What personal data we collect
We collect information necessary to verify your identity, manage payouts, and operate the platform safely. Key categories:
- Identity & verification: full name, national ID, passport, NIF (tax number), date of birth.
- Contact: email, phone number, postal address.
- Business & payout: company name, bank details for payouts, fiscal identifiers.
- Operational: driver lists, delivery logs, performance metrics.
- Technical: IP address, device identifiers, browser logs (for security & analytics).
Why we process personal data
We process personal data only for lawful purposes, including:
- Contractual necessity: to provide the services you request as a Fleet Manager/Agent.
- Legal compliance: to meet tax, employment and regulatory obligations in Portugal.
- Legitimate interests: to prevent fraud, secure the platform and improve operations.
- Consent: for optional marketing communications and non-essential cookies.
How we use personal data
- Verify your identity and eligibility to operate as an Agent.
- Provide and maintain your Agent dashboard (driver management, reporting, payouts).
- Process payments and tax-related documentation.
- Detect and prevent fraud, and investigate policy violations.
- Communicate important updates and regulatory notices.
Your rights under GDPR
You have the following rights in relation to your personal data. To exercise any right, contact privacy@deligo.pt. We may need to verify your identity before responding.
- Access — request a copy of the data we hold about you.
- Rectification — correct inaccurate or incomplete data.
- Erasure — request deletion where lawful (subject to retention requirements).
- Restriction — limit processing in certain situations.
- Portability — receive your data in a structured, machine-readable format.
- Object — object to processing based on legitimate interests.
- Lodge a complaint — with your supervisory authority (in Portugal: CNPD).
Retention & deletion
We retain personal data no longer than necessary for the purposes outlined. Typical retention periods:
- Account & verification records — account lifetime + 5 years for compliance.
- Financial records — retained for at least 7 years to meet tax obligations.
- Logs & analytics — retained in anonymized form where possible.
Security measures
We implement appropriate technical and organizational measures to protect personal data, including encryption in transit (TLS), access controls, monitoring, and regular security assessments. However, no system is entirely risk-free and we encourage strong passwords and safe practices.
International transfers
When data is transferred outside the EEA we use appropriate safeguards such as the EU Standard Contractual Clauses (SCCs), transfers to countries with an adequacy decision, or other legal mechanisms to ensure protection consistent with EU standards.
Children
Our Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we hold such data, contact us and we will take appropriate steps including deletion where required by law.
Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes we will notify users via email or prominent notice. The revised policy will have an updated effective date.
Contact & Data Requests
To exercise your rights or for privacy questions contact our Data Protection team:
DeliGo — Lisbon, Portugal
Email: privacy@deligo.pt
Phone: +351 920 136 680