Our Global Coverage
Privacy Notice
When you use Lalamove, you trust us with your personal data. We’re committed to keeping that trust. The Privacy Notice describes the personal data we collect, how it’s used and shared, and your choices regarding this data. To view the privacy notice relevant to you, please select the appropriate tab on the left.

Privacy Notice (Driver)

Last Updated: 7th November, 2025

Previous version of the Privacy Notice

Lalamove Netherlands B.V. (hereafter: Lalamove, or we) is committed to protecting personal data of our Delivery Partner (as defined in the Delivery Partner Terms of Use (Terms & Conditions | Lalamove Germany)) and their substitutes, including all users of our website https://www.lalamove.eu/en-de and related services. We will be the “controller” of the information we hold about you. 

We operate web and mobile applications and website to act as a platform to connect users of our platform to Delivery Partners, including individuals using other modes of transportation, and to help facilitate such Delivery Partners to provide on-demand delivery services and purchasing services ("Services"). This Privacy Notice explains how we collect, use, store, and protect your personal data when you use our Services, visit our websites, or interact with us in any other way. It also describes your rights under applicable data protection laws and how you can exercise them.

 

1. Contacts Details

Controller:

Lalamove Netherlands B.V.
Laarderhoogtweg 25, 
1101EB Amsterdam
KvK-nummer: 98247557

Email: info.de@lalamove.eu 

 

2. What Personal Data We Use and Why

“Personal data” (also referred to in this Notice as “your data”) means any information, or set of information, that can directly or indirectly identify you, such as your name or email address. It does not include data where identifiers have been removed (anonymous data).

Whenever you interact with our Services, we collect and process personal data about you. We  may process your personal data for the purposes below.

1. Accounts Registration and Management

When you apply to become a Lalamove Delivery Partner, we collect and process certain personal data to verify your identity, confirm your eligibility, and set up your Delivery Partner account. The types of personal data we collect during the registration process and the reasons we use them are outlined below:

Identification and Contact Information:
Full name, date of birth, address, phone number, email address
Why we use it: To create your account, verify your identity and age, communicate with you about your application.
Legal basis:
Performance of a contract (Art. 6(1)(b) GDPR)
Required? Yes – Without this information, we cannot process your application.

Government-Issued Documents:
National ID, passport, driver’s license (front and back), trade license
Why we use it: To verify your driving eligibility and eligibility to do the business, and comply with regulatory obligations, including anti-fraud and anti-money laundering checks.
Legal basis:
Legal obligation (Art. 6(1)(c) GDPR)
Performance of a contract (Art. 6(1)(b) GDPR)
Required? Yes – Mandatory for contract and regulatory, safety compliance.

Profile and Vehicle Information:
Delivery Partner profile with photo, vehicle details (license plate number, vehicle type), vehicle-related images
Why we use it: To confirm vehicle ownership, ensure compliance with local transport laws, and display correct details to users.
Legal basis:
Performance of a contract (Art. 6(1)(b) GDPR)
Required? Yes – Without this, you cannot be activated as a Delivery Partner.

2. Order Matching & Navigation

To enable delivery services by matching users with you, navigating to pickup/drop-off, calculating estimated time of arrival (“ETA”), showing live progress on the map, coordinating hand-off, we will process:

    • Display name (optional): profile photo shown to users for identification at pickup.

    • Geolocation data: Real-time GPS coordinates, route/heading, timestamps, and accuracy metadata only while you’re online or handling an active order.

    • App usage data: Order-flow events (accept/decline/arrive/pickup/drop-off/complete timestamps), relevant screen interactions for the order flow, crash/performance diagnostics.

    • Device data: Device model, OS/app version, network status, app-scoped identifiers (e.g., push token), and security signals used to protect the platform.

    • Communications data: In-app chat content you send, and call/SMS relay metadata (e.g., time and duration) when contacting users via masked numbers to coordinate pickup/drop-off.

    • Order context shown to you: Pickup and drop-off locations, contact via masked number or in-app chat, parcel/order notes necessary to fulfill the delivery.

Legal Basis:
Performance of a contract (Art. 6(1)(b) GDPR) — to match and dispatch orders, navigate, coordinate with users, show progress/ETA, and complete delivery and hand-off.
Required? Yes - if you refuse required data (e.g., real-time location while you’re online or on an active order), we can’t perform the contract and can’t dispatch you to the user’s location.

3. Fare Calculation, Charges & Payouts

To calculate prices for each delivery (based on pick-up/drop-off, distance, duration and applicable fees), and issue receipts/invoices, we will process: 

    • Geolocation & order telemetry (active orders only): Pick-up/drop-off coordinates and timestamps, route and traveled distance, trip duration, waiting time, detours, toll segments, proof-of-delivery timestamps/photos.

    • Pricing context: Service tier/vehicle type, city/zone, dynamic pricing/surge factors, taxes/fees, promo/voucher codes and eligibility, cancellation/no-show policy triggers.

    • Delivery Partner payout & invoicing data: Payout account (e.g., IBAN/BIC or wallet ID), payout statements and amounts, VAT/tax identifiers where applicable, invoice/receipt details required by law.

Legal Basis:
Performance of a contract (Art. 6(1)(b) GDPR) — calculating fares, charging users, computing distance/time with geolocation, issuing receipts, and settling payouts.
Legal obligation (Art. 6(1)(c) GDPR) — accounting and tax/VAT compliance, statutory retention.
Required? Yes—without this data, we are unable to perform our obligations to facilitate your contract with the user (e.g., calculate prices, charge the user, or settle your payout).

4. Smooth Delivery Service

To ensure smooth deliveries, we navigate you to pick-up and drop-off, analyze geographic coverage to balance supply and demand, and improve our route recommendations. We also troubleshoot quality issues related to your use of the Lalamove Driver App.

    • Geolocation data: Real-time GPS coordinates, route/heading, and timestamps only while you’re online or handling an active order.

    • App usage data: Order-flow events like arrive or pick-up/drop-off etc.

Legal Basis:

    • Performance of a contract (Art. 6(1)(b) GDPR)

    • Legitimate interests (Art. 6(1)(f) GDPR) for service quality, route optimization, geographic coverage analysis, fraud/safety, and diagnostics.

Required? Yes - without those data we can’t dispatch, navigate, or complete deliveries.

5. Customer Support & Feedback Handling

Investigate and respond to your requests (e.g., ticket inquiries, reported safety incidents or alleged criminal acts, and complaints—including dispute resolution between Delivery Partners and users). We also use the information you share to troubleshoot quality issues and improve our services. In safety-related cases, warning/suspension flags are reviewed only by Customer Support and/or Safety teams where a safety related incident on the Lalamove platform is being investigated.

    • Profile & account data: Display name/alias, Driver ID, contact details.

    • Communications data: In-app chat you send, call/SMS relay metadata (time/duration), support ticket history, push events.

    • User-generated content: Descriptions you submit to us, attached photos/videos/documents (e.g., proof, receipts, incident evidence).

    • Order context: Order IDs, pickup/drop-off locations and timestamps, relevant route/telemetry needed to assess a case.

    • Safety & enforcement data: Warning/suspension flags, policy-violation notes, device/security signals tied to an incident.

Legal Basis:

    • Performance of a contract (Art. 6(1)(b) GDPR): to handle Service issues and resolve order-related complaints.

    • Legitimate interests (Art. 6(1)(f) GDPR): to provide and improve support, ensure safety and platform integrity, prevent threats/abuse, and resolve disputes.

    • Legal obligation (Art. 6(1)(c) GDPR): to cooperate with law enforcement or comply with other statutory duties in safety-related incidents.

6. Fraud Detection, Investigation and Prevention

We may process your data to prevent, detect, and investigate fraudulent accounts, payments, and other abusive or unlawful use of Lalamove, and to apply temporary holds or blocks when needed. This includes automated risk checks at sign-up/login, when you go online, accept/complete orders, top up balances, or request payouts. Signals we may use include device and security indicators, geolocation while you’re online or on an active order, order telemetry (e.g., timestamps, route context), payment risk metadata. Final blocking decisions are not made solely by automation—you can request human review, present your point of view, and contest the outcome.

Data we may process:

    • Profile & account data: Name/alias, Driver ID, contact details, account status/flags.

    • Identification/verification data - Know Your Client (KYC): ID/driver’s license details, selfie/liveness checks (where used), business/trade license info.

    • Device & security signals: Device model/OS, app version, IP address, app-scoped identifiers (e.g., push token), integrity/anti-tampering signals, login patterns.

    • Geolocation (active sessions/orders): Pick-up/drop-off coordinates and relevant timestamps/route context to validate activity legitimacy (no continuous tracking while offline).

    • App usage & telemetry: Order-flow events (accept/arrive/pickup/drop-off/complete), interaction patterns, session metrics.

    • Payment/transaction data: Tokenized payment instrument details, authorization/settlement IDs, refund/chargeback metadata, failure/ risk codes.

Legal Basis:

    • Legitimate interests (Art. 6(1)(f) GDPR) — protect our users, Delivery Partners, and systems by preventing, detecting, and responding to fraud, abuse, and violations of our Terms.

    • Legal obligation (Art. 6(1)(c) GDPR) — cooperate with law enforcement and comply with Anti-Money Laundering (AML)/KYC or other statutory duties where applicable.

    • Performance of a contract (Art. 6(1)(b) GDPR) — ensure account/payment integrity necessary to provide the Service and settle orders.

7. Marketing

We may process your data to send you (personalised) marketing messages and notifications to manage, support, improve, and develop our Services and your experience. This may include promotions for Lalamove products/services, tailoring your in-app experience, and showing you targeted ads. We rely on your consent for electronic marketing unless not required by law (e.g., existing customers contacted about similar Services, where permitted). You can change your preferences at any time via unsubscribe links, in-app settings, or by contacting us.

Data we may process:

    • User ID

    • Address details

    • Contact details

    • Order and transaction details

    • Campaign data

    • Device ID

    • Cookies and similar technology data

Legal basis:

    • Consent (Art. 6(1)(a) GDPR)

    • Legitimate interests (Art. 6(1)(f) GDPR) to segment audiences using first-party data to deliver relevant content. You may object to this processing at any time.

8. Campaigns & Contests

Run optional Lalamove campaigns or contests connected to our Services (e.g., DRD, Stickers promotions etc.), manage participation, determine eligibility/winners, deliver rewards, and comply with any prize-related obligations.

Data we may process:

    • Name and Account ID

    • Contact details (e.g., email, phone, in-app notifications)

    • Campaign data (e.g., opt-in status, entries, milestones, scores, status)

    • Order/transaction context (optional, only if relevant to the campaign mechanics) — e.g., completed orders, city/zone, timestamps, or vehicle related information like plate number, image of vehicle.

    • Reward fulfillment details — e.g., payout method and info; where required by contract and laws

Legal basis:

    • Performance of a contract (Art. 6(1)(b) GDPR): to administer the campaign you joined.

    • Legitimate interests (Art. 6(1)(f) GDPR): operational communications (e.g., necessary operational messages about a campaign you already joined) and to ensure fairness, prevent abuse, and verify results.

    • Legal obligation (Art. 6(1)(c) GDPR): to meet tax/accounting or regulatory duties related to prizes or payouts, if applicable.

9. Analytics & Product Improvement

Understand how you interact with the Lalamove Driver App and our Services, improve performance and reliability, run product experiments (e.g., A/B tests), and generate aggregated reports (e.g., feature adoption, stability, supply–demand balance). Where required, we also meet limited reporting obligations to partners (in aggregated, non-identifying form).

Data we may process:

    • App usage events: Screen flows related to order handling, taps/latency, feature adoption, session length.

    • Performance & diagnostics: Crash logs, error codes, load times, network status.

    • Device context: Device model, OS/app version, app-scoped identifiers (e.g., push token), integrity/security signals.

    • Geolocation (aggregated/anonymized for coverage): Heatmaps and route density derived only from online/active-order periods.

    • Experiment metadata: A/B test group, variant.

Legal Basis:

    • Legitimate interests (Art. 6(1)(f) GDPR) — to understand how the App is used, improve performance and reliability, run product and usability experiments (e.g., A/B tests), and generate aggregated, non-identifying reports.

    • Consent (Art. 6(1)(a) GDPR in conjunction with §25(1) TTDSG) — where analytics or experiments rely on cookies or similar technologies that store or access information on your device (only where and to the extent you have consented).

    • Performance of a contract (Art. 6(1)(b) GDPR) — where certain technical performance or diagnostic data are strictly necessary to provide the App, fix errors, and ensure core functionality.

10. Online identifiers & cookies

When you visit our website, we (and, where you consent, our partners indicated in the consent) may process cookie IDs, device/advertising identifiers, and usage data for the following purposes: (1) site operation (technically necessary), (2) functional purposes, (3) performance measurement / analytics, and (4) personalized advertising. Please refer to the Cookies and Related Technologies section below for details and options on how to manage consent.
Legal basis: 
Legitimate interests (Art. 6(1)(f) GDPR) in enabling the use of our website, inter alia by using Strictly necessary cookies that are required for the website to run securely
Consent (Art. 6(1)(a) GDPR) - we rely on your consent for functional analytics and advertising cookies.
Required? 
Strictly necessary cookies: Yes – without these, the website cannot operate correctly.
Functional, Analytics and advertising cookies: No – these are optional and only set with your freely given consent.

 

3. With Whom We Share Your Personal Data

We work with other Lalamove entities within the EU and with external partners to operate our Services, meet legal obligations, and support our business as described in this Notice. Depending on the activity, these parties act on our behalf as processors or as independent (or joint) controllers under applicable data protection law.

We require all group companies and third parties to protect your data to at least the standards set out in this Notice and GDPR. We implement data processing agreements (Art. 28 GDPR), joint controller arrangements (Art. 26 GDPR), and appropriate transfer safeguards (Chapter V GDPR)—including Standard Contractual Clauses and Transfer Impact Assessments—alongside technical and organizational measures.
We share only what is necessary for the relevant purpose, so that not every recipient receives all categories of data. You can use your right of access to request more detailed information about specific recipients (see “Your Rights”).

We may also disclose data to independent controllers where required or appropriate under law (e.g., in response to a court order or regulator request), to establish or defend legal claims, or to protect vital interests. Such recipients may include law enforcement or supervisory authorities.
Depending on your use of the Services, the categories of recipients may include:

  • Lalamove EU affiliates – to help provide our Services and operate our business (role depends on the activity).

  • Software and infrastructure providers (e.g., hosting, app support, delivery/logistics tooling, security) – to run and secure our platforms.

  • Marketing and advertising partners – to promote and support our Services, personalize offers and ads (where permitted/consented), and measure performance.

  • Implementation and operations service providers which are to enable, configure, and improve features on our platforms.

  • Merchants/senders, recipients, payment processors/acquirers, fraud-prevention and card service providers to take payment and prevent fraud.

  • Professional advisers (lawyers, auditors, consultants) – to operate our business and meet legal obligations.

  • Law enforcement, regulators, and government authorities – where required by law or to protect rights.

How to control sharing for analytics and advertising.

Analytics and advertising tools (e.g., Google Analytics) only receive data after you consent through our cookie banner. You can adjust your choices anytime via Cookie Settings. 

Necessary services (e.g., hosting/CMS, consent management, tag container) operate to provide the website and honor your preferences.

 

4. Cookies and related technologies

We and our partners use cookies and other technologies on our apps, websites, and online ads for purposes described in this notice.

Analytics cookies and Advertising Cookies (e.g., Google Analytics, Google Ads, Meta Pixel) are only placed on your device and they only collect data after you consent through our cookie banner.

You can adjust your choices and withdraw or change your consent anytime via Cookie Settings without affecting the lawfulness of processing before withdrawal. Necessary services (e.g., hosting/CMS, consent management etc.) operate to provide the website and honor your preferences. Please see our Cookie Notice: https://www.lalamove.eu/en-de/cookie-notice for more information.

 

5. How Long We Store Your Personal Data

We retain your data for as long as necessary for the purposes described in this Privacy Notice. The specific retention period may vary based on the type of data, the user category to which the data relates, the purpose for which we collected it, and whether we must retain certain data after an account-deletion request for the purposes described below.

Relevant retention periods include:

  • Delivery Partner pre-registration data. We retain your identification details for the duration of the application/onboarding process and  delete this data after a 90-day grace period following the launch of the application for Delivery Partner. Uploaded images are retained for 7 days. If application unsuccessful/cancelled: deletion after 3 months, to manage enquiries/application timeline, provided there are no longer retention obligations.

  • Delivery Partner account data: for the duration of the contractual relationship and beyond, in accordance with statutory retention obligations or for the life of the account and up to 3 years after closure for limitation periods (longer if needed for legal claims until their final settlement) – whatever is longer.

  • Cookies: according to cookie duration / lifespan specified in the Cookie Notice.

  • Consent logs: Generally until consent is revoked and up to 1 years after revocation for limitation period (longer if needed for legal claims).

  • Records kept to meet legal obligations. We retain certain data for defined periods as necessary to meet tax, insurance, legal, or regulatory requirements (for example, we retain transaction information in the German market for 10 years).

  • Legal Proceedings. In the case of claims and legal proceedings, this generally means we retain your data until the dispute is resolved in the final instance. 

6. Automated Decision-Making 

We do not make decisions based solely on automated processing that produce legal or similarly significant effects about you (Art. 22 GDPR). If this changes, we will provide meaningful information about the logic involved and your related rights.

 

7. Your Rights

You have the following rights with respect to your personal data (Arts. 15–21 GDPR):

  • Right of access (Art. 15 GDPR). You can request confirmation of whether we process your personal data and obtain a copy of such data, along with related information.

  • Right to rectification (Art. 16 GDPR). You can ask us to correct inaccurate data and to complete incomplete data.

  • Right to erasure (Art. 17 GDPR). You can ask us to delete your data in certain circumstances (for example, when it is no longer needed for the purposes for which it was collected or you withdraw consent and there is no other legal basis), subject to legal retention duties and our need to establish, exercise, or defend legal claims.

  • Right to restriction (Art. 18 GDPR). You can ask us to limit the processing of your data in certain cases (e.g., while we verify accuracy or assess an objection).

  • Right to data portability (Art. 20 GDPR). For data you provided to us, which we process by automated means and on the basis of consent or a contract, you can request a copy in a structured, commonly used, machine-readable format, and/or ask us to transmit it to another controller where technically feasible.

  • Right to object (Art. 21 GDPR). You can object at any time to processing based on our legitimate interests. You have an absolute right to object to processing for direct marketing, including related profiling.

  • Right to withdraw consent (Art. 7(3) GDPR). Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal (e.g., update preferences via Cookie Settings).

You can exercise these rights by contacting our DPO at dpo.de@lalamove.eu or per our DSR Form  https://llm-dsr-portal-web.van.lalamove.eu/

We may need to verify your identity before acting on your request and will respond within one month of receipt of the request. If the request is complex or we receive a high volume of requests, this period may be extended by up to two additional months and we will inform you of the extension and reasons (Art. 12(3) GDPR). 

Exercising your rights is free of charge; however, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive (Art. 12(5) GDPR).

These rights are not absolute and may be limited, for example, where fulfilling your request would adversely affect the rights and freedoms of others, conflict with legal obligations (e.g., tax, accounting, or regulatory retention), interfere with ongoing fraud-prevention or security measures, or where we need to keep certain data to establish, exercise, or defend legal claims.

You also have a right to lodge a complaint with a data protection supervisory authority (see below).

 

8. International Transfer of Personal Data 

Where we store data
 We primarily host and process personal data in the European Economic Area (EEA). In limited cases, we share data with recipients outside the EEA/UK/Switzerland for the purposes described in this notice. When we do so, we ensure an adequate level of protection as required by Chapter V GDPR.

Legal mechanisms we use
Depending on the destination and recipient, we rely on one or more of the following safeguards:

  • Adequacy decisions (Art. 45 GDPR). Where the European Commission has recognized a country as providing adequate protection, we may transfer data to that country on this basis. 

  • EU Standard Contractual Clauses (Art. 46 GDPR). For transfers to countries or jurisdictions without an adequacy decision (e.g., Hong Kong), we enter into the applicable EU Standard Contractual Clauses (SCCs) with the recipient. The EU Standard Contractual Clauses can be found here, for example: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj. We also carry out transfer impact assessments (TIAs) and implement additional technical and organizational measures where appropriate.

  • EU–U.S. Data Privacy Framework (DPF). For participating U.S. providers, we may rely on their DPF certification. If a provider is not (or no longer) certified, we use SCCs and supplementary measures.

Supplementary technical and organizational measures
To strengthen international transfers, we apply measures such as encryption in transit and at rest, EU-region pinning, EU-controlled key management (KMS), pseudonymization/tokenization, role-based and purpose-bound access controls, just-in-time unmasking with MFA and ticketing, and comprehensive access logging and auditing. Where feasible, we share aggregated or de-identified outputs instead of raw personal data.

Remote access support from outside the EEA
 Certain support activities may involve case-by-case, ticketed remote access by service providers in Hong Kong acting under our instructions. In such cases, data remains stored in the EEA; access is time-limited, masked by default, and allowed only after purpose, necessity, and legal basis are verified. These accesses are governed by SCCs and the supplementary measures above and are fully logged.

 

9. How to Complain

1. Start with us

If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the issue:

We will acknowledge your complaint and investigate it. We aim to respond within one month of receipt. For complex or numerous requests, we may extend this by up to two additional months, and we will let you know if we do so.

2. Your right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

You also have the right to lodge a complaint with your local supervisory authority or any other supervisory authority. Contact details for EU supervisory authorities are available on the European Data Protection Board’s website. Lodging a complaint is without prejudice to any other administrative or judicial remedies you may have.

 

10. Changes to This Notice 

We may update this notice from time to time. We will post the updated version with a new “Last updated” date and, where appropriate, notify you of material changes. We encourage you to periodically review this notice.