Last Updated: 28.01.2026
Welcome to Olloyo.
Olloyo (operated by MarsAI Technology Solution Limited, referred to as "Olloyo", "we", "us", or "our" in this policy) is committed to protecting and respecting your privacy. We value the trust you place in us when sharing your personal data.
This Privacy Policy explains in detail what personal data we collect from you, how we process it, who we share it with, and your legal rights regarding your data when you visit our website (olloyo.com), use our mobile applications, or utilize our services (collectively, the "Platform").
This Platform is not intended for children, and we do not knowingly collect data relating to children.
MarsAI Technology Solution Limited is the "Data Controller" responsible for your personal data under the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR).
Our Company Details:
Legal Entity: MarsAI Technology Solution Limited
Registered Office: 71-75 Shelton Street, London, WC2H 9JQ, United Kingdom
Company Number: 14863498
Email for Privacy Inquiries: [email protected]
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). However, we would appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store, and transfer different kinds of personal data about you which we have grouped together as follows:
Identity Data: Includes first name, last name, username or similar identifier, and date of birth (for age verification purposes).
Contact Data: Includes billing address, delivery address, email address, and telephone numbers.
Financial Data: Includes payment card details.
Important: We do not store your full payment card details (e.g., full card number, CVV). These are collected and processed directly by our secure third-party payment processors (e.g., Stripe) in compliance with PCI-DSS standards.
Transaction Data: Includes details about payments to and from you, and other details of products (food, groceries) and services you have purchased from our Merchants.
Technical Data: Includes Internet Protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this Platform.
Profile Data: Includes your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.
Usage Data: Includes information about how you use our Platform, products, and services (e.g., clickstreams, page interaction information).
Location Data: Includes your real-time physical location when you use our mobile app to enable accurate delivery and address location. We will always ask for your explicit permission before accessing your device's location services.
Marketing and Communications Data: Includes your preferences in receiving marketing from us and our third parties and your communication preferences.
Health Data (Allergens): In specific circumstances, you may voluntarily provide data related to food allergies or dietary requirements in the "order notes" section. This is considered "special category data," and by providing it, you explicitly consent to us processing this data to fulfil your order safely.
We use different methods to collect data from and about you including through:
Direct Interactions: You may give us your Identity, Contact, and Financial Data by filling in forms or by corresponding with us by post, phone, email, or otherwise. This includes personal data you provide when you:
Create an account on our Platform;
Place an order for our products or services;
Subscribe to our service or publications;
Request marketing to be sent to you; or
Give us feedback or contact customer support.
Automated Technologies or Interactions: As you interact with our Platform, we will automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies.
Third Parties: We may receive personal data about you from various third parties, such as:
Analytics providers (such as Google Analytics);
Payment and delivery service providers;
Social media platforms (if you choose to log in via social media).
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Performance of Contract: Where we need to perform the contract we are about to enter into or have entered into with you (e.g., processing your food order, managing payments, and delivering items to your address).
Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (e.g., keeping our records updated, analyzing how customers use our products/services, developing our services, and preventing fraud).
Legal Obligation: Where we need to comply with a legal obligation (e.g., keeping records for tax purposes or complying with law enforcement requests).
Consent: Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third-party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
We may share your personal data with the parties set out below for the purposes set out in Section 5:
Merchants/Vendors: We share your name, delivery address, and order details with the restaurants or stores you order from so they can prepare and package your order.
Logistics Partners & Riders: We share your name, phone number, and delivery address with delivery riders (couriers) to ensure your order reaches you.
Service Providers: Companies that provide IT, system administration, cloud hosting (e.g., AWS), and payment processing services (e.g., Stripe) acting as processors.
Professional Advisers: Including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.
Regulatory Authorities: HM Revenue & Customs, regulators, and other authorities acting as processors or joint controllers based in the UK or EU who require reporting of processing activities in certain circumstances.
As a UK-based company serving users in the European Union (specifically Belgium), data flows may occur between the UK and the EEA (European Economic Area).
UK to EEA: We may transfer your data to our partners or servers within the EEA. The UK government recognizes the EEA as providing adequate protection for personal data.
EEA to UK: The European Commission has adopted an "Adequacy Decision" regarding the UK, meaning data can flow freely from the EEA to the UK without additional safeguards, as the UK ensures an equivalent level of data protection.
Other International Transfers: Whenever we transfer your personal data out of the UK or the EEA to other third countries (e.g., USA for certain software services), we ensure a similar degree of protection is afforded to it by implementing safeguards such as the Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA).
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.
Example: By law, we have to keep basic information about our customers (including Contact, Identity, Financial, and Transaction Data) for six years after they cease being customers for tax purposes.
Under certain circumstances, you have rights under data protection laws in relation to your personal data:
Right of access: Request a copy of the personal data we hold about you.
Right to rectification: Request correction of the personal data that we hold about you.
Right to erasure ("Right to be forgotten"): Request us to delete or remove personal data where there is no good reason for us continuing to process it.
Right to object: Object to the processing of your personal data where we are relying on a legitimate interest or for direct marketing purposes.
Right to restriction of processing: Request the suspension of processing of your personal data.
Right to data portability: Request the transfer of your personal data to you or to a third party.
Right to withdraw consent: Withdraw consent at any time where we are relying on consent to process your personal data.
To exercise any of these rights, please contact us at [email protected]. We aim to respond to all legitimate requests within one month.
Our Platform uses cookies to distinguish you from other users. This helps us to provide you with a good experience when you browse our website or use our app and also allows us to improve our Platform.
You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this Platform may become inaccessible or not function properly. For detailed information, please refer to our Cookie Policy available on our website.
We keep our privacy policy under regular review. Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email or via the App.
Last Updated: 28.01.2026
This Privacy Policy shall be governed by and construed in accordance with the laws of England and Wales. However, this choice of law does not deprive consumers in the European Union (e.g., Belgium) of the protection afforded to them by mandatory provisions of the law of their country of residence.
