DPD Latvia Privacy Policy

DPD Privātuma politika DPD Privātuma politika

DPD Latvia Privacy Policy

This DPD Latvija privacy policy (hereinafter—Privacy Policy) includes information on the processing of personal data carried out by DPD Latvija (hereinafter—DPD). The Privacy Policy explains what data and in what way are processed when you conclude an agreement with DPD, use a DPD service or are in any other way involved with our services (for example, as a consignee), visit DPD website, take part in our campaigns and competitions, contact us, etc.

This Privacy Policy sets forth the DPD data collection practice, which includes information on the type of data DPD collects, how the data are used, and who may access them. You have the right to control your privacy, and DPD respects that. It is important for DPD to help you exercise this right, therefore we have further provided the necessary information.

Read this Privacy Policy and contact DPD at [email protected] if you have any questions or comments.

Your data controller

SIA “DPD Latvija”, registration number 40003393255, having its registered address at Uriekstes 8a, LV-1005, Rīga, Latvija, processes your personal data as a data controller.

In certain limited cases, SIA “DPD Latvija” may process your personal data as a joint controller with its parent company GeoPost SA, having its address at 26 rue Guynemer 92130 Issy-Les-Moulineaux, France, or other DPD group companies. In such cases, the mutual obligations, rights, and competence of the parties with regard to the processing of personal data are set forth in an agreement concluded  between them.

What personal data we collect and for what purposes we process them

We process personal data for the following purposes:

1. Provision of services

We process personal data of a Customer (Sender, Consignee or a person receiving the parcel on behalf of the Consignee) to provide any DPD service, including, to take in parcels, receive payments , sort, dispatch, carry out customs procedures and delivery.

Categories of data subjects

Customer

Data categories

  • Contact information (name, surname, address, location, access information, phone number, e-mail address);

  • Customer’s payment information;

  • Data of consignee’s identification document.

Legal ground for the processing

Depending on the  particular situation, a legal ground for the processing may be:

  • Performance of contractual obligations;

  • Law.

Duration of the processing

Until the processing purpose is achieved. 

Customer

Data categories

  • Contact information (name, surname, address, location, access information, phone number, e-mail address);

  • Customer’s payment information;

  • Data of consignee’s identification document.

Legal ground for the processing

Depending on the  particular situation, a legal ground for the processing may be:

  • Performance of contractual obligations;

  • Law.

Duration of the processing

Until the processing purpose is achieved. 

2. Providing customer account on the myDPD app

We process a Customer’s personal data to provide a chance for easy management of shipments and viewing of their status on the myDPD app.

Categories of data subjects

Customer

Data categories

  • Account data on the myDPD app (username, password, name, phone number, e-mail address, transaction history, shipment information (size, content, location), pick-up point and safe place preferences, actions performed on the myDPD app).

  • Customer’s invoicing details.

Legal ground for the processing

Depending on the  particular situation, a legal ground for the processing may be:

  • Performance of contractual obligations.
  • Law.

Duration of the processing

Until the processing purpose is achieved.

Customer

Data categories

  • Account data on the myDPD app (username, password, name, phone number, e-mail address, transaction history, shipment information (size, content, location), pick-up point and safe place preferences, actions performed on the myDPD app).

  • Customer’s invoicing details.

Legal ground for the processing

Depending on the  particular situation, a legal ground for the processing may be:

  • Performance of contractual obligations.
  • Law.

Duration of the processing

Until the processing purpose is achieved.

3. Preventing fraud, complying with the sanctions regulations, protecting of DPD’s rights and interests

We may process Customer’s personal data to prevent or detect fraud if such processing is objectively required in particular situation. We may also, when required, process personal data if it is necessary to protect DPD’s rights and interests, for example, to protect property, recover debt, the purposes of dispute resolution or legal proceedings. In addition, we inform that, within the provision of delivery processes, the data are verified in accordance with the international and national sanctions regulations of the Republic of Latvia.

Categories of data subjects

Customer

Data categories

  • Account data on the myDPD app (username, password, name, phone number, e-mail address, transaction history, information on the parcel (size, content, location), pick-up point and safe place preferences, actions performed on the myDPD app);

  • Customer’s payment information;

  • Contact information (name, surname, address, location, access information, phone number, e-mail address);

  • Consignee’s identification document’s data;

  • Compliance with the data of the sanctions list;

  • Video recording data;

  • Call record data;

Legal ground for the processing

Depending on the particular situation, a legal ground for the processing may be:

  • The legitimate interest of DPD to prevent fraud and related losses to DPD or Customers.

  • The legitimate interest of DPD to protect its legal rights and prevent losses, including in the cases of debt recovery, settlement of arguments, or legal proceedings.

  • Law.

Duration of the processing

Until the purpose of the processing is achieved but no longer than 5 years.
A video recording is stored no longer than 1 month.
A call record is retained no longer than 2 years.

Customer

Data categories

  • Account data on the myDPD app (username, password, name, phone number, e-mail address, transaction history, information on the parcel (size, content, location), pick-up point and safe place preferences, actions performed on the myDPD app);

  • Customer’s payment information;

  • Contact information (name, surname, address, location, access information, phone number, e-mail address);

  • Consignee’s identification document’s data;

  • Compliance with the data of the sanctions list;

  • Video recording data;

  • Call record data;

Legal ground for the processing

Depending on the particular situation, a legal ground for the processing may be:

  • The legitimate interest of DPD to prevent fraud and related losses to DPD or Customers.

  • The legitimate interest of DPD to protect its legal rights and prevent losses, including in the cases of debt recovery, settlement of arguments, or legal proceedings.

  • Law.

Duration of the processing

Until the purpose of the processing is achieved but no longer than 5 years.
A video recording is stored no longer than 1 month.
A call record is retained no longer than 2 years.

4. Customer service

We process personal data to provide you full-fledged customer service, by helping to resolve enquiries or complaints submitted by you.

Categories of data subjects

Customer

Data categories

  • Contact information (name, surname, address, location, phone number, e-mail address);

  • Information that a person has provided in writing, electronically, or by phone when submitting their review, inquiry, or complaint (including a recording of a telephone conversation);

  • Information that a person has provided by participating in customer surveys, including customer satisfaction surveys;

  • Information related to resolving a person’s review, inquiry, or reviewing a survey.

Legal ground for the processing

Depending on the particular situation, a legal ground for the processing may be:

  • Your consent; 

  • Performance of DPD’s contractual obligations;

  • DPD’s legitimate interest to ensure provision of high-quality services and to resolve issues.

Duration of the processing

Until the processing purpose is achieved.

The call recording is stored for a maximum of 2 years.

Customer

Data categories

  • Contact information (name, surname, address, location, phone number, e-mail address);

  • Information that a person has provided in writing, electronically, or by phone when submitting their review, inquiry, or complaint (including a recording of a telephone conversation);

  • Information that a person has provided by participating in customer surveys, including customer satisfaction surveys;

  • Information related to resolving a person’s review, inquiry, or reviewing a survey.

Legal ground for the processing

Depending on the particular situation, a legal ground for the processing may be:

  • Your consent; 

  • Performance of DPD’s contractual obligations;

  • DPD’s legitimate interest to ensure provision of high-quality services and to resolve issues.

Duration of the processing

Until the processing purpose is achieved.

The call recording is stored for a maximum of 2 years.

5. Managing corporate clients

We process the personal data of the representatives of DPD’s Corporate clients for the purposes of concluding contracts and performing our contractual obligations, and ensuring provision of appropriate and high quality services during the term of our cooperation.

Categories of data subjects

Corporate clients’ staff, contact persons, authorised signatories

Data categories

  • Contact information (name, surname, address, phone number, e-mail address);

  • Work -related information (right of representation, work address, job);

  • Shipment information (shipment number, content, value, etc.).

  • Information related to questions, complaints, testimonials;

  • Information on cooperation within the framework of the concluded  or to-be-concluded contract.

Legal ground for the processing

Depending on the particular situation, a legal ground for the processing may be:

  • Performance of DPD’s contractual obligations.

  • DPD’s legitimate interest to ensure the provision of high-quality services — maintaining or initiating a cooperation, promoting sales, providing appropriate customer service.

Duration of the processing

Until the processing purpose is achieved.

Corporate clients’ staff, contact persons, authorised signatories

Data categories

  • Contact information (name, surname, address, phone number, e-mail address);

  • Work -related information (right of representation, work address, job);

  • Shipment information (shipment number, content, value, etc.).

  • Information related to questions, complaints, testimonials;

  • Information on cooperation within the framework of the concluded  or to-be-concluded contract.

Legal ground for the processing

Depending on the particular situation, a legal ground for the processing may be:

  • Performance of DPD’s contractual obligations.

  • DPD’s legitimate interest to ensure the provision of high-quality services — maintaining or initiating a cooperation, promoting sales, providing appropriate customer service.

Duration of the processing

Until the processing purpose is achieved.

6. Organising campaigns and competitions

On occasions when we organise campaigns or competitions, we may process your personal data in a capacity of a participant of a competition or campaign, that are required for organising the campaign or the competition.

Categories of data subjects

Participants of campaigns or competitions

Data categories

  • Contact information (name, surname, address, phone number, e-mail address);

  • Data related to the running of a campaign or competition (information on the winners, prizes, etc.).

Legal ground for the processing

Depending on the particular situation, a legal ground for the processing may be:

  • Performance of a contract.

  • Law.

Duration of the processing

Until the processing purpose is achieved.

Participants of campaigns or competitions

Data categories

  • Contact information (name, surname, address, phone number, e-mail address);

  • Data related to the running of a campaign or competition (information on the winners, prizes, etc.).

Legal ground for the processing

Depending on the particular situation, a legal ground for the processing may be:

  • Performance of a contract.

  • Law.

Duration of the processing

Until the processing purpose is achieved.

7. Improving DPD’s website

We use the data, collected automatically upon visiting DPD’s website, to improve and tailor DPD’s website, identify and resolve technical and security issues, create user statistics, and for other purposes related to the improvement of our performance.

Categories of data subjects

DPD website visitors

Data categories

Data related to  visiting our website (IP address, MAC address, date and duration of the visit, devices or apps used, navigation on the DPD’s website).

Legal ground for the processing

Depending on the particular situation, a legal ground for the processing may be:

  • Legitimate interest;

  • Your consent.

Duration of the processing

Until the withdrawal of the consent

DPD website visitors

Data categories

Data related to  visiting our website (IP address, MAC address, date and duration of the visit, devices or apps used, navigation on the DPD’s website).

Legal ground for the processing

Depending on the particular situation, a legal ground for the processing may be:

  • Legitimate interest;

  • Your consent.

Duration of the processing

Until the withdrawal of the consent

8. Implementing marketing activities

If you have granted your consent, we may use your contact information to send you offers, newsletters, or other information that you may find relevant and interesting. You may opt out from receiving these offers at any time.
If you have used our services and you have not objected to receiving such information, we may use your email address to send you offers on similar services.

Categories of data subjects

Customer

Data categories

Contact information (name, surname, address, phone number, email address).

Legal ground for the processing

Depending on the particular situation, a legal ground for the processing may be:

  • Legitimate interest to implement DPD’s marketing activities;

  • Your consent.

Duration of the processing

Until the withdrawal of the consent.

Customer

Data categories

Contact information (name, surname, address, phone number, email address).

Legal ground for the processing

Depending on the particular situation, a legal ground for the processing may be:

  • Legitimate interest to implement DPD’s marketing activities;

  • Your consent.

Duration of the processing

Until the withdrawal of the consent.

9.  Administering DPD’s social networks

DPD administers its accounts on the following social networks:

https://www.facebook.com/DPDLatvija/, https://www.instagram.com/dpd_latvija/, https://www.linkedin.com/company/dpd-latvija/.

If you are interested in the services we provide and follow any of DPD’s social network accounts and / or carry out activities on those accounts, we process information that is related to the interaction between DPD’s accounts and you.

Categories of data subjects

Followers of DPD’s social network accounts

Data categories

  • Contact information (name, surname, address, phone number, email address);

  • Information on the social network account (picture, workplace, and other information which is publicly available on your social network account);
  • Information on your interaction with the DPD’s accounts (use of the functions “like”, “follow”, “comment”, “share”, etc., comments and other kinds of communication).

Legal ground for the processing

Depending on the particular situation, a legal ground for the processing may be:

  • Legitimate interest to administer DPD’s social network accounts;

  • Your consent.

Duration of the processing

Until the withdrawal of the consent.

Followers of DPD’s social network accounts

Data categories

  • Contact information (name, surname, address, phone number, email address);

  • Information on the social network account (picture, workplace, and other information which is publicly available on your social network account);
  • Information on your interaction with the DPD’s accounts (use of the functions “like”, “follow”, “comment”, “share”, etc., comments and other kinds of communication).

Legal ground for the processing

Depending on the particular situation, a legal ground for the processing may be:

  • Legitimate interest to administer DPD’s social network accounts;

  • Your consent.

Duration of the processing

Until the withdrawal of the consent.

10. Performing DPD’s legal obligations

Under certain circumstances set out by the relevant laws, DPD may be obligated to transfer personal data to state institutions, for example, to the State Revenue Service, customs, the police, or other institutions.

Categories of data subjects

Customer

Data categories

  • Contact information (name, surname, address, phone number, email address);

  • Customer’s payment information.

  • Compliance with the data of the sanctions list.

  • Video recording data.

  • Other information that state institutions are entitled to request according to the applicable law.

Legal ground for the processing

Law.

Duration of the processing

Until the processing purpose is achieved.

Customer

Data categories

  • Contact information (name, surname, address, phone number, email address);

  • Customer’s payment information.

  • Compliance with the data of the sanctions list.

  • Video recording data.

  • Other information that state institutions are entitled to request according to the applicable law.

Legal ground for the processing

Law.

Duration of the processing

Until the processing purpose is achieved.

11. Recruitment

DPD processes your personal data if you have applied for an announced vacancy or sent in your CV outside the official competition, or if an applicant has provided your contact information for providing a reference.

Categories of data subjects

Applicants, reference provider

Data categories

  • Applicants’ contact information (name, surname, address, phone number, email address);

  • Reference providers’ contact information (name, surname, workplace, position, phone number, email address);

  • Information contained in the applicants’ CV (education, work experience, skills);

  • Information contained in the applicants’ cover letter;

  • References on applicants;

  • Information revealed by the applicants during an interview.

Legal ground for the processing

Legitimate interest to recruit the staff.

Consent (to process the references).

Duration of the processing

The successful applicants’ data is stored in accordance with the conditions of the internal employee privacy policy.

The rest of the applicants’ data will be stored for 1 year if the candidates have given their consent.

Refence providers’ data is stored until the end of the recruitment process.

Applicants, reference provider

Data categories

  • Applicants’ contact information (name, surname, address, phone number, email address);

  • Reference providers’ contact information (name, surname, workplace, position, phone number, email address);

  • Information contained in the applicants’ CV (education, work experience, skills);

  • Information contained in the applicants’ cover letter;

  • References on applicants;

  • Information revealed by the applicants during an interview.

Legal ground for the processing

Legitimate interest to recruit the staff.

Consent (to process the references).

Duration of the processing

The successful applicants’ data is stored in accordance with the conditions of the internal employee privacy policy.

The rest of the applicants’ data will be stored for 1 year if the candidates have given their consent.

Refence providers’ data is stored until the end of the recruitment process.

To whom we disclose your personal data

If necessary, we may disclose your personal data to the following recipients:

- DPD group companies to ensure the performance of the services we provide;
- our service providers whose involvement is necessary for us to be able to provide you with a service (for example, payments service providers, data warehouse service providers etc.);
- third parties and institutions that require personal data to provide a service chosen by you (for example, insurers, customs, payments agencies );
- persons who are authorised by the law to request and receive personal data (for example, supervisory institutions);
- persons who require the data in order to protect our interest, for example, in case of complaints or claims that may be filed against us.

In all cases we transfer to third parties the minimum amount of personal data needed to achieve the legitimate purpose of this data transfer. We only work with outsourced service providers that guarantee the implementation of appropriate technical and organisational measures to ensure that your personal data is processed in accordance with the legal requirements and ensure the protection of your rights.

To ensure the provision of certain DPD services, personal data may be transferred to recipients outside the EU (for example, parcel delivery outside the EU). In such cases, we make sure that the recipient of personal data ensures the necessary security measures to ensure controlled and safe data transfer and processing. The transfer is carried out based on appropriate guarantees in line with the GDPR requirements, for example, by using the Commission’s standard contractual clauses on the transfer of personal data to third countries.

We kindly ask you to take into account that, within the framework of the delivery service, a Sender’s contact information is visible to a Consignee.

How long we retain your personal data

The personal data mentioned in this Privacy Policy will be processed and retained no longer than indicated in the section “What personal data we collect and for what purposes we process them”. Unless a personal data type is specified separately is this Privacy Policy, the data will be stored as long as it is required to fulfil the processing purpose or according to the applicable law.

Please be informed that according to Postal Law, the retention period for documents accompanying postal items is 2 years. The Accounting Law provides for a 5 year retention term for accounting source documents. In addition, in pursuant to the Commercial Law, a general statute of limitations period with regard to a commercial transaction is 3 years. Whereas according to the Personal Data Processing Law, a statute of limitations period for claims arising from the GDPR is 5 years. We will always carefully evaluate how long it is necessary to keep the data in line with the provisions of relevant laws and our legitimate interests, and we will process it no longer than the term for which we have a legitimate ground.

How we protect your personal data

To protect your personal data, we implement appropriate organisational, technical, and physical security measures. However, we ask you to contact us if you think that unauthorised third parties may have come into possession of your personal data.

In addition, please be informed that, due to the specific character of the service, the data, provided in the documents accompanying the shipment, may be visible to third parties.

Your rights

You have all the rights stipulated in the personal data protection legislation:
- to receive information on whether DPD processes your personal data and, if it does, the right to access them;
- to request rectification of inaccurate personal data if they are insufficient, incomplete, or incorrect;
- to receive the personal data that you have provided and that are processed based on the consent or Performance of an agreement, in writing or electronically, including the right to request a transfer of personal data to another service provider;
- to request the erasure of personal data. However, please note that this right is not absolute, and you may receive a justified refusal if there is a legitimate ground to continue the processing;
- to restrict the processing of personal data in compliance with the applicable laws and regulations;
- to withdraw your consent to the processing of personal data;
- to file a complaint with the Data State Inspectorate of Latvia if you believe that your personal data are being processed inappropriately. At the same time, we kindly ask you to contact us first to handle the situation promptly;
- object to the processing of personal data, including an objection to the processing of personal data for the purpose of direct marketing.

Personal data on the DPD Latvija homepage and in cookies

What are cookies?

Cookies are a small text file that a website saves on your computer or mobile device when you open it.

How do we use cookies?

We use cookies to keep track on how you use our website, for example, when you last visited www.dpd.lv and what kind of information you were looking for. The text file can only be read by this website, therefore no one else may access this information.

The DPD website uses the following cookies:
- necessary / essential cookies that are needed for the website navigation and use of the options chosen by the user;
- performance cookies, which gather information on how users use the website, for example, which entries they visit the most and what error messages they receive from the website. The purpose of these cookies is to improve the performance of the website;
- functionality cookies, which allow the website to remember the user’s choices (for example, text size, other customized site functions) and identifiers (for example, username, language, or the user’s country) to provide personalised site experience;
- target audience / advertising / behavioural cookies, which allow the website to show the user personalised ads and to carry out market research and analysis, based on the data on users’ behaviour and interests. DPD Latvija may transfer the acquired data to advertising and marketing service providers;
- cookies which are used to provide a multimedia environment and to record technical information that is necessary for video or audio materials, for example, picture quality, network connection speed, buffering parameters;
- social plug-ins for content sharing. Many social networks offer social plug-ins which allow social network users to share content as they see fit. Such plug-ins store cookies on the user’s workstation; thus, the respective social network may identify users that get in contact with such plug-ins;

These cookies do not have to be enabled for a site to function, however, they ensure better browsing experience. These cookies may be deleted or blocked, however, in such case some of the site options may not work properly.

If a cookie is essential to the provision of a service that a user has explicitly requested, your consent for the use of that cookie is not necessary.

The cookie-related information is not used to identify you, and we control the data on your navigation. They are not disclosed to third parties.

DPD Latvija also uses Google Analytics on its website — a web analytics service provided by Google, Inc (Google). Information generated by this cookie on your use of this site (including your IP address) is sent to the Google servers and stored there. Google will use this information to evaluate your use of the site, collect site-related information for site managers, and provide other services related to the site and internet use. Google may send this information to third parties when it is required by law or when third parties process this type of data on behalf of Google. Google will never link your IP address with other data Google possesses. By using our site, you give your permission to Google to process your data. For further information on Google Analytics cookies, click here.

How may I control cookies and stop receiving them?

You may control cookies at any time using the cookie management tool provided by us.

Ensuring privacy when recruiting

When you apply for a vacancy at DPD Latvija, we process the personal data provided by you (including the data provided in the attached CV, cover letter, during an interview, etc.) to evaluate your suitability for the relevant position, carry out recruitment procedures and, depending on the situation, make you a job or internship offer.

To be able to determine your suitability for the job, we may contact your educational establishment and / or former employers to ascertain your qualifications, skills, and professional characteristics.

Who will have access to your information?

We certify that we store your data in a safe and confidential manner.
Your data will be accessed by DPD Latvija staff responsible for recruitment, as well as department or company heads at whose request the recruitment is carried out. If you are applying for a Baltic-level position, your personal data are handed over to recruitment professionals or heads of DPD’s Estonian and Lithuanian business units.

DPD Latvija IT staff may access your data only to the extent necessary to provide proper functioning of computer software.

The personal data you have provided us with will not be used in any other context and will not be disclosed to others.

How long are we going to retain your information?

If after applying you do not receive a job or internship offer, your personal data, upon your consent, will be retained and processed for one year after receiving the data, for the purpose of future recruitment.

If you have been selected and sign a contract with DPD Latvija, we will keep the recruitment data in accordance with the term and procedure set out by DPD Latvija for the processing of its staff data, which you will be informed about upon starting to work at the company.

What are your rights?

You have the right to access your personal data that we process, to rectify, supplement, or update them by sending an email to [email protected]. You may also use this email address to restrict the processing of your personal data indicating the legal ground.

You have the right to object to the further processing of the personal data you have provided for the purposes of recruitment, and you may request erasure of your data by sending your request to [email protected].

Video surveillance and call recording

To prevent crime, ensure safety, review claims, and clarify circumstances, DPD Latvija uses video surveillance within its territory, premises, and near the infrastructure objects. DPD Latvija ensures placement of a warning upon entering a surveillance zone, as well as elsewhere in the territory or premises where video surveillance is performed. The disclosure of the video recording images corresponds to the purpose of video surveillance.

Data subjects are informed about a phone call recording prior to the start of the phone conversation.

Impact assessment on making video and audio recordings  has been carried out, as a result of which such data processing has been deemed justified and proportionate.

Amendments to the Privacy Policy

The protection of your personal data is important to us, therefore, we regularly review the personal data processing principles implemented at the company and this Privacy Policy. We have the right to unilaterally update this Privacy Policy at any time, informing about it on the website www.dpd.lv.

Contact information and enquiry review

If you have any questions or comments regarding this Privacy Policy or the processing of your personal data, please contact us at [email protected] or send your request in writing to Uriekstes 8a, LV – 1005, Rīga, Latvija.

DPD has appointed a data protection officer, who for data protection questions may be contacted by phone: +371 6788 9999 or e-mail: [email protected].