6(1)(f) GDPR. Our legitimate interest lies in the visual identification of delivery platforms for better orientation.

Third country transfer: EU-US Data Privacy Framework (Art. 45 GDPR). HubSpot is certified under the Data Privacy Framework.

Privacy policy: legal.hubspot.com/privacy-policy

11. Google AdSense (Advertising)

We use Google AdSense to display advertisements. Google AdSense uses cookies and similar technologies to show advertising based on your interests.

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Data collected: IP address, cookie identifiers, device information, interaction data, usage behaviour.

Legal basis: Exclusively based on your consent (Art. 6(1)(a) GDPR in conjunction with Art. 5(3) ePrivacy Directive / S.L. 399.35 Malta). Without consent, no advertising cookies are set.

Third country transfer: EU-US Data Privacy Framework + Standard Contractual Clauses (Art. 46(2)(c) GDPR).

Withdrawal and opt-out: Cookie banner, Google Ads Settings or Network Advertising Initiative.

Privacy policy: policies.google.com/privacy

12. DD+ Registration and Payment Processing

Registration is required for the planned premium subscription (DD+). Data processed: email address, subscription status, payment data.

Payment service provider: Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin 2, Ireland. Parent company: Stripe, Inc., 354 Oyster Point Blvd, South San Francisco, CA 94080, USA.

We do not store any credit card data. Payment data is processed directly by Stripe.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract). Fraud prevention by Stripe: Art. 6(1)(f) GDPR.

Third country transfer: EU-US Data Privacy Framework + Standard Contractual Clauses.

Retention period: For the duration of the contractual relationship, followed by deletion unless Maltese retention obligations apply (Income Tax Act Cap. 123 and Companies Act Cap. 386: up to 9 years for tax-relevant records).

Privacy policy: stripe.com/de/privacy

13. Contact via Email

When you contact us by email, your email address, name (if provided) and the content of your message are stored.

Legal basis: Art. 6(1)(f) GDPR. Our legitimate interest lies in responding to your inquiries and maintaining the business relationship. For contract-related inquiries: Art. 6(1)(b) GDPR.

Retention period: Your inquiry and the associated data will be deleted after final processing, unless retention is required for the fulfilment of legal obligations or for the establishment, exercise or defence of legal claims.

14. Your Rights as a Data Subject

Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR): You have the right to obtain confirmation as to whether and which personal data we process.
  • Right to rectification (Art. 16 GDPR): You have the right to rectification of inaccurate data.
  • Right to erasure (Art. 17 GDPR): You have the right to erasure of your data, provided the legal requirements are met.
  • Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing.
  • Right to data portability (Art. 20 GDPR): You have the right to receive your data in a structured, commonly used and machine-readable format.
  • Right to object (Art. 21 GDPR): You have the right to object, on grounds relating to your particular situation, to the processing based on Art. 6(1)(f) GDPR.

To exercise your rights, please contact: privacy@dealsdelivery.com. We will process your request within one month (Art. 12(3) GDPR).

15. Withdrawal of Consent

Where processing is based on your consent (Art. 6(1)(a) GDPR), you may withdraw it at any time with effect for the future, without affecting the lawfulness of processing carried out prior to the withdrawal (Art. 7(3) GDPR).

Cookie withdrawal: Via the cookie consent banner on our website.

Other withdrawal: By email to privacy@dealsdelivery.com.

16. Right to Lodge a Complaint with a Supervisory Authority

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates the GDPR.

The supervisory authority responsible for us is:

Office of the Information and Data Protection Commissioner (IDPC)
Floor 2, Airways House
High Street
Sliema SLM 1549
Malta
Website: idpc.org.mt
Email: idpc.info@idpc.org.mt

You may also lodge a complaint with the supervisory authority of your habitual residence, your place of work, or the place of the alleged infringement (Art. 77(1) GDPR).

17. Obligation to Provide Data

The provision of personal data is neither legally nor contractually required. However, not providing it may result in you being unable to use our website or its full range of features (e.g. no address search without entering an address, no DD+ without an email address and payment data).

18. Automated Decision-Making

No automated decision-making, including profiling, within the meaning of Art. 22 GDPR takes place.

19. SSL/TLS Encryption

Our website uses SSL/TLS encryption. You can recognise an encrypted connection by “https://” in your browser's address bar and the lock icon.

20. Changes to this Privacy Policy

We reserve the right to amend this privacy policy to ensure it always complies with current legal requirements or to reflect changes to our services. The version in effect at the time of your visit shall apply.

21. Validity

This privacy policy is currently valid as of May 2026.