We use and process your Data only for the declared purposes that are connected to our business activities. We do not provide Data we process to anyone and for any purposes that are not connected to our services, except in the following cases:

a. To comply with Statutory Requirements

There are cases specified in the legislation where we are obliged to disclose the Data we process to the competent bodies upon their request or in compliance with the legislation. These bodies include state administration bodies and authorities, social security and health insurance bodies, auditing companies etc.

b. Secondary Data Controllers

In some cases where it is necessary to act on a contract or an agreement with Data Subject, we must transfer the Data in the relevant scope to another entity that determines the purpose of and means for the Data processing on its own, in other words, to the secondary Data controller. Where we transfer the Data to another Data Controller, we will do so transparently, and we will appropriately inform you about it in advance. This usually concerns employees’ insurance policies or contracts with ICT operators that include also private numbers as requested by the employees.

c. Data processors

Data processor means any entity whom we provide with the Data to be processed within a controlled process, i.e. to carry out a certain operation necessary to achieve the purpose for which DPD has collected the Data.

These processors include without limitation:

i. Subcontracted Carriers

Entrepreneurs who pick up and deliver the parcels on behalf of the DPD based on a contract.

Scope of the data processed: Identification and Contact Details of the Consignors and Consignees of the parcels.

ii. Entities cooperating within DPD Group and partners involved in the transportation

In the case of international services, it is necessary to ensure that the parcels are delivered / transited in / to other countries, and this is done by the organisational units or partners of the DPD Group that are responsible for the services in the relevant country.

Scope of the data processed: Identification and Contact Details of the Consignors and Consignees of the parcels.

iii. ICT service providers

To a necessary extent, the Data may also be disclosed to providers of ICT services within a controlled process, including without limitation:

• to ensure the efficiency of DPD services, especially the optimization of delivery processes, notification services, transfer of data about the parcels, payment of the COD service charge, etc.

Scope of the data processed: Identification and Contact Details of the Consignors and Consignees of the parcels, Identification Data of the Users of the online applications.

• to support internal processes within DPD, such as internal communications, flow of information and processing of information, and to carry out any administrative activities.

Scope of the data processed: Data contained in the Company’s information systems.

• to store the Data for the period as is prescribed, and for analytical and statistical purposes or other legal purposes as statutory duties.

Scope of the data processed: Identification Data and Contact Details of the Consignors and Consignees of the parcels or other relevant Data Subjects.

iv. Service Contractors

There are companies that, to a limited extent, take part in some of the DPD’s activities, while doing so they may come across some Data. This usually concerns subcontractors who are responsible for loading and sorting of the parcels.

Scope of the data processed: Data specified on the shipping labels of the parcels.

v. Contractors providing services in favor of our Employees

The data of our employees are provided to certain contractual persons within a controlled process to provide services in favor of our employees, including calculating and payment of salaries and employees’ benefits, to carry out any activities related to the employment relation and compliance with any employment requirements.

Scope of the data processed: Identification Data of the employees.

DPD has concluded Data Processing Contracts with all Data Processors whereunder the Data Processors agreed to comply with all requirements laid down in the Legislation on Data Protection and the requirements for Data security that DPD requires.

d. Other Data recipients

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. Such disclosure may only be considered if it is necessary for defending the rights and claims of DPD CZ or Data Subjects. E.g. it may be necessary to proof the value of the consignment to the insurance company or to the entity responsible for damage to the consignment in the context of claiming damages.