Menu

DPD Latvia Privacy Policy

DPD Privātuma politika DPD Privātuma politika

DPD Latvia Privacy Policy

This DPD Latvija Privacy Policy (hereinafter also DPD Latvija Data Protection Notice) includes information on the processing of personal data carried out by DPD Latvija (hereinafter—DPD). The Privacy Policy explains what data and in what way are processed when you conclude an agreement with DPD, use a DPD service or are in any other way involved with our services (for example, as a consignee), visit DPD website, take part in our campaigns and competitions, contact us, etc.

This Privacy Policy sets forth the DPD data collection practice, which includes information on the type of data DPD collects, how the data are used, and who may access them. You have the right to control your privacy, and DPD respects that. It is important for DPD to help you exercise this right, therefore we have further provided the necessary information.

Read this Privacy Policy and contact DPD at [email protected] if you have any questions or comments.

DPD Latvia Data Protection Notice

DPD Latvija

Last update: September 2025

DPD Latvija (DPD) is a postal service provider and a company of Geopost SA (DPDgroup).

SIA “DPD Latvija”

Uriekstes 8a, Rīga,

LV – 1005, Latvija

For whom is this data processing notice?

Main addresses of this data protection notice are:

  • Customers (sender, recipient or a person receiving a parcel on behalf of a recipient)

  • Participants in competitions or campaigns

  • Prospective customers (marketing activities)

  • Website visitors

  • Social network members

  • Representatives of business customers

  • Job applicants

  • Onsite visitors (e.g. DPD office, DPD depot)

Who is responsible for the processing of your personal data?

DPD is responsible for processing your personal data.

Data Controller

SIA “DPD Latvija”

Uriekstes 8a, Rīga,

LV – 1005, Latvija

Registration number: 40003393255

Joint-Controllership

In certain cases, DPD together with Geopost SA (DPDgroup) process personal data as Joint-Controllers.

Geopost SA

Guynemer 92130

Issy-Les-Moulineaux

France

Joint-Controller Agreement (JCA): We have concluded a Joint-Controller Agreement (JCA) which governs the processing of your data by the Joint-Controllers. It sets specific rules for the management of your rights and the management of data breaches.

Rights of the Data Subject: Where exercising your right affects a system provided by DPDgroup, we will involve DPDgroup to process your request together.

Data Breach Management: In case of a data breach affecting a system provided by DPDgroup, we will involve DPDgroup to manage the data breach together.

What are the purposes for processing your personal data?

We process personal data for the following purposes:

Note: Listed activities are not exhaustive.

Providing services

Activities: We process personal data of customers (sender, recipient or a person receiving a parcel on behalf of a recipient) to provide DPD services (e.g. to take in parcels, receive payments, sort, dispatch, carry out customs procedures and delivery). This also includes the processing of data to improve our services (e.g., service evaluation).

Categories of personal data

Legal basis

Retention
·        First name, second name

·        Address private / business

·        Phone number private / business

·        Email address private / business

·        Birthdate

·        Payment details

·        Data of official identification document (e.g. personal identification code)

·        Technical data (e.g. geolocation data, time-stamps, UIDs, parcel labels, sticker bar codes)

·        Customer service experience

 Steps to enter into an agreement between you and us

Performing the agreement between you and us

Legal obligations

Based on compatibility with the original purpose (Art. 6(4) GDPR)

Legitimate interest

 We retain data for no longer than is necessary for the purpose or we are subject to a legal obligation, or you withdraw your consent, or you object to the processing activity.

 

Providing myDPD

Activities: We process personal data of customers to provide myDPD. This also includes the processing of data to improve the myDPD.

Categories of personal data

Legal basis

Retention
·        First name, second name,

·        Address private / business

·        Phone number private / business

·        Email address private / business

·        Birthdate

·        myDPD username

·        myDPD password

·        Invoicing details

·        Technical data (e.g. transaction history, shipment information (size, content, location), pick-up point and safe place preferences, actions performed on the myDPD app).

 Steps to enter into an agreement between you and us

Performing the agreement between you and us

Legal obligations

Based on compatibility with the original purpose (Art. 6(4) GDPR)

 We retain data for no longer than is necessary for the purpose or we are subject to a legal obligation.

 

Fraud prevention, compliance with sanctions regulations, protecting DPD’s rights and interests

Activities: We process personal data of customers to comply with international and national sanctions regulations, to prevent or detect fraud, to protect DPD’s rights and interests (e.g. property, recover debt, dispute resolution, legal proceedings).

Categories of personal data

Legal basis

Retention
·        See data related to the provision of services

·        See data related to providing customer account on the myDPD app

·        Information on sanctions

·        Video recordings

·        Voice recordings (calls)*

*Customers or other persons are informed about a phone call recording prior to the start of the phone conversation.

 Steps to enter into an agreement between you and us

Performing the agreement between you and us

Legal obligations

Legitimate interests

 We retain data for no longer than is necessary for the purpose or we are subject to a legal obligation.

Video recordings

Voice recordings

 

Providing customer service

Activities: We process personal data of customers to provide customer service, to help, to resolve enquiries or complaints. This also includes the processing of personal data to improve customer service (e.g., service evaluation).

Categories of personal data

Legal basis

Retention
·        See data related to the provision of services

·        See data related to providing customer account on the myDPD app

·        Information disclosed to customer service (e.g. enquiry or complaint)

·        Information disclosed to customer service (e.g. survey)

·        Customer service experience

 Performing the agreement between you and us

Legal obligations

Legitimate interests

Consent

Based on compatibility with the original purpose (Art. 6(4) GDPR)

 We retain data for no longer than is necessary for the purpose, we are subject to a legal obligation or you withdraw your consent, or you object to the processing activity.

 

Performing marketing activities

Activities: We process personal data of customers or prospective customers to send them offers, newsletters, or other information that they may find relevant and interesting. If they have used our services and they have not objected to receiving such information, we may send them offers on similar services. They may opt out of receiving these offers at any time.

Categories of personal data

Legal basis

Retention
·        First name, second name

·        Address private / business

·        Phone number private / business

·        Email address private / business

·        Marketing activities information (e.g. type of activity)

 Performing the agreement between you and us

Legitimate interests

Consent

 We retain data for no longer than is necessary for the purpose, we are subject to a legal obligation or you withdraw your consent.

 

Organizing campaigns and competitions

Activities: We process personal data of participants in competitions or campaigns to provide for the relevant activities.

Categories of personal data

Legal basis

Retention
·        First name, second name

·        Address private / business

·        Phone number private / business

·        Email address private / business

·        Campaign or competition participant information (e.g. answers, prize)

 Performing the agreement between you and us

Legal obligations

Legitimate interests

Consent

 We retain data for no longer than is necessary for the purpose, we are subject to a legal obligation or you withdraw your consent.

 

Operating DPD’s websites

Activities: We process personal data of website visitors to operate DPD’s website (e.g. identify and resolve technical and security issues, create user statistics). This also includes the processing of personal data to improve our websites.

Categories of personal data

Legal basis

Retention
·        Website log-files for technical and security reasons (e.g. IP address of the visitor, time stamp (date, time, time zone), device or app, navigation on the website

·        Location and name of the requested file

·        HTTP status code (e.g. file sent successfully, file not found)

·        Size of the requested file

·        Web page which referred the visitor to our website

 Legal obligations

Legitimate interests

Consent

Based on compatibility with the original purpose (Art. 6(4) GDPR)

 We retain data for no longer than is necessary for the purpose, we are subject to a legal obligation or you withdraw your consent.

 

Operating DPD’s social networks accounts

DPD operates accounts on the following social networks:

Facebook: https://www.facebook.com/DPDLatvija/

LinkedIn: https://lv.linkedin.com/company/dpd-latvija

Instagram: https://www.instagram.com/dpd_latvija/

Activities: We process personal data of social network members to interact with them.

Categories of personal data

Legal basis

Retention
·        First name, second name

·        Address private

·        Phone number private

·        Email address private

·        Social network member information (e.g. picture, nickname)

·        Social network member communication (e.g. comments)

·        Technical information related to your social network account (e.g. likes, follows, shares)

 Legitimate interests

Consent

 We retain data for no longer than is necessary for the purpose or you withdraw your consent.

 

Processing personal data of DPD’s business customers

Activities: We process the personal data of representatives of DPD’s business customers to conclude and perform agreements, to collaborate and to ensure the provision of services.

Categories of personal data

Legal basis

Retention
·        First name, second name

·        Address business

·        Phone number business

·        Email address business

·        Business client information (e.g. right of representation, job title);

·        Business client shipment information (e.g. shipment number, content, value).

·        Information disclosed to customer service (e.g. enquiry or complaint)

·        Other business client information (e.g. testimonials)

 Performing the agreement between you and us

Legal obligations

Legitimate interests

Consent

 We retain data for no longer than is necessary for the purpose, we are subject to a legal obligation or you withdraw your consent.

 

Recruiting employees

Activities: We process the personal data of job applicants to perform assessments, to provide trial periods and to onboard successful candidates.

Categories of personal data

Legal basis

Retention
·        First name, second name

·        Address private

·        Phone private

·        Email address private

·        Information on person providing reference (e.g. first name, second name, address business, phone business, email address business, company, role)

·        CV (containing education, work experience, skills)

·        Cover letter

·        Job applicant information (e.g. interview notes, assessment results)

 Steps to enter into an employment agreement between you and us

Performing the employment agreement between you and us

Legal obligations

Legitimate interests

Consent

 We retain data for no longer than is necessary for the purpose, we are subject to a legal obligation or you withdraw your consent.

 

Collaborating with public authorities (e.g. tax authority, customs, police)

Activities: Under certain circumstances we are obliged by law to transfer personal data to public institutions (e.g. tax authority, customs, police, courts).

Categories of personal data

Legal basis

Retention
·        See data related to the provision of services

·        See data related to providing customer account on the myDPD app

·        See data related to preventing fraud, complying with sanctions regulations, protecting of DPD’s rights and interests

·        Information requested by public institutions

 Legal obligations We retain data for no longer than we are subject to a legal obligation

 

Providing security within DPD’s premises (video surveillance)

Activities: We use video surveillance within our territory, premises, and near our infrastructure to ensure safety, to prevent crime and address security issues.

Categories of personal data

Legal basis

Retention
·        Video recordings*

*Visitors and employees are informed prior to accessing a surveillance zone about video surveillance.

 Legal obligations

Legitimate interests

 We retain data for no longer than is necessary for the purpose or we are subject to a legal obligation.

Video recordings

 

Who are the recipients of your data?

If necessary, we may disclose your personal data to the following recipients:

Recipients: Within our organization

 
·        HR Department

·        Document and Data Processing Department

·        Transport Department

·        Terminal

·        Pickup network

·        Commercial Department

·        Customer Management Department

·        Customer Service Department

·        IT Department

·        Compliance and Quality Department

·        Finance Department

·        Accounting

·        Administrative Department

·        Production Development Department

·        Management

 Those departments may require some of your data for the purposes described above.
·        Other DPDgroup Business Units (BUs)

·        Geopost SA (DPDgroup)

 If necessary, we may communicate your data to other BUs or DPDgroup (e.g. to send parcels abroad, for investigations).

 

Recipients: Outside our organization

 
·        Business customers (e.g. sender or recipient of a parcel)

·        Individual customers (e.g. sender or recipient of a parcel)

 Those recipients may require some of your data for the purposes described above.
·        Service providers necessary for our business processes (e.g. payment service providers, insurance companies, IT software providers, recruitment agencies) Where necessary, we have concluded a Data Processing Agreement with recipients processing personal data on our behalf.
·        Accountants, auditors, lawyers and other advisors
·        Law enforcement authorities and courts

Do we transfer your data to recipients domiciled outside the European Economic Area (EEA)?

Recipients: Outside the EEA

 
·        To ensure the provision of certain DPD services, personal data may be transferred to recipients outside the European Economic Area (EEA).

·        Example: Sending a parcel to a country outside the EEA

 If necessary, we implement appropriate safeguards to provide an adequate level of data protection or we ask your consent prior to disclosing your data.

 

How long do we keep your data?

The retention period for your data differs as per purpose. Generally, we erase personal data that is no longer necessary for the purposes for which it was originally collected and processed.

Note: Our retention periods are mainly governed by Postal Law and other statutory laws.

What are your data protection rights?

Important: You can exercise those rights directly by contacting our Data Protection Officer (DPO) or us directly:

Our Data Protection Officer (DPO):

[email protected]

SIA “DPD Latvija”

Uriekstes 8a, Rīga,

LV – 1005, Latvija

 

What are your data protection rights?

Your Rights

  
Right of access You have the right to request confirmation from us as to which data concerning you is being processed and whether these data are being transmitted to a third country.
Right to rectification You have the right to request us to correct incorrect or incomplete data relating to you.
Right to erasure You have the right to request us to erase data relating to you if they are no longer necessary for the purposes for which they were processed.

The same applies if you withdraw consent or object to the processing in absence of an overriding legitimate interest of us or if these data are being unlawfully processed.

Note: You may also execute this right where we are subject to a legal obligation to erase these data or when the data have been collected in the context of information society services.
Right to restrict processing of data You have the right to request us to restrict the processing of your data.
Right to portability You have the right to request us to provide your data in a portable format.
Right to withdraw consent You have the right to withdraw your consent to the processing of data relating to you if that processing is based on your consent.

Note: The withdrawal of consent will not affect the lawfulness of the processing carried out prior to the withdrawal of consent.
Right to object You have the right to object to the processing of data relating to you if the processing occurs on the basis of a legitimate interest.
Direct marketing You have the right to object to the processing of personal data for the purpose of direct marketing.

Note: You have the right to object to such processing at any time.
Automatic decision-making or profiling We do not use automatic decision-making or profiling.
You have the right to lodge a complaint with a data protection authority You can lodge a complaint with the Data State Inspectorate of Latvia if you believe that your data is being processed inappropriately

Latvian Data Protection Inspectorate

Elijas iela 17, Rīga, LV-1050

Note: If you have questions or a complaint concerning the processing of your personal data, please contact our Data Protection Officer to obtain immediate help.

Contact our Data Protection Officer: dpo[at]dpd.lv

 

Cookie Policy

DPD Latvija

Last update: September 2025

DPD Latvija (DPD) is a postal service provider and a company of Geopost SA (DPDgroup).

SIA “DPD Latvija”

Uriekstes 8a, Rīga,

LV – 1005, Latvija

What are cookies?

Cookies are small text files that are sent when you visit a website and are stored in the user's browser. If the corresponding website is called up again, the user's browser sends the content of the cookies back to the user, thus enabling them to be recognized.

How long are cookies saved in the browser?

Certain cookies are deleted immediately after the browser session (session cookies), others are saved for a fixed time period or permanently in the user’s browser and autonomously delete themselves (temporary or permanent cookies).

How do we use cookies?

We use cookies to keep track on how you use our website (www.dpd.lv) and what kind of information you are looking for.

What cookies do we use?

  • Necessary / essential cookies: Needed for the website navigation and use of the options chosen by the user.

  • Performance cookies: Gather information on how users use the website, for example, which entries they visit the most and what error messages they receive from the website. The purpose of these cookies is to improve the performance of the website.

  • Functionality cookies: Allow the website to remember the user’s choices (for example, text size, other customized site functions) and identifiers (for example, username, language, or the user’s country) to provide personalized site experience.

  • Target audience / advertising / behavioral cookies: Allow the website to show the user personalized ads and to carry out market research and analysis, based on the data on users’ behavior and interests. DPD Latvija may transfer the acquired data to advertising and marketing service providers.

  • Cookies to provide a multimedia environment and to record technical information: Necessary for video or audio materials, for example, picture quality, network connection speed, buffering parameters.

 

Controlling or blocking the use of cookies?

You may control cookies at any time using the websites’ cookie management tool. You can find it in the footer of the website by clicking on “Cookies”.

 

DPD Latvija: Google Analytics

We need statistical information about the use of our website to optimize it, analyze trends and to otherwise manage and improve the website. We use analyzing cookies to evaluate the usage behavior of our users statistically. We use the following providers for analytical cookies:

Google Analytics: Google Analytics is a Web Analytics Tool and is operated by Google LLC, 1600 Amphiteatre Parkway, Mountain View, California, U.S.; https://policies.google.com/privacy?hl=en-US#infocollect. For users based in the European Economic Area or Switzerland, the data controller responsible for your information is Google Ireland Limited, Gordon House Barrow Street Dublin 4, D04E5W5 Ireland.

What social plug-ins do we use?

Many social networks offer social plug-ins which allow social network users to share content.

We use plugins from LinkedIn, Facebook and Instagram.

Data Protection Notice: myDPD Website and myDPD App

This data protection notice governs the access and the use of the https://www.dpd.com/lv/lv/mydpd/ website and the “myDPD” application (hereinafter jointly referred to as “myDPD”).

Under the name "myDPD", SIA “DPD Latvija” provides digital platforms on web servers or mobile terminals which enable consumers to monitor and manage their received, sent, and returned parcels.

Your personal data is jointly processed by Geopost SA, with registered office at 26 rue Guynemer - 92130 Issy-Les-Moulineaux (France), and its subsidiary SIA “DPD Latvija” (established and operating under the laws of the Republic of Latvia, company code 40003393255, address: Uriekstes iela 8A, Ziemeļu rajons, Rīga, LV-1005) as well as their own subsidiary (collectively referred to as the “Companies”). They are together Joint Data Controllers of the following Data Processing

  • “Parcel Delivery & Unauthenticated consignee interaction”: This processing concerns consignees that do not have an account on myDPD

  • “Authenticated consignee interaction”: This processing concerns consignees that created an account on myDPD (“myDPD account”).

 

What does “Joint Data Controllers” mean?

It means that under Article 26 of GDPR, Geopost SA and SIA “DPD Latvija” jointly determine the purposes and means of the processing.

 

What personal data do we collect?

By default, the myDPD services can be used without registration.

Personal data collected through your myDPD account are not mandatory for the execution of delivery services. However, this data enables us to provide you with the best possible service and to optimize the delivery of your parcel.

We collect the following data:

  • Parcel number

  • First name

  • Last name

  • E-mail address

  • Delivery address

  • Phone number

  • Proof of Delivery including in some cases the signature

  • Free text fields for additional delivery address information (e.g. code number)

  • Photo of front door or safe place

  • Notes (if you have assigned any)

We draw your attention to the importance of not communicating sensitive data (under Article 9 of the GDPR) in the free text fields.

In order to access all of the functionalities offered, you are invited to register either by means of an e-mail address and password or by using an existing Facebook, Apple or Google account. In this respect, Geopost and SIA “DPD Latvija” do not transmit any parcel information to Facebook, Apple or Google and only use these services for authentication purposes. After authentication, a unique myDPD account is created for all our services.

Why do we collect your personal data?

The personal data are processed in the context of delivery services agreements as well as any other existing service related to the creation of your myDPD account. The data will be used by Geopost SA and SIA “DPD Latvija”, and/or any third party involved in the performance of the services, particularly for the following purposes:

  • For delivery services

  • When you choose to provide us additional information to facilitate delivery of the parcel

  • Manage your myDPD account

  • Manage notifications to consignees via e-mail, SMS, push notification or social media

  • Help the user get in contact with our support team

  • Build consumers profiling according to uses of DPD services, frequency of delivery, delivery experiences, purchases and location

  • Communicate via personalized or non-personalized e-mails, push notifications and banners about SIA “DPD Latvija” and/or our partners

  • Ensure the security of your account

What legal basis do we use to process your personal data?

We collect your personal information based on:

  • Our contractual obligations in the context of our delivery activities; or

  • Our compliance to legal obligations; or

  • The legitimate interests of Geopost SA and SIA “DPD Latvija” (provided your interests and fundamental rights do not override those interests)

  • Your consent on the processing of your data for communications

 

Account creation

 

Connection with external account

Login with Apple ID: If you use your Apple ID when logging in to DPD, you can register or log in with your Apple account. You will then be forwarded to the Apple website. For the iOS app the process takes place entirely within the operating system. For the login you will need the email address which is stored with Apple. This is required for identification purposes in order to create a secure DPD account for you and is stored with us. Your Apple profile and your DPD account are permanently linked via the email address. You can remove this link at any time on the Apple website. DPD never learns your Apple access data. You can read how Apple handles privacy settings in the Apple data protection notices; these are also the valid regulations governing this possibility of logging in and registering with DPD.

Login with Facebook: Facebook Connect is an offer from Facebook Ireland Limited (Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland). Its use is voluntary and optional. When using Facebook Connect, Facebook profile data and public data from your Facebook profile are transferred to DPD. We use and process your first and last name, gender, email address, and Facebook ID for simplified registration to use the Parcel Navigator. If you are already a DPD customer, only the Facebook ID will be processed. Your Facebook account is linked to the DPD account via the Facebook ID. This makes it possible for you to register for the service using your Facebook access data via the "Login with Facebook" button. In addition, every time you log in, Facebook will know that you are using the DPD service. The link to Facebook can be revoked at any time on Facebook itself. Please also read Facebook's privacy policy on this subject.

Login with Google: The same applies to the use of the Google login. This Google service is provided by Google Inc. "('Google'; Amphitheatre Parkway, Mountain View, CA 94043, USA). Registration and use of Google's services are subject to Google's Privacy Policy and Terms of Use, which you can view at: Privacy Policy – Privacy & Terms – Google.

 

myDPD account creation

Geopost SA and SIA “DPD Latvija” allow you to create an account on myDPD using the essential information provided on one or other of the platforms. In this way, accounts recognized by an email address will be identified and your information shared so that you don't have to re-enter it.

The personal data listed in point 1 as well as the following personal data are collected:

  • Home address

  • Expeditions

  • Purchases

  • User delivery address book

  • Favourite parcel shops

  • Delivery preferences

  • Country/Language

  • Consent for commercial information and communication preferences

  • Parcel delivery history

  • Connection method

  • Terminal information

Personal data may also concern a third party or a neighbour who can retrieve the parcel on behalf of the consignee.

 

How long do we keep your data?

If you are an unauthenticated user, your personal data are kept for a maximum period of six (6) months in the active database and are then archived.

If you are an authenticated user of myDPD, your personal data are kept for a maximum period of two (2) years after your last connection to your myDPD account, with the exception of your physical address which is kept for three (3) years, separate from any other personal data concerning you, to help us improve our delivery performance and thus guarantee you an optimal customer experience.

In case of account deletion, the account linked to ‘myDPD” will be deleted with all data linked to the account with the exception of your physical address which is kept for three (3) years, separate from any other personal data concerning you, to help us improve our delivery performance and thus guarantee you an optimal customer experience.

Who might we share your information with?

We share the information that you provide to us with our staff so that we can provide our services to you:

  • Business partners (shippers);

  • Sub-contractors, especially drivers, for the performance of the delivery contract;

  • Geopost;

  • SIA “DPD Latvija” subsidiaries

  • Internally to our customer service, marketing, sales and IT departments

  • Billing platform (including parcel number)

  • Data processors for data management, emailing and storage

 

Improving delivery experience

Because DPD wants to improve your delivery experience, we display a message when you connect to your myDPD account once you have a given number of failed deliveries in a determined period to suggest you to set up your delivery preferences. How does it work? We use a commercial partner (Imagino), as a data processor, who can compute the total number of your unsuccessful deliveries to generate messages, thanks to delivery events provided to him. A message will be displayed through ABTasty when you connect to your myDPD account to promote delivery preferences.

The use of a tag by Imagino and the deposite of the ABTasty cookie are based on your consent. You can remove your consent at any time by managing your cookie settings here: https://www.dpd.com/lv/lv/mydpd/  (see link to cookies settings in the footer). If you decide to remove your consent, we will immediately stop using the number of your unsuccessful deliveries in this process.

The display of the message to promote delivery preferences is based on our legitimate interest to:

  • improve our business strategy and our delivery performance

  • ensure the best possible customer experience by going beyond his expectations

  • reducing operational costs and customer care costs

  • promoting green redirections

 

Personalized communication by e-mail

With your consent, we want to send you personalized communications on Geopost and its partners we think might interest you.

Subject to your consent when creating your myDPD account, we wish to display in your myDPD space, personalized advertisements on our partners according to your interests.

Keep in mind that we do not share your information with our partners so that they can contact you, only SIA “DPD Latvija” can send you personalized communications.

You can change or revoke your consent at any time in the preferences section of your myDPD account.

 

Chatbot

A chatbot is available to help you track, redirect and get more detailed information about your parcel. Please note that the chatbot includes a free comment area where you can be led to give personal data to help us find information about your parcel. This data will be used to examine your request and is necessary to enable us to provide a more appropriate response. The information you provide is intended for the customer services and our technical service providers, within the framework of the tasks entrusted to them.

The data collected in the context of a conversation about a parcel delivery is stored during six (6) months, which is a parcel’s lifetime, after which it is automatically deleted. The data can also be deleted beforehand on request. Insofar as the information collected in this way is personally identifiable, it will be processed in accordance with Art. 6 of the GDPR based on our legitimate interest in providing an effective customer service.

In accordance with the applicable regulations on the protection of personal data, you have the right to access, rectify, oppose, limit the processing, request the transfer of your data where possible and delete your data.

We also draw your attention on the importance of not communicating sensitive data (under Article 9 if the GDPR) in this free comment area.

 

Do we transfer your personal data outside of EU?

We may transfer your personal information outside the European Economic Area ("EEA") or outside the European Union and will only do so if adequate protection measures are in place in compliance with data protection regulations. We use the following protection measures:

  • Transferring to European Commission approved adequate countries under Article 45 of the GDPR;

  • Using appropriate safeguards such as European Commission approved Standard Contractual Clauses or Binding Corporate Rules.

 

How do we protect your personal data?

We apply the cybersecurity best practices and follow recognized standards to ensure the protection of data and users.

 

 What are your rights on your data?

Under Articles 15 to 22 of the GDPR, you have the right to:

  • Access your personal data and to obtain from the Joint Data Controllers confirmation as to whether your personal data are being processed;

  • Rectification of your personal data and to obtain from the Joint Data Controllers without undue delay the rectification of inaccurate personal data concerning you;

  • Erasure from the Joint Data Controllers of your personal data without undue delay;

  • Restriction of processing;

  • Data portability by transmission of your data where technically feasible.

These rights may be exercised by sending an e-mail to dpo[at]dpd.lv.

For any problem linked to the management of your personal data, you have the right to lodge a complaint with the following data protection authority: Data State Inspectorate, 17 Elijas Street, LV-1050 Riga.

Joint-Controllership with Geopost SA

In certain cases, DPD together with GeoPost SA (DPDgroup) process personal data as Joint-Controllers.

GeoPost SA

Guynemer 92130

Issy-Les-Moulineaux

France

 

Joint-Controller Agreement (JCA): We have concluded a Joint-Controller Agreement (JCA) which governs the processing of your data by the Joint-Controllers. It sets specific rules for the management of your rights and the management of data breaches.

More information on data processing by Geopost SA: Data Protection Notice (https://www.geopost.com/en/data-privacy-policy)

Rights of the Data Subject: Where exercising your right affects a system provided by DPDgroup, we will involve DPDgroup to process your request together.

Data Breach Management: In case of a data breach affecting a system provided by DPDgroup, we will involve DPDgroup to manage the data breach together.

JCA: Data Processing Activities (Source: Geopost SA)

Common Processing Activity

Agreed purposes

Legal basis

Personal Data

Retention period
CS Investigation & claim management - Customer service back-office communication tool between customer services of BUs for cross-border parcels • Measurement of BU's performance • Monitoring the performance of BU’s customer service employees by managers of BU’s CS Performance of a contract (for claim management) + Legitimate interest (for the measurement of BU's performance Sender or receiver data, when is Consumer only: Name, address (street number, zip code, city, country) e-mail, phone number, parcel number, collection request number, case number, COD amount, POD, free text fields for parcel content for example 6 months after case closure database and 6 months in archive database (not anonymized) Anonymization of consignee’s personal data for reporting
Parcel delivery & unauthenticated consignee interaction - Shipment and labeling process - Track and trace by Geopost employees - Consultation of the parcel’s status by customers via dedicated applications - Delivery tool management - Order management / collection requests - Parcel’s temperature (containing food) monitoring throughout their life cycle and generate alerts in the event of a break in the cold chain - Calculation of an estimated number of days to deliver parcel based on zip code of both the origin and the destination - Facilitating delivery services with delivery instructions - Track and trace the parcels by the consignees via consignee application - Knowledge improvement and interaction with consignees and prospects - Parcel return management - Collection of the level of satisfaction of the consignees Performance of a contract + Legitimate interest + Legal obligation Sender or receiver data, when is Consumer only: First / last name, username, e-mail, address (including home GPS coordinates), phone number, parcel number, date of birth, home GPS coordinates, POD, picture of front door or safe place, COD, contact details, ID numbers, additional information necessary for ID check, free text fields for more detail about the address for example (door code) Depending on BUs, some other personal data can be stored and managed locally. 6 months in active database + archive database for regulatory purposes (indicated in other processing)

Postal address (House number, street name, city, Post code, Country code, Longitude, Latitude) will be kept for 3 years based on the necessity to have reliable data and be able to calculate tactical planning scenarios).
Geocheck (Embargo) - Comparison of personal data against Denied Party Lists (DPLs) published by organizations - Generation of events according to verification results - Decision whether or not to block the parcel - Request of licenses if designated persons are confirmed among the workforce Legal obligation Receiver data, when is Consumer only: Name, e-mail, address, phone number, parcel number, result of the comparison/verification These personal data concerns also the employees of DPDgroup. 30 days in live/production database From 30 days to 2 years on a restricted database (restricted access for LECO only) From 2 years to 10 years in archive (legal requirements, restricted access only for Geocheck administrator)
Customs process - Notification management and payment for duties and taxes - Generation of proofs of payment Legal obligation Sender and receiver data, when is Consumer only: Name, e-mail, address (including street and house number, city, country, zip code), phone number, SMS, contact, parcel number, IP address, content of the parcels associated to value of goods 6 months in active database and 5 years in archive database (unless advised differently by BUs)
Reporting KPI - Leverage data from X months/years for sales/marketing/ops analysis for market assessment - Measurement of the quality of the performance Legitimate interest Sender and receiver data, when is Consumer only: Name, e-mail, address, phone number, parcel number 6 months (anonymization after) Postal address (House number, street name, city, Post code, Country code, Longitude, Latitude) will be kept for 3 years based on the necessity to have reliable data and be able to calculate tactical planning scenarios)
Authenticated consignee interaction - Management of notifications to consignees via e-mail or SMS or social media (Predict, etc.) - Execution of prospecting operations to improve the offers and services of Geopost and its subsidiaries - Collection of the level of satisfaction of the consignees - Consumers profiling according to uses of Geopost services, frequency of delivery, delivery experiences and customer service interactions, etc. (without automated decisions) - Display of advertising, newsletters, personalized campaign - Loyalty program Performance of a contract + Legitimate interest + Consent Sender and receiver data, when is Consumer only: Name, e-mail, address, phone number, parcel number Sender and receiver data, when is Consumer only: Name, e-mail, address (street, street number, house number, postcode, city), phone number, parcel number, title (Mr, Ms), company, free text fields, ID numbers and passports, HS code, login, gender, delivery preferences (preferred PUDO location, safeplace, etc.), communication preferences (email, SMS, push, etc) Data may concern also 3rd person and/or neighbor who retrieve the parcel instead of the consignee 2 years following last connection Postal address (House number, street name, city, Post code, Country code, Longitude, Latitude) will be kept for 3 years based on the necessity to have reliable data and be able to calculate tactical planning scenarios)
Export Control Allow Geopost and its subsidiaries to verify export authorisations and permits for dual-use goods Legal obligation Name, First name - Postal address - Parcel content (HS code and description) - Origin country of the parcel - Destination country of the parcel - Telephone number 30 days in a live/production database - 30 days to 2 years on a restricted database (restricted access only for LECO - Local Embargo Compliance Officer) - 2 years to 6 years in archives (legal requirements, restricted access only for ECM administrator
Professional whistleblowing / Safecall - Receiving and recording whistleblowing alerts - Investigation and monitoring of the alerts - Closure of alerts - Development of activity data (statistics) on anonymous data Legal obligation Legitimate interest Email address - Date and purpose of whistleblowing alert - Phone number - First name, last name - Any other data communicated as part of the alert and/or investigation

Relevant data to process the whistleblowing shall be kept during the processing. If the alert: - is not eligible, data anonymized within 30 days of receipt. - is admissible but not reasoned or does not give rise to disciplinary/legal action, it is anonymized within 2 months of its closure. - gives rise to disciplinary or legal actions, the data are kept until the end of the actions or measures and are anonymized within 2 months, unless legal obligations impose another retention period

Amendments to the Privacy Policy

The protection of your personal data is important to us, therefore, we regularly review the personal data processing principles implemented at the company and this Privacy Policy. We have the right to unilaterally update this Privacy Policy at any time, informing about it on the website www.dpd.lv.

Contact information and enquiry review

If you have any questions or comments regarding this Privacy Policy or the processing of your personal data, please contact us at [email protected] or send your request in writing to Uriekstes 8a, LV – 1005, Rīga, Latvija.

DPD has appointed a data protection officer, who for data protection questions may be sent to email: [email protected].