Data protection@DPD

Datenschutz Datenschutz

Data protection@DPD

The protection of your personal data is very important to us. With the help of high data protection standards we accept the responsibility of processing your data securely, no matter which of our services you use.

The aim of this privacy policy is to provide the highest possible level of transparency and information on the processing of your personal data by DPD Deutschland GmbH.

DPD Deutschland GmbH with its registered office at Wailandtstraße 1 in 63741 Aschaffenburg (referred to below as DPD) is - together with other companies referred to below as DPD Group - part of Geopost (legal notice), a subsidiary of France's La Poste (legal notice).

As a provider of postal services, it is the primary task of DPD to apply the very latest technical standards in delivering shipments on behalf of shippers securely and reliably to consignees. As a company governed by private law, DPD is subject to the data protection provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG-neu), the Postal Act (PostG) and the Universal Postal Services Ordinance (PUDLV).

These legal requirements must be complied with in the same ways as the confidentiality, availability and integrity of the data entrusted to DPD must be maintained in accordance with the latest technical standards.

For these reasons DPD usually processes your data on the basis of

  • 6 Para. 1 (a) GDPR (consent)

  • 6 Para. 1 (b) GDPR (contractual relationships)

  • 6 Para. 1 (c) GDPR (legal requirements)

  • 6 Para. 1 (e) GDPR (public interest) and

  • 6 Para. 1 (f) GDPR (legitimate interest) and

  • 26 BDSG-neu (employee data) and

  • 39, §41, §41a-§41c PostG (shipment, accounting and inventory data).

You will find more information below and within the descriptions of the individual services.

If you have any questions about parcel shipping, please use our contact form.

To exercise your rights under Art. 15-22 GDPR or to report a data breach, please use the data protection form. (Please note: this form is not suitable for questions about parcel shipping or DPD's services.)

The supervisory authority responsible for DPD for the provision of postal services is:
The Federal Commissioner for Data Protection and Freedom of Information.
Department 22, P.O. Box 1468, 53004 Bonn

The competent supervisory authority for other data processing by the data controllers mentioned is:
Bavarian State Office for Data Protection Supervision (BayLDA)
P.O.Box 1349
91504 Ansbach

Data protection information on individual products and services

General information on data processing

For what purpose does DPD process your data?

DPD processes personal data mainly for the purpose of fulfilling transport services on behalf of shippers. You can download our privacy policy for parcel shipping here as a PDF document . Subject to your consent, data is also occasionally processed for advertising purposes and to optimise our online and delivery services. Data processing is also carried out for the purpose of invoicing you for our services and for processing the salaries and social security contributions of our employees.

Where does DPD receive your data from, and what data is involved?

DPD receives data for processing from various sources and for various purposes.

If you are a shipper DPD receives your data when you contact us, visit one of our shipping websites or ship parcels with us. For this purpose DPD saves your invoice address, details of pickup times, contact persons or selected/offered products. As a rule DPD receives this data directly from you, or in rare cases you are brought to our attention via the Internet or our sales partners.

If you are a consignee DPD receives your data from shippers. They provide us with your data, as well as information about the parcel, notification instructions, and possible ID documentation data mainly in electronic form, via their own shipping systems or shipping systems made available by DPD. They normally do so in that they have entered into a contractual relationship with you in accordance with Article 6 Para. 1 (b) of the GDPR. In addition, DPD receives your data from other providers of postal services which act on DPD's behalf in delivering shipments, e.g. if the shipment comes from abroad and if a different provider of postal services which cooperates with DPD has been entrusted with the delivery there.

As a system partner, parcel shop operator or delivery driver you provide DPD with your data when you contact DPD or a system partner and would like to work for DPD. Due to various legal requirements and a specific legitimate interest, DPD is obliged to request some further information about you. This ranges from evidence of reliability to insurance cover, the vehicles used and existing licences or other information.

As a website visitor, you transmit your data via various functions on the DPD website. For this purpose DPD sets cookies or requests information directly from you. The main purpose of this is to optimise the presentation of the website or to introduce you to various services. You have the option at any time of restricting or deactivating these services by making an appropriate selection or clicking on a link. (On this subject please see: Web analysis, cookies and advertising).

As an applicant, you transmit your data when you contact DPD and send us your application documents. DPD uses this data exclusively for its own purposes. (Vorschlag: DPD uses this data exclusively for the purpose of processing the application.
Sie als Bewerber übermitteln Ihre Daten, wenn Sie mit DPD in Kontakt treten und Ihre Bewerbungsunterlagen zukommen lassen. DPD verwendet diese Daten ausschließlich für eigene Zwecke.

As an application developer and partner to DPD, you submit your data for the purpose of registering on the eSolutions portal.

To whom does DPD transfer your data?

DPD transfers your data to various bodies. However, only for the intended purposes.

DPD transmits the data of shippers mainly to the depots which are responsible for the collection and delivery of shipments, and to the system partners and delivery drivers involved there.

To assess the creditworthiness of (new) customers and service providers DPD uses probability values based on automated mathematical-statistical procedures (scoring). These are determined by reputable credit agencies and trade credit insurers on our behalf. For this purpose, we pass on data to these service providers on the basis of corresponding contractual agreements that have been reviewed in accordance with data protection law. In order not to unreasonably disadvantage your interests in individual cases with the credit assessment, DPD carries out a balancing of interests.

DPD transmits consignee data exclusively to the relevant system partners, parcel shops and delivery drivers (or other postal service providers required for delivery). The data always remains in DPD's systems. If a parcel is damaged, DPD also transfers the data to its insurers.

Shipment data or details of the contents of shipments will only be transmitted or made available to third parties in exceptional circumstances. Such third parties are above all the customs authorities, the state prosecution service or insurance companies. You can obtain information about the status of shipments at any time via the DPD app or the tracking functions on the DPD website. This information is only available to authorised users and can only be obtained by the entry of the consignee postcode and the parcel number.

Application documents are only sent to the departments concerned or, in the case of applications as delivery drivers, to DPD's system partners if the applicant has provided the appropriate consent.

In order to maintain our privileged customs status as an "authorised economic operator (AEO)" and to avoid penalties for breaches of the EU counter-terrorism regulations (EC 881/2002 and 2580/2001) and the Foreign Trade and Payments Act (AWG), at defined intervals DPD checks the names and address data of consignors, consignees, partners and employees against the official sanctions list databases.

Occasionally DPD also uses service providers to carry out specific tasks and activities. Unless they are sub-contractors in the logistics chain, all service providers are bound by our specifications for processing the data by means of a processing contract. DPD does not rent, lend or sell personal data to third parties. However, it is possible that data is passed on to affiliated companies, as is joint processing/controllership of data in accordance with Art. 26 of the GDPR.

Data on international shipments may also be processed in a non-EU country, i.e. forwarded to a country outside the European Union (EU)/European Economic Area (EEA) or accessed from there. This data transfer is necessary for the fulfilment of the relevant transport contract (e.g. delivery, customs clearance). If transfer to a non-EU country takes place by the controllers, this only takes place on the basis of the DPD privacy policy, EU standard contractual clauses or within the framework of the exemptions provided for by the GDPR.

What is the storage period for your data?

Like all other companies under private law, DPD must comply with various obligations regarding the storage of data. These include, above all, the retention periods in accordance with Germany's tax code, e.g. for consignment notes, delivery lists, delivery tour schedules and out-for-delivery processing lists, damage reports, liability records, invoices and balance sheets. In addition, for security reasons we keep tracking data of parcels for different periods, ranging from 30 to 180 days per platform.

In the absence of consent to a longer storage period, job application documents will be deleted in accordance with data protection legislation at the latest within six months after the rejection of the application.

DPD account data is deleted 2 years after deactivation. Objections to delivery notifications (Predict) are kept in a blocking list until the objection is revoked.

For the storage period of cookies, please refer to the table on cookies set in Web analysis, cookies and advertising.

myDPD / DPD App

Under the name "myDPD" DPD provides digital platforms on web servers or mobile terminals which enable shippers and consignees to send parcels and to monitor or manage their delivery. These functions are referred to below as the "service" or "services". myDPD distinguishes between private and business use of the services.

Basically the service can be used without registration. To be able to use the convenience functions, however, registration is required. This is done either by registering via the service with an email address and password or by using an existing Facebook or Google account. DPD does not transmit any parcel information to Facebook or Google in this respect, and only uses these services for authentication purposes. After authentication, a uniform DPD account is created for all our services. Business customers need to request their access data directly through their sales contact.

DPD Group processes information about the location, time and deliverability of your parcels, for example in order to improve our operational processes or to point out suitable optimisation opportunities to you. This data is processed in accordance with Article 6 Para. 1 (f) of the GDPR.

Login with Apple ID

If you use your Apple ID when logging in to DPD, you can register or log in with your Apple account. You will then be forwarded to the Apple website. For the iOS app the process takes place entirely within the operating system. For the login you will need the email address which is stored with Apple. This is required for identification purposes in order to create a secure DPD account for you and is stored with us. Your Apple profile and your DPD account are permanently linked via the email address. You can remove this link at any time on the Apple website.
DPD never learns your Apple access data. You can read how Apple handles privacy settings in the Apple data protection notices, which also include the valid regulations governing this possibility of logging in and registering with DPD.

Login via Facebook

Facebook Connect is a service from Facebook Ireland Limited (Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland). Its use is voluntary and optional. When using Facebook Connect, Facebook profile data and public data from your Facebook profile are transferred to DPD. We use and process your first and last name, gender, age, home town, email address, and Facebook ID for simplified registration to use the Parcel Navigator. If you are already a DPD customer, only the Facebook ID will be processed. Your Facebook account is linked to the DPD account via the Facebook ID. This makes it possible for you to register for the service using your Facebook access data via the "Login with Facebook" button. In addition, every time you log in, Facebook will know that you are using the DPD service. The link to Facebook can be revoked at any time on Facebook itself. Please also read Facebook's privacy policy on this subject.

Login with Google

The same applies to the use of the Google login as to the use of the Facebook login. This Google service is provided by Google Inc. (Google; Amphitheatre Parkway, Mountain View, CA 94043, USA). Registration and use of Google's services are subject to Google's Privacy Policy and Terms of Use, which you can view at www.google.com/intl/de/policies/privacy.

Login with netID

If you use the netID button when logging in to DPD, you can register or log in with your netID account. You will then be redirected to the netID website. Your email address, which is stored with netID, is required for the login. This is necessary for identification in order to create a secure DPD account for you and is stored with us. Your netID profile and your DPD account will be permanently linked via the email address. You can remove this link at any time on the netID website.

DPD does not learn your netID access data at any stage. You can read how netID handles privacy settings in the netID privacy notices; these are also the applicable requirements for this possibility for logging in and registering with DPD.

DPD processes the following data from you in order to provide the relevant services and information: email address, mobile phone number, password, a standard postcode (usually your consignee postcode), Predict status (whether you want parcel notifications or not), the names of the devices you use, and shipment related information from our delivery systems.

Whether or not our service may send you messages is up to you to decide on the settings of the app in your mobile device, or in the user account of the services.

Service rating

When a parcel has been successfully delivered, the consignee has the opportunity to rate our service. If the rating of our service has been saved, there is also the option to give a rating on Google. After clicking on the "Rate on Google" button, the user is then redirected from the DPD platform to the Google website via a link.

Tipping function

When a parcel has been successfully delivered and this has been rated positively by the consignee, there is the option of giving the delivery driver a digital tip via PayPal. A requirement is that the delivery driver has registered for the tipping function. Here the user can select an amount and is then redirected by the DPD platform to the PayPal website, where he or she has to log in with the relevant PayPal access data.  After logging in the user is shown the transaction details (account linked to PayPal and the amount of the tip). After confirming the transaction on the PayPal website, the user is redirected back to the DPD platform, where he or she has to confirm the payment details for the tip once more. A click on the button "Pay now" triggers the transaction in which the user gives the delivery driver the tip. Finally the user is shown a page which confirms the successful transaction.

Use of the platform

The platform makes it easier for shippers to transfer data to DPD as part of their shipping orders and to manage the necessary addresses. DPD uses this data exclusively for shipment processing as described under the "DPD parcel delivery service". The basis for the use of the platform is the transfer of data for the performance of postal services in accordance with Art. 6 Para. 1 (b) of the GDPR and the Postal Act on the basis of the resulting shipping order.

Advertising / information

If you have previously given us your consent under your "Profile" or have not objected (where required by law), DPD also processes and uses this data for its own product-related information, surveys, competitions and marketing purposes. Service providers are also used for this purpose. These work exclusively in accordance with our instructions under the terms of contract processing in accordance with Art. 28 et seq. of the GDPR.

With your consent we at DPD Group also process information about your user behaviour and your shipping activities in order to provide you with relevant and interesting promotional offers from us or our partners. Until you revoke it this processing takes place on the basis of your voluntary consent in accordance with Art. 6 Para. 1 (a) of the GDPR.

Usage analysis

As with our website, we use so-called cookies in several places in the tools. They serve to make our offering more user-friendly, effective and secure. How we use cookies and how you can prevent this is described under "Web analysis, cookies and services by third parties". These serve primarily for the quality assurance of the platform and for the maintenance of IT security. 

Storage duration

DPD processes the data stored on the platforms only as long as it is legally required. Sometimes you can delete the data yourself (if this does not violate legal retention periods). We will maintain your myDPD account until you delete it yourself under your "Profile". Shipment data is stored in varying levels of detail between 40 days and 10 years. We keep invoice information for 7/11 years.

Matomo and Google Analytics

In order to optimise our service DPD applies Google Analytics and Matomo. Details on the use of these services are described above under Web analysis, cookies and third-party services. DPD only makes data from the use of the services and about the service itself available to authorised internal users.

Chat function

The chat function enables logged-in business customers to get in touch with our employees in almost real time. When the chat request is sent, the following partly personal data is collected:

  • date and time of the request

  • specified name

  • if provided voluntarily: email address, parcel number, invoice number

  • customer number

  • content of the communication

Depending on the course of the conversation, the communication may require additional personal data that you enter in the chat. The nature of this data depends largely on your enquiry and on the matter which you wish to discuss. The purpose of processing this data is to enable a quick response to your enquiry and its content.

DPD stores the chat history for a period of six months, after which the data is automatically archived.

The data is processed primarily for the fulfilment of the contract in accordance with Art. 6 Para. 1 (b) of the GDPR, and for the protection of legitimate interests in accordance with Art. 6 Para. 1 (f) of the GDPR. A legitimate interest on the part of DPD is in particular to ensure smooth processing and service, and to improve this on a permanent basis.

When you visit our websites https://business.dpd.de and https://portal.dpd.de/home_mydpd.aspx, the chat widget is loaded in the form of a JavaScript file. The chat widget technically represents the source code that is executed on your computer and enables the chat.

DPD stores the chat history for a period of six months, after which the data is automatically archived.

DPD parcel delivery service and notification

In order to deliver shipments correctly to the correct consignee DPD requires various data which is usually provided by the shipper. In addition to details of the address, parcel type and parcel shipping options, this may also include further information, e.g. on the notification of delivery to the consignee. In the case of a third-party delivery to a neighbour, the name and street including house number of the neighbour will be displayed and processed on our platforms.

The provisions of Section 41a of the Postal Services Act (PostG) allow the processing of personal data to ensure a functioning postal system and are thus in the special public interest as defined by Article 6 Para. 1 (e) of the GDPR. This also includes authorisation under § 41a Para. 3 Sentence 1 PostG in conjunction with. §3 PUDLV to process the personal data of substitute recipients (neighbours or other third parties), insofar as this is necessary for the proper delivery of postal items.

With our free DPD parcel notification consignees are informed about the expected delivery day and delivery time for parcels ordered for delivery to their home address. In addition, we inform consignees in the event of delays in delivery or if the consignee can't be located during delivery.

In order to be able to send parcel notifications to consignees by email or text message, DPD requires the email address or mobile phone number of the consignee. The "parcel notification" component of the service is activated as part of the contract upon registration with DPD. In order to fulfil the contract, the email address is processed for the purpose of parcel notification on the basis of Art. 6 Para. 1 (b) of the GDPR.

If the consignee is not a registered DPD customer, DPD receives the consignee's email address from the shipper of the parcel. The shipper is responsible for the correctness of the email addresses and telephone numbers of its customers (consignees) provided to DPD with regard to spelling, syntax and allocation to a specific shipment. If DPD receives requests from the consignee to block the sending of information by email or text message, DPD is obliged to take this objection into account and to discontinue this service to the consignee concerned.

Consignees who wish to block their email address for the Predict service should send an informal notice of cancellation to [email protected] indicating their name, address and the email address which is to be blocked. The effect of blocking the email address will be that the consignee will receive no further email notifications from DPD relating to shipments. In this case the consignee's email address is recorded in a separate list to ensure that no further messages are sent to this email address. In view of the large amount of consignee data and the fact that DPD does not store such data permanently, this can only be achieved by means of such a blocking list. The data is stored permanently on the blocking list. The basis for the processing is Art 6 Para. 1 (f) of the GDPR with the legitimate interest on the part of DPD in not sending notifications against the will of the consignee. Objections to DPD parcel notifications sent by the shipper must be sent directly to the shipper. These are outside DPD's area of responsibility. The shipper is not notified of the blocking.

The legal basis for the forwarding of the email address by the shipper to DPD is usually the consignee's consent to the shipper in accordance with Art. 6 Para. 1 (a) of the GDPR. The subsequent processing of the email address by DPD is exclusively shipment-related for the purpose of parcel notification and the customer-friendly organisation of the delivery time and place on behalf of the data subject (consignee).

The data is processed primarily on the basis of Section 9 of the Postal Services Act, Article 6 Para. 1 (e) and Article 6 Para. 1 (f) of the GDPR. A legitimate interest on the part of DPD is in particular that the processing meets the form which is generally approved by the legal system and which is socially acceptable.

With each parcel notification the consignee receives an objection option via which future parcel notifications can be excluded. 

As part of the parcel information and parcel delivery notification, the shipper can also send its customers information about itself in the form of customer banners. In addition to the company name and address, the banners may contain the company logo, the website URL and a company-related slogan/claim, but no additional advertising content in the form of text or images. DPD assures shippers that it will not send any advertising of its own to their consignees.

Our data protection assessment on Predict / GDPR can also be downloaded as a PDF document .

Suggested text for instructions in the privacy policies of DPD’s shipping customers from 25.5.2018:

”During shipping operations we transmit, on the basis of Art. 6 (1f) of the EU’s General Data Protection Regulation, your data (name, address, if necessary email address and/or mobile phone number for notification options and re-directions, together with further shipment-related data) to our shipping partner DPD Deutschland GmbH. You can reject the transmission of supplementary information such as email or mobile phone data both via our contact form and with DPD direct under [email protected] or, in the case of all parcel notifications, via a link.“

As part of DPD’s Predict-Service, consignors can also provide customers with information about themselves in the form of banner advertising. In addition to the company name and address, the customer’s banner can contain the company logo, the website URL and a company slogan/claim, but no advertising content that goes beyond this in the form of texts or images. DPD undertakes towards shipping customers not to send any advertising of its own to their customers (consignees).

Consignees who wish to block their email address for the Predict-Service should send an informal notice of cancellation to [email protected] indicating their name, address and the email address which is to be blocked. The effect of blocking the email address will be that the consignee will receive no further email notifications from us relating to shipments.

If you decide that you no longer wish to receive email notifications from DPD, we will put your email address on a separate list to ensure that no further messages are sent to you. In view of the large amount of consignee data and the fact that DPD does not in principle save this data in the long term, this can only be achieved by means of a blocking list. The data is saved permanently on the blocking list. The basis of the processing is Art. 6 I f) GDPR, with the legitimate interest on the part of DPD being not to send any notifications against the will of the consignee.

Applications to DPD

When you send us your online application you declare your consent to the electronic processing of your data, as described below.

Information which is recorded

As part of the application procedure, the DPD group of companies only records and processes the personal data which you submit to us or have entered in the application form.

Access to your data

Access to your data is only provided to such persons who have been trained in the relevant aspects of data protection and data security, and are subject to a contractual obligation of non-disclosure. The data which you make available in a concrete application is only seen by such persons who are responsible for filling the relevant vacancy. These are in particular HR staff within the company to which you apply, as well as any potential line managers.

Of course your data will not be used for any other purposes than for the application procedure, and will never be used for advertising purposes. Under no circumstances will your data be passed on to companies or persons outside the DPD group of companies.

Beyond the application procedure itself your application data may only be made available to other companies in the DPD group of companies for the purpose of filling other possible vacancies. If you do not agree to this, you can revoke your consent by sending an email to [email protected].

Data security

A variety of security procedures are used to protect the application data which is collected. The use of the latest technologies such as secure servers, firewalls and the encryption of application data protects against unauthorised access to your personal data. The security standard involved is continuously reviewed and adapted to the latest technological developments.

Deletion of data

Data which is provided in connection with a specific unsuccessful application for an advertised vacancy is deleted six months after the applicant has been notified. Applications which are included in the pool of applicants are automatically deleted after one year.

Applications on paper

You of course have the option of submitting your application documents to us on paper instead of electronically. However, please note that we do not return written application documents, and subsequently destroy them in accordance with data protection regulations.

Right to information and revocation

Applicants have the right to revoke their consent to the application process at any time. They can also request information about the data stored by DPD. To exercise these or other data protection rights, please contact [email protected].

Application as a delivery driver or system partner

As DPD employs only a few of its own delivery personnel, application data is forwarded to suitable system partners after it has been evaluated. By giving your consent at the end of the data collection process, you as an applicant agree to this forwarding of the data collected. DPD itself deletes your data after 6 months.

Application as a system partner

A precondition for suitability as a DPD system partner is a valid business licence and road haulage permit for the persons/company involved. DPD uses data entered in the application process for a preliminary classification and then contacts you directly as a business. The data is used by DPD exclusively for the selection and screening process, and is deleted after 6 months if you are not accepted as a system partner.

DPD Financial Services

DPD Financial Services is a service for processing electronic invoices which is operated by DATEV eG Nuremberg on behalf of DPD.

DPD records, processes and uses the data which you transmit to DPD in connection with the use of these Financial Services. A user account is required for the use of the service. On registration you accept the applicable terms of use and consent to the processing of the relevant data. After registration, users are transferred directly to the website of our partner. The data required for the provision of the electronic invoice function is saved and used for processing purposes. DPD has the right to use your contact data for its own promotional and marketing purposes, and to provide you with information about new DPD features and products. You can reject the use of your personal data for promotional and marketing purposes at any time by sending a message with the subject reference "Rejection of the use of my Financial Services contact data for promotional purposes” by post to DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, or via our contact form.

Your data is saved by DPD on specially protected servers in Germany. Access to the servers is only available to a small number of specially authorised persons who are in charge of the technical, commercial or editorial support of the servers. DPD has taken precautions in order to ensure the security of your personal data. Your data will be conscientiously protected against loss, destruction, falsification, manipulation and unauthorised access or publication. The communication with our Financial Services online is also implemented by encrypted connections using special safety precautions. DPD uses session cookies for the identification of authorised users. These small text files, which your Internet browser administers and saves on your computer, are automatically deleted once more when you log out of Financial Services.

Assessing creditworthiness

To assess the creditworthiness of new customers DPD uses a probability value (scoring) based on automated mathematical-statistical procedures from e-crefo GmbH, Hellersbergstraße 12, 41460 Neuss for business customers, and from Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss for private customers. This information is used as a decision-making aid. Subjective value judgements or personal financial circumstances are not requested. Data is only stored and transmitted if this is necessary to protect the legitimate interests of DPD. In the event that insufficient data on the company concerned is available at e-crefo GmbH at the time of the enquiry regarding business customers, for the purpose of making individual decisions a probability value relating to the owner or managing director of the company concerned is also requested from Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss. In order not to unreasonably disadvantage your interests in individual cases with the creditworthiness check, DPD weighs up the interests involved. If the credit check is negative, DPD reserves the right to change the terms of payment or to subject the cooperation to monitoring.

Contact form

If you use contact forms to contact DPD in electronic form, your voluntarily provided personal data will be collected and stored.

DPD uses the personal data provided by you exclusively for the purpose of answering your inquiry and fulfilling your requirements.

The processing of the personal data from the contact form serves DPD primarily for the purpose of responding to the establishment of contact. The data is processed for the fulfilment of the contract in accordance with Art. 6 Para. 1 (b) of the GDPR, as well as for the protection of legitimate interests in accordance with Art. 6 Para. 1 (f) of the GDPR. A justified interest on the part of DPD is, in particular, to ensure efficient processing and service, and to improve these on a permanent basis.

Your data will be stored as long as it is necessary to process the relevant contact enquiries.

Video

DPD distinguishes between the following applications of video technology

  • camera systems for the purpose of parcel tracking (in the vicinity of sorting facilities) and

  • the use of video systems for site and building surveillance

These are then used for the following purposes:

  1. Parcel tracking for error detection and error correction in parcel handling on the conveyor equipment and the infeed and outfeed points to the system

  2. Security within the company

  3. Safeguarding of domiciliary rights and property security against burglary, theft, vandalism and unauthorised entry

  4. Compliance with the requirements of the customs AEO-F certification to maintain the status of an authorised economic operator.

The underlying legal basis for purposes 1, 2 and 3 is provided by Art. 6 Para. 1 (f) of the GDPR and in the case of postal secrecy by §39 of the Postal Services Act (PostG) as well as Art. 6 Para. 1 (c) of the GDPR, the Customs Code Implementation Decree (based on the EU Customs Code / Regulation (EU) No. 952/2013) and by the conclusion of works agreements with the relevant works councils based on §26 of the Federal Data Protection Act (BDSG) or the Works Council Constitution Act (BetrVG).

The storage period of the recordings is 40 days, for still images it is 12 months and in DPD stores 72 hours.

Newsletter / news by email

You have the option of subscribing to our free newsletter by email. The newsletter will keep you informed on a regular basis in order to provide you with offers and services tailored to your interests and preferences, as well as targeted tips on our products and services.

When you register for the newsletter, the personal data to be entered is transmitted to us from the input mask. For this purpose you have to enter your email address as a mandatory field. The purpose of collecting the email address is to ensure that emails are delivered correctly. In some cases, further voluntary details are requested for the individual dispatch of information such as your surname, first name and address data. In addition, your IP address and the date and time of the enquiry are automatically collected and stored.

Data collection during registration and double opt-in

When you sign up for our newsletter for the first time, a confirmation email will be sent to the email address you have provided. This confirmation email contains a link that you have to click on in order to confirm your registration. This so-called double opt-in procedure serves to check whether the owner of the email address has actually authorised receipt of the newsletter and agrees to receive this newsletter.

All registration processes are logged, so that it can be proved that the registration process was implemented in accordance with the applicable legal requirements. This includes the storage of the times of registration and confirmation, as well as the data transferred to us.

If consent has been provided by the user, the legal basis for the processing of the data after registration by the user for the newsletter is Art. 6 Para. 1 (a) of the GDPR.

Use of newsletter service providers

We use the services of external service providers for the dispatch and evaluation as well as for the technical processing of our newsletters. These services are under an express obligation to comply with data protection regulations on the basis of Art. 28 of the GDPR.

Newsletter tracking

DPD records your use of our newsletter, such as when emails are opened or clicked on, using tracking technology provided by the service provider.

On this basis the service provider can create reports for us on the success or failure of an email campaign, so that we can optimise the content of our newsletter. If the user has given his or her consent the legal basis for the processing of data in this context is Art. 6 Para. 1 (a) of the GDPR.

Duration of storage, right of revocation

The personal data which is processed in the context of the subscription to and the dispatch of the newsletter is stored by us for as long as the subscription to the newsletter is active. You can cancel your subscription to the newsletter and your consent to the processing of your data for the above-mentioned purposes at any time by using the unsubscribe link provided in the newsletter, or by sending an email to [email protected].

A separate revocation of your consent with regard to the described tracking process only is not possible. However, you have the option of configuring the email programme you use so that emails are displayed in text form and not in HTML format. This hides image and graphic files so that tracking is not possible. In these cases, however, the newsletter will not be displayed in full and you may not be able to use all the available functions.

eSolutions

The eSolutions portal offers solutions for various DPD services. Various DPD shipping applications and interfaces as well as information on the offers of DPD's partners are available to consignors and consignees. In addition, DPD offers documentation and implementation guides to all application developers who want to access our systems. Test systems are also available for DPD web services, for example to use the cloud parcel label printing function.

Additional personal data such as your name, address, telephone number or email address will only be recorded if you provide this information for the purpose of registration on the portal. A distinction is made between mandatory data, which is necessary for the correct communication, verification of user authorisation and information about the services used, and further voluntary data. This may help to improve services and the associated information. This voluntary information is also explicitly marked as such. When using the forum provided by DPD it may also be possible to provide additional profile data such as photos or descriptions of your profile, e.g. skills. This is also voluntary. Please note the rules of use in the DPD terms of use for the forum.

If you have given us your consent or - insofar as stipulated by legal regulations - if you have not raised an objection, DPD will also use this data for its own product-related surveys and marketing purposes. As with its website, DPD uses so-called cookies in several places in the tools. Cookies serve to make our services more user-friendly, effective and secure. How we use cookies and how you can prevent this is described under Web analysis, cookies and third-party services.

If you log into DPD's portal to use our services or request information about the services or use our test servers, these activities are logged for security purposes within the framework of our security concept on the basis of Article 6 Para. 1 (f) of the GDPR. Only a few administrators are allowed access to it and the logs are used exclusively for the prosecution of criminally relevant enquiries.

Chatbot

DPD also offers website users the option of contacting DPD via a chatbot. The data is entered into an input mask, transmitted to DPD and saved. The data is stored in DPD's computer centres in Germany and France for a period of six months, after which it is automatically deleted. The data can also be deleted beforehand on request. The data is not passed on to third parties. Insofar as the information collected in this way is personally identifiable, it will be processed in accordance with Art. 6 Section 1 (f) of the GDPR on the basis of DPD's legitimate interest in providing an effective customer service.

Video messages

DPD enables shippers to send video messages to consignees in the course of delivering parcels. The video player used for this purpose processes your data so that the video display can be personalised for you automatically and in real time. The following information may be collected:

  • first name and surname

  • email address

  • locational information

  • IP address

  • URL and domain you originated from

  • page views and length of stay

  • dates and time when the page is accessed

Customer access log information (including IP addresses and the date and time of access to our app) is retained by DPD for security purposes for two weeks and then automatically deleted.

Information on the access logs of visitors viewing the videos on customers' websites (including IP addresses and date and time of access to our app) is retained to allow a full understanding of the number of views of the videos. This data is deleted on a monthly basis.

Market research / surveys

If you give your consent you may be contacted for market research purposes - including a customer satisfaction survey on the above-mentioned services and products. For this purpose, your data as well as information on the use of the relevant services will be processed. All personal data provided by you when answering questions is considered to have been submitted voluntarily and will be processed in accordance with local legislation. The legal basis for this data processing is your consent in accordance with Art. 6 Section 1 (a) of the GDPR.

In the event of unsubscription from email communication or revocation of consent, the corresponding data will be removed from the distribution list or blocked and no longer processed for these purposes.

DPD uses the services of external service providers who are expressly obliged to comply with data protection requirements on the basis of Art. 28 of the GDPR, both for the distribution and evaluation as well as for the technical processing of our surveys.

Prize competitions

Participation in prize competitions takes place on the basis of the individual terms of the competition.

In addition to Art. 6 Para. 1 (b) of the GDPR, the legal basis for processing your data is also Art. 6 Para. 1 (c) of the GDPR in conjunction with possible tax law requirements. Your data will be used exclusively to determine the prize and for information and delivery relating to the prize and, unless we have your consent to the contrary, will be deleted after 30 days or after expiry of the statutory retention periods.

If you have given DPD consent in accordance with Art. 6 Para. 1 (a) of the GDPR to use your data for advertising purposes in the context of the competition, you can object to this use at any time. Simply send an email to [email protected] or use our online form. Your other rights according to Art. 15-21 GDPR remain unaffected.

Shipment tracking, Live-Tracking and Google Maps

With DPD's shipment tracking and Live-Tracking service, consignees and shippers can track the status of shipments addressed to them or shipped by them at any time and view the estimated time of delivery.

To display the current status of the shipment in tracking, the parcel label or reference number and the appropriate postcode simply have to be entered. In addition, other important detailed information about the shipment is displayed.

The shipper or consignee can also receive further information about the consignment in question by email or text message.

For this purpose the relevant email address or mobile phone number can be stored for the recipient of the notification - by the recipient himself/herself or with his/her consent - and the notification can be activated.

For this purpose, within the scope of tracking the following data may be processed: shipment number, name and address of the shipper, name and address of the consignee, if applicable the email address and telephone number of the shipper / consignee, if applicable the name and address of the substitute consignee, e.g. in the case of a redirection or neighbourhood delivery, the customer data of the shipper, the product or service designation, the status of the shipment, the signature of the consignee.

In addition, the route of the parcel on the day of delivery can be tracked live on a map using the Live-Tracking service. The data is processed for this purpose to fulfil the contract with the shipper in accordance with Art. 6 Para. 1 (b) of the GDPR and also on the basis of Art. 6 Para. 1 (e) of the GDPR (ensuring a functioning postal system) in conjunction with Para. 9 of the Postal Services Act (PostG) for the provision of the postal service and to prove that the service has been properly provided. Please also see "Parcel information and parcel delivery notification".

DPD uses Google Maps from Google Inc. (Gordon House, Barrow St, Dublin 4,  Ireland) on the website and in the Parcel Navigator app to display parcel shops in your vicinity or, if applicable, the route to them, or to display the route of your parcel to you as part of a delivery using the Live-Tracking service. For this purpose, the following data is transmitted to Google Inc:

  • Referrer (address of the site on which Google Maps is used)

  • The user's IP address

  • Google account (if the user is registered with Google, this will be recognised and assigned). The registration and use of Google's services are subject to its privacy policy and terms of use, which you can view at https://www.google.de/intl/de/policies/privacy.

  • The browser used and browser preferences such as browser size and resolution, browser plugins, date, language setting and a unique ID

  • User location: only if the user has explicitly confirmed the browser request "Do you wish my.dpd.de to be able to access your location?"

The data processing is based on Art. 6 (1) lit. f of the GDPR. DPD has a legitimate interest in displaying the DPD parcel shops/parcel locker stations as well as the delivery address in the best possible way for customers. In the location search, only the search address entered by the user is passed on. DPD does not link or store the search entry with the user data. The purpose for which and the extent to which the data is collected and processed in Google Maps can be seen in the provider's privacy policy. There you will also find further information on your rights and possible settings to protect your privacy: https://www.google.de/intl/de/policies/privacy.

Amendments to the privacy policy

Our privacy policy is reviewed on a regular basis.

DPD reserves the right to amend its privacy policy at any time with or without prior notice. It is therefore recommended that you inform yourself regularly about any changes. By using the DPD website you accept the terms of this privacy policy.

No liability is assumed for translations of the privacy policy into other languages. The German text is the authoritative version.

On the basis of the General Data Protection Regulation (GDPR), you have the following rights as a data subject. In order to request information, correction, objection or deletion in relation to your data, simply use our Data protection form and select the appropriate option there.

Right to revoke consent granted under data protection law in accordance with Art. 7 of the GDPR

With effect for the future you have the right to revoke your consent to the processing of your personal data at any time. You can do this either directly in our systems (Parcel Navigator/website/app, myDPD) or via our consent management tool ("Cookie management" on the website).

Right to object in accordance with Art. 21 of the GDPR

On grounds relating to your particular situation, you have the right to object at any time to the processing of personal data relating to you that is carried out on the basis of Art. 6 Para. 1 (e) (data processing in the public interest) or (f) (data processing on the basis of a balance of interests) of the GDPR.

This also applies to profiling based on these provisions within the meaning of Art. 4 Para. 4 of the GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or where the processing serves the purpose of asserting, exercising or defending legal claims.

Notwithstanding Directive 2002/58/EC, you are free to exercise your right to object in the context of the use of information society services by means of automated procedures using technical specifications.

Right to deletion in accordance with Art. 17 of the GDPR

You have the right to request that the personal data relating to you should be deleted immediately if one of the reasons provided for by law applies and the processing or storage is not necessary.

Please note: DPD usually receives the shipping data from the shipper and does so anew with each shipment. Consequently, the shipper is primarily a better point of contact for the deletion of delivery addresses.

Right to information in accordance with Art. 15 of the GDPR

You have the right to obtain from us, at any time and free of charge, information about the personal data stored about you, as well as a copy of this data in accordance with the applicable legal provisions.

Right to correction in accordance with Art. 16 of the GDPR

You have the right to request the correction of incorrect personal data concerning you. You also have the right to request that incomplete personal data should be completed, taking into account the purposes of the processing.

Please note: DPD usually receives the shipping data from the shipper and does so anew with each shipment. Consequently, the shipper is primarily a better point of contact for the correction of delivery addresses.

Restriction of processing in accordance with Art. 18 of the GDPR

You have the right to request the restriction of processing if one of the relevant legal requirements is met.

You can exercise this right with DPD, for example, if you do not wish to receive shipping information from us by email/text message. For this purpose, we store your email address or telephone number in a blocking list, as we receive this data from the shipper again and again with each shipment and cannot prevent this.

Right to data portability in accordance with Art. 20 of the GDPR

You have the right to receive any personal data which you have provided to us, in a structured, standard and machine-readable format. Unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, you also have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent in accordance with Article 6 Para. 1 (a), Article 9 Para. 2 (a) or on a contract in accordance with Article 6 Para. 1 (b) of the GDPR, and the processing is carried out with the aid of automated procedures.

In addition, in exercising your right to data portability in accordance with Article 20 Para. 1 of the GDPR, you have the right to have your personal data transferred directly from one controller to another controller where this is technically feasible, and provided that this does not adversely affect the rights and freedoms of other individuals.

Right to confirmation

You have the right to request confirmation from us as to whether personal data relating to you is being processed.

Right to complain to a supervisory authority in accordance with Art. 77 of the GDPR.

You have the right to complain about our processing of personal data to a supervisory authority responsible for data protection.

The supervisory authority responsible for postal services is:

The Federal Commissioner for Data Protection and Freedom of Information.
Department 22, P.O. Box 1468, 53004 Bonn

The use is based on consent in accordance with Art. 6 Para. 1 lit. a of the GDPR; consent can be given or revoked at any time via our consent management system link.

Visits to the DPD website

When you visit this website, data which could possibly permit identification is temporarily stored on our web servers. The following data is collected:

  • the IP address,

  • host name of the accessing computer,

  • the website via which you accessed the DPD website,

  • the sub-pages of the DPD website which you have visited,

  • the date and the length of stay

  • a message confirming successful access,

  • the volume of data transferred

  • the type of browser used and

  • the operating system.

Other personal data such as your name, address, telephone number or email address are not recorded. An exception to this is if you provide this data of your own accord, for example by filling out an online contact form, registering, taking part in a survey or entering into a contract.
The temporary storage of this data is necessary in order to enable the trouble-free provision of the website. In order to ensure the functionality of the website and the security of the information technology systems, further storage is implemented in log files. These purposes also include the legitimate interest in data processing. The data is processed on the basis of Art. 6 Section 1 (f) of the GDPR.
DPD uses various technologies to evaluate the use of our website and to display advertising. This is done either on the basis of our legitimate interest in optimising the web service for you in accordance with Art. 6 Section 1 (f) of the GDPR, and in accordance with Art. 28 of the GDPR which covers contract processing involving appropriate service providers such as advertising agencies or website service providers, or on the basis of the provision of consent in accordance with Art. 6 Section 1 (a) of the GDPR via our consent management tool.

As soon as the purpose of the data collection no longer applies, the data is deleted again immediately.

Web tracking

Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited (https://www.google.de/intl/de/about/), Gordon House, Barrow Street, Dublin 4, Ireland ("Google") to create pseudonymised usage profiles with the use of cookies. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and internet use for the purposes of market research and demand-oriented design of these web pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymised so that an assignment is not possible (IP masking).

You can view the privacy policy of Google Analytics at: https://support.google.com/analytics/answer/6004245?hl=de

Google reCAPTCHA

We use the reCAPTCHA function of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The reCAPTCHA function is primarily used to distinguish whether an entry is made by a natural person or is misused by machine and automated processing. The service also includes the sending to Google of the IP address and any other data required by Google for the reCAPTCHA service.

Further information on Google reCAPTCHA and Google's privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/.

AB Tasty

We use a tool from AB Tasty SAS to analyse the different usage of different versions of our websites for test purposes. AB Tasty uses cookies to collect information about how users browse its websites: this includes information about the user's browser (browser type and language), the Internet Protocol (IP) address of the user's terminal device and information derived from this address, such as the geographical location and identification numbers of the terminal device, the user's Internet service provider, the pages and files accessed by the user, the user's operating system, and the date and time of the user's visit to the website.
The company is located at 64-66 rue des Archives, 75003 Paris, France and is part of AB Tasty Inc, 408 Broadway NY 10013, New York, United States. There is no exchange of data within the group. AB Tasty SAS cooperates by order and according to instructions within the framework of Article 28 of the GDPR.

For the company's privacy policy, please refer to the AB Tasty website: https://www.abtasty.com/privacy-policy/.

Cookies

"Cookies" are small text files that are used to store specific information on your device during your visit to the website. The cookies help to determine the frequency and number of users of this website. In addition, cookies ensure that the use of the DPD website is as convenient and efficient as possible for you.

DPD participates in the IAB Europe Transparency and Consent Framework and complies with the relevant specifications and guidelines. This initiative promotes responsible data protection settings within the digital advertising industry, and offers users greater transparency and better control over how their data is processed for tracking purposes. In order to display personalised advertising, we also transmit information about the category of specific shippers to the advertising partner, but do so only with their consent..

When you access this website, a cookie banner informs you that by using our website you consent to the use of cookies. You can adjust your own advertising settings at any time using the corresponding function in the cookie notice and object to the use of cookies. If the user has given his or her consent, the legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 Section 1 (a) of the GDPR. An overview of our advertising partners can be obtained via this link.

You can see the purpose and duration of validity of all other cookies set by us in the following table:

Cookie name

 

Duration

Description

Type

Host

1) Technically required cookies (according to §25 (2) TTDSG)

current_language_<id>

30 days

Controls the language setting

1st Party

dpd.com

 

dpd-connect-generic-redirect

1 day

Single Sign On: storage of the log-in data

1st Party

dpd.com

TC_PRIVACY

396 days

Used to store user status and display privacy banner.

3rd Party

dpd.com

TC_PRIVACY_CENTER

396 days

Used to display opt-in/opt-out categories in privacy center when user reopens it.

3rd Party

dpd.com

TC_PRIVACY_IAB_VENDORLIST

unlimited

Wird verwendet, um die IAB TCF Global Vendor List zwischenzuspeichern.

3rd Party

dpd.com

TC_PRIVACY_TCF

unlimited

Used to cache the IAB TCF Consent API Response.

3rd Party

dpd.com

TCPID

365 days

Contains a user-related, one-time value to enable analysis of the cookie banner application together with the TCID cookie.

3rd Party

dpd.com

ROUTEID

session

This cookie is used for directing the users to the same server.

1st Party

dpd.com

INGRESSCOOKIE

session

This cookie is used for load balancing and session stickiness. This technical session identifier is required for some website features.

1st Party

dpd.com

_cfb

session

Is used by Cloudflare for load balancing.

1st Party

dpd.com

PHPSESSID

session

This cookie is native to PHP applications. The cookie stores and identifies a user's unique session ID to manage user sessions on the website. The cookie is a session cookie and will be deleted when all the browser windows are closed.

1st Party

dpd.com

ASP.NET_SessionId

session

This cookie is essential for use, as it creates an anonymous "session" that allows us to respond to visitors' requests.

3rd Party

Microsoft

UserCookieSMEMigration

180 days

Controls specific content for private or commercial customers after login (portal.dpd.de).

1st Party

dpd.de

2) Statistics cookies (help website owners understand how visitors interact with websites by collecting and reporting information anonymously)

Cookie name

 

Duration

Description

Type

Host

ABTasty

1 year

Used for the analysis of the A/B tests using AB Tasty.

3rd Party

ABTasty

ABTastySession

session

Used for the analysis of the A/B tests using AB Tasty.

3rd Party

ABTasty

_ga

2 years

Used for analysis / statistics purposes via Google Analytics.

3rd Party

google.de

_gat_

session

Used for analysis / statistics purposes via Google Analytics.

3rd Party

google.de

_gid

1 day

Used for analysis / statistics purposes via Google Analytics.

3rd Party

google.de

_gcl_au

90 days

Used for analysis / statistics purposes via Google Analytics.

3rd Party

google.de

__gads

1 year

Used for analysis / statistics purposes via Google Analytics.

3rd Party

google.de

__gpi

1 year

Used for analysis / statistics purposes via Google Analytics.

3rd Party

google.de

3) Cookies to control user-friendliness (functional /with consent according to Art. 6(1a) DSGVO)

Cookie name

 

Duration

Description

Type

Host

_faq_<id>

30 days

Cookie for the storage for the evaluation of a FAQ.

1st Party

dpd.com

german_sso

0

German SSO Login

1st Party

dpd.com

german_sso_landing_page

0

German SSO Login

1st Party

dpd.com

sso_error_login_social_msg

0

German SSO Login

1st Party

dpd.com

title_param_<id>

7 days

Confirmation page after submission of an online form.

1st Party

dpd.com

name_param_<id>

7 days

Confirmation page after submission of an online form.

1st Party

dpd.com

UserCookieNewFunctions

180 days

Controls specific info layer after login (portal.dpd.de)

3rd Party

portal.dpd.de

DPD_reCaptcha_error_<id>

0

reCaptcha of Online Form

1st Party

dpd.com

tC_Sync

0

Technical cookie used to store the timestamp of the last cookie synchronization.

3rd Party

dpd.com

TCID

365 days

Visitor identifier used to calculate deduplicated statistics per user.

3rd Party

dpd.com

DPD_PaketNavigator

session

The cookie is about the User Session, the Cloud User ID is stored in there

1st Party

dpd.de

4) Cookies for advertising purposes (with consent according to Art. 6 (1a) DSGVO)

Cookie name

 

Duration

Description

Type

Host

cto_bundle

1 year

Used for displaying advertising, according to IAB standard.

3rd Party

IAB Standard

IAB Cookies

-

Used for displaying advertising, according to IAB standard.

3rd Party

IAB Standard

MUID

1 year, 1 month, 43 minutes, 20 seconds (34190000 seconds)

Store and/or retrieve information on a device
Create a personalised ad profile
Select personalised ads

3rd Party

Microsoft Advertising

_uetmsclkid

2 months, 4 weeks, 1 day, 3 hours (7776000 seconds)

Store and/or retrieve information on a device
Create a personalised ad profile
Select personalised ads
Measure ad performance

3rd Party

Microsoft Advertising

_uetsid

1 day (86400 seconds)

Store and/or retrieve information on a device
Create a personalised ad profile
Select personalised ads

3rd Party

Microsoft Advertising

_uetvid

1 year, 3 weeks, 3 days, 18 hours (33696000 seconds)

Store and/or retrieve information on a device
Create a personalised ad profile
Select personalised ads

3rd Party

Microsoft Advertising

UserMatchHistory

30 days

Used for the synchronisation of the LinkedIn Ads ID

3rd Party

LinkedIn

Duration

1) Technically required cookies (according to §25 (2) TTDSG)

current_language_<id>

30 days

dpd-connect-generic-redirect

1 day

TC_PRIVACY

396 days

TC_PRIVACY_CENTER

396 days

TC_PRIVACY_IAB_VENDORLIST

unlimited

TC_PRIVACY_TCF

unlimited

TCPID

365 days

ROUTEID

session

INGRESSCOOKIE

session

_cfb

session

PHPSESSID

session

ASP.NET_SessionId

session

UserCookieSMEMigration

180 days

2) Statistics cookies (help website owners understand how visitors interact with websites by collecting and reporting information anonymously)

Cookie name

 

Duration

ABTasty

1 year

ABTastySession

session

_ga

2 years

_gat_

session

_gid

1 day

_gcl_au

90 days

__gads

1 year

__gpi

1 year

3) Cookies to control user-friendliness (functional /with consent according to Art. 6(1a) DSGVO)

Cookie name

 

Duration

_faq_<id>

30 days

german_sso

0

german_sso_landing_page

0

sso_error_login_social_msg

0

title_param_<id>

7 days

name_param_<id>

7 days

UserCookieNewFunctions

180 days

DPD_reCaptcha_error_<id>

0

tC_Sync

0

TCID

365 days

DPD_PaketNavigator

session

4) Cookies for advertising purposes (with consent according to Art. 6 (1a) DSGVO)

Cookie name

 

Duration

cto_bundle

1 year

IAB Cookies

-

MUID

1 year, 1 month, 43 minutes, 20 seconds (34190000 seconds)

_uetmsclkid

2 months, 4 weeks, 1 day, 3 hours (7776000 seconds)

_uetsid

1 day (86400 seconds)

_uetvid

1 year, 3 weeks, 3 days, 18 hours (33696000 seconds)

UserMatchHistory

30 days

Description

1) Technically required cookies (according to §25 (2) TTDSG)

current_language_<id>

Controls the language setting

dpd-connect-generic-redirect

Single Sign On: storage of the log-in data

TC_PRIVACY

Used to store user status and display privacy banner.

TC_PRIVACY_CENTER

Used to display opt-in/opt-out categories in privacy center when user reopens it.

TC_PRIVACY_IAB_VENDORLIST

Wird verwendet, um die IAB TCF Global Vendor List zwischenzuspeichern.

TC_PRIVACY_TCF

Used to cache the IAB TCF Consent API Response.

TCPID

Contains a user-related, one-time value to enable analysis of the cookie banner application together with the TCID cookie.

ROUTEID

This cookie is used for directing the users to the same server.

INGRESSCOOKIE

This cookie is used for load balancing and session stickiness. This technical session identifier is required for some website features.

_cfb

Is used by Cloudflare for load balancing.

PHPSESSID

This cookie is native to PHP applications. The cookie stores and identifies a user's unique session ID to manage user sessions on the website. The cookie is a session cookie and will be deleted when all the browser windows are closed.

ASP.NET_SessionId

This cookie is essential for use, as it creates an anonymous "session" that allows us to respond to visitors' requests.

UserCookieSMEMigration

Controls specific content for private or commercial customers after login (portal.dpd.de).

2) Statistics cookies (help website owners understand how visitors interact with websites by collecting and reporting information anonymously)

Cookie name

 

Description

ABTasty

Used for the analysis of the A/B tests using AB Tasty.

ABTastySession

Used for the analysis of the A/B tests using AB Tasty.

_ga

Used for analysis / statistics purposes via Google Analytics.

_gat_

Used for analysis / statistics purposes via Google Analytics.

_gid

Used for analysis / statistics purposes via Google Analytics.

_gcl_au

Used for analysis / statistics purposes via Google Analytics.

__gads

Used for analysis / statistics purposes via Google Analytics.

__gpi

Used for analysis / statistics purposes via Google Analytics.

3) Cookies to control user-friendliness (functional /with consent according to Art. 6(1a) DSGVO)

Cookie name

 

Description

_faq_<id>

Cookie for the storage for the evaluation of a FAQ.

german_sso

German SSO Login

german_sso_landing_page

German SSO Login

sso_error_login_social_msg

German SSO Login

title_param_<id>

Confirmation page after submission of an online form.

name_param_<id>

Confirmation page after submission of an online form.

UserCookieNewFunctions

Controls specific info layer after login (portal.dpd.de)

DPD_reCaptcha_error_<id>

reCaptcha of Online Form

tC_Sync

Technical cookie used to store the timestamp of the last cookie synchronization.

TCID

Visitor identifier used to calculate deduplicated statistics per user.

DPD_PaketNavigator

The cookie is about the User Session, the Cloud User ID is stored in there

4) Cookies for advertising purposes (with consent according to Art. 6 (1a) DSGVO)

Cookie name

 

Description

cto_bundle

Used for displaying advertising, according to IAB standard.

IAB Cookies

Used for displaying advertising, according to IAB standard.

MUID

Store and/or retrieve information on a device
Create a personalised ad profile
Select personalised ads

_uetmsclkid

Store and/or retrieve information on a device
Create a personalised ad profile
Select personalised ads
Measure ad performance

_uetsid

Store and/or retrieve information on a device
Create a personalised ad profile
Select personalised ads

_uetvid

Store and/or retrieve information on a device
Create a personalised ad profile
Select personalised ads

UserMatchHistory

Used for the synchronisation of the LinkedIn Ads ID

Type

1) Technically required cookies (according to §25 (2) TTDSG)

current_language_<id>

1st Party

dpd-connect-generic-redirect

1st Party

TC_PRIVACY

3rd Party

TC_PRIVACY_CENTER

3rd Party

TC_PRIVACY_IAB_VENDORLIST

3rd Party

TC_PRIVACY_TCF

3rd Party

TCPID

3rd Party

ROUTEID

1st Party

INGRESSCOOKIE

1st Party

_cfb

1st Party

PHPSESSID

1st Party

ASP.NET_SessionId

3rd Party

UserCookieSMEMigration

1st Party

2) Statistics cookies (help website owners understand how visitors interact with websites by collecting and reporting information anonymously)

Cookie name

 

Type

ABTasty

3rd Party

ABTastySession

3rd Party

_ga

3rd Party

_gat_

3rd Party

_gid

3rd Party

_gcl_au

3rd Party

__gads

3rd Party

__gpi

3rd Party

3) Cookies to control user-friendliness (functional /with consent according to Art. 6(1a) DSGVO)

Cookie name

 

Type

_faq_<id>

1st Party

german_sso

1st Party

german_sso_landing_page

1st Party

sso_error_login_social_msg

1st Party

title_param_<id>

1st Party

name_param_<id>

1st Party

UserCookieNewFunctions

3rd Party

DPD_reCaptcha_error_<id>

1st Party

tC_Sync

3rd Party

TCID

3rd Party

DPD_PaketNavigator

1st Party

4) Cookies for advertising purposes (with consent according to Art. 6 (1a) DSGVO)

Cookie name

 

Type

cto_bundle

3rd Party

IAB Cookies

3rd Party

MUID

3rd Party

_uetmsclkid

3rd Party

_uetsid

3rd Party

_uetvid

3rd Party

UserMatchHistory

3rd Party

Host

1) Technically required cookies (according to §25 (2) TTDSG)

current_language_<id>

dpd.com

 

dpd-connect-generic-redirect

dpd.com

TC_PRIVACY

dpd.com

TC_PRIVACY_CENTER

dpd.com

TC_PRIVACY_IAB_VENDORLIST

dpd.com

TC_PRIVACY_TCF

dpd.com

TCPID

dpd.com

ROUTEID

dpd.com

INGRESSCOOKIE

dpd.com

_cfb

dpd.com

PHPSESSID

dpd.com

ASP.NET_SessionId

Microsoft

UserCookieSMEMigration

dpd.de

2) Statistics cookies (help website owners understand how visitors interact with websites by collecting and reporting information anonymously)

Cookie name

 

Host

ABTasty

ABTasty

ABTastySession

ABTasty

_ga

google.de

_gat_

google.de

_gid

google.de

_gcl_au

google.de

__gads

google.de

__gpi

google.de

3) Cookies to control user-friendliness (functional /with consent according to Art. 6(1a) DSGVO)

Cookie name

 

Host

_faq_<id>

dpd.com

german_sso

dpd.com

german_sso_landing_page

dpd.com

sso_error_login_social_msg

dpd.com

title_param_<id>

dpd.com

name_param_<id>

dpd.com

UserCookieNewFunctions

portal.dpd.de

DPD_reCaptcha_error_<id>

dpd.com

tC_Sync

dpd.com

TCID

dpd.com

DPD_PaketNavigator

dpd.de

4) Cookies for advertising purposes (with consent according to Art. 6 (1a) DSGVO)

Cookie name

 

Host

cto_bundle

IAB Standard

IAB Cookies

IAB Standard

MUID

Microsoft Advertising

_uetmsclkid

Microsoft Advertising

_uetsid

Microsoft Advertising

_uetvid

Microsoft Advertising

UserMatchHistory

LinkedIn

Advertising third party

Links to the privacy policies of the individual providers lead directly to their websites. Calling up the web link may already transfer data to these site operators as well as to non-EU countries. DPD accepts no responsibility for this.

Microsoft Ads

We use Bing Ads to advertise on our website and on third party websites for past visitors to our website. Bing Ads is provided by Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA. Tel.: (+1) 425-882-8080 ("Microsoft").

The ads are displayed based on information stored in cookies that Microsoft places on your computer. The text files contain information about your visit to our website, in particular product views, which are retrieved for specific product recommendations on subsequent visits to this website or third-party websites. The cookie contains a random alias. If you visit our website within a certain period of time and view our products, Microsoft will be able to recognise you from the alias. However, the information cannot be attributed to you personally. We or Microsoft will not merge this information with your personal information and will not share any of your personal information with third parties.

Google Analytics Remarketing

The operating company of the Google Remarketing services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Remarketing is a function of Google AdWords that enables a company to display ads to Internet users who have previously visited the company's website. The integration of Google Remarketing accordingly allows a company to create user-related advertising and consequently to display ads that are relevant to the interests of the Internet user.

The purpose of Google Remarketing is to display interest-based advertising. Google Remarketing enables us to display ads via the Google advertising network or on other websites that are tailored to the individual needs and interests of Internet users.
Google Remarketing places a cookie on the IT system of the data subject. By setting the cookie, Google is able to recognise the visitor to our website when he or she subsequently visits websites that are also members of the Google advertising network. Each time you visit a website on which the Google Remarketing service has been integrated, your internet browser automatically identifies itself to Google. In the course of this technical procedure Google obtains knowledge of personal data such as your IP address or surfing behaviour, which Google uses, among other things, to display advertising relevant to your interests.

By means of the cookie personal information, for example the websites you have visited, is stored. Each time you visit our website, personal data, including your IP address, is transmitted to Google in the USA. This personal data is stored by Google in the USA. Google may pass on this personal data collected via the technical process to third parties.

Google Ads

The operating company of the Google AdSense component is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google AdSense is an online service that enables the display of ads on third-party websites. Google AdSense is based on an algorithm which selects the ads displayed on third-party sites according to the content of the relevant third-party site. Google AdSense enables interest-based targeting of internet users, which is implemented by generating individual user profiles. The purpose of the Google AdSense component is the integration of ads on our website. Google-AdSense sets a cookie on your IT system. By setting the cookie, Alphabet Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA, is able to analyse the use of our website. Each time you call up one of the individual pages of this website that is operated by us and on which a Google AdSense component has been integrated, the internet browser on your IT system is automatically prompted by the relevant Google AdSense component to transmit data to Alphabet Inc. for the purpose of online advertising and the settlement of commissions.

In the course of this technical procedure, Alphabet Inc. obtains knowledge of personal data, such as your IP address, which Alphabet Inc. uses, among other things, to trace the origin of visitors and clicks and subsequently to enable commission settlements. Google AdSense also uses so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in websites to enable log file recording and log file analysis, which enables statistical evaluation. By means of the embedded tracking pixel, Alphabet Inc. can recognise whether and when a web page has been opened by your IT system and which links you have clicked on. Among other things, tracking pixels are used to evaluate the flow of visitors to a website.

Via Google AdSense personal data and information, which also includes the IP address and is necessary for the collection and billing of the advertisements displayed, is transferred to Alphabet Inc. in the USA. This personal data is stored and processed in the USA. Alphabet Inc. may share this personal data collected via the technical process with third parties.

You can view the privacy policy and further information from Google AdSense at: https://www.google.de/intl/de/adsense/start/ and at https://www.google.com/policies/technologies/ads/

YouTube

On this website we integrate components from YouTube. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

YouTube is an internet video portal that enables video publishers to post video clips free of charge and other users to view, rate and comment on them, also free of charge. YouTube enables the publication of all types of videos, which is why complete film and television programmes, but also music videos, trailers or videos made by users themselves can be accessed via the Internet portal. Each time you call up one of the individual pages of this website that is operated by us and on which a YouTube component (YouTube video) has been integrated, the internet browser on your IT system is automatically prompted by the relevant YouTube component to download a representation of the corresponding YouTube component from YouTube. The Google WebFonts, Google Video and Google Photo services can also be downloaded from YouTube. Further information on YouTube can be found at https://www.youtube.com/yt/about/de/. Within the scope of this technical procedure, YouTube and Google receive information about which specific sub-page of our website is visited by you.

If you are logged in to YouTube at the same time, YouTube recognises which specific subpage of our website you are visiting when you call up a subpage that contains a YouTube video. This information is collected by YouTube and Google and assigned to your YouTube account.
YouTube and Google always receive information via the YouTube component that you have visited our website if you are logged into YouTube at the same time as you access our website. This takes place regardless of whether you click on a YouTube video or not. If you do not want this information to be transmitted to YouTube and Google, you can prevent the transmission by logging out of your YouTube account before accessing our website.

You can view YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy/.

LinkedIn Analytics

On this website, we use the retargeting tool and conversion tracking of LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland (LinkedIn).
For this purpose, the LinkedIn Insight Tag is integrated on our website, which enables LinkedIn to collect statistical data about your visit and use of our website and to provide us with corresponding aggregated statistics on this basis. The service is also used to show you interest-specific and relevant offers and recommendations after you have found out about certain services, information and offers on the website. The relevant information is stored in a cookie.
As a rule, the following data is collected and processed:

  • IP address
  • Device information
  • Browser information
  • Referrer URL and
  • Timestamp

These processing operations are only carried out with your express consent in accordance with Art. 6 para. 1 lit. a) GDPR. Your data will be stored until you withdraw your consent.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted. The personal data is stored for as long as it is required to fulfil the purpose of processing. The data is deleted as soon as it is no longer required to fulfil the purpose.

As part of processing via LinkedIn, data may be transferred to the USA and Singapore. The security of the transfer is regularly ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, consent will be obtained from you in accordance with Art. 49 para. 1 lit. a) GDPR.

You can find more information about LinkedIn's privacy policy at: https://de.linkedin.com/legal/privacy-policy.

 

DPD also appears in a number of social networks. These include, for example, Facebook, Instagram, X, Xing, LinkedIn and YouTube. DPD provides its services on these platforms under the data protection provisions of the individual platform operator and has no direct responsibility for the way the operator processes data. Any findings from this data are used only for internal purposes and direct consultation. DPD wishes to point out that these platforms are in themselves public and anything which is posted on them can as a rule be read by all users. DPD will not provide shipment-related information or details of personal data in any public forum via these platforms.

Facebook Fan Page DPD Germany 

Facebook has made the fan page available to DPD Deutschland GmbH in accordance with the applicable terms of use, and is solely responsible for the technical operation of the fan page. DPD Deutschland GmbH is responsible for the content that is posted.

Facebook records your visit and your interactions and makes them available to us in anonymized form (page insights). If you have a Facebook account, Facebook processes your data in accordance with the Facebook terms of use. The interactions of visitors without a Facebook account are recorded anonymously and are also made available to us as a statistical evaluation (page insights).

DPD Deutschland GmbH and Facebook are jointly responsible for the processing of personal data in events for page insights (insights data). In accordance with the agreement which applies to Facebook and us (the so-called Page Insights Addendum), each joint controller must fulfil its obligations to provide information itself.

Please exercise your rights as a data subject (see Section 4) in relation to one of the data controllers of the insights data. We pass on requests that fall within Facebook's area of responsibility to Facebook for further processing.

We have no influence on the data processing by Facebook, the scope, purpose, or duration of its storage and any possible forwarding of data by Facebook.

For direct contact with DPD Germany without the involvement of Facebook, please use the contact options on our website.

You will find more detailed information on the data processing for which Facebook is solely responsible in Facebook's privacy policy and cookie policy.

  • Responsibilities for the processing of data

DPD Deutschland GmbH is the data controller for the information it posts and for the processing for which it is responsible.

You can reach our data protection officer at:

[email protected]

With regard to the processing of personal data in events for page insights (insights data), Facebook Ireland Ltd, 4 Grand Canal Harbour, Dublin 2 Ireland, is also the data controller in addition to us. The joint processing is carried out on the basis of an agreement between the joint controllers in accordance with Art. 26 of the GDPR, which you can view here: Information on page insights

  • The type of data processed and the reasons for the processing

Data processing of page insights for statistical purposes
Facebook provide DPD with so-called page insights for our fan page. These are anonymous statistics that are created on the basis of specific events and recorded by Facebook when fan page visitors like you interact on our fan page. The page insights don't contain any personal data, but they do make it possible to see what content is most frequently requested by what group of people. We optimise the fan page on this basis. This represents a legitimate interest in the processing that takes place (processing of personal data in events for page insights). The legal basis for data processing in the context of page insights is Art. 6 Para. 1 f of the GDPR.

You can change the settings for your Facebook advertising preferences in your Facebook account.

Data processing when contact is made and further communication
If you contact us via a contact form or Messenger, for example, we process personal data. This data is processed exclusively for the purpose of answering the enquiry, for contacting you and for the related technical administration and, unless other legal or contractual retention periods apply, will be retained for a maximum of two years to prove that your request has been processed properly and to further optimise our services.

Our legitimate interest lies in the correct and fastest possible processing of your enquiries. The legal basis for this processing is Art. 6 Para. 1 f of the GDPR. If the contact is made for the purpose of initiating or concluding a contract, Art. 6 Para. 1 b of the GDPR serves as the legal basis.

If you provide us with personal data via our fan page (for example in comments), this is done on the basis of your consent in accordance with Art. 6 Para. 1 a of the GDPR. You can revoke this consent at any time with effect for the future. If you would like to exchange personal data with us, please contact our Customer Service.

In the context of prize competitions, data is collected for the purpose of the implementation and processing of such competitions. Detailed information on this can be found in the data protection information and conditions of participation of the specific competition.

Your rights as users
On the basis of the GDPR, data subjects are entitled to the following rights:

  • In accordance with Art. 15 of the GDPR, you can request information about your personal data that is processed by the relevant data controller.

  • In accordance with Art. 16 of the GDPR, you can request a correction if your data is not (or no longer) accurate.

  • In accordance with Art. 17 of the GDPR, you can request the deletion of your personal data.

  • You have the right under Art. 18 of the GDPR to require restriction of the processing of your personal data.

  • In the event that the requirements of Art. 20 Para. 1 of the GDPR are met, you have the right to receive your data in a structured, standard and machine-readable format.

  • In accordance with Art. 77 Para. 1 of the GDPR, you have the right to complain to the competent data protection supervisory authority.

  • In accordance with Art. 21 Para. 2 of the GDPR, you can at any time object to the processing of personal data concerning you for direct marketing purposes.

In accordance with Article 21 of the GDPR, you have the right to object if the processing of your data is based on a legitimate interest within the meaning of Article 6 Para. 1 f of the GDPR (see Sections 3.1 and 3.2) and if you can provide grounds for this based on your individual situation. You can submit the objection to our Facebook Customer Service stating your contact details, the specific processing you are objecting to, the reasons for objection arising from your particular situation and the name of the fan page or, in the case of an objection to the processing of page insights for statistical purposes (see Section 3.1), raise the objection with Facebook. We pass on requests that fall within Facebook's area of responsibility to Facebook for further processing.

If you wish to exercise your rights as a data subject against Facebook, please contact Facebook Ireland Ltd, 4 Grand Canal Harbour, Dublin 2 Ireland. You can do this online via the contact form on the Facebook page.

If you would like to exercise your data protection rights against DPD, please contact us using the contact details provided in Section 2.

This privacy policy was last updated 4/2023