DPD is committed to the secure and trustworthy treatment of the data you entrust to us. We do everything in our power to comply with statutory data protection regulations. This also applies to compliance with the EU's new General Data Protection Regulation (GDPR). You can download all the important information on this subject here, in particular in relation to the use of our Predict-Service, contract data processing by DPD and why you don't need a contract in accordance with Art. 28 GDPR for the transmission of shipment data to DPD.
As a postal service provider DPD is a data controller in its own right. The processing of data is therefore carried out to provide the postal service. This always involves the direct, purpose-related transfer of the consignor's shipping data to DPD and not contract processing as defined in Article 28 of the GDPR. It is also irrelevant how this transfer to DPD takes place (direct file transfer, myDPD service or Parcel Navigator).
The purpose of contract processing is to make use of services which are subject to the authority of a principal and for which the company has sole responsibility under data protection law with regard to the rights of the data subjects.
For companies, the transfer of data to DPD is necessary to process the delivery as part of the customer order and is therefore usually covered and justifiable on the basis of Article 6 Section 1b of the GDPR (sales contract) or Article 6 Section 1a (consent).