a. Website (general)

Beyond the information stored by cookies, we process personal data in the course of operating our website only if you voluntarily provide such data to us—for example, when you register with us, enter into a contractual relationship with us or otherwise contact us. These data comprise contact details and information relating to the query with which you approach us.

We use the personal data you provide only to the extent necessary to fulfill the relevant processing purpose (e.g., registration, newsletter delivery, handling an order, sending informational material and advertising, administering a prize draw, answering a question, or enabling access to certain information) and only where permitted by law (in particular under Articles 6 and 9 GDPR, e.g., sending advertising and informational material to existing customers pursuant to Article 6(1)(f) GDPR).

The purpose of processing your data is to operate our website and to provide targeted company‑specific information together with presenting our range of goods and services (marketing).

Any further use of your data occurs only if you have expressly consented in advance, we require your data to perform a contract concluded with you, or we are legally obliged to retain them. You may withdraw any consent given at any time with effect for the future.

b. Contract performance, parcel logistics, marketing and more

We generally use personal data of our customers, suppliers and other contractual and cooperation partners (e.g., contact persons, their contact details and marketing‑relevant information) for the purposes of contract performance and in line with statutory retention obligations (e.g., accounting). We also process such data based on our legitimate interests,
for example for marketing and customer care purposes.

As a sender of parcels, we receive your data when you contact us, access one of our shipping websites or send parcels with us. We store, for example, your billing address, pick‑up times, contact persons and selected/offered products. As a rule, we receive these data directly from you; in other cases, we become aware of you via the internet or through our sales partners.

As a recipient of parcels, we receive your data from the sender. The sender transmits your data and information about the parcel or notification instructions, primarily by electronic means via its own or our shipping systems. Typically, this occurs because the sender has entered into a contractual relationship with you within the meaning of Article 6(1)(b) GDPR and we require these data to deliver the goods or other products you ordered from the sender. We also receive your data from other postal service providers acting as our vicarious agents (e.g., where parcels originate abroad and another cooperating postal service provider has been engaged with delivery).

To ensure the services we offer, DPD operates a logistics database in which we store logistics‑relevant data relating to senders and recipients. This enables us to optimize parcel delivery so that parcels can be delivered to the correct recipient or a notified alternative delivery address as quickly as possible. It also enables us to trace completed deliveries and parcels in order to handle related inquiries from senders and recipients—as well as from authorities in the context of law enforcement. We operate this logistics database on the basis of our legitimate interest in optimizing our services and in the interests of senders and recipients to enable timely and frictionless delivery.

As a system partner, parcel shop operator, operator of parcel lockers, or delivery service provider, we receive your data when you contact us or one of our system partners and express an interest in working for or with us. Due to various legal requirements and our legitimate interests as well as the legitimate interests of our customers, we are obliged, in particular for compliance purposes, to request additional information about you. This may include, in particular, the verification of your reliability, the existence of insurance coverage, the vehicles used by you, as well as your authorisations, permits, and licences.

Furthermore, we collect personal data of prospective business partners (e.g. contact persons, their contact details, and marketing-related information) in the course of our acquisition and sales activities. We continuously search for potential contractual partners on the internet, at trade fairs, and at other events, and for this purpose maintain a marketing database in order to enable targeted advertising of our products and services. All measures described above are carried out on the basis of our legitimate interest for marketing purposes pursuant to Article 6(1) sentence 1 lit. f GDPR in conjunction with Recital 47 GDPR for a period of three years after the end of a contractual relationship (customers and suppliers) or after our initial (unsuccessful) contact (prospective partners), unless the data subject has given explicit consent for a longer storage period.

If we do not collect personal data for marketing purposes directly from the data subject, we will inform the data subject, upon first contact, in accordance with Article 14 GDPR, about the source from which we obtained the data.

Due to tax and administrative considerations, we operate through several affiliated companies within Austria and abroad, with which we process personal data partly as joint controllers within the meaning of Article 26 GDPR and partly within the framework of processor relationships pursuant to Article 28 GDPR. One example of this is the joint logistics database.

List of affiliated companies:

Where, in the context of parcel delivery, an ongoing business relationship, or as a result of an explicit request by a prospective partner, we are required to provide products and services that are offered by other affiliated companies, we transfer personal data of prospective partners and contractual partners to such affiliated companies on the basis of our legitimate interest, where necessary for the performance of a contract, or where required in order to comply with a legal obligation, insofar as such transfer is necessary for the implementation and processing of the respective request or contractual relationship.

c. Recruitment management

We collect data of applicants for positions with us for the purpose of initiating a potential employment relationship pursuant to Article 6(1)(b) GDPR and, where applicable, based on express consent for retention in our talent pool.

d. myDPD and myDPD Business

We operate platforms for private and business customers of DPD. These platforms facilitate the transfer of data to DPD in the context of shipment orders and the management of the addresses required for this purpose. DPD uses these data to process shipments as described above. Additional personal details such as name, address, telephone number or e‑mail address may be provided voluntarily—for example, in the context of a survey, prize draw, product order, or a contact/information request.

For payment processing on our platforms, you may select PayPal as a payment option. If you do so, you will be redirected from our site to PayPal’s website, where the payment process
is actually carried out. Personal data may already be collected by PayPal when the corresponding link is activated. PayPal is a service of PayPal (Europe) S.à r.l. et Cie, S.C.A.,
22–24 Boulevard Royal, L‑2449 Luxembourg.

As a European payment service provider, PayPal is also obliged to comply with the applicable data protection provisions of the GDPR and provides detailed information on its website under https://www.paypalobjects.com/webstatic/de_AT/ua/pdf/privacy.pdf regarding the data collected and processed in the course of using PayPal. Should you require further information about PayPal, we recommend consulting the privacy policy referred to above.

A further payment option is the payment of our services by credit card. For this purpose, we use another third-party provider, Unzer Austria GmbH, Columbusplatz 7-8, 1100 Vienna, Austria. If you select this payment option, you will likewise be redirected to the website of this third-party provider, on which the payment transaction is carried out.

Unzer provides detailed information on its website under https://www.unzer.com/en/data-protection regarding which data are collected and processed in the course of the transaction.

e. Predict

DPD offers “Predict” services for senders and recipients. With this service, the recipient of shipments from the sender can receive early notification by e‑mail or SMS regarding parcel delivery and can influence the delivery process. For this purpose, either the sender (shipping customer) or the parcel customer provides DPD with additional information such as the recipient’s e‑mail address or mobile phone number.

Although DPD generally sends the relevant notifications to the recipient on behalf of the sender, DPD ensures that data are processed lawfully. From a logistics provider’s perspective, it is in the recipient’s legitimate interest to be informed promptly by the sender and/or the logistics company transporting the shipment about an expected delivery and/or to receive short‑notice information about delivery issues. This serves to avoid unnecessary waiting times and, where necessary, to direct a person authorized to receive the parcel to the delivery address.

Where the sender transmits data to DPD for short‑notice information of the recipient by DPD acting as controller, such processing is in the recipient’s interest, since the sender is often unable to provide comparable timely information. The shipping customer remains responsible for the accuracy of the e‑mail addresses and telephone numbers provided to DPD (spelling, syntax and assignment to a specific shipment) and, where required, for obtaining the end‑customer’s specific consent to disclosure to DPD.

If DPD receives an objection from the recipient to receiving information by e‑mail or SMS, DPD is obliged to honor that objection and discontinue the service for the recipient concerned. The shipping customer is not notified of such blocking.

Predict notifications do not constitute advertising aimed at promoting the sale of goods or services; they serve the purpose of handling the delivery process for goods already ordered.

Within the scope of the Predict services, the sender may include information about itself in the form of customer banners. Such banners may contain, in addition to the company name and address, the company logo, website URL and a company‑related slogan/claim, but no further promotional content in the form of text or images. DPD does not intend to send advertising of its own.

f. PrimeTime

HVS Haus‑Versand‑System Gesellschaft m.b.H., Logistikpark 28, A‑4063 Hörsching, offers supplementary services under the brand PrimeTime in cooperation with DPD, aimed in particular at time‑plannable, flexible and convenient delivery for recipients.

PrimeTime services allow recipients, among other things, to select or change delivery time windows, arrange delivery appointments and make use of additional delivery‑related convenience services. Shipping customers can book PrimeTime services as an add‑on to their shipment orders and thus offer their recipients extended delivery options.

For the provision of these services, we process those personal data that are necessary for scheduling, performing and handling time‑fixed delivery. These include, in particular, the recipient’s name, delivery address, contact details (e.g., e‑mail address and/or mobile phone number), shipment‑related information and selected delivery preferences.

Processing is carried out for the performance of a contract or for pre‑contractual measures pursuant to Article 6(1)(b) GDPR and—where necessary—on the basis of our legitimate interests pursuant to Article 6(1)(f) GDPR to provide our shipping customers and their recipients with efficient, plannable and customer‑oriented delivery.

If notifications are sent by e‑mail or SMS within the scope of PrimeTime services, this occurs solely in connection with the specific delivery of a shipment. DPD does not use data collected within PrimeTime for its own independent advertising purposes.

Recipients may at any time choose not to use individual PrimeTime services or object to further contact in connection with these services. Such objection has no impact on the basic parcel delivery, but it may mean that time‑fixed or optional additional services can no longer be offered.

g. Customer Service

Your concerns are important to us. Together with our affiliated companies, we provide a customer service. If you contact our customer service, an internal “ticket” is created to process your inquiry or suggestion for improvement. We record the data you provide in connection with your service request and the background of your inquiry in that ticket.

To answer your questions, we also access our logistics database, which stores information on senders, recipients and the progress of a shipment.

Where your inquiries or suggestions relate to experiences with carriers working for us or other affiliated companies, we will share the background of your inquiry and—subject to your consent—the data you have provided with the company concerned in order to answer your question or to implement your suggestion as quickly as possible.

The data disclosed and stored in this context are processed until your inquiry has been successfully resolved and are stored thereafter for as long as you could assert legal claims against us or our contractual partners based on your concern. After this period, tickets are retained in our system for statistical purposes only and any personal reference is promptly deleted in accordance with Section 4(2) DSG.

h. Credit Information

To assess the creditworthiness of (new) customers and suppliers, we use probability values based on automated mathematical‑statistical methods (scoring). These are determined on our behalf by reputable credit agencies and trade credit insurers. For this purpose, we transmit data to these service providers on the basis of data‑protection‑compliant contractual arrangements. To avoid unduly disadvantaging your interests in the individual case, DPD conducts a balancing of interests. If the credit check is negative, DPD reserves the right to restrict or change payment terms or to reconsider the cooperation.