For what purpose do we process your data?

DPD processes your data exclusively for the implementation of transport services on the instructions of consignors or, subject to your consent, for occasional promotional purposes or to optimise our web services and delivery services, for the invoicing of services and for the purpose of paying the wages and social insurance contributions of our employees. Here you can download our privacy policy (pdf-document).

Where do we receive your data from, and what data is involved? DPD receives data for processing from various sources and for various purposes.
If you are a consignor we receive your data when you contact us, visit one of our shipping websites or ship parcels with us. For this purpose we save your invoice address, details of pickup times, contact persons or selected/offered products. As a rule we receive this data directly from you, or in rare cases you are brought to our attention via the Internet or our sales partners.

If you are a consignee we receive your data from consignors. They provide us with your data, as well as information about the parcel or notification instructions, mainly in electronic form or via their own or our shipping systems. They normally do so in that they have entered into a contractual relationship with you in accordance with Article 6(1b) GDPR, and we require the data in order to deliver the goods you have ordered from the consignor. In addition we naturally receive your data from other providers of postal services which act on our behalf in delivering shipments, e.g. if the shipment comes from abroad and if a different provider of postal services which cooperates with us has been entrusted there with the delivery.

If you are a system partner, parcel shop operator or delivery driver we receive your data when you get in touch with us or with a system partner with the intention of working for us. On the basis of a number of statutory requirements and a specific amount of legitimate interest we are obliged to collect a certain amount of further information about you. This ranges from background checks to insurance protection, the vehicles used, existing licences and permits, or further information. If you are a visitor to our website we receive your data via various website functions. For this purpose we apply cookies or request information from you directly. Our priority is to optimise the presentation of our website and to provide you with information about our services. You can at any time restrict the services or deactivate them completely by using a link or making the appropriate selection. (Please see “Web analysis, cookies and third party serices”).

If you are an applicant for a job we receive your data when you get in touch with us and send us your application. We use the data only for our own purposes.

Who do we transmit your data to?

DPD transmits your data to various locations, but only for the intended purposes. This also includes locations outside the European currency area, if the place of delivery is located there.

If you are consignor we send your data mainly to our depots, which are responsible for collecting your shipments, and to the local system partners and drivers who are involved.

If you are a consignee we send your data exclusively to the relevant consignors, system partners, parcel shops and delivery drivers (or other providers of postal services who may be involved in the delivery also in other countries). If a parcel happens to be damaged we also send your data to our insurance company.
Shipment data or details of the contents of shipments will only be transmitted or made available to third parties in exceptional circumstances. Such third parties are above all the customs authorities, the prosecution service or insurance companies. You can obtain information about the status of shipments at any time via our app or the tracking functions on our website. This information is only available to authorised users and can only be obtained by the entry of the consignee postcode and the parcel number.

Job application documents are received at our company only by the relevant department or by our system partners in the case of applications for work as delivery drivers, and are subject to the relevant consent.

In order to maintain our privileged customs status as an "Authorised Economic Operator (AEO)" and to avoid fines for violations of the EU anti-terrorism regulations (EC 881/2002 and 2580/2001) and the Foreign Trade and Payments Act (AWG), at defined intervals we check the names and addresses of shippers, consignees, partners and employees against the official sanction list databases.

In some cases we also use service providers for the implementation of tasks and activities on our behalf. Unless they operate on our behalf as part of the logistics chain, all such service providers are under an obligation to comply with our instructions on the processing of data as specified in an appropriate service contract. DPD does not rent, lend or sell personal data to third parties. However, data can be passed on to companies connected with DPD as part of the company group, and can be processed jointly in accordance with Art. 26 GDPR.

Who can you contact if you wish to reject the processing of your data, or to have your data corrected or deleted?

If you have a special wish involving the rejection or the processing of your data or instructions relating to its correction or deletion, you can simply use our contact form and select the relevant option.

How long will your data be stored?

As is the case with all other companies under private law, DPD has to comply with specific regulations relating to the storage of data. This includes above all retention periods in accordance with tax legislation, e.g. relating to consignment notes, tour plans and delivery lists, damage reports, claims, invoices and balance sheets. In addition, for security reasons we store the tracking data for parcels for a period of time which varies per platform between 30 and 180 days.In the absence of consent to a longer storage period, job application documents will be deleted in accordance with data protection legislation at the latest within six months after the rejection of the application.DPD account data is deleted two years after the deactivation of the account. Rejections of delivery notifications (Predict) are stored in a blocking list until the rejection is withdrawn.

For the length of storage relating to cookies, please see our list in Web analysis, cookies and third party serices.

Under the name "myDPD" DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany, provides digital platforms on web servers or mobile terminals which enable shippers and consignees to send parcels and to monitor or manage their delivery. These functions are referred to below as the "service" or "services". myDPD distinguishes between private and commercial use of the services.

Basically the service can be used without registration. To be able to use the convenience functions, however, registration is required. This is done either by registering via the service with an email address and password or by using an existing Facebook or Google account. DPD does not transmit any parcel information to Facebook or Google in this respect, and only uses these services for authentication purposes. After authentication, a uniform DPD account is created for all our services. Commercial customers need to request their access data directly through their sales contact.

"Login with Apple ID"

If you use your Apple ID when logging in to DPD, you can register or log in with your Apple account. You will then be forwarded to the Apple website. For the iOS app the process takes place entirely within the operating system. For the login you will need the email address which is stored with Apple. This is required for identification purposes in order to create a secure DPD account for you and is stored with us. Your Apple profile and your DPD account are permanently linked via the email address. You can remove this link at any time on the Apple website.
DPD never learns your Apple access data. You can read how Apple handles privacy settings in the Apple data protection notices; these are also the valid regulations governing this possibility of logging in and registering with DPD.

"Login with Facebook"

Facebook Connect is an offer from Facebook Ireland Limited (Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland). Its use is voluntary and optional. When using Facebook Connect, Facebook profile data and public data from your Facebook profile are transferred to DPD. We use and process your first and last name, gender, age, home town, email address, and Facebook ID for simplified registration to use the Parcel Navigator. If you are already a DPD customer, only the Facebook ID will be processed. Your Facebook account is linked to the DPD account via the Facebook ID. This makes it possible for you to register for the service using your Facebook access data via the "Login with Facebook" button. In addition, every time you log in, Facebook will know that you are using the DPD service. The link to Facebook can be revoked at any time on Facebook itself. Please also read Facebook's privacy policy on this subject.

"Login with Google"

The same applies to the use of the Google login. This Google service is provided by Google Inc. "('Google'; Amphitheatre Parkway, Mountain View, CA 94043, USA). Registration and use of Google's services are subject to Google's Privacy Policy and Terms of Use, which you can view at www.google.com/intl/de/policies/privacy.

DPD processes the following data from you in order to provide the relevant services and information: email address, mobile phone number, password, a standard postcode (usually your recipient postcode), Predict status (whether you want parcel notifications or not), the names of the devices you use, and shipment related information from our delivery systems.
Whether or not our service may send you messages is up to you to decide on the settings of theapp in your mobile device, or in the user account of the services.

"Login with netID"

If you use the netID button when logging in to DPD, you can register or log in with your netID account. You will then be redirected to the netID website. Your email address, which is stored with netID, is required for the login. This is necessary for identification in order to create a secure DPD account for you and is stored with us. Your netID profile and your DPD account will be permanently linked via the email address. You can remove this link at any time on the netID website.

DPD does not learn your netID access data at any stage. You can read how netID handles privacy settings in the netID privacy notices; these are also the applicable requirements for this possibility for logging in and registering with DPD.

Credit rating assessment

To assess the creditworthiness of new customers, we use a probability value (score procedure) based on automated mathematical-statistical procedures for commercial customers provided by e-crefo GmbH, Hellersbergstraße 12, 41460 Neuss, and for private customers from Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss. We use this information as a decision-making aid. Subjective value judgements or personal financial circumstances are not queried. Data is only stored and transmitted if this is necessary to safeguard the legitimate interests of DPD Deutschland GmbH. We would also like to draw your attention to the fact that if e-crefo GmbH has insufficient data about the company concerned at the time when commercial customers apply to us, in individual decisions we will also request a probability value for the owner or managing director of the company concerned at Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss. In order not to unreasonably disadvantage your interests in individual cases with the credit assessment, DPD weighs the various interests involved. If the credit check is negative, DPD reserves the right to change the terms of payment.

Use of the platform

The platform makes it easier for shippers to transfer data to DPD as part of their shipping orders and to manage the addresses required for this purpose. DPD uses this data exclusively for shipment processing as described under the section on the "DPD parcel delivery service". The basis for the use of the platform is the transmission of data for the performance of postal services in accordance with Article 6(1b) of the GDPR and the Postal Act on the basis of the resulting shipping order.

Advertising / information

If you have previously given us your consent under "Profile" or (insofar as statutory regulations provide for this) have not objected, we process and use this data for our own product-related information, surveys, competitions and marketing purposes. We may use service providers for this purpose. These work exclusively in accordance with our instructions under the terms of order processing in accordance with Article 28ff GDPR.

Usage analysis

As with our website, we use so-called cookies in several places in the tools. They serve to make our offering more user-friendly, effective and secure. How we use cookies and how you can prevent this is described under "Web analysis, cookies and services by third parties". These serve primarily for the quality assurance of the platform and for the maintenance of IT security.

Storage duration

DPD processes the data stored on the platforms only as long as it is legally required. Sometimes you can delete the data yourself (if this does not violate legal retention periods). We will maintain your myDPD account until you delete it yourself under your "Profile". Shipment data is stored in varying levels of detail between 40 days and 10 years. We keep invoice information for 7/11 years.

Matomo und Google Analytics

In order to optimise our service we apply Google Analytics and Matomo. Details on the use of these services are described above under Web analysis, cookies and third-party services. DPD only makes data from the use of the services and about the service itself to available authorised internal users.

In order to ensure the correct delivery of shipments to the right consignee DPD requires a range of data, which is as a rule provided by the consignor. In addition to details of the address, parcel type and parcel shipping options, the data may include further information which will, for example, enable us to notify the consignee of the delivery or when parcels are picked up at the parcel shop (e.g. ID card/passport number). In compliance with postal legislation in postal services, DPD processes this data in a shipment-related way and only for delivery purposes. The details which are provided are used exclusively within the DPD network for delivering shipments and invoicing services, or for clarifying issues relating to shipments (e.g. transport damage). DPD does not use consignee data for advertising purposes or for other personal analyses. Findings from DPD's delivery processes are only used in an anonymised form for the purpose of optimising delivery operations. Your data is not sold, rented out or exchanged. If we provide data to external service providers, this is implemented on the basis of Art. 28 EU GDPR (processing of orders) or other data protection regulations.

DPD also appears in a number of social networks. These include Facebook, Instagram, Twitter, Xing and YouTube. DPD provides its services on these platforms under the data protection provisions of the individual platform operator and has no direct responsibility for the way the operator processes data. Any findings from this data are used only for internal purposes and direct consultation. DPD wishes to point out that these platforms are in themselves public and anything which is posted on them can as a rule be read by all users. DPD will not provide shipment-related information or details of personal data in any public forum via these platforms.

DPD offers, as part of its product portfolio, its Predict-Service for consignors and consignees. Here you can download our data protection evaluation regarding Predict / EU GDPR (pdf-document).

With this service the consignee receives advance notification of shipments sent by the consignor in the form of an email or SMS text message, notifying the consignee when the shipment will be delivered and the arrangements for the delivery. For this purpose the consignor (shipping customer) provides DPD with the necessary supplementary information, such as the email address or mobile number of the consignee.
One possible basis for the transmission of such data to DPD on the part of the consignor is, from the DPD point of view, Article 6 (1f) EU GDPR (“Processing of data for the safeguarding of justified interests”).

Grounds: the transmission of the data is implemented in the legitimate interests of both the consignor and of DPD as the postal service provider, in order to avoid incorrect deliveries (which serves to protect postal secrecy) and to ensure customer-friendly determination of the time and place of delivery on the part of the party concerned (consignee). The basis for the processing of the data between the consignor and the consignee is as a rule an order, or a contractual or similar relationship with the party concerned in accordance with Article 6 (1b) EU GDPR. In the process DPD functions as the service provider (provider of postal services). The transmission of the additional information does not restrict any interests of the party concerned which require protection, or that party’s fundamental rights and freedoms. The party concerned can reject the processing of this supplementary information at both locations. Predict notifications are not advertising aimed at promoting DPD’s own sales or that of an outside company, but serve the implementation of the delivery process for goods which have already been ordered.

DPD processes this data exclusively for this purpose and for no other purpose. For purposes of dealing with complaints or invoicing, the data is recorded in relation to the individual shipment and saved, also in relation to the individual shipment, in our shipping archives in accordance with statutory provisions relating to archiving periods. Shipping customers are responsible for ensuring the correctness of the information provided to DPD about the email addresses and telephone numbers of their customers (consignees), as well as with regard to the correct spelling, syntax and allocation to a specific shipment. If DPD has received instructions from a consignee blocking the transfer of information by email or SMS, DPD is under an obligation to follow these instructions and to terminate the service to the relevant consignee. There will be no message to the shipping customer that this service has been blocked by the consignee.
As part of DPD’s Predict-Service, consignors can also provide customers with information about themselves in the form of banner advertising. In addition to the company name and address, the customer’s banner can contain the company logo, the website URL and a company slogan/claim, but no advertising content that goes beyond this in the for

m of texts or images. DPD undertakes towards shipping customers not to send any advertising of its own to their customers (consignees).
Consignees who wish to block their email address for the Predict-Service should send an informal notice of cancellation to [email protected] indicating their name, address and the email address which is to be blocked. The effect of blocking the email address will be that the consignee will receive no further email notifications from us relating to shipments.

Suggested text for instructions in the privacy policies of DPD’s shipping customers from 25.5.2018:

”During shipping operations we transmit, on the basis of Art. 6 (1f) of the EU’s General Data Protection Regulation, your data (name, address, if necessary email address and/or mobile phone number for notification options and re-directions, together with further shipment-related data) to our shipping partner DPD Deutschland GmbH. You can reject the transmission of supplementary information such as email or mobile phone data both with us […add customer contact address…] and with DPD direct under [email protected] or, in the case of all parcel notifications, via a link.“

When you send us your online application you declare your consent to the electronic processing of your data, as described below.

Information which is required and recorded

As part of the application procedure, the DPD group of companies* only record and process the personal data which you submit to us or have entered in the application form.

Who has access to your data

Access to your data is only provided to such persons who have been trained in the relevant aspects of data protection and data security, and are subject to a contractual obligation of non-disclosure. The data which you make available in a concrete application is only seen by such persons who are responsible for filling the relevant vacancy. These are in particular HR staff within the company to which you apply, as well as any potential line managers.

Of course your data will not be used for any other purposes than for the application procedure, and will never be used for advertising purposes. Under no circumstances will your data be passed on to companies or persons outside the DPD group of companies.

Beyond the application procedure itself your application data may only be made available to other companies in the DPD group of companies for the purpose of filling other possible vacancies. If you do not agree to this, you can revoke your consent by sending an email to [email protected].

Data security

A variety of security procedures are used to protect the application data which is collected. The use of the latest technologies such as secure servers, firewalls and the encryption of application data protects against unauthorised access to your personal data. The security standard involved is continuously reviewed and adapted to the latest technological developments.

Deletion of data

Data which is provided in connection with a specific unsuccessful application for an advertised vacancy is deleted six months after the applicant has been notified. Applications which are included in the pool of applicants are automatically deleted after one year.

Possibility of submitting an application on paper

You of course have the option of submitting your application documents to us on paper instead of electronically. However, please note that we do not return written application documents, and subsequently destroy them in accordance with data protection regulations.

Modifications

This privacy policy may be amended at any time. The DPD group of companies reserve the right to modify or supplement this privacy policy at any time. We course look forward to any wishes and suggestions you may have and will take these into consideration as far as possible.

Right of revocation

You have the right to revoke at any time the consent you have provided us with, as well as the right to request information at any time about the data we collect. In order to assert these rights, or any other rights you may have under data protection regulations, please also contact [email protected].

Your contact person for information on the processing of personal data in accordance with Art. 15 GDPR, enquiries in accordance with Art. 16, 17, 18, 20 and 21 GDPR and any other concerns or complaints relating to data protection is the DPD Central Data Protection Officer, Michael Mayer ([email protected]). For further information relating to data protection or the individual services provided by DPD, please see the DPD Privacy Policy at www.dpd.de/datenschutz.

The responsible regulatory body in relation to data protection is the Federal Officer for Data Protection and Freedom of Information, who can be contacted as follows: Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit, Referat 24, Husarenstraße 30, in 53117 Bonn.

*DPD Deutschland GmbH, DPDgroup International Services GmbH & Co. KG,
GeoPost International Management & Development Holding GmbH, iloxx GmbH

DPD Deutschland GmbH offers you the opportunity to apply online to work with us as a delivery driver or system partner. For this purpose we collect specific data from you.

From delivery drivers:

As DPD does not employ its own drivers, we evaluate your data and then pass it on to a suitable system partner. By providing your consent at the end of the data collection you agree that the recorded data – as displayed on the screen – can be passed on to a system partner. After the data has been passed on it will then be processed. We delete your data after 6 months.

From system partners:

To qualify as a system partner to DPD, the relevant person/company must have a business licence and a permit to transport goods. We will contact you after using the data which you provide for preliminary classification purposes. The data is used by us exclusively for selection and checking purposes, and will be deleted after 6 months if you cannot be considered as a system partner.

DPD Financial Services is a service for the processing of electronic invoices. The service is operated on behalf of DPD by DATEV eG, Nuremberg.

DPD records, processes and uses the data which you transmit to DPD in connection with the use of these Financial Services. A user account is required for the use of the service. On registration you accept the applicable terms of use and consent to the processing of the relevant data. After registration, users are transferred directly to the website of our partner. The data required for the provision of the electronic invoice function is saved and used for processing purposes. DPD has the right to use your contact data for its own promotional and marketing purposes, and to provide you with information about new DPD features and products. You can reject the use of your personal data for promotional and marketing purposes at any time by sending a message with the subject reference "Rejection of the use of my Financial Services contact data for promotional purposes” by post to DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, or via our contact form.

Your data is saved by DPD on specially protected servers in Germany. Access to the servers is only available to a small number of specially authorised persons who are in charge of the technical, commercial or editorial support of the servers. DPD has taken precautions in order to ensure the security of your personal data. Your data will be conscientiously protected against loss, destruction, falsification, manipulation and unauthorised access or publication. The communication with our Financial Services online is also implemented by encrypted connections using special safety precautions. DPD uses session cookies for the identification of authorised users. These small text files, which your Internet browser administers and saves on your computer, are automatically deleted once more when you log out of Financial Services.

To assess the creditworthiness of (new) customers and suppliers, we use probability values based on automated mathematical-statistical procedures ("scoring"). These are determined by prestigious credit agencies and commercial credit insurers on our behalf. For this purpose, we pass on data to these service providers on the basis of corresponding contractual agreements verified under data protection law. In order not to disadvantage your interests unreasonably in individual cases with the credit assessment, DPD weighs up the interests involved. If the credit assessment is negative, DPD reserves the right to restrict the terms of payment, to change them or to put the cooperation to the test.