Seamless UK Privacy Policy

Updated: October 7, 2016

We, GrubHub Holdings Inc. ("GrubHub Holdings") have created this UK Privacy Policy to help you learn about how we handle Personal Data that is provided to and collected by GrubHub Holdings in the United States, on behalf of our subsidiary Seamless Europe, Limited, in the United Kingdom. This UK Privacy Policy supplements our Privacy Policy. Unless specifically defined in this policy, the terms in this UK Privacy Policy have the same meaning as in our Privacy Policy.

We adhere to the Data Protection Principles identified in the Data Protection Act 1998 (“DPA”). Your use of our Sites and voluntary provision of Personal Data constitutes your consent for such Personal Data to be processed, received, collected, and stored in the United States, for the purpose of fulfilling the orders placed by you on our Sites. If you do not agree with all of the terms contained in this UK Privacy Policy, do not use our Sites or services.

Information Collected Voluntarily Provided by You We may receive Personal Data from you or from your corporate employer, including, but not limited to, name, postal address, telephone number, e-mail address, credit card number or other payment account number (including the three (3) or four (4) digit validation code for your credit card). We do not collect Sensitive Personal Data, as such term is defined in the DPA.

Use of Personally Identifiable Information Any Personal Data we receive from you or from your corporate employer may be used by us and our affiliates and our and their agents, partners, or licensees for the purposes indicated in our Privacy Policy, on the Site or at the time the information was collected offline. If we intend to use the Personal Data that we receive from you or from your corporate employer for a purpose that is incompatible with these purposes, or if we intend to disclose it to a category of third party not previously identified, we will notify you and offer you the opportunity to opt out of such uses and/or disclosures.

Agents and Service Providers We work with third parties who provide services such as website hosting, data analysis, payment processing, order fulfillment, infrastructure provision, IT services, customer service, e-mail delivery services, credit card processing and other similar services. We may share Personal Data that we receive from you or from your corporate employer with these third parties to enable them to provide services. These service providers are given access to Personal Data that we receive from you or from your corporate employer to the extent needed to perform their functions, but are restricted from using the Personal Data for purposes other than providing services for us. We require that our agents and service providers that have access to Personal Data that we have received from you or from your corporate employer (a) are subject to the Directive 95/46/EC (the “Directive”) and/or other data protection law implementing the principles of the Directive, or (b) enter into a written agreement with us that requires the service providers to provide at least the same level of data protection as is required by the principles of the Directive.

Security We employ reasonable and appropriate safeguards to protect Personal Data that we receive from you or from your corporate employer. The safeguards we use include organizational, technical and administrative measures, to protect against unauthorized or unlawful processing, and against accidental loss, damage or destruction. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. We ask that you do your part by keeping any computer passwords you use to access the Internet or the Site strictly confidential.

Data Integrity We take reasonable steps to ensure that Personal Data we process is reliable for its intended use. Therefore, we rely on you to provide accurate, complete, and current information.

Access You can review and correct the Personal Data that we maintain about you by adjusting your preferences in the "My Account" section of our website, by logging onto your account from https://www.grubhub.com. We may need to retain certain information for recordkeeping purposes, and there may also be residual information that will remain within our databases and other records. Finally, we are not responsible for removing or suppressing information from the databases of third parties with whom we have already properly shared Personal Data about you.

Enforcement and Dispute Resolution If you have any questions or concerns, please write to us at the address listed below. We will investigate and use diligent, good faith efforts to resolve complaints and disputes regarding use and disclosure of Personal Data promptly.

Contact Information European Union citizens with inquiries or complaints regarding this privacy policy should first contact GrubHub Holdings at:

GrubHub Holdings Inc. Attention: Privacy Team 1065 Avenue of the Americas, 15th Floor New York, NY 10018 E-mail: privacy@grubhub.com

Privacy Policy Changes This UK Privacy Policy may be changed from time to time. We will post any revised policy on the Site. You can determine when this UK Privacy Policy was last revised by referring to the "LAST UPDATED" legend at the top of this page. Any changes to our UK Privacy Policy will become effective upon our posting of the revised UK Privacy Policy on the Site. Use of the Site following such changes constitutes your acceptance of the revised UK Privacy Policy then in effect.