According to the General Data Protection Regulation (GDPR), DPD (Netherlands) B.V. is the controller in all business processes. This means that we determine, among other things, which personal data we process, how we process personal data and what the storage period is. In addition, we also determine who has access to the personal data.
Our principals are (business and private) shippers (amongst others webshops), who want to have goods transported. We have agreed with the principals that we do not transport parcels ourselves but engage carriers to have the parcel delivered. For the latter, the personal data of the consignee of the parcel, which has been made available by the principal, is required. Furthermore, we also use the personal data to be able to offer additional services and improve our service by, for example, using a review system.
As we have already mentioned above, the personal data is made available by the principal. It concerns the following data:
Services | Category personal data |
Administration | Principal: |
· Company data and general contact data such as telephone number and email address | |
· Invoicing data | |
Contact person: personal contact data | |
Shipping of a parcel | Principal: shipping address |
Consignee: delivery address | |
Consignee: telephone number and email address | |
Delivery of a parcel | Consignee:
|
Customs clearance | Principal and Consignee: customs clearance data |
Complaint | Principal: Name contact person |
Principal: Telephone number and email address | |
Consignee: Name and address | |
Claim | The data above (see complaint) |
Principal and Consignee: | |
Additional claim documents to substantiate a claim. |
Category personal data |
---|
Administration | Principal: |
---|
· Company data and general contact data such as telephone number and email address |
· Invoicing data |
Contact person: personal contact data |
Shipping of a parcel | Principal: shipping address |
---|
Consignee: delivery address |
Consignee: telephone number and email address |
Delivery of a parcel | Consignee:
|
---|
Customs clearance | Principal and Consignee: customs clearance data |
---|
Complaint | Principal: Name contact person |
---|
Principal: Telephone number and email address |
Consignee: Name and address |
Claim | The data above (see complaint) |
---|
Principal and Consignee: |
Additional claim documents to substantiate a claim. |
In order to provide a better service, we are supported by our parent company GeoPost. Together we are responsible for the following:
Services | Purpose | Category personal data |
MyDPD | Consignees can track their parcel in one environment and influence their delivery | Consignee: Account data incl. contact data |
Follow my Parcel | Shows the location of the driver in relation to the delivery address | Consignee: Delivery address and possibly telephone number and email address |
Pickup Services | Administration system with regard to Pickup parcelshops | Supplier: Company data and contact data such as telephone number and email address |
Invoicing data | ||
Geocheck | check with the list sanction law | Principal, consignee and supplier: name and address |
Purpose |
---|
MyDPD | Consignees can track their parcel in one environment and influence their delivery |
---|
Follow my Parcel | Shows the location of the driver in relation to the delivery address |
---|
Pickup Services | Administration system with regard to Pickup parcelshops |
---|
Geocheck | check with the list sanction law |
---|
Category personal data |
---|
MyDPD | Consignee: Account data incl. contact data |
---|
Follow my Parcel | Consignee: Delivery address and possibly telephone number and email address |
---|
Pickup Services | Supplier: Company data and contact data such as telephone number and email address |
---|
Invoicing data |
Geocheck | Principal, consignee and supplier: name and address |
---|
We process the data on secure servers in the Netherlands and on secure servers of GeoPost and the delivery depot of the DPD partners. These servers are located within the European Economic Area (EEA) unless the principal wishes delivery of a parcel in a country outside the EEA, such as the United Kingdom or Switzerland. In that case, to fulfill our contractual obligations towards the principal, we must provide the delivery data to our DPD partner outside the EEA for the purpose of delivering parcels to the specified address on behalf of the principal.
In the event that delivery must take place in a country outside the EEA, we are also obliged, pursuant to legal obligations, to provide personal data with customs. Customs clearance of the parcel can only take place on the basis of the required data.
Since we do not transport ourselves, but engage carriers to have the parcel delivered, we must, prior to the start of the delivery process of the parcel, provide the delivery address and possibly contact details to the carrier, in order to fulfill our contractual obligation. These data are only processed by the carriers with a DPD handheld scanner and are not provided to the carrier in any other way.
Another group of suppliers to whom we may provide personal data are companies that offer a specific service that is not available within our organization but that are supportive to the purpose. Take, for example, IT companies or, as we have indicated earlier, a review system. Based on this legitimate interest, we can improve and expand our services, but also safeguard business continuity.
We also provide personal data to DPD partners, carriers and insurers in case a parcel is lost or damaged. After the claim of the principal has been accepted and compensation has been paid, we will always try to recover damages from the party that has caused the damage. We therefore have a legitimate interest in addressing the party causing the damage and recovering costs on the basis of a substantiated claim.
If we provide personal data in the above situations, we will, if the supplier is a processor, always specify the special conditions under which personal data are provided and processed by concluding a processor agreement. The latter specifies exactly what the supplier can and can’t do with the personal data and what requirements are necessary for the security of the personal data. In the single case that a supplier is located outside the EEA (the so-called third countries), we will always assure that an adequate level of protection applies. DPD will always follow the adequacy decision or the standard provisions of the European Commission, whereby the level of protection corresponds to the level within the EU.
In order to keep a close eye on all processing activities that take place within our organization, we register the processing operations in a processing activities register. This is an overview of, among other things, the type of processing that takes place, the purpose for which it is processed, the category and type of personal data, which supplier may be involved, who has access to the personal data and what ultimately the storage period is.
DPD always takes appropriate technical and organizational measures to ensure the security level. We adjust this level to the risk. And in doing so, we take into account technological developments, implementation costs, processing goals and the probability and impact of an infringement. In addition, every employee within DPD signs a confidentiality agreement so that the privacy of the personal data is guaranteed. This also applies to third parties, such as a carrier or an IT company.
We do not want to store personal data longer than necessary. We therefore use a standard storage period of 2 years. Are there legal obligations that require us to store the data longer? Or do we need the data longer because a claim has been submitted? Then we deviate from the two-year term. After the storage period has expired, we will withdraw the personal data from the systems. Not only with us, GeoPost and delivery depots, but also with the supplier. In the overview below, we have listed some important storage periods
Services | Category personal data | Storage period |
Administration | Principal: | 7 years |
· Company data and general contact data such as telephone number and email address | ||
· Invoicing data | ||
Contact person: personal contact data | 1 year | |
Shipping of a parcel | Principal: shipping address | 90 days |
Consignee: delivery address | ||
Consignee: telephone number and email address | 14 days | |
Delivery of a parcel | Consignee:
| 2 years |
Customs clearance | Principal and Consignee: customs clearance data | 7 years |
Complaint | Principal: Name contact person | 2 years |
Principal: Telephone number and email address | ||
Consignee: Name and address | ||
Claim | The data above (see complaint) | 7 years |
Principal and Consignee: | ||
Additional claim documents to substantiate a claim. | ||
My DPD | Consignee: account data | 2 years |
Follow my Parcel | Consignee: contact data | 1 years |
Pickup Services | Parcelshop: Company data and invoicing data | 7 years |
Geocheck | Principal and consignee: name and address | 7 years |
Category personal data |
---|
Administration | Principal: |
---|
· Company data and general contact data such as telephone number and email address |
· Invoicing data |
Contact person: personal contact data |
Shipping of a parcel | Principal: shipping address |
---|
Consignee: delivery address |
Consignee: telephone number and email address |
Delivery of a parcel | Consignee:
|
---|
Customs clearance | Principal and Consignee: customs clearance data |
---|
Complaint | Principal: Name contact person |
---|
Principal: Telephone number and email address |
Consignee: Name and address |
Claim | The data above (see complaint) |
---|
Principal and Consignee: |
Additional claim documents to substantiate a claim. |
My DPD | Consignee: account data |
---|
Follow my Parcel | Consignee: contact data |
---|
Pickup Services | Parcelshop: Company data and invoicing data |
---|
Geocheck | Principal and consignee: name and address |
---|
Storage period |
---|
Administration | 7 years |
---|
1 year |
Shipping of a parcel | 90 days |
---|
14 days |
Delivery of a parcel | 2 years |
---|
Customs clearance | 7 years |
---|
Complaint | 2 years |
---|
Claim | 7 years |
---|
My DPD | 2 years |
---|
Follow my Parcel | 1 years |
---|
Pickup Services | 7 years |
---|
Geocheck | 7 years |
---|
Would you like access to your personal data? Then you can contact us by letter or e-mail. You can use the following information for this:
DPD (Nederland) B.V.
To: Legal Department
Westfields 1410
5688 HA Oirschot
[email protected]
We want to be sure that we give the personal data to the right person. That is why we ask you for a copy of a valid passport, driver's license or identity card. Always ensure that you make the photo unrecognizable. We encourage you to put the entry ‘copy’ and the date. Please also erase the social security number (het BSN) on the document and in the line on the bottom of the card. Of course you can only request personal data from yourself and not from others.
Are your personal data incorrect and do they need to be corrected? Do you want us to delete your personal data or to restrict the processing of your personal data so that we only use a limited amount of data? Or do you want us to transfer your data to another party? Or have you given permission for the processing of your personal data but do you want to withdraw your permission? Send your request to the email address mentioned above. You can also object to the processing of your data via that email address.
DPD has appointed a data protection officer (DPO) which is an internal supervisor for the processing of personal data. If you have any questions, you can contact the DPO via email address [email protected]
Supervisory authority
Are you not satisfied or if you can’t agree with us? Then you can file a complaint with:
Autoriteit Persoonsgegevens
Postbus 93374
2509 AJ Den Haag
Amendments
DPD reserves the right to change the policy as described in this Privacy Statement at any time and at her sole discretion. You can always read the current Privacy Statement on our website.
Date of publication: 1st July 2021
Home / Privacy statement