At this time, Stuart's delivery service will remain available to deliver all necessity goods (incl. food, groceries, pharmaceuticals, etc…) We've taken measures to create a safe environment for both clients and courier partners thanks to a contact-free delivery service. We're actively working to provide an efficient and conscious service enabling orders to be delivered as fast as possible under these particular conditions. Stuart's courier partners have been informed of the safety procedures to follow during deliveries. We're also in constant communication with local authorities to obtain regular advice to prepare for any eventuality as the situation evolves.
Privacy Notice
Last update: 20 May 2020
Stuart (‘we’, ‘our’) is a group of companies which specialises in on-demand logistics. This Privacy Notice provides information about the personal data that we process, your rights and how to exercise them, and how to make complaints. It provides this information in a way we have tried to make clear and transparent. If you would like more information about what data we process, for what purposes and how long we keep it for, please contact us.
This notice is regularly updated so please make sure to check it from time to time.
The notice covers the use of the personal data of website visitors, app users, and couriers.
If you have had an item delivered, please contact the courier or the third party that you ordered from for further information about how your personal data is processed.
Are you a (click which applies):
Website visitor
App user
Courier
Website Visitor
What data do we collect and how will it be used?
Unless you adjust your browser settings to refuse cookies, we (and third parties) use cookies when you interact with the Stuart website.
If you choose to ‘Get in Touch’, via the form provided, we collect your name, contact details and the city that you are enquiring about. You may choose to provide further personal data to ensure that your request can be fulfilled.
When subscribing to our newsletter, we will process the contact details that you provide and other analytics data from functionality embedded in the newsletter itself, such as whether the email is opened. You can unsubscribe at any time by using the link in the email or reaching out to us via our contact details.
Further details about this processing appears in the table below.
Lawful basis
For the collection of the data necessary to send you the newsletter, we rely on your consent.
For all other purposes listed above, we rely on our legitimate interest in running a business.
Categories of personal data collected
| Category | Purposes | Source | Recipients | Retention Period |
| Personal Identifiers (such as your name) |
|
|
| Up to 3 years from last contact* |
| Contact Details (such as your email address) |
|
|
| Up to 3 years from last contact* |
| Connection Data (such as IP address) |
|
|
| Up to 1 year from collection* |
*We may further process this data where required by law, to settle a dispute or to ensure the security of our systems.
Stuart does not sell your personal data to third parties.
What are your rights?
You have the right to:
- Access your data;
- Correct inaccurate personal data about you;
- Be forgotten by Stuart;
- Restrict our processing of your data;
Where we are relying on consent you also have the right to: - Port your data to another service;
- Withdraw your consent.
Further information on your rights and how to exercise them can be found here.
Where is this data stored?
The bulk of the personal data that we collect is processed at our offices in Paris, France; Barcelona, Spain; and London, UK; and in data processing facilities operated by service providers.
Where we transfer and store your information outside the EEA, we will take steps to ensure that your privacy rights continue to be protected as outlined in this Privacy Notice.
Application user
What data do we collect and how will it be used?
If you choose to download and install our application, we will collect your personal data for the purposes of providing our services. The data processed depends on what services you choose to use.
The use of personal data is necessary in order to connect you with couriers and ensure that your delivery is fulfilled successfully.
Payments
For online payments, we engage a PCI-DSS certified provider. PCI-DSS is an international security standard aimed at ensuring the confidentiality and integrity of cardholder data and thus to secure the protection of card data during transactions.
At no time do we have access to your credit card data in this process.
Customer Support
When you call our customer support, we will record the conversation for training and monitoring purposes. We will notify you and will offer you the opportunity to opt-out.
Exceptionally, we also record a random sample of the calls between you and the courier to ensure the quality of the service, you will be informed of this and offered the opportunity to opt-out.
The data collected will also be used to generate statistics for service improvement, for example by making reports of the issues that you encounter to identify systemic problems.
Further detail about the processing appears in the table below.
Lawful basis
We rely on contractual necessity to process the data necessary for the service, for example your name and payment data.
Data, such as error logs, are collected on the basis of our legitimate interests to monitor and improve the quality of our services.
Categories of data collected
Category | Purposes | Source | Recipients | Retention Period |
Personal Identifiers (such as name or username) |
|
|
| Up to 5 years from account deactivation* |
Contact Details and Logs (such as your email address) |
|
|
| Up to 5 years from account deactivation* Voice recordings: Up to 6 months from collection* |
Financial Information (such as your credit card details and transaction details) |
|
|
| Payment data is deleted once the transaction is complete. |
|
|
| Billing and invoicing data: 10 Years from the end of the financial year* | |
Location Data (derived from your connection data) |
|
|
| 1 year from collection* |
Connection Data (such as IP address) |
|
|
| 1 year from collection* |
*We may further process this data where required by law, to settle a dispute or to ensure the security of our systems.
Stuart does not sell your personal data to third parties.
Recipients of goods
In order to deliver goods users may provide the last name, first name, postal address, telephone number, signature and other additional information (for example, door code, floor, etc.) of the sender and the recipient of the goods.
For this use, the user will be considered the data controller and will be responsible for complying with the requirements of the applicable data protection law. We act as a data processor according to the terms of our agreement with the users as summarised here.
What are your rights?
You have the right to:
- Access your data;
- Correct inaccurate personal data about you;
- Be forgotten by Stuart;
- Restrict our processing of your data;
Where we are relying on legitimate interests you also have the right to:
- Object to the use of your data.
Further information on your rights and how to exercise them can be found here.
Where is this data stored?
The bulk of the personal data that we collect is processed at our offices in Paris, France; Barcelona, Spain; and London, UK; and in data processing facilities operated by service providers.
Where we transfer and store your information outside the EEA, we will take steps to ensure that your privacy rights continue to be protected as outlined in this Privacy Notice.
Courier
What data do we collect and how will it be used?
When you choose to use Stuart to offer your delivery services, we will require your personal data.
Onboarding
During onboarding, we will use this data to process your application, to contact you, verify your identity and confirm your eligibility to work.
Biometric data
To support your application, we will ask you to provide images of your identity documents and request your consent to record a short video of your face. We engage a service provider to process your biometric data in the form of facial scans which are then compared with your identification document. This is done to verify your identity and prevent fraud.
Deliveries
Once the application is approved, we will use further data to facilitate your delivery services and enable you to contact your customers. This includes tracking and sharing your location whilst deliveries are in progress, we do not track your location outside of deliveries. We also keep a record of your deliveries, the route taken, and your engagement with the customers to monitor deliveries. This includes the random and optional recording of telephone conversations made between yourself and these parties.
Throughout these processes we collect connection data to run and improve the application and the website. We will use this data to develop statistics which will be used for service improvement.
Further details on how we use your data can be found in the table below.
Lawful basis
Data necessary to provide our services, such as your name and signature, will be processed on the basis of contractual necessity.
Data from your identification document is processed on the basis of our legitimate interest in preventing fraud.
Location data is processed on the basis of our legitimate interest in the monitoring of a goods transport service.
The biometric data used for identity verification purposes is processed on the basis of explicit consent.
Categories of data collected
Category | Purposes | Source | Recipients | Retention Period |
Personal Identifiers (for example your name) |
|
|
| Up to 5 years from account termination* |
Contact Details and Logs (such as your email address) |
|
|
| Up to 5 years from account termination* |
Identity Documents (such as your passport or driving license) |
|
|
| Up to 5 years from account termination* |
Financial Information (such as bank account details) |
|
|
| Up to 5 years from account termination*
|
|
|
| Invoices are retained for 10 years from the end of the financial year* | |
Connection Data (such as IP address) |
|
|
| Up to 5 years from account termination* |
Location Data (such as GPS coordinates) |
|
|
| Up to 5 years from account termination* |
Biometric Data (facial scans) |
|
|
| Deleted after verification |
*Account termination as defined in section 14 of our terms and conditions. We may further process this data where required by law, to settle a dispute or to ensure the security of our systems.
Stuart does not sell your personal data to third parties.
What are your rights?
You have the right to:
- Access your data;
- Correct inaccurate personal data about you;
- Be forgotten by Stuart;
- Restrict our processing of your data;
Where we are relying on legitimate interests you also have the right to:
- Object to the use of your data.
In addition to the above, where we are relying on consent you have the right to:
- Port your data to another service;
- Withdraw your consent.
Further information on your rights and how to exercise them can be found here.
Where is this data stored?
The bulk of the personal data that we collect is processed at our offices in Paris, France; Barcelona, Spain; and London, UK; and in data processing facilities operated by service providers.
Where we transfer and store your information outside the EEA, we will take steps to ensure that your privacy rights continue to be protected as outlined in this Privacy Notice.
Your rights
Access
You have the right to access information we hold about you
This includes the right to ask us supplementary information about:
- The categories of data we’re processing;
- The purposes of data processing;
- The categories of third parties to whom the data may be disclosed;
- How long the data will be stored (or the criteria used to determine that period); and,
- Your other rights regarding our use of your data.
We will provide you with the information within one month of your request, unless doing so would adversely affect the rights and freedoms of others (e.g. another person’s confidentiality or intellectual property rights). This period can be extended if complying with the request is particularly complex. We’ll tell you if we can’t meet your request for these reasons.
Rectification
You have the right to make us correct any inaccurate personal data about you
There are certain circumstances, such as where personal data is required for the investigation of a crime, where we will not be able to correct your data.
Restriction
You have the right to limit the way that we use your personal data.
This right applies in limited circumstances such as where you contest the accuracy of the personal data, whilst we are verifying this you may request to restrict the use of the data.
Object
You can object to us using your data for profiling you or making automated decisions about you
We may use your data to determine whether we should provide information that might be relevant to you (for example, tailoring emails to you based on your behaviour).
Portability
You have the right to port your data to another service
We will give you a copy of your data so that you can provide it to another service. If you ask us and it is technically possible, we will directly transfer the data to the other service for you. We will not do so to the extent that this involves disclosing data about any other individual.
Right to Erasure or ‘to be Forgotten’
You have the right to be ‘forgotten’ by us
You can do this by asking us to erase any personal data we hold about you, if it is no longer necessary for us to hold the data for purposes of your use of Stuart or to meet our statutory obligations.
Right to complain
You also have the right to complain.
Automated Decision Making
For the purposes of the processing covered in this notice, we do not make any automated decisions about you.
How to exercise your rights
You can exercise your rights by emailing us at dpo@stuart.com.
We will respond within one month of the date that we receive a valid request. This period may be extended to two months if your request is particularly complex, we will notify you where this is the case.
Alternatively, you can contact us via the details here.
How we secure your data
We use physical, electronic and management procedures to safeguard and secure the personal data that we collect. These include:
- Security measures to prevent the loss or unauthorised access of your data;
- Limiting access to your data to those who have a genuine business need;
- Ensuring that our staff, our service providers and their staff, are aware of their responsibilities and have signed the appropriate contractual clauses;
- Processes in place to deal with information security breaches including to notify you where we are required to do so;
Unfortunately, no data transfer is completely secure. If you believe your privacy has been breached, please contact us immediately at dpo@stuart.com.
Where we store your data
The bulk of the personal data that we collect is processed at our offices in Paris, France; Barcelona, Spain; and London, UK; and in data processing facilities operated by service providers.
Third parties which process your data
We use third parties to help us run our business, this includes hosting our application, communicating with you and processing payments.
When we do this, it is sometimes necessary to share your data with them so that these services work well. Your data is shared only when strictly necessary and according to the safeguards detailed in this Privacy Notice.
Where personal data is transferred to a third party outside the European Economic Area, we take steps to ensure that we have the appropriate mechanisms reinforced by contractual measures. Where a transfer is destined for the United States these include a current certification with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks administered by the U.S. Department of Commerce's International Trade Administration (ITA).
Where required to do so by law, we will share personal data with government authorities including tax authorities and the police.
Cookies
Unless you adjust your browser settings to refuse cookies, we (and service providers) will issue cookies when you interact with Stuart via the application or website. These cookies serve to customise our content, inform our advertising campaigns and analyse traffic to the site.
These may be ‘session’ cookies, meaning they delete themselves when you leave Stuart website, or ‘persistent’ cookies which do not delete themselves and help us recognise you when you return so we can provide a tailored service.
How can I block cookies?
To help you exercise choices about cookies, we use a cookie banner that allows you to block all third-party cookies. This appears at the foot of our website when you visit our site.
You can also block cookies automatically by changing the settings in your browser. If you use your browser settings to disable, reject, or block cookies (including essential cookies), certain parts of our website will not fully function. Please note that where third parties use cookies, they may further use your personal data for their own purposes, we invite you to refer to their privacy notices for further information.
For further information about cookies, including to manage and delete them, please visit www.allaboutcookies.org and www.youronlinechoices.eu.
Which specific cookies do we use?
Service provider | Key cookies | Purpose |
Google, Inc. | NID | Google Analytics uses cookies to allow us to see information on the activities of visitors to our website and users of our service, including page views, source and time spent on the site. |
UserMatchHistory | LinkedIn cookies are embedded by the LinkedIn ‘share’ button and used to remember the language you select and to optimise advertising. To gain further information and to opt-out click here. | |
_fbp | Facebook cookies are used to deliver advertisements and for analytics purposes. To gain further information and to opt-out click here. | |
Stuart | i18n_locale | This cookie is essential for the website to work correctly. This sets the language that the website appears in. |
cookieconsent_status | This cookie is essential for the website to work correctly. It stores your consent preferences for cookies. | |
utm_campaign | This is used to track the performance of the advertising campaigns we manage. These cookies do not collect any direct identifiers.
| |
ajs_user_id | This cookie helps track visitor usage, events, target marketing, and can also measure website application performance and stability. | |
DatoCMS | __cfduid | This cookie is used to optimise the load-times on our website. |
Contact us
Unless indicated otherwise, SRT France (‘Stuart’) is the data controller for the uses outlined in this notice.
If you have any questions or concerns about the way in which your personal data is used, please contact us via dpo@stuart.com
Alternatively, you can write to us at the following address:
Stuart
8 Avenue des Ternes,
75017 Paris
And our Data Protection Officer is:
Madame la Déléguée à la Protection des Données du Groupe La Poste,
CP C703 – 9, Rue du Colonel Pierre Avia,
75015 Paris,
France
How to make a complaint
We are committed to working with you to resolve any concerns you have, if we fail to address your concerns you can complain to the competent data protection authority.
In the United Kingdom:
The Information Commissioner's Office via their website.
In France:
La Commission National de l’Informatique et des Libertés via their website.
In Spain:
Agencia Española de Protección de Datos via their website.