Your delivery experts

Privacy

Privacy policy

 

1. General Provisions

1.1.     This privacy policy (hereinafter – the Policy) regulates the main principles and rules regarding the collection, processing and storage of personal data carried out by UAB "DPD Lietuva", company code 111639299, address of registration: Terminalo g. 7, Biruliškių km., Kauno raj., address for correspondence: Liepkalnio g. 180, Vilnius (hereinafter - we), and terms of operation of the websites https://esiunta.dpd.lt/ (hereinafter – Esiunta Website) https://www.dpd.com/lt (hereinafter - DPD Website), hereinafter jointly referred to as the Websites, managed by us.

1.2.     We aim to ensure that the users of our services, visitors of the Websites, users of services provided on the Websites and other persons whose personal data we process, would entirely trust our services and would be informed in a transparent manner of how we process their data. In this Policy You shall find information on how we collect and use (or would like to collect and use) Your personal data.

1.3.     In our operations, we are guided by the following data processing principles:

1.3.1. Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject (principle of lawfulness, fairness and transparency);

1.3.2. Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (principle of purpose limitation);

1.3.3. Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (principle of data minimisation);

1.3.4. Personal data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (principle of accuracy);

1.3.5. Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required to safeguard the rights and freedoms of the data subject (principle of storage limitation);

1.3.6. Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (principle of integrity and confidentiality);

1.3.7. We are responsible for following, and be able to demonstrate compliance with, the abovementioned principles (principle of accountability).

1.4.     This Policy has been prepared in accordance to the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter – the GDPR), the Act on Legal Protection of Personal Data of the Republic of Lithuania, other laws of the European Union and the Republic of Lithuania.

2. Personal data collection, processing, storage

2.1.     By providing Your personal data, You agree to us processing it for purposes and by means and order laid out in the Policy and laws.

2.2.     It is very important that You read the Policy carefully, because when You visit the Websites and use our services, this Policy will be directly applicable to the collection, processing, and, in the cases provided for in the Policy, Your personal data to recipients.

2.3.     If You do not agree with this Policy and the processing of personal data described therein, please do not visit the Websites and / or use our services

2.4.     You are responsible for ensuring that the data You provide is precise, correct and detailed. Input of incorrect data is considered to be a violation of the Policy. If the data provided changes, You must immediately inform us about it. We shall under no circumstances be responsible for damages that may arise for You and (or) third parties if You provide incorrect and (or) undetailed personal data or did not request supplementation and (or) correction of data when it changes.

2.5.     The entities to which we may disclose Your personal data are described in each of the data processing activities laid down below.

2.6.     In certain cases, we may disclose Your information to entities other than the specified entities:

2.6.1. In order not to violate the law or to respond to a mandatory request in court proceedings (eg, upon receipt of a court order to provide data);

2.6.2. To confirm the legitimacy of our actions;

2.6.3. To protect our rights and property or to ensure its safety;

2.6.4. In other cases, with Your consent or at Your legitimate request.

3. Processing of personal data for the purpose of selecting candidates for employment

3.1.     If You decide to contact us for recruitment, we will process the following personal data submitted by You as candidate for recruitment purposes:

3.1.1. First name, last name;

3.1.2. Date of birth;

3.1.3. Telephone number;

3.1.4. E-mail address;

3.1.5. Residence address;

3.1.6. Education;

3.1.7. Previous and current workplaces;

3.1.8. In the case of courier selection, data on the subcontractor with whom the courier has concluded the contract and the size of the clothing worn by the candidate, driver category and the driver's experience are also processed;

3.1.9. Other data voluntarily provided in Your curriculum vitae and / or other submitted documents.

3.2.     Legal basis for processing personal data is Article 6 (1) (b) (processing in order to take steps prior to entering into a contract) of the GDPR.

3.3.     We normally do not directly employ couriers, so if You provide data for the purpose of getting employed as a courier, Your personal data may be transferred to subcontractors for employment purposes. In that case, once we transfer the data, they are further processed by the subcontractor who received them.

3.4.     Whereas the laws of the Republic of Lithuania impose additional restrictions on the information of candidates that can be processed, we shall ensure that only the allowed personal data of You as the candidate is processed.

4. Processing of personal data for the provision of parcel collection and delivery services

4.1.     In order to provide shipment collection and delivery services, we process personal data, the scope of which depends on the role of the individual in the process of providing said services.

4.2.     If You are a sender, we process the following personal data that You have provided Yourself:

4.2.1. First name;

4.2.2. Last name;

4.2.3. Address;

4.2.4. Telephone number;

4.2.5. E-mail address.

4.3.     If You are the consignee, we process the following personal data provided by the sender:

4.3.1. First name;

4.3.2. Last name;

4.3.3. Address;

4.3.4. Telephone number;

4.3.5. E-mail address;

4.4.     If You accept the shipment, we receive from You and process the following personal data:

4.4.1. First name;

4.4.2. Last name;

4.4.3. Address;

4.4.4. Last 5 digits of the identity document’s number.

4.5.     Legal basis for processing personal data for the provision of parcel collection and delivery services are Article 6 (1) (b) (processing for the performance of a contract), (c) (processing necessary to fulfill the legal obligations applicable to the controller) and, in case of the processing of data of consignees and persons accepting the shipment, (f) (the legitimate interest of us and the sender in delivering the parcel and identifying the receiving person) of the GDPR.

4.6.     Personal data collected for the abovementioned purpose shall not be shared with third parties, but we use the companies that provide IT services to us as data processors and subcontractors to provide You with the services.

4.7.     We transfer the data we process for this purpose to other DPD group companies if this is necessary to achieve said purpose. For data processing, we use companies that provide IT services to us as processors, and subcontractors to help us deliver shipments.

5. Processing of personal data to confirm the identity of the recipient

5.1.     In the event that You receive a shipment whose condition of delivery is a confirmation of Your identity, we shall process the following data we receive from You and / or the sender for authentication purposes:

5.1.1. First name;

5.1.2. Last name;

5.1.3. Identity document number;

5.1.4. Photocopy of an identity document.

5.2.     Legal basis for the processing of personal data is Article 6 (1) (f) of the GDPR – the legitimate interest of us and the sender in delivering a shipment to a properly identified recipient.

5.3.     Due to the specificity of this service, we provide Your personal data to senders. We also transfer Your data that we process for this purpose to DPD group companies if this is necessary to achieve said purpose. For data processing, we use companies that provide IT services to us as processors and subcontractors to help us deliver shipments.

6. Processing of personal data for the purpose of providing cash collection services to recipients

6.1.     If You receive a shipment for which cash is collected, we handle the following personal data that we receive from You and / or the sender:

6.1.1. First name;

6.1.2. Last name;

6.1.3. Address;

6.1.4. Telephone number.

6.2.     Legal basis for the processing of personal data are GDPR Article 6 (1) (b) - conclusion and execution of the contract, (c) - execution of legal accounting obligations applicable to us, and (f) - the legitimate interest of us and the sender in receiving payment for the transferred shipment.

6.3.     Due to the specificity of this service, we provide Your personal data to senders. We also transfer Your data that we process for this purpose to DPD group companies if this is necessary to achieve said purpose. For data processing, we use companies that provide IT services to us as processors and subcontractors to help us deliver shipments.

7. Processing of personal data for the provision of leasing and other contracts

7.1.     If You receive a contract for signing that is sent via our courier, we handle the following personal data that we receive from You and / or the sender

7.1.1. First name;

7.1.2. Last name;

7.1.3. Address;

7.1.4. Telephone number;

7.1.5. E-mail address;

7.1.6. Date of birth;

7.1.7. Identity document number.

7.2.     Legal basis for the processing of personal data is Article 6 (1) (f) of the GDPR – the legitimate interest of us and the sender in delivering a shipment to a properly identified recipient.

7.3.     Due to the specificity of this service, we provide Your personal data to senders. We also transfer Your data that we process for this purpose to DPD group companies if this is necessary to achieve said purpose. For data processing, we use companies that provide IT services to us as processors and subcontractors to help us deliver shipments.

8. Processing of personal data for the purpose of concluding contracts

8.1.     If You are a self-employed person, we process the following personal data received from You for the purpose of concluding and executing a contract with You:

8.1.1. First name;

8.1.2. Last name;

8.1.3. Personal identification number;

8.1.4. Address;

8.1.5. Telephone number;

8.1.6. E-mail address;

8.1.7. Identity document number and date of issue;

8.1.8. Billing account details.

8.2.     We transfer Your data that we process for this purpose to DPD group companies if this is necessary to achieve said purpose. For data processing, we use companies that provide IT services to us as processors and subcontractors to help us deliver shipments.

8.3.     Legal basis for the processing of personal data are GDPR Article 6 (1) (b) - conclusion and execution of the contract, (c) - execution of legal accounting obligations applicable to us.

9. Processing personal data for debt management purposes

9.1.     If You, as our contractual client, delay paying for our services, we may be forced to process the following personal data received from You and UAB "Creditinfo Lietuva" database for debt management purposes:

9.1.1. First name;

9.1.2. Last name;

9.1.3. Telephone number;

9.1.4. E-mail address;

9.1.5. Other data provided by UAB “Creditinfo Lietuva”.

9.2.     The legal basis for the processing of personal data is GDPR Article 6 (1) (b) - our legitimate interest in receiving payment for the services provided.

9.3.     We may transfer Your data we process for this purpose to third parties - courts, bailiffs, and we use companies that provide IT to services to us, acting as data processors, and lawyers.

9.4.     If You are our contractual client and You are delayed in fulfilling Your obligations for more than 30 days, we will provide information about Your identity, that is Your contact details and credit history, financial and property obligations and their execution, debts and their payment, to the credit bureau "Creditinfo Lietuva" (company code: 111689163, address: A. Goštauto g. 40A, LT 01112 Vilnius, Lithuania, www.manocreditinfo.lt, tel.: (8 5) 2394131). Credit bureau manages and provides Your information to third parties (financial institutions, telecom companies, insurance, electricity and utilities, trading companies, etc.) for legitimate interests and purposes - to assess creditworthiness and manage debt. Credit history data is processed 10 years after the fulfilment of obligations.

9.5.      You can access Your credit history by contacting the credit bureau directly or using the Finpass mobile app. You also have the right to request rectification or erasure or to limit the processing of data and the right to object to the processing of the data, as well as the right to data portability. You can learn more about the implementation and limitations of these rights at www.manocreditinfo.lt. If Your rights are violated, You can contact the data protection officer of UAB “Creditinfo Lietuva” by e-mail. by e-mail: [email protected] or by the above mentioned UAB “Creditinfo Lietuva” phone number or to file a complaint with the State Data Protection Inspectorate.

10. Processing of personal data for the purpose of handling claims and complaints

10.1.  In the event that the senders or recipients of the shipments have claims or complaints about the services provided, we process the following personal data of You as a sender or recipient:

10.1.1. First name;

10.1.2. Last name;

10.1.3. Address.

10.2.  In the event that You are the applicant, we process the following personal data:

10.2.1. First name;

10.2.2. Last name;

10.2.3. Address;

10.2.4. Bank details;

10.2.5. Details of the contents of the shipment;

10.2.6. Data contained in sent item purchase and shipment consignment documents.

10.3.  Legal basis for the processing of personal data is Article 6 (1) (f) of the GDPR – our legitimate interest in clarifying the circumstances and properly examining the claims and complaints received.

10.4.  We do not transfer Your data we process for this purpose to third parties, but for their processing we use companies that provide IT services to us as data processors.

11. Processing of personal data for the purpose of writing package violation acts

11.1.  In case the shipment is found to be damaged when the shipment is delivered, our couriers write a package violation act. Such an act contains the personal data of You as the sender or recipient:

11.1.1. First name;

11.1.2. Last name;

11.1.3. Address.

11.2.  Legal basis for processing employee personal data for the purpose of accounting is Article 6 (1) (f) of the GDPR – our legitimate interest in clarifying the circumstances and properly examining the claims and complaints received.

11.3.  We do not transfer Your data we process for this purpose to third parties, but for their processing we use companies that provide IT services to us as data processors.

12. Processing of personal data for the purpose of issuing invoices for services rendered

12.1.  In case You use our services, we handle the personal data of the sender as the sender for the issuance of the services provided:

12.1.1. First name;

12.1.2. Last name;

12.1.3. Address.

12.2.  Legal basis for the processing of personal data are GDPR Article 6 (1) (b) - conclusion and execution of the contract, (c) - execution of legal accounting obligations applicable to us.

12.3.  We do not transfer Your data we process for this purpose to third parties, but for their processing we use companies that provide IT services to us as data processors.

13. Recording of telephone conversations

13.1.  For the purpose of quality control of the services provided and telephone consultations, we record telephone conversations of callers. Accordingly, when You call us on the telephone lines listed below, we will process the following personal data:

13.1.1. Caller's phone number;

13.1.2. Telephone conversation recording.

13.2.  We record conversations with You when calling these phone lines:

13.2.1. Order Line – tel. 8 700 55700;

13.2.2. Customer Service Consulting Line – tel. 8 5 2106 777;

13.2.3. Sales Department Consulting Line – tel. 8 5 2106 766.

13.3.  We receive the data from call recording systems.

13.4.  If You would like to contact us and do not wish Your conversation to be recorded, please kindly call our administration at 85 2106 750, contact us by email (the email addresses are listed in the DPD website's contact section) or come directly to our main office.

13.5.  Legal basis for the processing of personal data is is Article 6 (1) (f) of the GDPR – our legitimate interest in ensuring and improving the quality of customer service, educating employees, properly examining customer complaints about the quality of services via call, and making decisions in case of a dispute with the caller regarding the interpretation of the conversation.

13.6.  We do not transfer Your data we process for this purpose to third parties, but for their processing we use call centre service providers and companies that provide IT services to us, acting as data processors.

14. Direct marketing

14.1.  We provide our contractual customers with what can be described as "direct marketing" –we provide information about our services and their changes by e-mail and telephone. Correspondingly, if You are our client, we shall handle Your personal data for direct marketing purposes without Your objection:

14.1.1. First name;

14.1.2. Last name;

14.1.3. E-mail address;

14.1.4. Telephone number.

14.2.  We also send newsletters by e-mail to our customers who order our services on the website https://esiunta.dpd.lt/ and tick the consent for subscribing to newsletters. We send newsletters to inform about our news, promotions and other special offers and if You give us Your consent to send such information, You shall have the opportunity to withdraw it at any time.

14.3.  We receive data directly from our customers and do not transfer them to third parties.

14.4.  Legal basis for the processing of personal data is is Article 6 (1) (f) of the GDPR – our legitimate interest to provide our customers with information about the services provided and their changes, discounts and other relevant information and, in case of the clients that order our services on the website https://esiunta.dpd.lt/, Article 6 (1) (a) of the GDPR – consent.

15. Conducting surveys

15.1.  Your opinion is very important to us, so if You send or receive shipments that have been delivered using our services, we would like to use the following data to carry out surveys and to evaluate the quality of service. For these purposes, we handle the following personal data of You as sender or recipient:

15.1.1. First name;

15.1.2. Last name;

15.1.3. E-mail address.

15.2.  Legal basis for the processing of personal data is is Article 6 (1) (f) of the GDPR – our legitimate interest to contact the recipients and senders of the shipments and to know their opinion on the services we provide.

16. Procedures and retention periods of personal data storage

16.1.  By processing and storing Your personal data We shall implement organizational and technical measures that would ensure protection of personal data from accidental or unlawful destruction, modification, disclosure and any other means of unlawful processing.

16.2.  We use different retention periods for storing personal data depending on the purpose for which Your personal data are processed.

16.3.  We apply the retention periods for data storage:

No.

Purpose of processing personal data

Retention period

  1.  

Selection of candidates for employment

Until the end of the screening process.

  1.  

Provision of parcel collection and delivery services

Records of electronic files, IT systems and databases are stored for 4 years after the data is received.

Consignment documents (waybills, manifests, e-shipment delivery notes) are stored for 1 year and 1 month.

Electronic or paper parcels delivery documents are stored for 3 years and 1 month.

  1.  

Confirmation of the recipient`s identity

Up to 3 months from the moment of capture.

  1.  

Provision of cash collection services

Records of electronic files, IT systems and databases are stored for 10 years after the data is received.

Cash receipt receipts are stored for 10 years.

  1.  

Preparation and / or submission of leasing and other contracts for signing by the recipient

Records of electronic files, IT systems and databases are stored for 4 years after the data is received.

Paper-based documents shall be stored in accordance with the deadlines set in the "Nomenclature of documents (Index)":

Leasing and other contracts not undeliverable to the recipient are stored for 3 months.

  1.  

Conclusion and execution of a parcel delivery agreement with a natural person as a self-employed person

Records of electronic files, IT systems and databases are stored for 10 years from the end of the contract.

Parcel delivery agreements and invoices for supplied services are stored for 10 years.

  1.  

Claim and complaint handling

Records of electronic files, IT systems and databases are stored for 3 years after the data is received.

User claims are stored for 3 years.

  1.  

Writing package violation acts

Records of electronic files, IT systems and databases are stored for 3 years after the data is received.

Package violation acts are stored for 3 years.

  1.  

Issue of invoices for services rendered

Records of electronic files, IT systems and databases are stored for 10 years after the data is received.

Invoices for services rendered are stored for 10 years.

  1.  

Quality control of services and consultations provided by phone (recording of telephone calls)

No longer than 3 months.

  1.  

Conducting direct marketing

In the case of contractual customers, as long as the person is a DPD customer.

In the case of individuals who have given permission to subscribe to newsletters – 5 years after consent was given.

  1.  

Conducting surveys, evaluation of the service quality

6 months after receiving the data.

 

16.4.  Exceptions to the above-mentioned retention periods may be determined to the extent that such deviations do not violate the rights of You as the data subjects, comply with legal requirements and are properly documented.

16.5.  In the event that Your certain personal data will be required for the purpose of bringing, enforcing or defending legal claims, we will retain them to the extent that they are necessary to achieve such purposes in a judicial, administrative or extrajudicial procedure.

17. Your rights

17.1.  You shall at any time have the right, by providing us a request, to access Your personal data processed by us and to receive information on how Your personal data is processed, to rectify Your incorrect, incomplete or inaccurate personal data, and to ask to suspend, except for storage, personal data processing actions if the data is processed in violation of legal requirements.

17.2.  To the extent that the processing of personal data is based on consent, You have the right to withdraw the consent at any time without affecting the legitimacy of consent-based data processing prior to the withdrawal of consent.

17.3.  You can exercise Your rights by submitting a written application by e-mail [email protected] or by sending a request to Liepkalnio g. 180, Vilnius, or by directly visiting said address.

18. Contact information and complaint submission

18.1.  If You have any questions regarding the protection of personal data, please kindly use the general administration e-mail [email protected] or directly contact our Data Protection Officer by e-mail [email protected].

18.2.  If You are not satisfied with our response or think that we are processing Your data in a way that does not comply with legal requirements, You have the right to file a complaint with the State Data Protection Inspectorate of the Republic of Lithuania as a supervisory authority.

19. Information about the use of cookies

19.1.   When You visit the Websites, the we desire to provide such content and functionality that would best suit Your needs. To this end, cookies are used. Cookies are small-volume text files stored on Your browser or device (personal computer, mobile phone, or tablet).

19.2.  With cookies we aim to provide a more enjoyable experience for the persons browsing the Websites and to improve the Websites themselves.

19.3.  The cookies used on the Website can be grouped into these types:

19.3.1. Cookies that are essential for the website's operation are designed to enable the site to perform its core functions. These cookies allow You to browse the website and use its preferred features; for example, to provide access to secure areas for a particular site;

19.3.2. Activity (analytical) cookies collect anonymous information about how the visitors use the website. By providing information about visited areas, time spent on specific pages of the website and any problems You encounter, such as error messages, these cookies help us understand how visitors behave on the website. This information helps us to improve the website’s performance.

19.3.3. Functional cookies improve Your experience on the website. For example, these cookies can store such information as Your username when connecting to Esiunta website. These cookies can be used to provide services You request, for example, in order to request shipment collection and delivery services or to use services of the third party, for example, social media functions.

19.4.  With the help of cookies, we use IP addresses of the Websites` visitors. IP address – computer identifier on internet protocol networks. It can be used to collect various statistical and demographical information for the Website administration and network error diagnostics, but are not used to determine Your identity. By using cookies, we collect data on the use of services.

19.5.  You can delete or block cookies by selecting the appropriate settings in Your browser that allow You to cancel all or some cookies. Each browser is different, so if You don't know how to change Your cookie settings, You should find this information in its help menu. It should be noted that by using browser settings that block cookies (including essential cookies), You may experience problems using all or part of the Websites’ features.

20. Processing of personal data carried out by third parties

20.1.  Use of third-party services, such as visiting our account on the Facebook social network or logging in to the Esiunta website using Your Facebook account, may be subject to third-party terms. For example, Facebook applies its Data Policy to all of its users and visitors. It is therefore advisable to familiarize themselves with the terms they apply when using such third-party services.

21. Final provisions

21.1.  Legal relations related to this Policy shall be governed by the law of the Republic of Lithuania.

21.2.  We are not accountable for damages, including damages resulting from interference with usage of the Website, damage or loss of data arising from an act or omission by You or third parties acting on Your behalf, including incorrect input of data, other mistakes, conscious malicious behavior and other wrongful use of the Websites. We shall also not be held responsible for any interference of the Website log in and / or functioning and (or) resulting damage that arises from acts or omissions of third parties not associated with the User, including issues with electricity, web access, etc.

21.3.  This Policy shall be reviewed and, if necessary, updated at least every two years. Policy additions or changes shall take effect from the date of their publication on the Websites.

If You use the Websites and the services we provide after updating the Policy, we will assume that You do not object and are familiar with the changes made.