Our Global Coverage
Privacy Notice
When you use Lalamove, you trust us with your personal data. We’re committed to keeping that trust. The Privacy Notice describes the personal data we collect, how it’s used and shared, and your choices regarding this data. To view the privacy notice relevant to you, please select the appropriate tab on the left.

Privacy Notice for Delivery Partners

Last Updated: 18th March, 2026

Previous version of the Privacy Notice

 Lalamove Netherlands B.V. (“Lalamove”, “we”, “us” or “our”) is committed to protecting personal data of our Delivery Partner (as defined in the Delivery Partner Terms of Use (Terms & Conditions | Lalamove Germany)) and their substitutes, including all users of our website https://www.lalamove.eu/en-de and related services.

This Privacy Notice explains how we collect, use, share, store and otherwise process personal data relating to individuals who apply to become, or act as, Delivery Partners on the Lalamove platform, including approved substitutes acting on their behalf (together, “Delivery Partners” or “you”). It applies when you use the Lalamove Driver App, our related websites and services in that capacity, or otherwise interact with us in connection with the Services.

For the purposes described in this Privacy Notice, Lalamove Netherlands B.V. is the controller of your personal data, unless stated otherwise.

 We operate web and mobile applications to connect users of our platform with Delivery Partners and to facilitate on-demand delivery (the “Services”). 

Please read this Privacy Notice carefully. It explains:

  • what personal data we process;

  • where we collect it from;

  • why we use it and the legal bases we rely on;

  • with whom we share it;

  • how long we keep it;

  • your rights under applicable data protection law; and

  • how to contact us or lodge a complaint.

1. Who we are and how to contact us

Controller:

Lalamove Netherlands B.V.
Laarderhoogtweg 25
1101 EB Amsterdam
The Netherlands
KvK-nummer: 98247557
General contact email: info.de@lalamove.eu
Data protection / DPO contact: dpo.de@lalamove.eu
Data subject rights request form:
 https://llm-dsr-portal-web.van.lalamove.eu/ 

2. Scope of This Privacy Notice

This Privacy Notice applies to:

  • individuals applying to become Delivery Partners;

  • active Delivery Partners;

  • Delivery Partners who use our websites, apps or support channels in that capacity.

If you visit our website only as a general visitor and not as a Delivery Partner, our cookie information may also apply.

3. Where We Obtain Your Personal Data

We collect personal data:

  • directly from you, for example when you register, upload documents, complete your profile, go online in the Driver App, contact support, or participate in a campaign;

  • from the main Delivery Partner or your business entity, for example where a substitute is added or where account information is provided on your behalf;

  • from our group companies within the EEA, where relevant for operating the Services;

  • from identity verification, fraud prevention, payments or compliance providers, where relevant for onboarding, account security, payouts or regulatory checks;

  • from public sources or registers, where permitted by law and necessary to verify business or licensing information;

  • from users, senders, recipients or merchants, for example in connection with complaints, delivery issues, safety reports or disputes; and

  • automatically from your device and your use of the Driver App or website, such as app diagnostics, device data, order-flow events and location data when you are online or handling an active order.

Where we receive your personal data indirectly, we will provide the information required by applicable law, subject to any lawful exemptions.

4. What Personal Data We Use, Why We Use It, and the Legal Basis

“Personal data” (also referred to in this Notice as “your data”) means any information, or set of information, that can directly or indirectly identify you, such as your name or email address. It does not include data where identifiers have been removed (anonymous data).

Whenever you interact with our Services, we collect and process personal data about you. We may process your personal data for the purposes below.

4.1 Account Registration, Onboarding and Account Administration

When you apply to become a Delivery Partner, create an account, or maintain your account, we may process:

  • identification data, such as your full name, date of birth and profile information;

  • contact data, such as your address, phone number and email address;

  • business and licensing data, such as trade licence or similar business registration information, where applicable;

  • identity verification data, such as information from your national ID card, passport or driving licence and, where used, related verification results;

  • vehicle-related data, such as vehicle type, registration number and vehicle-related images; and

  • account credentials and account status information.

We use this data to:

  • review and process your application;

  • verify your identity, age, eligibility and account integrity;

  • create and manage your account;

  • confirm vehicle and service eligibility;

  • communicate with you about your account; and

  • maintain our business relationship with you.

Legal bases:

  • Art. 6(1)(b) GDPR – performance of a contract or steps at your request prior to entering into a contract;

  • Art. 6(1)(c) GDPR – where specific legal obligations require us to verify, retain or disclose certain information;

  • Art. 6(1)(f) GDPR – legitimate interests in account security, fraud prevention and platform integrity, where applicable.

Required?
Yes, to the extent the data is necessary to review your application, create your account, verify your eligibility, or maintain the contractual relationship. If you do not provide required data, we may not be able to onboard you or continue to provide the Services to you.


4.2 Order Matching, Dispatch, Navigation and Delivery Fulfilment

To enable delivery services, match orders to Delivery Partners, navigate to pickup and drop-off locations, coordinate the hand-off and complete deliveries, we may process:

  • your first name, alias or display name, where used in the Service;

  • your profile photo, where enabled for identification purposes;

  • real-time geolocation data, including GPS coordinates, route or heading information, timestamps and accuracy data, while you are online or handling an active order;

  • order-flow events, such as accept, decline, arrive, pickup, drop-off and completion timestamps;

  • device and app data relevant to the Service, such as device model, operating system, app version, network status, push token and security signals;

  • in-app communication data and masked call/SMS relay metadata;

  • order context necessary to fulfil the delivery, such as pickup and drop-off locations, order notes and contact details provided through masked channels or in-app chat.

We use this data to:

  • offer, assign and dispatch orders;

  • provide navigation and ETA functionality;

  • enable communication necessary to complete the delivery;

  • show live order status and progress;

  • record service performance; and

  • support hand-off, proof of service and operational troubleshooting.

Legal basis:

  • Art. 6(1)(b) GDPR – performance of the contract.

Required?
Yes, to the extent necessary to dispatch orders, navigate, coordinate deliveries and complete the Services. For example, if required real-time location data is disabled while you are online or handling an active order, we may not be able to assign or complete deliveries.

4.3 Fare Calculation, Billing, Invoicing and Payouts

To calculate delivery charges, process fees, issue receipts or invoices and settle payouts, we may process:

  • pickup and drop-off coordinates and timestamps;

  • route, travelled distance, trip duration, waiting time and relevant delivery telemetry;

  • pricing context, such as service tier, vehicle type, city or zone, taxes, fees, dynamic pricing, promotions, voucher eligibility, cancellation or no-show triggers;

  • payout and invoicing data, such as bank account details, payout amounts, statements, invoice details and tax or VAT identifiers, where applicable.

We use this data to:

  • calculate fares and charges;

  • apply taxes, fees, promotions and other pricing logic;

  • issue invoices, receipts and payout statements; and

  • settle amounts owed to or by you.

Legal bases:

  • Art. 6(1)(b) GDPR – performance of the contract;
  • Art. 6(1)(c) GDPR – where accounting, tax, VAT or similar laws require us to retain or process certain records.

Required?
Yes, where necessary to calculate charges, issue invoices or settle payouts.

4.4 Service Quality, Platform Operations and Route Optimisation

To maintain and improve the reliability and quality of the Services, we may process:

  • geolocation data generated while you are online or handling an active order;

  • app usage data relating to order handling and service execution;

  • diagnostics and technical logs;

  • aggregated or de-identified operational data used for demand planning, route recommendations and geographic coverage analysis.

We use this data to:

  • improve order assignment and route recommendations;

  • analyse supply and demand coverage;

  • monitor service quality and reliability;

  • diagnose and resolve operational issues; and

  • improve the Driver App and our platform operations.

Legal bases:

  • Art. 6(1)(b) GDPR – where strictly necessary to provide core service functionality;

  • Art. 6(1)(f) GDPR – legitimate interests in service quality, operational efficiency, route optimisation, security and diagnostics.

Required?
Yes - without those data we can’t dispatch, navigate, or complete deliveries.

4.5 Customer Support, Complaints, Disputes and Safety-Related Cases

When you contact us, submit a support request, or where a complaint, dispute or safety-related case arises, we may process:

  • your account and profile data;

  • your communications with us, with users, or through in-app support channels;

  • support ticket history and case notes;

  • user-generated content that you provide, such as photos, videos, documents, receipts or descriptions;

  • order information, timestamps, locations and relevant delivery telemetry needed to assess the case; and

  • account restriction, warning or suspension information relevant to the case.

We use this data to:

  • investigate and respond to your requests;

  • handle complaints and disputes;

  • review alleged misconduct, safety reports or breaches of our Terms;

  • protect users, Delivery Partners and the platform;

  • document the outcome of support and safety cases; and

  • improve our customer support processes.

Legal bases:

  • Art. 6(1)(b) GDPR – where necessary to handle service-related issues under the contract;

  • Art. 6(1)(f) GDPR – legitimate interests in support administration, dispute resolution, safety, fraud prevention and platform integrity;

  • Art. 6(1)(c) GDPR – where we must comply with legal obligations, including lawful requests from authorities.

Please only provide information that is necessary for the issue. In limited cases, materials submitted in support or safety cases may contain sensitive information or information relating to alleged unlawful conduct. Access to such information is restricted to personnel with a need to know, such as Customer Support, Safety, Compliance or Legal teams

4.6 Fraud Prevention, Security and Abuse Detection

To protect our users, Delivery Partners, systems and business, we may process:

  • account and profile data;

  • identity verification results and related account risk indicators;

  • device and security signals, such as device model, operating system, app version, IP address, login patterns, integrity signals and app-scoped identifiers;

  • geolocation and order telemetry relevant to validating activity while you are online or handling an active order;

  • app interaction patterns and session data;

  • payment- and transaction-related risk metadata; and

  • restriction, review and enforcement records linked to suspected abuse or fraud.

We use this data to:

  • detect and prevent fraud, abuse, account compromise and misuse of the platform;

  • protect users, Delivery Partners and Lalamove systems;

  • verify account and payout integrity;

  • investigate suspicious activity; and

  • apply proportionate risk controls, including temporary operational restrictions where necessary.

Legal bases:

  • Art. 6(1)(f) GDPR – legitimate interests in fraud prevention, security, abuse detection and platform integrity;

  • Art. 6(1)(c) GDPR – cooperate with law enforcement and comply with Anti-Money Laundering/Know Your Client or other statutory duties where applicable;

  • Art. 6(1)(b) GDPR – where certain account security checks are necessary to provide the Services and settle orders.

Final decisions with legal or similarly significant effects are not taken solely by automated means. More information is provided in below.


4.7 Direct Marketing and Service Communications

We may use your personal data to send:

  • service communications, such as important operational or account-related notices; and

  • marketing communications, such as offers, updates, promotions and product information.

For these purposes, we may process:

  • your name, account ID and contact details;

  • your language, city or service region;

  • your basic account and order history information;

  • campaign interaction data; and

  • marketing preferences and consent records.

We use this data to:

  • send non-marketing operational messages necessary for the relationship with you;

  • send marketing communications where permitted;

  • manage your communication preferences; and

  • measure whether our messages are opened or acted on, where permitted.

Legal bases:

  • Art. 6(1)(b) GDPR – where a message is strictly necessary for the performance of the contract or account administration;

  • Art. 6(1)(a) GDPR – consent, where consent is required for direct marketing;

  • Art. 6(1)(f) GDPR – legitimate interests in marketing similar services to existing business contacts where permitted by applicable law.


You can opt out of marketing communications at any time by using the unsubscribe function, adjusting your settings in the app, or contacting us. This does not affect service messages that are necessary for your account or the Services.

4.8 Optional Campaigns, Promotions and Contests

If you choose to participate in a campaign, promotion or contest, we may process:

  • your name and account ID;

  • your contact details;

  • campaign participation data, such as opt-in status, entries, milestones, scores and status;

  • order or vehicle-related information where relevant to the campaign mechanics; and

  • reward fulfilment and payout information where necessary.

We use this data to:

  • administer the campaign or contest;

  • verify eligibility, participation and results;

  • communicate with you about the campaign;

  • deliver rewards; and

  • comply with legal or tax obligations related to rewards, where applicable.

Legal bases:

  • Art. 6(1)(b) GDPR – performance of the campaign terms you joined;

  • Art. 6(1)(f) GDPR – legitimate interests in fair administration, anti-abuse checks and operational communications;

  • Art. 6(1)(c) GDPR – where required for legal, tax or accounting compliance.

Participation is voluntary. If you do not provide the data needed for a particular campaign, we may not be able to register your participation or deliver rewards.

4.9. Analytics & Product Improvement

Understand how you interact with the Lalamove Driver App and our Services, improve performance and reliability, run product experiments (e.g., A/B tests), and generate aggregated reports (e.g., feature adoption, stability, supply–demand balance). Where required, we also meet limited reporting obligations to partners (in aggregated, non-identifying form).

Data we may process:

  • app usage events: Screen flows related to order handling, taps/latency, feature adoption, session length.

  • performance & diagnostics: Crash logs, error codes, load times, network status.

  • device context: Device model, OS/app version, app-scoped identifiers (e.g., push token), integrity/security signals.

  • geolocation (aggregated/anonymized for coverage): Heatmaps and route density derived only from online/active-order periods.

  • experiment metadata: A/B test group, variant.

  • aggregated or de-identified location-based analytics for online or active-order periods.

Legal Basis:

  • Art. 6(1)(f) GDPR – legitimate interests,  to understand how the App is used, improve performance and reliability, run product and usability experiments (e.g., A/B tests), and generate aggregated, non-identifying reports.

  • Art. 6(1)(a) GDPR – consent, in conjunction with §25(1) TDDDG) — where analytics or experiments rely on cookies or similar technologies that store or access information on your device (only where and to the extent you have consented).

  • Art. 6(1)(b) GDPR- Performance of a contract, where certain technical performance or diagnostic data are strictly necessary to provide the App, fix errors, and ensure core functionality.


4.10 Cookies, SDKs and Similar Technologies

When you use our website or app, we and our partners may use cookies, SDKs, pixels, tags, local storage and similar technologies to collect or access information from your device.

These technologies may be used for:

  • strictly necessary operation and security;

  • remembering preferences and settings;

  • analytics and performance measurement; and

  • advertising and personalisation, where applicable.

Where required by law, including for users in Germany under §25 TDDDG, non-essential technologies are only used after your consent. Strictly necessary technologies may be used without consent where they are required to provide the service you have expressly requested or to ensure the secure operation of our website or app.

You can manage your preferences at any time through our cookie settings or consent management tool. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.

For more details, please see our Cookie Notice:
https://www.lalamove.eu/en-de/cookie-notice 

5. With Whom We Share Your Personal Data

We work with other Lalamove entities within the EU and with external partners to operate our Services, meet legal obligations, and support our business as described in this Notice. Depending on the activity, these parties act on our behalf as processors or as independent (or joint) controllers under applicable data protection law.

We require all group companies and third parties to protect your data to at least the standards set out in this Notice and GDPR. We implement data processing agreements (Art. 28 GDPR), joint controller arrangements (Art. 26 GDPR), and appropriate transfer safeguards (Chapter V GDPR)—including Standard Contractual Clauses and Transfer Impact Assessments—alongside technical and organizational measures.

We share only what is necessary for the relevant purpose, so that not every recipient receives all categories of data. You can use your right of access to request more detailed information about specific recipients (see “Your Rights”).

We may also disclose data to independent controllers where required or appropriate under law (e.g., in response to a court order or regulator request), to establish or defend legal claims, or to protect vital interests. Such recipients may include law enforcement or supervisory authorities.

Depending on your use of the Services, the categories of recipients may include:

  • Lalamove EU affiliates – to help provide our Services and operate our business (role depends on the activity).

  • Software and infrastructure providers (e.g., hosting, app support, delivery/logistics tooling, security) – to run and secure our platforms.

  • Marketing and advertising partners – to promote and support our Services, personalize offers and ads (where permitted/consented), and measure performance.

  • Fleet operators, transport companies, or your employer and contracting business entity.

  • Implementation and operations service providers which are to enable, configure, and improve features on our platforms.

  • Merchants/senders, recipients, payment processors/acquirers, fraud-prevention and card service providers to take payment and prevent fraud.

  • Professional advisers (lawyers, auditors, consultants) – to operate our business and meet legal obligations.

  • Law enforcement, regulators, and government authorities – where required by law or to protect rights.

How to control sharing for analytics and advertising.
Analytics and advertising tools (e.g., Google Analytics) only receive data after you consent through our cookie banner. You can adjust your choices anytime via Cookie Settings. 

Necessary services (e.g., hosting/CMS, consent management, tag container) operate to provide the website and honor your preferences.


6. How Long We Store Your Personal Data

We retain your data for as long as necessary for the purposes described in this Privacy Notice. The specific retention period may vary based on the type of data, the user category to which the data relates, the purpose for which we collected it, and whether we must retain certain data after an account-deletion request for the purposes described below.

Relevant retention periods include:

  • Delivery Partner pre-registration data. We retain your identification details for the duration of the application/onboarding process and  delete this data after a 90-day grace period following the launch of the application for Delivery Partner. Uploaded images are retained for 7 days. If application unsuccessful/cancelled: deletion after 3 months, to manage enquiries/application timeline, provided there are no longer retention obligations.

  • Delivery Partner account data: for the duration of the contractual relationship and beyond, in accordance with statutory retention obligations or for the life of the account and up to 3 years after closure for limitation periods (longer if needed for legal claims until their final settlement) – whatever is longer.

  • Cookies: according to cookie duration / lifespan specified in the Cookie Notice.

  • Consent logs: Generally until consent is revoked and up to 1 years after revocation for limitation period (longer if needed for legal claims).

  • Records kept to meet legal obligations. We retain certain data for defined periods as necessary to meet tax, insurance, legal, or regulatory requirements (for example, we retain transaction information in the German market for 10 years).

  • Legal Proceedings. In the case of claims and legal proceedings, this generally means we retain your data until the dispute is resolved in the final instance. 

7. Automated Decision-Making 

We may use automated tools to detect suspicious activity, assess account or transaction risk, prioritize reviews, or flag behavior that may require further investigation.

However, we do not make final decisions based solely on automated processing where those decisions produce legal effects concerning you or similarly significantly affect you. Where automated tools are used as part of a review process:

  • the tools help us identify or prioritise cases for review;

  • the relevant case is reviewed by appropriately authorised personnel before a final significant decision is made; and

  • you may request human review, express your point of view and contest the decision.

8. Your Rights

You have the following rights with respect to your personal data (Arts. 15–21 GDPR):

  • Right of access (Art. 15 GDPR). You can request confirmation of whether we process your personal data and obtain a copy of such data, along with related information.

  • Right to rectification (Art. 16 GDPR). You can ask us to correct inaccurate data and to complete incomplete data.

  • Right to erasure (Art. 17 GDPR). You can ask us to delete your data in certain circumstances (for example, when it is no longer needed for the purposes for which it was collected or you withdraw consent and there is no other legal basis), subject to legal retention duties and our need to establish, exercise, or defend legal claims.

  • Right to restriction (Art. 18 GDPR). You can ask us to limit the processing of your data in certain cases (e.g., while we verify accuracy or assess an objection).

  • Right to data portability (Art. 20 GDPR). For data you provided to us, which we process by automated means and on the basis of consent or a contract, you can request a copy in a structured, commonly used, machine-readable format, and/or ask us to transmit it to another controller where technically feasible.

  • Right to object (Art. 21 GDPR). You can object at any time to processing based on our legitimate interests. You have an absolute right to object to processing for direct marketing, including related profiling.

  • Right to withdraw consent (Art. 7(3) GDPR). Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal (e.g., update preferences via Cookie Settings).

You can exercise these rights by contacting our DPO at dpo.de@lalamove.eu or per our DSR Form  https://llm-dsr-portal-web.van.lalamove.eu/. 

We may need to verify your identity before acting on your request and will respond within one month of receipt of the request. If the request is complex or we receive a high volume of requests, this period may be extended by up to two additional months and we will inform you of the extension and reasons (Art. 12(3) GDPR). 

Exercising your rights is free of charge; however, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive (Art. 12(5) GDPR).

These rights are not absolute and may be limited, for example, where fulfilling your request would adversely affect the rights and freedoms of others, conflict with legal obligations (e.g., tax, accounting, or regulatory retention), interfere with ongoing fraud-prevention or security measures, or where we need to keep certain data to establish, exercise, or defend legal claims.

You also have a right to lodge a complaint with a data protection supervisory authority (see below).


9. International Transfer of Personal Data

 9.1 Where we store data

We primarily host and process personal data in the European Economic Area (EEA). In limited cases, we share data with recipients outside the EEA/UK/Switzerland for the purposes described in this notice. When we do so, we ensure an adequate level of protection as required by Chapter V GDPR.

9.2 Legal mechanisms we use

Depending on the destination and recipient, we rely on one or more of the following safeguards:

  • Adequacy decisions (Art. 45 GDPR). Where the European Commission has recognized a country as providing adequate protection, we may transfer data to that country on this basis. 

  • EU Standard Contractual Clauses (Art. 46 GDPR). For transfers to countries or jurisdictions without an adequacy decision (e.g., Hong Kong), we enter into the applicable EU Standard Contractual Clauses (SCCs) with the recipient. The EU Standard Contractual Clauses can be found here, for example: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj. We also carry out transfer impact assessments (TIAs) and implement additional technical and organizational measures where appropriate.

  • EU–U.S. Data Privacy Framework (DPF). For participating U.S. providers, we may rely on their DPF certification. If a provider is not (or no longer) certified, we use SCCs and supplementary measures.

9.3 Supplementary technical and organizational measures

To strengthen international transfers, we apply measures such as encryption in transit and at rest, EU-region pinning, EU-controlled key management (KMS), pseudonymization/tokenization, role-based and purpose-bound access controls, just-in-time unmasking with MFA and ticketing, and comprehensive access logging and auditing. Where feasible, we share aggregated or de-identified outputs instead of raw personal data.

9.4 Remote access support from outside the EEA

Certain support activities may involve case-by-case, ticketed remote access by service providers in Hong Kong acting under our instructions. In such cases, data remains stored in the EEA; access is time-limited, masked by default, and allowed only after purpose, necessity, and legal basis are verified. These accesses are governed by SCCs and the supplementary measures above and are fully logged.

10. How to Complain

(1) Start with us

If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the issue:

We will acknowledge your complaint and investigate it. We aim to respond within one month of receipt. For complex or numerous requests, we may extend this by up to two additional months, and we will let you know if we do so.

(2) Your right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

You also have the right to lodge a complaint with your local supervisory authority or any other supervisory authority. Contact details for EU supervisory authorities are available on the  European Data Protection Board’s website . Lodging a complaint is without prejudice to any other administrative or judicial remedies you may have.

11. Changes to This Notice 

We may update this notice from time to time. We will post the updated version with a new “Last updated” date and, where appropriate, notify you of material changes. We encourage you to periodically review this notice.