DPD France places the protection of personal data at the heart of its missions and services offered to its customers.

This Policy sets out the principles and guidelines we apply to protect your Personal Data and nd aims to inform you about :

  • the Personal Data that DPD France collects and the reasons for its collection,

  • how your Personal Information is used,

  • your rights regarding your Personal Data.

This Policy applies to all of DPD France's services.

 

How does DPD France consider the protection of your Data?

DPD France is committed to taking into account the protection of Personal Data and the privacy of its customers from the design of new products or services offered to them. To this end, measures to ensure the protection of your Personal Data are implemented, in particular to ensure their security and to guarantee the respect and proper exercise of your rights.

 

What Data is used by DPD France ?

DPD France undertakes to only collect the data that is strictly necessary for the provision of the requested services.

We use your Data in accordance with this Policy, the general terms and conditions of sale or use of our products and services and particularly :

  • when you have been given clear, apparent and precise information regarding the processing in place and agreed, for one or more specific purposes either by way of a written declaration, including by electronic means, or by the absence of opposition or written declaration;

  • when it is needed for the performance of contract, the general terms and conditions of sale or use or the performance of pre-contractual measures;

  • for the compliance of legal or regulatory obligations and the legitimate interests of DPD France.

If optional data is requested, DPD France will be given a clear explanation of the Data we need to provide the requested service and the data you may decide to provide voluntarily.

Data is collected either directly from you or from the sender of your parcel, if you are the recipient.

Data is only used for the purposes made clear to you or the sender of your parcel.

Personal data may be used to offer other services to DPD France customers, only if they have agreed to receive commercial communications.

 

How is the collection of Personal Data from minors?

Some of our services may be used by minors. They must obtain the consent of their parents or legal representatives.

 

To which services or companies is your Data transferred?

Your data may be transferred to:

  • departments within DPD France: departments in charge of performing subscribed services in particular Customer Service, Sales Force, etc…

  • service providers outside DPD France with whom we always sign a contract ensuring the respect of your Data and particularly transport sub-contractors that may be entrusted with carrying out your delivery.

  • within Le Groupe La Poste.

 

Where is your Data stored and can it be transferred to non-EU countries?

DPD France carries out all Data processing activities within the European Union (EU).

However, for some specific services and particularly for the services provided by customer services, DPD France may need to call on the services of sub-contractors located outside the EU. Some of your Data may therefore be transferred to them for the strict purposes of their services. In such cases and in accordance with the regulations in force, DPD France requires its data processors to provide the necessary safeguards to ensure regulated, secure transfers, mainly by requiring them to sign the European Commission’s standard contractual clauses.

 

For how long does DPD France retain your Data?

Different retention periods apply for the various services we provide. DPD France undertakes not to retain your Data any longer than is necessary for the provision of the service or for compliance with the retention periods arising from the applicable limitation periods.

Below, you will find the main instances when your Data is retained:

Processing

Subject matter

Purpose

Data Subjects

Type of Personal Data

Retention period

Legal basis

Role of DPD France

#1

Customer relationship management and analysis of business activity

Contract management

Customers and contacts (natural persons)

Name, first name, position, address, telephone number, email address, fax number, signature, billing information

Length of the business relationship + 5 years

Performance of the contract

Operations relating to the management and follow-up of the contract with the Customer, the customer file (concerning sales proposals, price lists) and invoicing.

History of the customer relationship and correspondence exchanges;

Elaboration of sales statistics.

Optimizing the commercial approach.

Emailing.

Claim and dispute management

3 years archived

(see CNIL definition)

Claims management / pre-litigation and litigation

#2

 

Parcel delivery management

Delivery tracking and proof 

Customer's customers (recipients)

Name, first name, postal address, telephone number, email address, signature, data necessary for delivery (door code, ...) if necessary.

13 months from the date of delivery (cf. Art. L. 133-6 French Commercial Code)

Legitimate interest

Collection/pick-up of parcels prepared by the Customer.

Transport to the delivery place indicated on the parcel and handover of the parcel to the recipient appearing on the parcel.

Delivery preference instructions issued by recipients

customers of the Customer and/or its agent (recipients)

Retrieval of data and/or delivery instructions issued by the Customer's customers.

Customer service: management of complaints

Customer's customers (recipients)

Management of any complaints from the Customer's customers within the framework of the outsourcing of its customer service in Madagascar

#3

Embargo and trade sanctions

Compliance with international regulations and in particular embargo restrictions.

Customer and if necessary its employees /

Customer's customers (recipients)

Name, first name, postal address, country, comparison result

10 years

Legal obligation

Comparing personal data with lists issued by national and supranational organizations and, if necessary, assessing the result in accordance with the required procedures

 

#4

Listening to and one-off recording of telephone conversations

Improvement of  service quality

Customers and, if applicable, their employees / customers of the Customer (recipients)

Name, first name, postal and email address, telephone number, recording of the conversation, time and duration of the call

-  Reports of recordings: 1 year

- Recordings: 6 months

Legitimate interest

Use of recordings to improve service quality and train and evaluate customer service operators

#5

Satisfaction surveys

Name, first name, postal and email address, telephone number, reviews and comments

6 months and archived for a maximum of 3 years unless consent is withdrawn

Legitimate interest

Use of opinions and comments to measure the level of satisfaction and improve service quality

#6

Chatbot

Responding to various requests

Users of the chatbot via the website www.dpd.com/fr/fr

Name, first name, postal address, telephone number, e-mail address, data required for delivery (digicode, etc.), opinions, comments if any

6 months

Legitimate interest

Management of users' requests

 

Is your Data protected?

DPD France undertakes to adopt all necessary measures in order to protect the security and confidentiality of your Data and, in particular, to prevent any damage, erasure or unauthorised access by a third party.

If your Data is affected by a security breach (destruction, loss, alteration or disclosure), DPD France undertakes to fulfil our obligation to notify Data Breaches, in particular to the French Data Protection Authority (CNIL).

 

What are your rights concerning your Data?

You may contact DPD France to exercise your rights held under the personal data regulations in force at any time, provided that you satisfy the relevant conditions and particularly:

- Right of access: you may be sent your Data that is processed by DPD France;

- Right to rectification: you may update your Data or have your Data rectified by DPD France;

- Right to object, in particular to prevent direct marketing: you may wish to no longer receive marketing communications from DPD France;

- Right to erasure: you may ask us to delete your Data;

To exercise your rights, you can also contact DPD France :

  • By sending a registered letter with acknowledgement of receipt addressed to the Direction Juridique de DPD France SAS, 11-13 rue René Jacques, Immeuble Vivaldi, 92130 ISSY-LES-MOULINEAUX, or

  • By email at the following address: [email protected]

By specifying your surname, first name, postal address and attaching a copy of both sides of your identity document.

All requests must be submitted with proof of your identity.

DPD France to respond to your data subject requests without undue delay and in any event, within the times imposed by law.

 

Has DPD France appointed a Data Protection Officer?

The appointment of a Data Protection Officer reflects DPD France's commitment to ensuring the protection, security and confidentiality of Personal Data.

Our Data Protection Officer may be contacted at the following address :

Madame la Déléguée à la Protection des Données du Groupe La Poste, CP C703, 9 rue du Colonel Pierre Avia 75015 Paris.

In the event of any difficulty in connection with the management of your Personal Data, you have the right to file a complaint with the CNIL or with any competent supervisory authority.

 

Glossary

Each term beginning with a capital letter has the meaning given below.

"Privacy and Personal Data Protection Policy" and "Policy": means this Policy describing the measures adopted for the processing, exploitation and management of your Personal Data and your data subject rights

"Personal Data": means to any information relating to you that can be used to identify you, directly or indirectly.

“Processing”: means to any operation or set of operations performed on your Personal Data.

"Data controller": means DPD France which carries out the Processing of your Personal Data.

"Violation of personal data": Refers to a breach of security leading, accidentally or unlawfully, to the destruction, loss, alteration, unauthorised disclosure of or access to your Personal Data.

"Recipient”: means to the department or company he department or company to which your Personal Data is disclosed and can access the Personal Data.

 

Last updated : March 2022