Privacy Notice

Last Updated: 14th November, 2025

 

This Privacy Notice explains how Lalamove Europe (operated by Lalamove Netherlands B.V., referred to as “Lalamove”, “we”, “us”, or “our” and its affiliated entities within the European Union) collects, uses, discloses, and otherwise processes your personal data.  This Notice applies to the processing of personal data of customers who use our platform, website, or mobile application (collectively, the “Services”) to place delivery requests with independent delivery partners (“Delivery Partners”) through the Lalamove platform.

While we facilitate the matching and coordination of deliveries, Lalamove itself does not provide the transportation services. All delivery and courier services are performed by independent Delivery Partners acting as self-employed service providers.

In some cases, we may also provide technology or delivery solutions for business partners, such as merchants, restaurants, or retail stores (“Partners”), to facilitate the delivery of their goods to customers via the Lalamove platform.

This also applies to the processing of personal data of employees or representatives of business customers who use Lalamove for Business or other corporate delivery services offered by us.

 

1. Identity and Contacts Details

Controller:

Lalamove Netherlands B.V.
Laarderhoogtweg 25, 
1101EB Amsterdam
KvK-nummer: 98247557

Email: info.de@lalamove.eu 

 

2. What Personal Data We Use and Why

“Personal data” (also referred to in this Notice as “your data”) means any information, or set of information, that can directly or indirectly identify you, such as your name or email address. It does not include data where identifiers have been removed (anonymous data).

Whenever you interact with our Services, we collect and process personal data about you. We may process your personal data for the purposes below.

2.1.    Quotation Requests

When using our platform as a guest (without creating an account), you may still be able to request a quotation for delivery services. We process only the personal data required to generate and provide your quotation, communicate with you, and ensure service availability. Unless classified as optional, this information is required to use our service. If you do not provide the required information, we will not be able to provide the respective service.

Data we may process:

• • GPS location

  • Address input (pickup and delivery)

  • Contact phone number (optional)

  • Contact name (if provided for delivery reference)

  • Additional service details (e.g., item type, delivery options)

  • Vehicle type requested

  • Order and transaction details

  • Pay type (optional)

Legal basis:

• • Steps prior to entering into a contract (Art. 6 (1)(b) GDPR) with a delivery partner

  • Performance of a contract (Art. 6 (1)(b) GDPR) – to provide you with an accurate quotation and enable subsequent booking.

  • Legitimate interest (Art. 6 (1)(f) GDPR) – to ensure system functionality, prevent misuse, and improve our quotation process.

2.2.    User Accounts

You may create an account directly on our platform or via third-party social login services (e.g., Apple, Google, or Meta). Social login providers’ privacy notices apply in addition to this Notice.

Data we may process:

• • Name

  • Address details

  • Contact details like phone number, email

  • address

  • IP address

  • Social media account information (if you choose social login)

  • Account usage and login data (e.g first/last login time)

  • Device information

Legal basis: 

• • Performance of a contract (Art. 6(1)(b) GDPR)

  • Legitimate interest (Art. 6 (1)(f) GDPR) – to enable a comfortable use of our services
    

2.3.    For Business users

Where you use Lalamove’s business features (e.g., corporate credits, business dashboards), we process your data to deliver those features and provide digital credits. Unless classified as optional, this information is required to use our respective features.  If you do not provide the required information, we will not be able to provide the respective service.

Data we may process:

• • Name

  • Address details

  • Employment info (e.g., role, department) where provided by your employer

  • Contact details

  • Order and transaction details

  • Card information

  • Payment details

  • Business registration / tax id

  • Account usage and login data (e.g first/last login time)

  • Device information
    

Legal basis: 

• • Performance of a contract (Art. 6(1)(b) GDPR)

  • Legal obligation (Art. 6(1)(c) GDPR) 
    

2.4.    Placing and Managing Orders

We process the personal data you provide when you place an order. This is necessary to accept, confirm, and fulfill your order, handle payment and potential refunds, and issue accurate invoices. Your data also allows us or our Delivery Partners to contact you about your order or delivery status where needed. If you do not provide the required information, we will not be able to provide the respective service, unless the information is designated as optional.

Data we may process:

• • Location information (GPS data) – to determine pickup and delivery points and calculate distance-based pricing.

  • Pickup and delivery addresses – to fulfil the delivery and ensure accurate routing.

  • Contact details – such as your phone number, and names of sender or recipient, to enable order-related communication.

  • Delivery item details – general description of goods or delivery requirements you provide.

  • Notes to driver – any additional information you choose to provide to assist delivery.

  • Order-related contact information – including optional alternate contact details you provide.

  • Service configuration – such as additional service options (e.g., helper, priority delivery) and vehicle type requested.

  • Communication – free Text Input between user and driver

Legal basis: 

• • Performance of a contract (Art. 6(1)(b) GDPR)

  • Legal obligation (Art. 6(1)(c) GDPR) - e.g., tax laws or laws requiring retention of certain data

2.5.    Customer Service and Support

When you contact Support, we use the data you provide to respond to your request or handle your complaint. We may - where allowed to do so - also process reports concerning “illegal content” and provide internal complaint mechanisms or account safeguards in line with applicable law.

Data we may process:

• • Name

  • Address details

  • Contact details

  • Order and transaction details

  • Payment details

  • Your comments and the content of your correspondence with Support including, as the case maybe, calls

Legal basis: 

• • Performance of a contract (Art. 6 (1)(b) GDPR) – e.g., to process and fulfil your delivery order, handle payments, and facilitate communication with your driver.

  • Legal obligation (Art. 6 (1)(c) GDPR) – to comply with statutory accounting, tax, and anti-fraud requirements, etc.

  • Consent (Art. 6 (1)(a) GDPR) – when you enable GPS tracking or voluntarily share contact details stored on your device, as well as when calls are recorded with Support.

2.6.    Campaigns & Promotions

Lalamove may from time to time organize marketing campaigns, referral programs, or promotional contests in connection with our Services. Participation in such campaigns is always voluntary.

For campaign and promotion purposes, we may process the following categories of personal data:

• • Name

  • Contact details (such as phone number or email address)

  • Order or transaction information (where relevant)

  • Campaign participation data (such as referral code, reward status, or entry details)

Legal basis: 

• • Performance of a contract (Art. 6 (1)(b) GDPR) – where necessary to administer the campaign/promotion and deliver reward

  • Consent (Art. 6(1)(a) GDPR) – for electronic direct marketing where required by law

  • Legitimate interests (Art. 6(1)(f) GDPR) – to operate fair promotions and prevent abuse

2.7.     Marketing

We may process your data to send you (personalised) marketing messages and notifications to manage, support, improve, and develop our Services and your experience. This may include promotions for Lalamove products/services, tailoring your in-app experience, and showing you targeted ads. We rely on your consent for electronic direct marketing unless not required by law (e.g., existing customers contacted about similar Services, where permitted). You can change your preferences at any time via unsubscribe links, in-app settings, or by contacting us. We may rely on legitimate interests to segment audiences using first-party data to deliver relevant content.

Data we may process:

• • User ID

  • Address details

  • Contact details

  • Order and transaction details

  • Campaign data

  • Device ID

  • Cookies and similar technology data

Legal basis:

• • Consent (Art. 6(1)(a) GDPR)

  • Legitimate interests (Art. 6(1)(f) GDPR) to segment audiences using first-party data to deliver relevant content. You may object to this processing at any time.

2.8.    Fraud Prevention and Misuse and Security

We process personal data to prevent, detect and prosecute fraud, abuse, and misuse of our Services, and to protect users and our platform. 

Data we may process:

• • Name

  • Address details

  • GPS location

  • Contact details

  • Identity and/or age-verification data

  • Account usage and login data

  • Order and transaction details

  • User-submitted mismatch details –  reported license plate, vehicle type, or driver descriptions

  • Payment details

  • Device information

  • IP address

  • Browser information

Legal basis: 

• • Legitimate interests (Art. 6(1)(f) GDPR) in preventing and prosecuting fraud, ensuring information security and safeguarding our Services

2.9.     Analytics and Product Improvement

We use your data to understand how you interact with our apps, sites, and services, to improve performance and features, and to meet reporting obligations (including aggregated advertiser reports where applicable). We aim to ensure reports are not directly identifiable.

Data we may process:

• • User data in quotation request

  • User Account information

  • Business User Information

  • Order placing information

  • Customer service & support information

  • Customer research information

  • Campaigns & Promotions

  • Marketing information

  • Fraud Prevention information

Legal basis: 

• • Consent (Art. 6(1)(a) GDPR)

  • Performance of a contract (Art. 6(1)(b) GDPR)

  • Legitimate interests (Art. 6(1)(f) GDPR) improving our Services

3. How We Collect Your Personal Data

We collect, process, and store personal data about you, and about the devices you use to access the Lalamove platforms (e.g., your phone or computer), when you create an account, place an order, or otherwise communicate with us.

We process personal data that

(i) you provide to us,
(ii) we collect automatically, and 
(iii) we receive from third parties, for the purposes described in this Notice.

3.1.     Personal data you provide voluntarily

You may give us personal data when you create or manage an account, place an order, set your marketing preferences, or respond to surveys.

Examples include your name, contact details, addresses, order notes, and any information you include in free-text fields.

3.2.     Personal data we collect automatically

With your prior consent (if required) or where otherwise permitted by law, we automatically collect technical data about your device and browsing/app usage when you use our Services. We do this via cookies and similar technologies (see our Cookie Notice).

Examples include:

• • Device and network data (e.g., device type, operating system, app version, language, IP address, mobile network, device identifiers);

  • Usage data (e.g., screen views, clicks, session timestamps, referral source, crash/diagnostic data);

  • Consent status and preferences captured via our consent management tool.
    

3.3.     Personal data we receive from third parties

We may receive personal data from:

• • Operators of social login features (e.g., Apple, Google, Facebook) may share certain data with us in line with your settings (e.g., name, email) to create or link your account;

  • If you choose to save a bank card for faster checkout, we receive certain tokenized identifiers from our payment service provider so you can pay without re-entering card details. We do not store your full card number; storage and security of card data are handled by the provider in line with applicable standards.

  • Advertising and social media partners (information to measure campaigns, understand preferences, and personalise content/ads—only where a valid legal basis exists, typically your consent captured by those partners or via our consent tool);

  • Payment and delivery providers (information to process payments and fulfill deliveries);
    

4. With Whom We Share Your Personal Data

4.1.     Deliveries via the Lalamove Platform

When you place an order, we share the data that is necessary (e.g., name, contact details, pickup/delivery addresses, order details, and where needed status updates) with the Delivery Partner so that the delivery can be carried out, issues can be resolved, and required invoices or proofs can be issued.

Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).

Who is responsible? 
Delivery Partners act as independent controllers for their own processing of your data necessary to provide the delivery/service and to meet their legal duties (e.g., accounting, tax). They have their own privacy responsibilities. For questions about how a Delivery Partner uses your data, please contact them directly and/or consult their privacy notice.

Where available, we use measures such as number masking/relays to reduce the amount of data disclosed while still enabling the delivery.

4.2.     Lalamove for Business

If you use Lalamove for Business, for example, corporate credits, or a company-issued allowance—we share information (such as your business email, order details, and allowance/credit usage) with the entity that provides your allowance (e.g., your employer or business partner) so they can administer the program, allocate costs, and comply with their obligations.

Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) and, where applicable, legal obligations (Art. 6(1)(c) GDPR.

The company providing your allowance (and, where applicable, any card issuer/payment service provider) is an independent controller for its own processing and maintains its own privacy notice. For details on how they handle your data, please contact that entity directly.

4.3.     Sharing Your Personal Data with Others

We work with other Lalamove entities within the EU and with external partners to operate our Services, meet legal obligations, and support our business as described in this Notice. Depending on the activity, these parties act on our behalf as processors or as independent (or joint) controllers under applicable data protection law.

We require all group companies and third parties to protect your data to at least the standards set out in this Notice and GDPR. Where appropriate, we implement data processing agreements (Art. 28 GDPR), joint controller arrangements (Art. 26 GDPR), and appropriate transfer safeguards (Chapter V GDPR)—including Standard Contractual Clauses and TIAs—alongside technical and organizational measures.

We share only what is necessary for the relevant purpose, so that not every recipient receives all categories of data. You can use your right of access to request more detailed information about specific recipients (see “Your Rights”).

We may also disclose data to independent controllers where required or appropriate under law (e.g., in response to a court order or regulator request), to establish or defend legal claims, or to protect vital interests. Such recipients may include law enforcement or supervisory authorities.

Depending on your use of the Services, the categories of recipients may include:

• • Lalamove EU affiliates – to help provide our Services and operate our business (role depends on the activity).

  • Software and infrastructure providers (e.g., hosting, app support, delivery/logistics tooling, security) – to run and secure our platforms.

  • Marketing and advertising partners – to promote and support our Services, personalize offers and ads (where permitted/consented), and measure performance.

  • Implementation and operations service providers which is to enable, configure, and improve features on our platforms.

  • Merchants/senders, recipients, payment processors/acquirers, fraud-prevention and card service providers to take payment and prevent fraud.

  • Customer satisfaction and market research providers – to improve our Services.

  • Professional advisers (lawyers, auditors, consultants) – to operate our business and meet legal obligations.

  • Law enforcement, regulators, and government authorities – where required by law or to protect rights.

5. Cookies and related technologies

We and certain third parties  use cookies and other technologies on our apps, websites, and online ads for purposes described in this notice. These technologies are classified as (1) necessary technologies, (2) functional technologies, (3) performance / analytics technologies and (4) personalized targeting and advertising technologies.

Functional technologies, performance / analytics technologies and personalized targeting and advertising technologies (e.g., Google Analytics, Google Ads) are only placed on your device and they only collect data after you consent through our cookie banner.

You can adjust your choices and withdraw or change your consent anytime via Cookie Settings without affecting the lawfulness of processing before withdrawal. Necessary services (e.g., hosting/CMS, consent management etc.) operate to provide the website and honor your preferences. Please see our Cookie Notice: https://www.lalamove.eu/en-de/cookie-notice for more information, also about the third parties placing cookies on our websites, apps and online ads.

 

6. How Long We Store Your Personal Data

As a company operating across multiple jurisdictions in the EU, Lalamove shall observe local retention requirements. We keep your personal data only for as long as necessary to fulfill the purposes for which it was collected (see “What Personal Data We Use and Why”), including to meet legal, tax, accounting, and reporting obligations. Where specific legal retention duties apply in an EU Member State, we store the data for the term of these retention periods 

When determining an appropriate retention period, we consider factors such as:

• Type of personal data and the sensitivity of that data.

• Disputes and claims: data needed to establish, exercise, or defend legal claims.

• Type of legal basis: where processing relies on consent, until you withdraw it (unless a longer period is required or permitted by law).

• Security and stability: data needed to maintain the security and integrity of our Services, logs, and backups.

• Internal policies and procedures applicable to Lalamove.

• Your last activity on our platform (for example, certain settings like last-used address, location permissions, or stay-signed-in status stored via cookies and similar technologies may be retained for a period after your last activity).

• End of your Account with Lalamove.

• Fraud prevention and other compliance requirements.

• Operational necessity: how long the data is needed to provide Services or operate our business.

If you have questions or want more information about how these criteria apply, please contact us using the details provided in “Your Rights”.

More specifically, the following storage periods apply: 
Service and account data is generally retained for the lifetime of your account. Data which we process for purposes of performing a contract will be stored at least until the contract is terminated plus the applicable term until claims become time-barred. Where processing relies on consent, we store the respective data until you withdraw it (unless a longer period is required or permitted by law). Order and transaction records are retained for the period required by applicable tax and accounting laws in the country of the transaction; this is typically seven to ten years (varying per country). Data which we process for purposes of disputes or claims are stored until the dispute is finally settled.Where a data set falls into multiple categories, we apply the longer retention period (subject to appropriate access controls, security, and minimization throughout the retention lifecycle).

 

7. Automated Decision-Making

We do not make decisions based solely on automated processing that produce legal or similarly significant effects about you (Art. 22 GDPR). If this changes, we will provide meaningful information about the logic involved and your related rights.

 

8. Your Rights

You have the following rights with respect to your personal data (Arts. 15–21 GDPR):

• Right of access (Art. 15 GDPR). You can request confirmation of whether we process your personal data and, where that is the case, access to the personal data as well as a copy of such data, along with related information.

• Right to rectification (Art. 16 GDPR). You can ask us to correct inaccurate data and to complete incomplete data.

• Right to erasure (Art. 17 GDPR). You can ask us to delete your data in certain circumstances (for example, when it is no longer needed for the purposes for which it was collected or you withdraw consent and there is no other legal basis), subject to legal retention duties and our need to establish, exercise, or defend legal claims.

• Right to restriction (Art. 18 GDPR). You can ask us to limit the processing of your data in certain cases (e.g., while we verify accuracy or assess an objection).

• Right to data portability (Art. 20 GDPR). For data you provided to us, which we process by automated means and on the basis of consent or a contract, you can request a copy in a structured, commonly used, machine-readable format, and/or ask us to transmit it to another controller where technically feasible.

• Right to object (Art. 21 GDPR). You can object at any time to processing based on our legitimate interests on grounds relating to your particular situation. You have an absolute right to object to processing for direct marketing, including related profiling.

• Right to withdraw consent (Art. 7(3) GDPR). Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal (e.g., update preferences via Cookie Settings).

You can exercise these rights by contacting our DPO at dpo.de@lalamove.eu or per our DSR Form https://llm-dsr-portal-web.van.lalamove.eu/. We may need to verify your identity before acting on your request and will respond within one month of receipt of the request. Taking into account the complexity and number of requests, this period may be extended by up to two additional months and we will inform you of the extension and reasons (Art. 12(3) GDPR).

Exercising your rights is free of charge; however, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive (Art. 12(5) GDPR).

These rights are not absolute and may be limited, for example, where fulfilling your request would adversely affect the rights and freedoms of others, conflict with legal obligations (e.g., tax, accounting, or regulatory retention), interfere with ongoing fraud-prevention or security measures, or where we need to keep certain data to establish, exercise, or defend legal claims.

You also have a right to lodge a complaint with a data protection supervisory authority (see below). 

 

9. International Transfer of Personal Data

Where we store data.

We primarily host and process personal data in the European Economic Area (EEA). In limited cases, we share data with recipients outside the EEA/UK/Switzerland for the purposes described in this notice. When we do so, we ensure an adequate level of protection as required by Chapter V GDPR. 

Legal mechanisms we use.

Depending on the destination and recipient, we rely on one or more of the following safeguards:

• Adequacy decisions (Art. 45 GDPR). Where the European Commission has recognized a country as providing adequate protection, we may transfer data to that country on this basis.

• EU Standard Contractual Clauses (Art. 46 GDPR). For transfers to countries or jurisdictions without an adequacy decision (e.g., Malaysia, Hong Kong), we enter into the applicable EU Standard Contractual Clauses (SCCs) with the recipient. The EU Standard Contractual Clauses can be found here, for example: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj. We also carry out transfer impact assessments (TIAs) and implement additional technical and organizational measures where appropriate.

• EU–U.S. Data Privacy Framework (DPF). For participating U.S. providers, we may rely on their DPF certification. If a provider is not (or no longer) certified, we use SCCs and supplementary measures.

Supplementary technical and organizational measures.

To strengthen international transfers, we apply measures such as encryption in transit and at rest, EU-region pinning, EU-controlled key management (KMS), pseudonymization/tokenization, role-based and purpose-bound access controls, just-in-time unmasking with MFA and ticketing, and comprehensive access logging and auditing. Where feasible, we share aggregated or de-identified outputs instead of raw personal data.

Remote access support from outside the EEA.

Certain support activities may involve case-by-case, ticketed remote access by service providers in Hong Kong acting under our instructions. In such cases, data remains stored in the EEA; access is time-limited, masked by default, and allowed only after purpose, necessity, and legal basis are verified. These accesses are governed by SCCs and the supplementary measures above and are fully logged.

 

10. How to Complain

1. Start with us.

If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the issue:

• Email: dpo.de@lalamove.eu

• Online form: https://llm-dsr-portal-web.van.lalamove.eu/

We will acknowledge your complaint and investigate it. We aim to respond within one month of receipt. For complex or numerous requests, we may extend this by up to two additional months, and we will let you know if we do so.

2. Your right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

You also have the right to lodge a complaint with your local supervisory authority or any other supervisory authority. Contact details for EU supervisory authorities are available on the European Data Protection Board’s website. Lodging a complaint is without prejudice to any other administrative or judicial remedies you may have.

 

11. Changes to This Notice

We may update this notice from time to time. We will post the updated version with a new “Last updated” date and, where appropriate, notify you of material changes. We encourage you to periodically review this notice.