DPD Latvija

Last update: September 2025

DPD Latvija (DPD) is a postal service provider and a company of Geopost SA (DPDgroup).

SIA “DPD Latvija”

Uriekstes 8a, Rīga,

LV – 1005, Latvija

For whom is this data processing notice?

Main addresses of this data protection notice are:

• Customers (sender, recipient or a person receiving a parcel on behalf of a recipient)

• Participants in competitions or campaigns

• Prospective customers (marketing activities)

• Website visitors

• Social network members

• Representatives of business customers

• Job applicants

• Onsite visitors (e.g. DPD office, DPD depot)

Who is responsible for the processing of your personal data?

DPD is responsible for processing your personal data.

Data Controller

SIA “DPD Latvija”

Uriekstes 8a, Rīga,

LV – 1005, Latvija

Registration number: 40003393255

Joint-Controllership

In certain cases, DPD together with Geopost SA (DPDgroup) process personal data as Joint-Controllers.

Geopost SA

Guynemer 92130

Issy-Les-Moulineaux

France

Joint-Controller Agreement (JCA): We have concluded a Joint-Controller Agreement (JCA) which governs the processing of your data by the Joint-Controllers. It sets specific rules for the management of your rights and the management of data breaches.

Rights of the Data Subject: Where exercising your right affects a system provided by DPDgroup, we will involve DPDgroup to process your request together.

Data Breach Management: In case of a data breach affecting a system provided by DPDgroup, we will involve DPDgroup to manage the data breach together.

What are the purposes for processing your personal data?

We process personal data for the following purposes:

Note: Listed activities are not exhaustive.

Providing services

Activities: We process personal data of customers (sender, recipient or a person receiving a parcel on behalf of a recipient) to provide DPD services (e.g. to take in parcels, receive payments, sort, dispatch, carry out customs procedures and delivery). This also includes the processing of data to improve our services (e.g., service evaluation).

Providing myDPD

Activities: We process personal data of customers to provide myDPD. This also includes the processing of data to improve the myDPD.

Fraud prevention, compliance with sanctions regulations, protecting DPD’s rights and interests

Activities: We process personal data of customers to comply with international and national sanctions regulations, to prevent or detect fraud, to protect DPD’s rights and interests (e.g. property, recover debt, dispute resolution, legal proceedings).

Providing customer service

Activities: We process personal data of customers to provide customer service, to help, to resolve enquiries or complaints. This also includes the processing of personal data to improve customer service (e.g., service evaluation).

Performing marketing activities

Activities: We process personal data of customers or prospective customers to send them offers, newsletters, or other information that they may find relevant and interesting. If they have used our services and they have not objected to receiving such information, we may send them offers on similar services. They may opt out of receiving these offers at any time.

Organizing campaigns and competitions

Activities: We process personal data of participants in competitions or campaigns to provide for the relevant activities.

Operating DPD’s websites

Activities: We process personal data of website visitors to operate DPD’s website (e.g. identify and resolve technical and security issues, create user statistics). This also includes the processing of personal data to improve our websites.

Operating DPD’s social networks accounts

DPD operates accounts on the following social networks:

Facebook: https://www.facebook.com/DPDLatvija/

LinkedIn: https://lv.linkedin.com/company/dpd-latvija

Instagram: https://www.instagram.com/dpd_latvija/

Activities: We process personal data of social network members to interact with them.

Processing personal data of DPD’s business customers

Activities: We process the personal data of representatives of DPD’s business customers to conclude and perform agreements, to collaborate and to ensure the provision of services.

Recruiting employees

Activities: We process the personal data of job applicants to perform assessments, to provide trial periods and to onboard successful candidates.

Collaborating with public authorities (e.g. tax authority, customs, police)

Activities: Under certain circumstances we are obliged by law to transfer personal data to public institutions (e.g. tax authority, customs, police, courts).

Providing security within DPD’s premises (video surveillance)

Activities: We use video surveillance within our territory, premises, and near our infrastructure to ensure safety, to prevent crime and address security issues.

Who are the recipients of your data?

If necessary, we may disclose your personal data to the following recipients:

Do we transfer your data to recipients domiciled outside the European Economic Area (EEA)?

How long do we keep your data?

The retention period for your data differs as per purpose. Generally, we erase personal data that is no longer necessary for the purposes for which it was originally collected and processed.

Note: Our retention periods are mainly governed by Postal Law and other statutory laws.

What are your data protection rights?

Important: You can exercise those rights directly by contacting our Data Protection Officer (DPO) or us directly:

Our Data Protection Officer (DPO):

[email protected]

SIA “DPD Latvija”

Uriekstes 8a, Rīga,

LV – 1005, Latvija

What are your data protection rights?

Cookie Policy

DPD Latvija

Last update: September 2025

DPD Latvija (DPD) is a postal service provider and a company of Geopost SA (DPDgroup).

SIA “DPD Latvija”

Uriekstes 8a, Rīga,

LV – 1005, Latvija

What are cookies?

Cookies are small text files that are sent when you visit a website and are stored in the user's browser. If the corresponding website is called up again, the user's browser sends the content of the cookies back to the user, thus enabling them to be recognized.

How long are cookies saved in the browser?

Certain cookies are deleted immediately after the browser session (session cookies), others are saved for a fixed time period or permanently in the user’s browser and autonomously delete themselves (temporary or permanent cookies).

How do we use cookies?

We use cookies to keep track on how you use our website (www.dpd.lv) and what kind of information you are looking for.

What cookies do we use?

• Necessary / essential cookies: Needed for the website navigation and use of the options chosen by the user.

• Performance cookies: Gather information on how users use the website, for example, which entries they visit the most and what error messages they receive from the website. The purpose of these cookies is to improve the performance of the website.

• Functionality cookies: Allow the website to remember the user’s choices (for example, text size, other customized site functions) and identifiers (for example, username, language, or the user’s country) to provide personalized site experience.

• Target audience / advertising / behavioral cookies: Allow the website to show the user personalized ads and to carry out market research and analysis, based on the data on users’ behavior and interests. DPD Latvija may transfer the acquired data to advertising and marketing service providers.

• Cookies to provide a multimedia environment and to record technical information: Necessary for video or audio materials, for example, picture quality, network connection speed, buffering parameters.

Controlling or blocking the use of cookies?

You may control cookies at any time using the websites’ cookie management tool. You can find it in the footer of the website by clicking on “Cookies”.

DPD Latvija: Google Analytics

We need statistical information about the use of our website to optimize it, analyze trends and to otherwise manage and improve the website. We use analyzing cookies to evaluate the usage behavior of our users statistically. We use the following providers for analytical cookies:

Google Analytics: Google Analytics is a Web Analytics Tool and is operated by Google LLC, 1600 Amphiteatre Parkway, Mountain View, California, U.S.; https://policies.google.com/privacy?hl=en-US#infocollect. For users based in the European Economic Area or Switzerland, the data controller responsible for your information is Google Ireland Limited, Gordon House Barrow Street Dublin 4, D04E5W5 Ireland.

What social plug-ins do we use?

Many social networks offer social plug-ins which allow social network users to share content.

We use plugins from LinkedIn, Facebook and Instagram.

This data protection notice governs the access and the use of the https://www.dpd.com/lv/lv/mydpd/ website and the “myDPD” application (hereinafter jointly referred to as “myDPD”).

Under the name "myDPD", SIA “DPD Latvija” provides digital platforms on web servers or mobile terminals which enable consumers to monitor and manage their received, sent, and returned parcels.

Your personal data is jointly processed by Geopost SA, with registered office at 26 rue Guynemer - 92130 Issy-Les-Moulineaux (France), and its subsidiary SIA “DPD Latvija” (established and operating under the laws of the Republic of Latvia, company code 40003393255, address: Uriekstes iela 8A, Ziemeļu rajons, Rīga, LV-1005) as well as their own subsidiary (collectively referred to as the “Companies”). They are together Joint Data Controllers of the following Data Processing

• “Parcel Delivery & Unauthenticated consignee interaction”: This processing concerns consignees that do not have an account on myDPD

• “Authenticated consignee interaction”: This processing concerns consignees that created an account on myDPD (“myDPD account”).

What does “Joint Data Controllers” mean?

It means that under Article 26 of GDPR, Geopost SA and SIA “DPD Latvija” jointly determine the purposes and means of the processing.

What personal data do we collect?

By default, the myDPD services can be used without registration.

Personal data collected through your myDPD account are not mandatory for the execution of delivery services. However, this data enables us to provide you with the best possible service and to optimize the delivery of your parcel.

We collect the following data:

• Parcel number

• First name

• Last name

• E-mail address

• Delivery address

• Phone number

• Proof of Delivery including in some cases the signature

• Free text fields for additional delivery address information (e.g. code number)

• Photo of front door or safe place

• Notes (if you have assigned any)

We draw your attention to the importance of not communicating sensitive data (under Article 9 of the GDPR) in the free text fields.

In order to access all of the functionalities offered, you are invited to register either by means of an e-mail address and password or by using an existing Facebook, Apple or Google account. In this respect, Geopost and SIA “DPD Latvija” do not transmit any parcel information to Facebook, Apple or Google and only use these services for authentication purposes. After authentication, a unique myDPD account is created for all our services.

Why do we collect your personal data?

The personal data are processed in the context of delivery services agreements as well as any other existing service related to the creation of your myDPD account. The data will be used by Geopost SA and SIA “DPD Latvija”, and/or any third party involved in the performance of the services, particularly for the following purposes:

• For delivery services

• When you choose to provide us additional information to facilitate delivery of the parcel

• Manage your myDPD account

• Manage notifications to consignees via e-mail, SMS, push notification or social media

• Help the user get in contact with our support team

• Build consumers profiling according to uses of DPD services, frequency of delivery, delivery experiences, purchases and location

• Communicate via personalized or non-personalized e-mails, push notifications and banners about SIA “DPD Latvija” and/or our partners

• Ensure the security of your account

What legal basis do we use to process your personal data?

We collect your personal information based on:

• Our contractual obligations in the context of our delivery activities; or

• Our compliance to legal obligations; or

• The legitimate interests of Geopost SA and SIA “DPD Latvija” (provided your interests and fundamental rights do not override those interests)

• Your consent on the processing of your data for communications

Account creation

Connection with external account

Login with Apple ID: If you use your Apple ID when logging in to DPD, you can register or log in with your Apple account. You will then be forwarded to the Apple website. For the iOS app the process takes place entirely within the operating system. For the login you will need the email address which is stored with Apple. This is required for identification purposes in order to create a secure DPD account for you and is stored with us. Your Apple profile and your DPD account are permanently linked via the email address. You can remove this link at any time on the Apple website. DPD never learns your Apple access data. You can read how Apple handles privacy settings in the Apple data protection notices; these are also the valid regulations governing this possibility of logging in and registering with DPD.

Login with Facebook: Facebook Connect is an offer from Facebook Ireland Limited (Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland). Its use is voluntary and optional. When using Facebook Connect, Facebook profile data and public data from your Facebook profile are transferred to DPD. We use and process your first and last name, gender, email address, and Facebook ID for simplified registration to use the Parcel Navigator. If you are already a DPD customer, only the Facebook ID will be processed. Your Facebook account is linked to the DPD account via the Facebook ID. This makes it possible for you to register for the service using your Facebook access data via the "Login with Facebook" button. In addition, every time you log in, Facebook will know that you are using the DPD service. The link to Facebook can be revoked at any time on Facebook itself. Please also read Facebook's privacy policy on this subject.

Login with Google: The same applies to the use of the Google login. This Google service is provided by Google Inc. "('Google'; Amphitheatre Parkway, Mountain View, CA 94043, USA). Registration and use of Google's services are subject to Google's Privacy Policy and Terms of Use, which you can view at: Privacy Policy – Privacy & Terms – Google.

myDPD account creation

Geopost SA and SIA “DPD Latvija” allow you to create an account on myDPD using the essential information provided on one or other of the platforms. In this way, accounts recognized by an email address will be identified and your information shared so that you don't have to re-enter it.

The personal data listed in point 1 as well as the following personal data are collected:

• Home address

• Expeditions

• Purchases

• User delivery address book

• Favourite parcel shops

• Delivery preferences

• Country/Language

• Consent for commercial information and communication preferences

• Parcel delivery history

• Connection method

• Terminal information

Personal data may also concern a third party or a neighbour who can retrieve the parcel on behalf of the consignee.

How long do we keep your data?

If you are an unauthenticated user, your personal data are kept for a maximum period of six (6) months in the active database and are then archived.

If you are an authenticated user of myDPD, your personal data are kept for a maximum period of two (2) years after your last connection to your myDPD account, with the exception of your physical address which is kept for three (3) years, separate from any other personal data concerning you, to help us improve our delivery performance and thus guarantee you an optimal customer experience.

In case of account deletion, the account linked to ‘myDPD” will be deleted with all data linked to the account with the exception of your physical address which is kept for three (3) years, separate from any other personal data concerning you, to help us improve our delivery performance and thus guarantee you an optimal customer experience.

Who might we share your information with?

We share the information that you provide to us with our staff so that we can provide our services to you:

• Business partners (shippers);

• Sub-contractors, especially drivers, for the performance of the delivery contract;

• Geopost;

• SIA “DPD Latvija” subsidiaries

• Internally to our customer service, marketing, sales and IT departments

• Billing platform (including parcel number)

• Data processors for data management, emailing and storage

Improving delivery experience

Because DPD wants to improve your delivery experience, we display a message when you connect to your myDPD account once you have a given number of failed deliveries in a determined period to suggest you to set up your delivery preferences. How does it work? We use a commercial partner (Imagino), as a data processor, who can compute the total number of your unsuccessful deliveries to generate messages, thanks to delivery events provided to him. A message will be displayed through ABTasty when you connect to your myDPD account to promote delivery preferences.

The use of a tag by Imagino and the deposite of the ABTasty cookie are based on your consent. You can remove your consent at any time by managing your cookie settings here: https://www.dpd.com/lv/lv/mydpd/  (see link to cookies settings in the footer). If you decide to remove your consent, we will immediately stop using the number of your unsuccessful deliveries in this process.

The display of the message to promote delivery preferences is based on our legitimate interest to:

• improve our business strategy and our delivery performance

• ensure the best possible customer experience by going beyond his expectations

• reducing operational costs and customer care costs

• promoting green redirections

Personalized communication by e-mail

With your consent, we want to send you personalized communications on Geopost and its partners we think might interest you.

Subject to your consent when creating your myDPD account, we wish to display in your myDPD space, personalized advertisements on our partners according to your interests.

Keep in mind that we do not share your information with our partners so that they can contact you, only SIA “DPD Latvija” can send you personalized communications.

You can change or revoke your consent at any time in the preferences section of your myDPD account.

Chatbot

A chatbot is available to help you track, redirect and get more detailed information about your parcel. Please note that the chatbot includes a free comment area where you can be led to give personal data to help us find information about your parcel. This data will be used to examine your request and is necessary to enable us to provide a more appropriate response. The information you provide is intended for the customer services and our technical service providers, within the framework of the tasks entrusted to them.

The data collected in the context of a conversation about a parcel delivery is stored during six (6) months, which is a parcel’s lifetime, after which it is automatically deleted. The data can also be deleted beforehand on request. Insofar as the information collected in this way is personally identifiable, it will be processed in accordance with Art. 6 of the GDPR based on our legitimate interest in providing an effective customer service.

In accordance with the applicable regulations on the protection of personal data, you have the right to access, rectify, oppose, limit the processing, request the transfer of your data where possible and delete your data.

We also draw your attention on the importance of not communicating sensitive data (under Article 9 if the GDPR) in this free comment area.

Do we transfer your personal data outside of EU?

We may transfer your personal information outside the European Economic Area ("EEA") or outside the European Union and will only do so if adequate protection measures are in place in compliance with data protection regulations. We use the following protection measures:

• Transferring to European Commission approved adequate countries under Article 45 of the GDPR;

• Using appropriate safeguards such as European Commission approved Standard Contractual Clauses or Binding Corporate Rules.

How do we protect your personal data?

We apply the cybersecurity best practices and follow recognized standards to ensure the protection of data and users.

 What are your rights on your data?

Under Articles 15 to 22 of the GDPR, you have the right to:

• Access your personal data and to obtain from the Joint Data Controllers confirmation as to whether your personal data are being processed;

• Rectification of your personal data and to obtain from the Joint Data Controllers without undue delay the rectification of inaccurate personal data concerning you;

• Erasure from the Joint Data Controllers of your personal data without undue delay;

• Restriction of processing;

• Data portability by transmission of your data where technically feasible.

These rights may be exercised by sending an e-mail to dpo[at]dpd.lv.

For any problem linked to the management of your personal data, you have the right to lodge a complaint with the following data protection authority: Data State Inspectorate, 17 Elijas Street, LV-1050 Riga.