As a provider of postal services it is the primary task of DPD to apply the very latest technical standards in delivering shipments on behalf of consignors securely and reliably to consignees, and at the same time in meeting all the statutory requirements and the necessary protection of confidentiality, availability and integrity in relation to the data entrusted to DPD.
As a company under private law DPD is in particular subject to the provisions of the the EU General Data Protection Regulation (GDPR), the latest version of the Federal Data Protection Act (BDSG new), the Postal Services Act (PostG).
For this reason we process your data as a rule on the basis of Art. 6 (1a - consent), 6 (1b - contractual relationships), 6 (1c - legal requirements) and 6 (1f -legitimate interest) of the GDPR, §26 BDSG new (employee data) and §39, §41, §41a-§41c of the Postal Services Act (PostG) (shipment, invoicing and master data). Further information is provided below and within the descriptions of individual services.
If you have any questions relating to parcel shipping with DPD, please use our contact form.
If you wish to assert your rights in accordance with Article 15-22 GDPR, you can use our data policy contact form.
(Please note that this form is not to be used for questions relating to parcel shipping).
It also enables you to request information about your data, together with the blocking, correction and deletion of such data. If in your opinion we have a data or security leak, you can also report it there. DPD will check your concern, contact you in the event of questions, or provide you with the relevant answer. Please note that emails do not necessarily come from DPD simply because this is indicated in the address of the sender, and treat any suspicious replies or enquiries accordingly. DPD will never ask you for a password or any other confidential identifying feature. At most we will require from you the number of your shipment, parcel notification number, recipient postcode or if relevant your customer number.
You can contact Michael Mayer, our Data Protection Officer, at datenschutz[@]dpd.de. If anything is not clear to you please do not hesitate to get in touch with our Data Protection Officer.
The regulatory authority responsible for DPD is the
Federal Commissioner for Data Protection and Freedom of Information,
Referat 22 Postdienste, Wirtschaftsverwaltung, Graurheindorfer Straße 153, 53117 Bonn
For what purpose do we process your data?
Where do we receive your data from, and what data is involved? DPD receives data for processing from various sources and for various purposes.
If you are a consignor we receive your data when you contact us, visit one of our shipping websites or ship parcels with us. For this purpose we save your invoice address, details of pickup times, contact persons or selected/offered products. As a rule we receive this data directly from you, or in rare cases you are brought to our attention via the Internet or our sales partners.
If you are a consignee we receive your data from consignors. They provide us with your data, as well as information about the parcel or notification instructions, mainly in electronic form or via their own or our shipping systems. They normally do so in that they have entered into a contractual relationship with you in accordance with Article 6(1b) GDPR, and we require the data in order to deliver the goods you have ordered from the consignor. In addition we naturally receive your data from other providers of postal services which act on our behalf in delivering shipments, e.g. if the shipment comes from abroad and if a different provider of postal services which cooperates with us has been entrusted there with the delivery.
If you are a system partner, parcel shop operator or delivery driver we receive your data when you get in touch with us or with a system partner with the intention of working for us. On the basis of a number of statutory requirements and a specific amount of legitimate interest we are obliged to collect a certain amount of further information about you. This ranges from background checks to insurance protection, the vehicles used, existing licences and permits, or further information. If you are a visitor to our website we receive your data via various website functions. For this purpose we apply cookies or request information from you directly. Our priority is to optimise the presentation of our website and to provide you with information about our services. You can at any time restrict the services or deactivate them completely by using a link or making the appropriate selection. (Please see “Web analysis, cookies and advertising serices”).
If you are an applicant for a job we receive your data when you get in touch with us and send us your application. We use the data only for our own purposes.
Who do we transmit your data to?
DPD transmits your data to various locations, but only for the intended purposes. This also includes locations outside the European Economic area, if the place of delivery is located there.
If you are consignor we send your data mainly to our depots, which are responsible for collecting your shipments, and to the local system partners and drivers who are involved.
If you are a consignee we send your data exclusively to the relevant consignors, system partners, parcel shops and delivery drivers (or other providers of postal services who may be involved in the delivery also in other countries). If a parcel happens to be damaged we also send your data to our insurance company.
Shipment data or details of the contents of shipments will only be transmitted or made available to third parties in exceptional circumstances. Such third parties are above all the customs authorities, the prosecution service or insurance companies. You can obtain information about the status of shipments at any time via our app or the tracking functions on our website. This information is only available to authorised users and can only be obtained by the entry of the consignee postcode and the parcel number.
Job application documents are received at our company only by the relevant department or by our system partners in the case of applications for work as delivery drivers, and are subject to the relevant consent.
In order to maintain our privileged customs status as an "Authorised Economic Operator (AEO)" and to avoid fines for violations of the EU anti-terrorism regulations (EC 881/2002 and 2580/2001) and the Foreign Trade and Payments Act (AWG), at defined intervals we check the names and addresses of shippers, consignees, partners and employees against the official sanction list databases.
In some cases we also use service providers for the implementation of tasks and activities on our behalf. Unless they operate on our behalf as part of the logistics chain, all such service providers are under an obligation to comply with our instructions on the processing of data as specified in an appropriate service contract. DPD does not rent, lend or sell personal data to third parties. However, data can be passed on to companies connected with DPD as part of the company group, and can be processed jointly in accordance with Art. 26 GDPR.
How long will your data be stored?
As is the case with all other companies under private law, DPD has to comply with specific regulations relating to the storage of data. This includes above all retention periods in accordance with tax legislation, e.g. relating to consignment notes, tour plans and delivery lists, damage reports, claims, invoices and balance sheets. In addition, for security reasons we store the tracking data for parcels for a period of time which varies per platform between 30 and 180 days.In the absence of consent to a longer storage period, job application documents will be deleted in accordance with data protection legislation at the latest within six months after the rejection of the application.DPD account data is deleted two years after the deactivation of the account. Rejections of delivery notifications (Predict) are stored in a blocking list until the rejection is withdrawn.
For the length of storage relating to cookies, please see our list in Web analysis, cookies and advertising serices.
On the basis of Articles 12-21 of the GDPR, you as the data subject have the following rights. Please note: DPD usually receives the shipping data from the sender. And this with every shipment anew. The better contact for deleting and correcting shipping addresses is therefore primarily the sender.
For your correction, objection or deletion request, simply use our contact form and select the appropriate option there.
Right to confirmation
You have the right to request confirmation from us as to whether personal data concerning you is being processed.
Right to information Art. 15 GDPR
You have the right to obtain from us, at any time and free of charge, information about the personal data stored about you, as well as a copy of this data in accordance with the legal provisions.
Right to rectification Art. 16 GDPR
You have the right to request that incorrect personal data concerning you be corrected. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
Deletion Art. 17 GDPR
You have the right to demand that we delete the personal data concerning you without delay, provided that one of the reasons provided for by law applies and insofar as the processing or storage is not necessary.
Restriction of processing Art. 18 GDPR
You have the right to demand that we restrict processing if one of the legal requirements applies. You can exercise this right with DPD, for example, if you do not want to receive shipping information from us by e-mail/SMS. For this purpose, we store your e-mail address or telephone number in a blacklist, since we always receive this data from the sender with each shipment and cannot prevent this.
Data portability Art. 20 GDPR
You have the right to receive the personal data concerning you, which has been provided to us by you, in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us to whom the personal data has been provided, provided that the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, when exercising your right to data portability pursuant to Art. 20(1) GDPR, you have the right to obtain that the personal data be transferred directly from one controller to another controller, insofar as this is technically feasible and insofar as this does not adversely affect the rights and freedoms of other persons.
Objection Art. 21 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(e) (data processing in the public interest) or (f) (data processing on the basis of a balance of interests) GDPR.
This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or insofar as the processing serves the assertion, exercise or defense of legal claims.
You are free to exercise your right to object by means of automated procedures using technical specifications in connection with the use of information society services, notwithstanding Directive 2002/58/EC.
Withdrawal of consent under data protection law
You have the right to revoke consent to the processing of personal data at any time with effect for the future. You can do this either directly in our systems (package navigator website/app, myDPD) or via our consent management tool ("cookie management" of the website).
Complaint to a supervisory authority
You have the right to complain about our processing of personal data to a supervisory authority responsible for data protection. For postal services, this is:
The Federal Commissioner for Data Protection and Freedom of Information.
Department 22, P.O. Box 1468, 53004 Bonn.
Visiting our website
When you visit this website, data which could possibly permit identification is temporarily stored on our web servers.
The following data is collected: IP address, host name of the accessing computer, the website via which you accessed the DPD website, the pages of the DPD website which you visited, the date and duration of your visit, a message indicating successful access, the volume of data transferred, the type of browser used and the operating system. Other personal data such as your name, address, telephone number or email address are not recorded. An exception to this is if you provide this data of your own accord, for example by filling out an online contact form, registering, taking part in a survey or entering into a contract.
The temporary storage of this data is necessary in order to enable the trouble-free provision of the website. In order to ensure the functionality of the website and the security of the information technology systems, further storage is implemented in log files. These purposes also include the legitimate interest in data processing. The data is processed on the basis of Art. 6 Section 1 (f) of the GDPR.
DPD Deutschland GmbH uses various technologies to evaluate the use of our website and to display advertising. This is done either on the basis of our legitimate interest in optimising the web service for you in accordance with Art. 6 Section 1 (f) of the GDPR, and in accordance with Art. 28 of the GDPR which covers contract processing involving appropriate service providers such as advertising agencies or website service providers, or on the basis of the provision of consent in accordance with Art. 6 Section 1 (a) of the GDPR via our consent management tool Sourcepoint.
As soon as the purpose of the data collection is no longer applicable, the data will be deleted immediately.
DPD Deutschland GmbH uses tracking software to determine how many users visit our website and how often. This software is not used to collect individual personal data or individual IP addresses. The data is used exclusively in anonymous and summarised form for statistical purposes and for the further development of the website.
Google DBM and DFP (Doubleclick for Publisher) Small Business Server
You can see the purpose and duration of validity of all other cookies set by us in the following table:
Under the name "myDPD" DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany, provides digital platforms on web servers or mobile terminals which enable shippers and consignees to send parcels and to monitor or manage their delivery. These functions are referred to below as the "service" or "services". myDPD distinguishes between private and commercial use of the services.
Basically the service can be used without registration. To be able to use the convenience functions, however, registration is required. This is done either by registering via the service with an email address and password or by using an existing Facebook or Google account. DPD does not transmit any parcel information to Facebook or Google in this respect, and only uses these services for authentication purposes. After authentication, a uniform DPD account is created for all our services. Commercial customers need to request their access data directly through their sales contact.
The DPD Group processes information about the location, time and deliverability of your parcels, for example in order to improve our operational processes or to point out suitable optimisation opportunities to you. This data is processed in accordance with Article 6 1(f) of the GDPR.
"Login with Apple ID"
If you use your Apple ID when logging in to DPD, you can register or log in with your Apple account. You will then be forwarded to the Apple website. For the iOS app the process takes place entirely within the operating system. For the login you will need the email address which is stored with Apple. This is required for identification purposes in order to create a secure DPD account for you and is stored with us. Your Apple profile and your DPD account are permanently linked via the email address. You can remove this link at any time on the Apple website.
DPD never learns your Apple access data. You can read how Apple handles privacy settings in the Apple data protection notices; these are also the valid regulations governing this possibility of logging in and registering with DPD.
"Login with Facebook"
"Login with Google"
"Login with netID"
If you use the netID button when logging in to DPD, you can register or log in with your netID account. You will then be redirected to the netID website. Your email address, which is stored with netID, is required for the login. This is necessary for identification in order to create a secure DPD account for you and is stored with us. Your netID profile and your DPD account will be permanently linked via the email address. You can remove this link at any time on the netID website.
DPD does not learn your netID access data at any stage. You can read how netID handles privacy settings in the netID privacy notices; these are also the applicable requirements for this possibility for logging in and registering with DPD.
DPD processes the following data from you in order to provide the relevant services and information: email address, mobile phone number, password, a standard postcode (usually your recipient postcode), Predict status (whether you want parcel notifications or not), the names of the devices you use, and shipment related information from our delivery systems.
Whether or not our service may send you messages is up to you to decide on the settings of theapp in your mobile device, or in the user account of the services.
When a parcel has been successfully delivered, the consignee has the opportunity to rate our service. If the rating of our service has been saved, there is also the option to give a rating on Google. After clicking on the "Rate on Google" button, the user is then redirected from the DPD platform to the Google website via a link.
When a parcel has been successfully delivered and this has been rated positively by the consignee, there is the option of giving the delivery driver a digital tip via PayPal. A requirement is that the delivery driver has registered for the tipping function. Here the user can select an amount and is then redirected by the DPD platform to the PayPal website, where he or she has to log in with the relevant PayPal access data. After logging in the user is shown the transaction details (account linked to PayPal and the amount of the tip). After confirming the transaction on the PayPal website, the user is redirected back to the DPD platform, where he or she has to confirm the payment details for the tip once more. A click on the button "Pay now" triggers the transaction in which the user gives the delivery driver the tip. Finally the user is shown a page which confirms the successful transaction.
Credit rating assessment
To assess the creditworthiness of new customers, we use a probability value (score procedure) based on automated mathematical-statistical procedures for commercial customers provided by e-crefo GmbH, Hellersbergstraße 12, 41460 Neuss, and for private customers from Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss. We use this information as a decision-making aid. Subjective value judgements or personal financial circumstances are not queried. Data is only stored and transmitted if this is necessary to safeguard the legitimate interests of DPD Deutschland GmbH. We would also like to draw your attention to the fact that if e-crefo GmbH has insufficient data about the company concerned at the time when commercial customers apply to us, in individual decisions we will also request a probability value for the owner or managing director of the company concerned at Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss. In order not to unreasonably disadvantage your interests in individual cases with the credit assessment, DPD weighs the various interests involved. If the credit check is negative, DPD reserves the right to change the terms of payment.
Use of the platform
The platform makes it easier for shippers to transfer data to DPD as part of their shipping orders and to manage the addresses required for this purpose. DPD uses this data exclusively for shipment processing as described under the section on the "DPD parcel delivery service". The basis for the use of the platform is the transmission of data for the performance of postal services in accordance with Article 6(1b) of the GDPR and the Postal Act on the basis of the resulting shipping order.
Advertising / information
If you have previously given us your consent under "Profile" or (insofar as statutory regulations provide for this) have not objected, we process and use this data for our own product-related information, surveys, competitions and marketing purposes. We may use service providers for this purpose. These work exclusively in accordance with our instructions under the terms of order processing in accordance with Article 28ff GDPR.
With your consent we in the DPD Group also process information about your user behaviour and your shipping activities in order to offer you relevant and attractive promotional offers from us or our partners. Until you revoke this consent, the processing takes place on the basis of your voluntary consent in accordance with Article 6(1a) of the GDPR.
DPD processes the data stored on the platforms only as long as it is legally required. Sometimes you can delete the data yourself (if this does not violate legal retention periods). We will maintain your myDPD account until you delete it yourself under your "Profile". Shipment data is stored in varying levels of detail between 40 days and 10 years. We keep invoice information for 7/11 years.
Matomo und Google Analytics
In order to optimise our service we apply Google Analytics and Matomo. Details on the use of these services are described above under Web analysis, cookies and third-party services. DPD only makes data from the use of the services and about the service itself to available authorised internal users.
The chat function enables logged-in business customers to get in touch with our employees in almost real time. When the chat request is sent, the following partly personal data is collected:
date and time of the request
if provided voluntarily: email address, parcel number, invoice number
content of the communication
Depending on the course of the conversation, the communication may require additional personal data that you enter in the chat. The nature of this data depends largely on your enquiry and on the matter which you wish to discuss. The purpose of processing this data is to enable a quick response to your enquiry and its content.
We store the chat history for a period of six months, after which the data is automatically archived.
The data you provide us with is processed primarily for the fulfilment of the contract in accordance with Art. 6 Para. 1 lit. b of the GDPR, and for the protection of legitimate interests in accordance with Art. 6 Para. 1 lit. f of the GDPR. A legitimate interest on the part of DPD is in particular to ensure smooth processing and service, and to improve this on a permanent basis.
In order to ensure the correct delivery of shipments to the right consignee DPD requires a range of data, which is as a rule provided by the consignor. In addition to details of the address, parcel type and parcel shipping options, the data may include further information which will, for example, enable us to notify the consignee of the delivery or when parcels are picked up at the parcel shop (e.g. ID card/passport number).
In the case of a third-party delivery to a neighbour, the name and street incl. house number of the neighbour are displayed and processed on our platforms. The data is processed primarily for the fulfilment of the delivery contract in accordance with Art. 6 Para. 1 b GDPR and for the protection of legitimate interests in accordance with Art. 6 Para. 1 f GDPR. A legitimate interest on the part of DPD exists in particular because the processing and display of the data is required for the final delivery of the parcel..
In compliance with postal legislation in postal services, DPD processes this data in a shipment-related way and only for delivery purposes. The details which are provided are used exclusively within the DPD network for delivering shipments and invoicing services, or for clarifying issues relating to shipments (e.g. transport damage). DPD does not use consignee data for advertising purposes or for other personal analyses. Findings from DPD's delivery processes are only used in an anonymised form for the purpose of optimising delivery operations. Your data is not sold, rented out or exchanged. If we provide data to external service providers, this is implemented on the basis of Art. 28 EU GDPR (processing of orders) or other data protection regulations.
DPD also appears in a number of social networks. These include Facebook, Instagram, Twitter, Xing and YouTube. DPD provides its services on these platforms under the data protection provisions of the individual platform operator and has no direct responsibility for the way the operator processes data. Any findings from this data are used only for internal purposes and direct consultation. DPD wishes to point out that these platforms are in themselves public and anything which is posted on them can as a rule be read by all users. DPD will not provide shipment-related information or details of personal data in any public forum via these platforms.
With this service the consignee receives advance notification of shipments sent by the consignor in the form of an email or SMS text message, notifying the consignee when the shipment will be delivered and the arrangements for the delivery. For this purpose the consignor (shipping customer) provides DPD with the necessary supplementary information, such as the email address or mobile number of the consignee.
One possible basis for the transmission of such data to DPD on the part of the consignor is, from the DPD point of view, Article 6 (1f) EU GDPR (“Processing of data for the safeguarding of justified interests”).
Grounds: the transmission of the data is implemented in the legitimate interests of both the consignor and of DPD as the postal service provider, in order to avoid incorrect deliveries (which serves to protect postal secrecy) and to ensure customer-friendly determination of the time and place of delivery on the part of the party concerned (consignee). The basis for the processing of the data between the consignor and the consignee is as a rule an order, or a contractual or similar relationship with the party concerned in accordance with Article 6 (1b) EU GDPR. In the process DPD functions as the service provider (provider of postal services). The transmission of the additional information does not restrict any interests of the party concerned which require protection, or that party’s fundamental rights and freedoms. The party concerned can reject the processing of this supplementary information at both locations. Predict notifications are not advertising aimed at promoting DPD’s own sales or that of an outside company, but serve the implementation of the delivery process for goods which have already been ordered.
DPD processes this data exclusively for this purpose and for no other purpose. For purposes of dealing with complaints or invoicing, the data is recorded in relation to the individual shipment and saved, also in relation to the individual shipment, in our shipping archives in accordance with statutory provisions relating to archiving periods. Shipping customers are responsible for ensuring the correctness of the information provided to DPD about the email addresses and telephone numbers of their customers (consignees), as well as with regard to the correct spelling, syntax and allocation to a specific shipment. If DPD has received instructions from a consignee blocking the transfer of information by email or SMS, DPD is under an obligation to follow these instructions and to terminate the service to the relevant consignee. There will be no message to the shipping customer that this service has been blocked by the consignee.
Suggested text for instructions in the privacy policies of DPD’s shipping customers from 25.5.2018:
”During shipping operations we transmit, on the basis of Art. 6 (1f) of the EU’s General Data Protection Regulation, your data (name, address, if necessary email address and/or mobile phone number for notification options and re-directions, together with further shipment-related data) to our shipping partner DPD Deutschland GmbH. You can reject the transmission of supplementary information such as email or mobile phone data both with us […add customer contact address…] and with DPD direct under [email protected] or, in the case of all parcel notifications, via a link.“
As part of DPD’s Predict-Service, consignors can also provide customers with information about themselves in the form of banner advertising. In addition to the company name and address, the customer’s banner can contain the company logo, the website URL and a company slogan/claim, but no advertising content that goes beyond this in the form of texts or images. DPD undertakes towards shipping customers not to send any advertising of its own to their customers (consignees).
Consignees who wish to block their email address for the Predict-Service should send an informal notice of cancellation to [email protected] indicating their name, address and the email address which is to be blocked. The effect of blocking the email address will be that the consignee will receive no further email notifications from us relating to shipments.
If you decide that you no longer wish to receive email notifications from DPD, we will put your email address on a separate list to ensure that no further messages are sent to you. In view of the large amount of consignee data and the fact that DPD does not in principle save this data in the long term, this can only be achieved by means of a blocking list. The data is saved permanently on the blocking list. The basis of the processing is Art. 6 I f) GDPR, with the legitimate interest on the part of DPD being not to send any notifications against the will of the consignee.
When you send us your online application you declare your consent to the electronic processing of your data, as described below.
Information which is required and recorded
As part of the application procedure, the DPD group of companies* only record and process the personal data which you submit to us or have entered in the application form.
Who has access to your data
Access to your data is only provided to such persons who have been trained in the relevant aspects of data protection and data security, and are subject to a contractual obligation of non-disclosure. The data which you make available in a concrete application is only seen by such persons who are responsible for filling the relevant vacancy. These are in particular HR staff within the company to which you apply, as well as any potential line managers.
Of course your data will not be used for any other purposes than for the application procedure, and will never be used for advertising purposes. Under no circumstances will your data be passed on to companies or persons outside the DPD group of companies.
Beyond the application procedure itself your application data may only be made available to other companies in the DPD group of companies for the purpose of filling other possible vacancies. If you do not agree to this, you can revoke your consent by sending an email to [email protected].
A variety of security procedures are used to protect the application data which is collected. The use of the latest technologies such as secure servers, firewalls and the encryption of application data protects against unauthorised access to your personal data. The security standard involved is continuously reviewed and adapted to the latest technological developments.
Deletion of data
Data which is provided in connection with a specific unsuccessful application for an advertised vacancy is deleted six months after the applicant has been notified. Applications which are included in the pool of applicants are automatically deleted after one year.
Possibility of submitting an application on paper
You of course have the option of submitting your application documents to us on paper instead of electronically. However, please note that we do not return written application documents, and subsequently destroy them in accordance with data protection regulations.
Right of revocation
You have the right to revoke at any time the consent you have provided us with, as well as the right to request information at any time about the data we collect. In order to assert these rights, or any other rights you may have under data protection regulations, please also contact [email protected].
DPD Deutschland GmbH offers you the opportunity to apply online to work with us as a delivery driver or system partner. For this purpose we collect specific data from you.
From delivery drivers:
As DPD does not employ its own drivers, we evaluate your data and then pass it on to a suitable system partner. By providing your consent at the end of the data collection you agree that the recorded data – as displayed on the screen – can be passed on to a system partner. After the data has been passed on it will then be processed. We delete your data after 6 months.
From system partners:
To qualify as a system partner to DPD, the relevant person/company must have a business licence and a permit to transport goods. We will contact you after using the data which you provide for preliminary classification purposes. The data is used by us exclusively for selection and checking purposes, and will be deleted after 6 months if you cannot be considered as a system partner.
DPD Financial Services is a service for the processing of electronic invoices. The service is operated on behalf of DPD by DATEV eG, Nuremberg.
Your data is saved by DPD on specially protected servers in Germany. Access to the servers is only available to a small number of specially authorised persons who are in charge of the technical, commercial or editorial support of the servers. DPD has taken precautions in order to ensure the security of your personal data. Your data will be conscientiously protected against loss, destruction, falsification, manipulation and unauthorised access or publication. The communication with our Financial Services online is also implemented by encrypted connections using special safety precautions. DPD uses session cookies for the identification of authorised users. These small text files, which your Internet browser administers and saves on your computer, are automatically deleted once more when you log out of Financial Services.
To assess the creditworthiness of (new) customers and suppliers, we use probability values based on automated mathematical-statistical procedures ("scoring"). These are determined by prestigious credit agencies and commercial credit insurers on our behalf. For this purpose, we pass on data to these service providers on the basis of corresponding contractual agreements verified under data protection law. In order not to disadvantage your interests unreasonably in individual cases with the credit assessment, DPD weighs up the interests involved. If the credit assessment is negative, DPD reserves the right to restrict the terms of payment, to change them or to put the cooperation to the test.
If you use our contact forms to contact us in electronic form, your voluntarily provided personal data will be collected and stored.
We use the personal data provided by you exclusively for the purpose of answering your inquiry and fulfilling your requirements.
The processing of the personal data from the contact form serves us primarily for the purpose of responding to the establishment of contact.
The data is processed primarily for the fulfilment of the contract in accordance with Art. 6 1 b GDPR, as well as for the protection of legitimate interests in accordance with Art. 6 1 f GDPR. A justified interest on the part of DPD is, in particular, to ensure efficient processing and service, and to improve these on a permanent basis.
Your data will be stored as long as it is necessary to process the relevant contact enquiries.
DPD distinguishes between the following applications of video technology
These are then used for the following purposes:
The underlying legal basis for Purposes 1 and 2 is provided by Article 6 (1f) GDPR and postal secrecy in accordance with §39 PostG and Article 6 (1c) GDPR, the Customs Code Implementing Provisions (based on the Customs Code of the EU / Directive (EU) No. 952/2013), and by the conclusion of works agreements with the responsible works councils on the basis of §26 Federal Data Protection Act and the Works Constitution Act, which can be inspected on site.
The storage period is 40 days, for still images it is 12 months and in DPD Stores 72 hours.
You have the option of subscribing to our free newsletter by email. The newsletter will keep you informed on a regular basis in order to provide you with offers and services tailored to your interests and preferences, as well as targeted tips on our products and services.
When you register for the newsletter, the personal data to be entered is transmitted to us from the input mask. For this purpose you have to enter your email address as a mandatory field. The purpose of collecting the email address is to ensure that emails are delivered correctly. In some cases, further voluntary details are requested for the individual dispatch of information such as your surname, first name and address data. In addition, your IP address and the date and time of the enquiry are automatically collected and stored.
Data collection during registration and double opt-in
When you sign up for our newsletter for the first time, a confirmation email will be sent to the email address you have provided. This confirmation email contains a link that you have to click on in order to confirm your registration. This so-called double opt-in procedure serves to check whether the owner of the email address has actually authorised receipt of the newsletter and agrees to receive this newsletter.
All registration processes are logged, so that it can be proved that the registration process was implemented in accordance with the applicable legal requirements. This includes the storage of the times of registration and confirmation, as well as the data transferred to us.
If consent has been provided by the user, the legal basis for the processing of the data after registration by the user for the newsletter is Art. 6 1 a GDPR.
Use of newsletter service providers
We use the services of external service providers for the dispatch and evaluation as well as for the technical processing of our newsletters. These services are under an express obligation to comply with data protection regulations on the basis of Art. 28 EU GDPR.
We record your use of our newsletter, such as when emails are opened or clicked on, using tracking technology provided by the service provider.
On this basis our service provider can create reports for us on the success or failure of an email campaign, so that we can optimise the content of our newsletter. If the user has given his or her consent the legal basis for the processing of data in this context is Art. 6 Para. 1 lit. a GDPR.
Duration of storage, right of revocation
The personal data which is processed in the context of the subscription to and the dispatch of the newsletter is stored by us for as long as the subscription to the newsletter is active. You can cancel your subscription to the newsletter and your consent to the processing of your data for the above-mentioned purposes at any time by using the unsubscribe link provided in the newsletter, or by sending an email to [email protected].
A separate revocation of your consent with regard to the described tracking process only is not possible. However, you have the option of configuring the email programme you use so that emails are displayed in text form and not in HTML format. This hides image and graphic files so that tracking is not possible. In these cases, however, the newsletter will not be displayed in full and you may not be able to use all the available functions.
The eSolutions portal offers solutions for various DPD services. Various DPD shipping applications and interfaces as well as information on the offers of our partners are available to consignors and consignees. In addition, we offer documentation and implementation guides to all application developers who want to access our systems. Test systems are also available for DPD web services, for example to use the cloud parcel label printing function.
If you log into our portal to use our services or request information about the services or use our test servers, these activities are logged for security purposes within the framework of our security concept on the basis of Article 6 (1f) GDPR. Only a few administrators are allowed access to it and the logs are used exclusively for the prosecution of criminally relevant enquiries.
On our website we also offer users a chatbot so that they can get in touch with us. The data is entered into an input mask, transmitted to us and saved. The data is stored in our computer centres in Germany and France. We store this data for a period of six months, after which it is automatically deleted. The data can also be deleted beforehand on request. The data is not passed on to third parties. Insofar as the information collected in this way is personally identifiable, it will be processed in accordance with Art. 6 Section 1 lit. f GDPR on the basis of our legitimate interest in providing an effective customer service.
If you give your consent we will contact you for market research purposes - including a customer satisfaction survey on the above-mentioned services and products. For this purpose, your data as well as information on the use of the relevant services will be processed. All personal data provided by you when answering questions is considered to have been submitted voluntarily and will be processed in accordance with local legislation. The legal basis for this data processing is your consent in accordance with Art. 6 Section 1 lit. a GDPR.
In the event of unsubscription from email communication or revocation of consent, the corresponding data will be removed from the distribution list or blocked and no longer processed for these purposes.
Use of service providers
We use the services of external service providers who are expressly obliged to comply with data protection requirements on the basis of Art. 28 of the EU GDPR, both for the distribution and evaluation as well as for the technical processing of our surveys.
Participation in prize competitions takes place on the basis of separate consent. The legal basis for this data processing is your consent in accordance with Art. 6 Section 1 lit. a GDPR. When you register and confirm your registration, your IP address and the time of access are stored in order to prove your registration in the event of doubt. Beyond that, only the email address is recorded. Only if you win a prize will you also be asked to provide an address for the delivery of the prize.
The personal data of the participants (name, address, email address) will only be used in connection with the competition and will be deleted afterwards. It will not be used for advertising purposes or passed on to third parties. You have the right to object to the processing at any time. To do so, please contact [email protected] In this case, your registration in myDPD will remain in effect.
This website uses Google Maps, for example as part of the delivery to a DPD Pickup parcelshop or a parcel locker. When tracking your parcel, you can follow the route of your shipment live on a Google Maps map in the "Live-Tracking" function. You will also be shown if there is an option to redirect your shipment to a parcel shop or parcel locker if you are not at home at the time of delivery. You can select the relevant parcel shop/parcel locker on a Google Maps map. In addition, the map in the route planner as well as the location search offers the possibility of displaying the route from the user's location to the parcel shop/parcel locker.
For the map display we use Google Maps, a service provided by Google Inc. (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). The following data is transferred to Google for this purpose:
Referrer address (address of the website on which Google Maps is used)
IP address of the user
The browser used and browser preferences such as browser size and resolution, browser plugins, date, language setting as well as a unique ID.
User location: only if the user has explicitly confirmed the browser request "Should my.dpd.de be allowed to access your location?"
Here you can find out more information specifically about the Google Assistant, Google Home devices and your privacy in connection with the use of Google Actions: https://support.google.com/googlehome/answer/7072285?hl=de. There you will also find more information on how to delete your voice recordings. However, DPD does not have access to these.
DPD does not receive access to any data in your Google account, in particular your Google registration data. DPD also does not receive any access to your voice recordings.
We do, however, process the individual "UserID" assigned to you by Google when you activate the DPD Action and the content of the enquiry you have made. We do this in order to be able to answer your enquiry (Art. 6 Section 1 lit. b GDPR).
In addition, we process your "UserID" and the content of your request in order to statistically evaluate it and, based on this, to improve our offer and make it more interesting for you as a user. We process this data on the basis of our legitimate interest in designing our DPD Action to meet your needs, and because your interests in excluding processing do not outweigh this (Art. 6 Section 1 lit. f GDPR). The "UserID" does not make you recognisable as a person, nor does it identify your Google account. It is an identification number generated by Google. The "UserID" does not allow DPD to draw any conclusions about your identity.
We will delete the text of your enquiry and your "UserID" immediately after answering your question and after the automatic statistical evaluation.
Transfer of data
We transmit the response to your request generated by the DPD Action back to Google so that the response can be delivered via your Action device.
You can find out more information about Alexa, Echo devices and your privacy when using Amazon Skills here: https://www.amazon.de/gp/help/customer/display.html/?nodeId=GA7E98TJFEJLYSFR.
There you will also find more information on how to delete your voice recordings. However, DPD does not have access to these.
DPD does not gain access to any data in your Amazon account, in particular your Amazon registration data. DPD also does not receive any access to your voice recordings.
We do, however, process the individual "UserID" assigned to you by Amazon when you activate the DPD Skill and the content of the enquiry you have made. We do this in order to be able to answer your enquiry (Art. 6 Section 1 lit. b GDPR).
In addition, we process your "UserID" and the content of your request in order to statistically evaluate it and, based on this, to improve our offer and make it more interesting for you as a user. We process this data on the basis of our legitimate interest in designing our DPD Skill to meet your needs, and because your interests in excluding processing do not outweigh this (Art. 6 Section 1 lit. f GDPR). The "UserID" does not make you recognisable as a person, nor does it identify your Amazon account. It is an identification number generated by Amazon. The "UserID" does not allow DPD to draw any conclusions about your identity.
We will delete the text of your enquiry and your "UserID" immediately after answering your question and after the automatic statistical evaluation.
Transfer of data
We transmit the response to your enquiry generated by the DPD Skill back to Amazon so that the response can be delivered via your Alexa device.
You can find out more about Siri and your privacy when using Apple features here: https://support.apple.com/de-de/HT210657.
To find out what data Apple has collected about you to date, please visit: https://privacy.apple.com/.
DPD does not have access to your Apple ID data, in particular your registration data. DPD also does not receive any access to your voice recordings.
Disclosure of data
We transmit the response to your request generated by DPD back to Apple so that the response can be issued via your Siri device.