Whose personal data do we process and why?

DPD processes various categories of personal data of different persons, but only to the extent necessary to achieve the purpose of the processing. The “Scope of Data” indicated hereinbelow illustrates the maximum scope possible. Each processing operation concerns only those data that are relevant only to achieve the respective purpose.

a. Data of Customers, Consignors and Consignees of the parcels

We process Identification Data relevant for providing shipping services and any tasks associated therewith duly and manifestly, including processing of orders, pickup and delivery of parcels, invoicing for the services, collecting any debts and documenting DPD business activities.

Scope of the Data processed: Identification Data, Contact Details (phone numbers, e-mail addresses) and other Data necessary to achieve the purpose.

For some services it may be necessary to process also Birth Dates, or Personal Identification Card Numbers, nevertheless, this is only the case where it is indispensable for such service or task.

Note: For purpose of this Data processing, except of the case when Date of Birth is provided, DPD is not to be considered Data Processor for the Data provided to arrangement and execution of the parcel delivery (Art. 28 GDPR), but is responsible for the Data as Data Controller. For this reason, except Recipient\'s age verification services, it is not necessary for the Consignors to conclude Data processing contracts with DPD.

Why do we in specific cases require insight into the ID card and record some Data?

Besides basic services we offer to our clients specific products that enable the Consignor to receive more security via sure identification of the person to whom the parcel was handed over. These products called Verified Handover and Verified Handover 18+. In these cases, the parcel can only be handed over to a person designated by the Consignor, in case of Verified Handover 18+, DPD will also check the age of the accepting person (Consignor is fully responsible for the statutory reason of Consignee’s age control, as in this case DPD acts only in the role of the Data processor)

While parcel is handed over, we will record the last 5 numbers of the ID card and, in the case of verification of the Consignee\'s age, also a copy of the date of birth. With this we are able to assure the Consignor that his instructions were fully followed.

The other case is to check the identity of the Consignee when delivering the parcel via parcel shop (Pickup). In this case, we also carry out the identity verification and the recording of the part of the document presented in order to ensure the safe handover of the parcel to the authorized person

Verification of identity is not performed if the set-up of the service with the Consignor and the parcel shop allows us to use the security PIN that we will send the authorized Consignee before the parcel is ready for collection.

b. Data of Contractors and their Representatives

We process necessary identification Data of representatives of our contractors and partners in order to ensure due performance of any contracts, or protection/enforcement of legitimate interests within our business relations and business activities.

Scope of the Data processed: Identification Data, Contact Details (phone numbers, e-mail addresses) and other Data necessary to achieve the purpose.

c. Data of Employees of our Contractors

We process Identification Data of employees of other employers who carry out their work at DPD workplaces or who perform tasks arising out of any contracts on behalf of our contractors (where Data are necessary for the purposes of performance of such contracts) only to comply with our statutory duties (e.g. for the purposes of safety and health protection at work and fire prevention, protection of assets and legitimate interests of DPD, or, as the case may be, communication in business relations).

Scope of the Data processed: Name and Surname, Contact Details (phone numbers, e-mail addresses), Signatures and other Data necessary to achieve the purpose.

If work is performed at DPD workplaces, these include also CCTV recordings, Identification Photos, or other Data necessary for the performance of the relevant contract, such as GPS coordinates of places where parcel labels are scanned.

d. Data of Persons in employment relations (Employees) or similar relations with DPD

We process Identification Data and other necessary Data of our employees and temporary employees to fulfil our obligations and exercise our rights arising out of employment relations, social security, tax duties, protection of our assets and legitimate interests. Where legislation requires so, we may also process Data of other persons where it is essential for fulfilling any statutory duties, including Data of children and spouses of these persons.

Scope of the Data processed: Name and Surname, Addresses, Contact Details (phone numbers, e-mail addresses), Signatures, Photos, required Information on Health screening, Data on Marital Status and other Data of similar nature, as well as Data on the Employment History, Data on using work tools and working hours, etc.

e. Data of Visitors of DPD websites and of Users of online applications

We collect Data of visitors of our website, stored in Cookies (small files that allow DPD to save specific information about the PC of the visitors of our website during their visit to DPD website to ensure optimum functionality of the DPD website and online applications for the users, and also of monitoring of its functioning and protection). Cookies help us see the frequency of the visits, number of visitors and adjust our services so that they are comfortable and efficient for the users, and they also help us identify users when using online applications and store their preferred settings. Cookies may not enter users’ system. More information please find in section Use of DPD website cookies.

Scope of the Data processed: IP Addresses and User Settings in online applications.

f. The Data of Recipients of marketing communications

We process contact details of persons representing our contractual clients and also of any other persons who have expressed their consent to marketing communications for the relevant purposes in order to offer our services and for other marketing and business purposes, and to inform them about any relevant facts associated with DPD activities. In this regard, DPD is not only bound by the Legislation on Personal Data Protection, but it also has to abide by the Act on Some Services of Information Society.

Scope of the Data processed: Name and Surname, Contact Details (e-mail addresses).

g. The Data of Persons entering monitored DPD premises

DPD premises where parcels are handled are, mainly for security reasons, monitored by CCTV and the video recordings are stored. If a person enters the premises, he may be recorded by the CCTV. The use of the CCTV is subject to strict DPD rules and recordings are accessible only by a limited number of employees, and only for the purposes of addressing any security events. As a rule, recordings are stored for 60 days on secured servers. Places that are monitored are duly marked with informative signs.

Scope of the Data processed: Appearance and Behaviour of the persons in the monitored premises

h. The Data of Other Persons

In the diverse areas of DPD’s activities, sometimes it is necessary to process Data of persons that cannot be categorised in advance. In such cases, we always process the Data only to the extent necessary to achieve the relevant purpose of the processing and within a controlled process.

Scope of the Data processed: Specific Data according to the purpose, while respecting the principle of data minimisation.