Thank you for your interest in our company. DPD (DPD Croatia, Slatinska 7, 10360 Zagreb-Sesvete, OIB: 87109117191) follow the principles of transparency and careful handling of personal data in accordance with the General Data Protection Regulation – GDPR, and Act on Implementation of the General Data Protection Regulation.
Data protection is of particular importance for DPD Croatia Ltd. and we are approaching to it very seriously. This does not only apply to the information you leave on our website, but also to the sensitive information that you must leave when using the online service to send the parcel - www.pošaljipaket.hr.
DPD Croatia Ltd. has implemented numerous technical and organizational measures to ensure the fullest protection of personal data processed on these web sites. However, Internet-based data transfers may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, each subject of data is free to transfer personal data to DPD via alternative channels, eg by telephone.
As a private company, DPD is obliged to apply the General Data Protection Regulation (GDPR) and the Implementation Act of the General Data Protection Regulation. In compliance with the above regulations, DPD has the right to store and process personal data to the extent necessary for the establishment and implementation of master data, then to provide usage data and invoicing data.
DPD wants to ensure the full confidence of visitors and users when using the company's services and therefore provides the transparent information on how to handle the collected information. Here you will find out which products and services are used to collect and use information and data.
If you have provided personal information to DPD, you may request erasure of such data at any time. DPD will erase your data as soon as possible unless it is under obligation to archive them, or if they are no longer necessary for purposes for which they are collected or otherwise processed. If erasure of data is not possible for the foregoing or some other reason, DPD will block the future use of such data in accordance with the General Data Protection Regulation (GDPR) and the Implementation Act of the General Data Protection Regulation.
In case you wish to obtain the erasure or limitation of the processing of your personal data in the future, please contact us at [email protected].
The Responsible Authority, under the General Data Protection Regulation (hereinafter referred to as the "Regulation"), and the Implementing Law of the General Data Protection Regulation are:
DPD Croatia Ltd.
For questions regarding data protection please send an inquiry to e-mail: [email protected].
If you have any questions about DPD delivery, please use our contact form.
Specific information regarding product and service data protection:
In what purpose do we process your information?
DPD proccess your information only for the execution transport services based on sender's instructions, or with your consent for occasional promotional purposes or for optimizing our Internet services and delivery services and billing services.
Where do we receive your information from and what data are included?
DPD receives processing data from various sources and for various purposes.
If you are a consignor, we receive your information when you contact us, visit one of our delivery sites or send a parcel with us. For this purpose, we store the name of the company, the address to send the invoice, data about the take-over times, the contact person and the selected / offered products and services. As a rule, we receive this information directly from you, or in rare cases you contact us online or via our sales partners.
If you are consignee, we recieve your data from consignor or directly from you, or in rare cases you contact us online or via our sales partners. In case we recieve your data from consignor, they provide us with your data, as well parcel data or instructions about informing, mostly in electronic form or via their own or our interner services for sending parcels. Consignors mostly had made a contract wih you in accordance with article 6 (1b) GDPR, and we ask for data to deliver goods you had ordered from consignor. Besides that, we recieve your data from other postal service providers which work in our name for parcel delivering, eg. if parcel arriwes from abroad and in case that other delivery company which cooperate with DPD, hand over delivery of that parcel to DPD.
If you are system partner, Pickup location for collecting parcel or our courier, we recieve your data when you contact us or our cooperator with the intent to work with us. Based on a number of legal requirements and a legitimate interest we are obliged to collect a certain amount of additional information about you. Background checks are carried out to check the insurance, check used vehicles, existing licenses and permits, or any other information.
If you are a job applicant, we receive your information when you contact us and send us your application. We only use data for our purposes and purposes for which they are given.
To whom we pass your information?
DPD transfers your data to different locations, but only for a specific purpose for which the data was collected.
If you are a consignor, your data is mostly sent to our distribution warehouses that are responsible for picking up your shipments, as well as to local partners (couriers) and couriers involved in the parcel delivery process.
If you are consignee, your data is only sent to relevant consignors, local partners (cooperators), Pickup locations, and couriers (or other postal service providers who may be involved in delivery). If damage to the parcels occurs then we also send your information to our insurance company.
Shipment information or details on the contents of the shipment, will be forwarded or made available to third parties in exceptional circumstances. Such third parties are primarily the customs authorities, competent state bodies or insurance companies. You can get information about the status of your shipments at any time via our Tracking app on our website. This information is only available by entering the number of parcel or by entering a reference number of parcel available only to authorized users.
Job application documents, in our company only gets the relevant department or local partners (cooperators) in case it is a sign-up for courier job.
In some cases, we also use service providers to perform tasks and activities on our behalf. If they do not act on our behalf as part of the logistics chain, all such service providers are required to comply with our processing instructions specified in the applicable service contract. DPD does not rent, lend or sell personal data to third parties. However, data may be forwarded to DPD-related companies that are part of a company’s group and may be jointly processed in accordance with Art. 26 GDPR.
Who can you contact if you want to reject data processing or correct or delete your data?
If you have a special wish that includes refusing to process your information or correcting or deleting information, simply send an inquiry to [email protected].
How long will your data be stored for a long time?
In order to optimise our service we apply Google Analytics and our own statistical analyses. Google Analytics is a web analysis service provided by Google, which is used for purposes of market research and for ensuring that the service meets user requirements. Google Analytics uses “cookies”, which are placed on your computer to make it possible to analyse the way you use the service. The information generated by the cookies about the use of the service (including the user’s anonymised IP address) is as a rule transmitted to and stored by Google on servers in the United States. Google uses this information in order to evaluate your use of the service and to create reports on activities for the operator of the service. Google may also transmit this information to third parties if this is prescribed by law, or if third parties process the data on behalf of Google. Google will not connect your IP address with other Google data.At https://tools.google.com/dlpage/gaoptout?hl=en you can, with effect for the future, opt out of the recording and saving of your data at any time. In addition, we use the remarketing functions and reports on demographic features and interests provided by Google Analytics in order to display to visitors of the website targeted advertisements on the partner websites of the Google display and search network. The saving of cookies enables user behaviour to be analysed and interest-based advertising to be activated.
Google DFP (Doubleclik for Publishers) Small business Server
DPD uses third-party software for the activation of online advertising. The program involved in is Google DFP Small Business Server. This service is provided by Google Inc. (‘Google’; Amphitheatre Parkway, Mountain View, CA 94043, USA). DPD uses this service exclusively for the administration of customer banners and its own banners, without the use of third-party networks in order to reduce the generation of cookies on your system to a minimum. In spite of the fact that no interest-based advertising by Google is activated on our website, the Google system collects unidentified user data. You can use the Google advertising settings in order to deactivate interest-based advertising on this link:
On this website, DPD Croatia has integrated Google AdWords. Google AdWords is an Internet advertising service that allows the advertiser to place ads on Google search engine results and the Google advertising network. Google AdWords allows the advertiser to pre-define certain keywords by which the ad will only appear on Google's search results when a user uses a search engine to find keyword-related search results. In the Google Advertising Network, ads are distributed on relevant web sites using an automatic algorithm, taking into account pre-defined keywords.
Operative company of Google Adwords is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES.
The purpose of Google AdWords is to promote our website by including relevant advertising on third-party websites and search engine results from the Google search engine and inserting third-party advertising on our website.
Google uses the data and information collected by using the conversion cookie to create a statistics visit to our website. These visitor statistics are used to determine the total number of users served via AdWords ads to determine the success or failure of each AdWords ad and optimize AdWords ads in the future. Neither our company nor any other Google AdWords advertisers receive information from Google that could identify the data.
The Conversion cookie stores personal information, such as the web site visited by the data subject. Each time we visit our web sites, personal information, including the Internet access IP address that uses the data subject, is transmitted to Google in the United States. These personal information is stored by Google in the United States. Google may transfer this personal information collected through a technical process to third parties.
The respondent has the choice to complain about an ad based on Google's interest. Therefore, the submitter must access www.google.de/settings/ads for each browser he/she uses and set the desired settings.
Further information and applicable Google Privacy Terms can be downloaded at https://www.google.com/intl/en/policies/privacy/.
On this website DPD Croatia has integrated Google Remarketing Services. Google Remarketing is a feature of Google AdWords that allows your business to show ads to Internet users who previously resided on a company's website. Google's remarketing integration, therefore, allows the company to create user ads, thereby displaying relevant ads to interested internet users.
Operating company for Google Remarketing service is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES.
The purpose of Google remarketing is to insert relevant advertising for interest. Google Remarketing allows us to serve ads on the Google Network or other web sites that are based on individual needs and respond to the interests of Internet users.
Every visit to the web site where the service is integrated with Google's remarketing, the web browser of the person who is the submitter automatically identifies with Google. During this technical process, Google receives personal information, such as IP address or user search behavior, which Google uses, among other things, to insert relevant ads.
The cookie is used to store personal information, such as the web site visited by the submitter. Each time we visit our web site, personal information, including the Internet access IP address used by the submitter, is transmitted to Google in the United States. These personal information is stored by Google in the United States. Google may transfer this personal information collected through a technical process to third parties.
The respondent may, as noted above, at any time prevent cookies from being placed through our website by matching the web browser used to permanently disable cookies. Such customization of Internet browser usage would also prevent Google from setting up cookies on the information technology of the submitter. In addition, cookies that have already been used by Google can be deleted at any time through web browsers or other software programs.
In addition, the Respondent has an opportunity to complain about Google's advertising based on interest. For this purpose, the subject of the data must visit www.google.de/settings/ads and enter the preferences for each internet browser that it uses.
Further information and actual Google data protection provisions can be downloaded at https://www.google.com/intl/en/policies/privacy/.
On the website DPD Croatia Ltd. contains information that enables fast electronic contact with our company as well as direct communication with us, which also includes the general address of the so-called e-mail and different email addresses depending on the type of query. If the subject of the data contacts DPD via email or via the contact form, the personal data submitted by the subject of the data are not automatically stored but passed directly to the email of the responsible person with respect to the query type. Such personal data voluntarily filed by the data bearer shall be kept and forwarded by the DPD to the responsible persons for processing or contacting the data bearer. There is no transfer of such personal data to third parties. Via the contact form on how we can help you, users are not only enabled to establish direct contact with DPD but also to discontinue their consent to the storage, processing and use of personal information in the future. DPD will erase your information in the shortest time, unless it is under obligation to archive them. If deletion of the data is not possible for the aforementioned or some other reason, DPD will block the future use of such data in accordance with the General Data Protection Regulation (GDPR) and the Law on Implementation of the General Data Protection Regulation.
DPD also appears on social networks like Facebook, YouTube and LinkedIn. DPD enables its service on these platforms in accordance with data protection regulations of a particular service provider and does not have direct responsibility for the way data is processed by the operator. These data may be used for internal purposes or for direct communication. DPD wants to emphasize that such platforms are publicly available and all content available to them is available to all their users. DPD will not transfer information about delivery or details of personal data to other public forums through these platforms.
Terms of Data Protection and Use of Social Network Facebook
Via this site, visitors can access via the link (link) on the official Facebook page of DPD Croatia. Facebook is a network community that usually allows users to interact and interact with the virtual space. Social network Facebook can serve as a platform for sharing opinions and experiences, or enabling the Internet to provide personal or business information. Facebook enables its users to include private profiles, upload photos, and network through friends' requests.
Operative company of Facebook business community is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States for people living in the United States and Canada, or Facebook Ireland Ltd., 4 Grand Canal, Grand Canal port , Dublin 2, Ireland (for citizens of other countries).
Facebook Privacy Terms of Service are available at https://www.facebook.com/about/privacy and provide information on Facebook's collection, processing and use of personal information. In addition, it explains what settings Facebook offers to protect the privacy of the data submitter. In addition, different configuration options are available to allow removal of data transfer to Facebook. The data provider can use Facebook options to turn off data transfer to Facebook.
Terms of Data Protection and Use of YouTube
Through this site, visitors can access via the link to the official YouTube channel of DPD Croatia. YouTube is a web portal for videos that allow video publishers to set up free video clips and other users to review and comment on videos. YouTube lets you publish all kinds of videos so that you can access movies and TV shows, as well as music videos, announcements, and videos created by users through the web portal.
The YouTube operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, UNITED STATES. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, UNITED STATES.
The YouTube Data Protection Terms are available at https://www.google.com/intl/en/policies/privacy/ and provide information on collecting, processing, and using personal data from YouTube and Google
Terms of Data Protection and Use of Social Network LinkedIn
LinkedIn is a web-based social network that allows users with existing business contacts to connect and create new business contacts. More than 400 million registered people in more than 200 countries use LinkedIn. So LinkedIn is currently the largest business contact platform and one of the most visited websites in the world.
The LinkedIn operating company is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, United States. For privacy issues outside UNITED STATES is responsible LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2.
In order to ensure the correct parcel delivery for the consignee, DPD requires certain information forwarded to it by the sender. Based on these data (name, last name, address, email, phone number, parcel type and delivery options), DPD may notify the recipient of the delivery shipment. Pursuant to the Postal Services Act, DPD processes this information in a manner exclusively for delivery and delivery purposes. The obtained details are only used within the DPD network for delivering and invoicing the service, or for solving the problems caused by delivery (for example, damage caused during transport). DPD does not use the recipient's data for advertising purposes or for other personal analysis. What is gained through DPD's delivery processes is used exclusively in an unidentified form to optimize delivery operations. Your data can not be sold, leased or exchanged. If we provide data to external service providers, this will be done in accordance with positive regulations governing the protection of personal data.
DPD Croatia ltd. (headquarter: Kovinska 4a, 1090 Zagreb, further as DPD), offers, as part of its product portfolio, its service Predict for consignors and consignees. With this service the consignee receives advance notification of shipments sent by the consignor in the form of an email or SMS text message, notifying the consignee when the shipment will be delivered and the arrangements for the delivery (Follow My Parcel Portal). For this purpose the consignor (shipping customer) provides DPD with the necessary supplementary information, such as the email address or mobile number of the consignee.
One possible basis for the transmission of such data to DPD on the part of the consignor is, from the DPD point of view, Article 6 (1f) EU GDPR (“Processing of data for the safeguarding of justified interests”).
Grounds: the transmission of the data is implemented in the legitimate interests of both the consignor and of DPD as the postal service provider, in order to avoid incorrect deliveries (which serves to protect postal secrecy) and to ensure customer-friendly determination of the time and place of delivery on the part of the party concerned (consignee). The basis for the processing of the data between the consignor and the consignee is an order, or a contractual or similar relationship with the party concerned in accordance with Article 6 (1b) EU GDPR. In the process DPD functions as the service provider (provider of postal services). The transmission of the additional information does not restrict any interests of the party concerned which require protection, or that party’s fundamental rights and freedoms. The party concerned can reject the processing of this supplementary information at both locations (consignors and consignees). Predict notifications are not advertising aimed at promoting DPD’s own sales or that of an outside company, but serve the implementation of the delivery process for goods which have already been ordered.
DPD processes this data exclusively for this purpose and for no other purpose. For purposes of dealing with complaints or invoicing, the data is recorded in relation to the individual shipment and saved, also in relation to the individual shipment, in our shipping archives in accordance with statutory provisions relating to archiving periods.
In accordance with the General Data Protection Regulation and the Implementation Act of the General Data Protection Regulation, we advise our consignors to notify their customers (consignees) of this data transfer as part of the protection of their own data protection agreements, eg in the data protection section of their data (see text below) or to request customer consent. The consignor is responsible for the lawfulness of the transfer of data from the consignee.
The consignor is responsible for the accuracy of information transmitted to DPD, such as the electronic addresses and telephone numbers of its customers (receivers of goods), which must be grammatically correct for each appropriate delivery. If DPD has received a notice from the consignee of a further ban on sending the information by electronic mail or SMS, DPD is under an obligation to follow these instructions and to terminate the service to a particular recipient. The consignor will not receive information that the consignee of the goods has blocked the service.
As part of DPD’s Predict-Service, consignors can also provide customers with information about themselves in the form of banner advertising. In this process, the consignor is responsible for allowing of sending banners to their buyers (consignees). DPD undertakes towards shipping customers not to send any advertising of its own to their customers (consignees).
Consignees who wish to block their email address for the service Predict should send an informal notice of cancellation to [email protected] indicating their name, address and the email address which is to be blocked or use the sign off link which is received via Predict notification.
In accordance with the precautionary measures, we want to emphasize the consequences of blocking an electronic address that will in future prevent the recipient from receiving further information from any sender. If the deactivation option is to be used only when receiving a consignment from a particular sender, the recipient is obliged to contact the sender in such a situation and inform him that e-mail notifications are disabled.
Suggested text for instructions to confirm the consent of the consignee for clients of DPD services:
“During the process of sending the shipment, we will pass in accordance with the General Data Protection Regulation (GDPR) and the Law on Implementation of the General Data Protection Regulation your data (name and last name, address, and if necessary your telephone number and / or mobile phone number for the option of sending notifications and redirects, together with other data related to the delivery of the parcel) to our delivery partner DPD Croatia Ltd.”
DPD Croatia offers users of its services a variety of DPD sites, applications and software for parcel delivery.
Web sites Weblabel https://dpd.com.hr/ i WPO – www.mojdpd.hr are free internet application for parcel delivery and the printing of parcel labels that DPD Croatia offers to its customers with registration. Access to the application is obtained by the client after signing the Contract with DPD and freely submitting the registration information. The information required for registration is the name, last name, company, email, phone. All mentioned is used particulary for the purpose of opening an account for the parcel delivery and printing of the parcel labels by the client. Registered users in the listed Internet applications can take into the list of consignees. They usually do so by signing a contract with their customers, the consignees, in accordance with Article 6 (1b) GDPR, and DPD needs those data to deliver the goods the consigneer has ordered from the consignor.
Follow My Parcel (FMP) http://www.dpdpaket.hr is a parcel redirection portal. The link to the FMP portal is provided to the consignees, who provided its information to the consignor by email and / or SMS (Predict service).
If the recipient of the parcel does not match the intended delivery date, the following alternative delivery options are available on the Follow My Parcel (FMP) portal:
- Select Neighbors: we deliver the parcel to the selected neighbor
- Give DPD the authorization to leave the parcel at an agreed safe place
- Choose Pickup location
- Change delivery address: we will deliver parcel to another address (eg. Friend’s address or work address)
- Change delivery date
The parcel redirection data is optionally entered by the consignee and DPD uses them exclusively to deliver the goods ordered from the sender, in accordance with Article 6 (1b) of the General Data Protection Regulation (GDPR).
On our official website DPD Croatia Ltd. in the Newsletter section, users are given the option to subscribe to our company newsletter. We guarantee that we will treat all personal information you submit with the utmost confidence and safely store them and we will not forward them to third parties.
DPD Croatia Ltd. regularly notifies its customers and business partners through newsletters about offers, promo prices and business news.
The newsletter can only be received if:
1) the subject of the data has a valid email address
2) you subscribed to our DPD newsletter list
3) when we process data to respond to your request for the legitimate basis of our legitimate interest as you directly contact us for the purpose of selling your products and services, considering that you are still interested in our Company's products and services and in order to better understand your needs and thus improve our services to you.
In case you signed up for our newsletter list, the confirmation email will be sent to the registered email address. When registering for a newsletter, we also store the IP address of a computer system that is assigned by the Internet Service Provider (ISP), and is used by the data subject at the time of registration, as well as the date and time of registration. Collecting this information is necessary to understand (possible) the misuse of an entity's email address later, and therefore serves as the purpose of DPD's legal protection.
Personal information gathered within the newsletter application will only be used for sending our newsletter. In addition, subscribers to the newsletter may be notified via e-mail if this is necessary for functioning of a newsletter program or in case of registration if certain change in news and notice offer is made or case of technical circumstances change. There will be no transfer of personal information collected via third party newsletter services. The permission to store personal information provided by the applicant for the delivery of the newsletter may be terminated at any time. At any time, the subject can sign out of the DPD newsletter list so at the foot of any email newsletter you receive from us, click on the SITE link or contact us at email: [email protected].
Newsletter DPD Croatia ltd. contains so called tracking pixels. Miniature tracking pixel is embedded in such emails that are sent in HTML format to enable campaign capture and analysis. This allows statistical analysis of the success or failure of Internet marketing campaigns. Based on the built-in pixel for monitoring, DPD Croatia Ltd. can see if and when the person opened an e-mail newsletter, and clicked on the links in the newsletter.
Such personal data collected in the monitoring pixels contained in the DPD newsletter is stored and analyzed to optimize the delivery of the newsletter as well as tailor the contents of the future bulletins to the interests of the respondent. These personal information will not be disclosed to third parties. The permission to store personal information provided by the applicant for the delivery of the newsletter may be terminated at any time. At any time, the subject can sign out of the DPD newsletter list so that at the foot of any newsletter you receive from us, click on the sign off link or contact us at email: [email protected]
Approvals Concerning Receiving DPD Croatia News
By filling in the form to receive DPD Croatia e-news on current offers, trends, important notices, new products and practices, the user agrees with the forwarding of the information that the legislation decides as personal information. In this case, they are: the first name, last name, e-mail address and IP address of the device from which the data is sent. At login, the user may agree to use the personal information for the following purposes:
(NECESSARILY) The agreement to receive DPD e-news on current offers, trends, important notices, new products and practices is valid until the cancellation and includes:
- Use data to send regular e-news about current offers, trends, important notices, new products, and practices
- use data to periodically send other content, such as various guides, instructions, event notices etc.
- export, store and process data in a marketing automation tool that lets us send these newsletters
The legal basis for such processing is regulated by Article 6, paragraph 1, item a) of the General Data Protection Regulation (GDPR) - because you as a respondent have been privileged to process your personal data for one or more specific purposes.
YOUR RIGHTS ON THE BASIS OF CONSENTS
The Respondent may at any time require the Personal Data Processing Manager to permanently or temporarily stop using his / her personal data for the purposes listed above. You can send this request at any time to: e-mail: [email protected] and detail the consent you want to cancel. At any time, the subject can sign out of the DPD newsletter list so that at the foot of any email newsletter you receive from us click on the link SIGN OFF.
Besides that, he / she has this rights:
- The right to access to his/hers personal information collected. In that case manager can use all reasonable means to identify an individual whose personal data, particularly within the online services and online identifiers.
- The right to correct inaccurate data related to them. In that case manager can use all reasonable means to verify the identity of an individual whose personal data, in particular in the online services and online identifiers.
- The right to "forget" or delete all data if conditions of Article 17 of the General Data Protection Regulation are met
- The right to terminate the use of personal data for direct marketing purposes.
- The right to independently decide on the use of personal data based on automated processing
- The right to file a complaint with the supervising body against the processing manager if he or she thinks that processing of theirs personal data is in violation of the General Data Protection Regulation
The procedure for exercising the rights
- I have been informed to adress all the above mentioned requirements regarding the implementation of personal data rights in written form to the processing manager, at [email protected]
- I know that the processing manager can ask me for personal information for reliable identification purposes in case of realization of the right and can refuse the request only if he/she proves that my identity can be validated.
- I have been informed that the processing manager must respond to my request to exercise the rights related to the above mentioned personal information, without unnecessary delay and in any case within one month of receipt of the request.
Personal data information for "myDPD"
The company GeoPost, with registered office at 26 rue Guynemer 92130 Issy-Les-Moulineaux France, that is the parent company of the DPD, Seur and Chronopost subsidiaries, is the controller of “myDPD”.
The personal data are processed in the course of delivery services agreements. GeoPost hereby informs Users that the personal data collected are not mandatory for the performance of the delivery services, but they facilitate it.
The data will be used by GeoPost, its European entities and/or any third party involved in the performance of the services, particularly:
- To perform the delivery services,
- To issue offers of similar products and services, by any mean of communication, as part of customizing business relations,
- To measure the level of satisfaction of the Users and improve the offers and services of GeoPost and its subsidiaries.
The personal data of the User are kept for a maximum of three (3) years following his last connection to “myDPD”, except for the physical address of the User that is kept five (5) years.
The User shall have the right of access, and to rectification, object, restriction of processing, data portability by transmission of his data where technically feasible, and erasure of his personal data. These rights may be exercised by sending an e-mail to [email protected]
For any problem linked to the management of his personnel data, the User shall have the right to lodge a complaint with any relevant supervisory authority.