Data protection at DPD

Datenschutz bei DPD Datenschutz bei DPD

Data protection at DPD

 

Data on the personal data controller:

DPD d.o.o. COURIER AND PARCEL DISTRIBUTION
Brnčičeva ulica 31
SI-1231 Ljubljana - Črnuče

Tel: +386 (0) 1 513 23 00
Fax: +386 (0) 1 513 23 06
E-mail: [email protected]

Registration number: 1966812000

Tax number: SI46749845

Data Protection Officer (DPO): [email protected]

As a parcel service provider, the primary task of DPD is to send shipments safely and reliably on behalf of shippers to recipients and at the same time meet all legal requirements and the necessary confidentiality protection, given the information entrusted to DPD.

At DPD, we are aware of the importance of personal data protection, so we handle your data in accordance with the regulations in force at any time, which regulate the protection of personal data, the provision of postal services and electronic communication. Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation; as a controller of personal data to enable an individual to have insight to his rights under the GDPR.

At DPD, we obtain personal data from individuals from various sources. In most cases, they are collected for the purposes of implementing the mutual contract and provided to us by our shippers or parcel receivers who opt for an individual service offered by DPD. This may include information provided directly by the shipper or parcel receivers to DPD when the shipper or parcel receiver completes the form, buys services, sends or receives the parcel, writes to DPD, subscribes to DPD newsletters and other forms of direct marketing or participates in DPD research or promotion. We also obtain them indirectly through our websites, which are accessed by customers. We also create certain data ourselves by processing data for the purposes of reporting, analysis, etc. In addition, we may use other information about individuals that is publicly available or provided to us from public sources (public registers, databases, Internet applications, social networks, or other public sources of information). All collected data and information are processed by DPD employees for the purpose of providing their service, ie parcel distribution.

DPD carefully protects your information that you provide in any way through our website, as it values ​​and protects your privacy. The website therefore operates in accordance with the requirements of the applicable personal data protection law, regulations in the field of electronic communication, business and electronic signature, and in the field of postal services. Taking into account the latest technological developments and implementation costs and the nature, scope, circumstances and purposes of processing, as well as risks to the rights and freedoms of individuals that vary in likelihood and severity, DPD ensures an appropriate level of security by implementing appropriate technical and organizational measures. .

If you think that your communication with us is not secure, please inform us immediately by e-mail: [email protected].

Personal data means any information relating to an identified or identifiable individual, an identifiable individual being one that can be identified directly or indirectly, in particular by providing an identifier such as name, identification number, location data, web identifier, or by one or more factors that characterize the physical, physiological, genetic, mental, economic, cultural or social identity of that individual (such as: identification data of the individual, data relating to family relationships, data relating to on the housing and living conditions of the individual, data on the social and economic condition of the individual, data on the social and economic condition of the individual, data on the use of means of communication, data on the health status of the individual, data on ideological and religious beliefs, data on the individual data on individual habits, data on hobbies.

Consent of the data subject means any voluntary, explicit, informed and unambiguous statement of the will of the data subject by which he or she expresses consent to the processing of personal data concerning him or her by a statement or clear affirmative action. We will use the information you provide in the forms published on individual subpages for the following purposes: answering your inquiries and questions, to fulfil contractual obligations, to carry out marketing activities such as notification of offers, news and benefits and other advertising materials on the offer of DPD, related companies of DPD.

Processing means any act or set of acts carried out in relation to personal data or sets of personal data, with or without automated means, such as collecting, recording, editing, structuring, storing, adapting or modifying, retrieving, inspecting, using, disclosing by brokering, disseminating or otherwise making available, adapting or combining, restricting, deleting or destroying.

In principle, you can use our website without disclosing your identity. If you want us to provide a parcel distribution service for you or you want certain information from us, we need your personal information in order to accommodate your request. In accordance with the applicable legislation in the field of personal data protection, we collect only those data that are strictly necessary to fulfil the purpose, ie the implementation of the parcel distribution service. We collect your personal data only and exclusively when you voluntarily enter it yourself or give consent to such data collecting.

DPD will store and protect personal data so that there will be no unjustified disclosures of data to unauthorized persons. DPD undertakes not to pass on or sell personal data to a third party without prior notice and obtaining your consent, without appropriate appropriate safeguards, and to process such personal data only within the legal basis and selected purposes. The information you provide to us is carefully protected against loss, misuse, unauthorized access or publication, based on appropriate technical and organizational measures taken.

Users of personal data are DPD employees, the DPDgroup of which DPD is also a member, DPD's contractual partners and processors of personal data who are bound by labour law, GDPR-compliant personal data processing contracts or confidential data protection contracts, and are obligated to respect and protect personal data of individuals. Users access the data in accordance with the authorizations and assigned access rights to the data. Individual services of parcel distribution are performed by our partners, who are also processors due to the nature of their work, of which you are informed by our General Terms and Conditions and by ordering the service you agree with this.

Customer data is a business secret of DPD in accordance with the law governing companies, and personal data of individuals are protected by legislation in the field of personal data protection.

DPD also provides personal data to third parties if an obligation to provide or disclose DPD is imposed by a court order or any other competent authority or a legal provision (eg the Financial Administration of the Republic of Slovenia, courts, etc.).

DPDgroup and DPD have concluded contracts with all entities located outside the EU on the processing of personal data with standard contractual clauses issued by the European Commission, insofar as this is necessary in accordance with the provisions of the GDPR.

This website uses cookies in order to provide an online service and functionality that we would not be able to provide without cookies. By browsing the DPD website, each individual gives consent to the installation of a cookie and personal consent to the use and processing of personal and other data, which also includes the possibility of processing and linking data as evidenced by cookies.

When you visit a website, your IP address, time of visit and websites visited are automatically determined and recorded in our server files. Collecting IP addresses is a standard practice on many websites. In accordance with applicable law, IP addresses are not used for purposes other than measuring the use of the website, diagnosing server problems and managing the website.

The website may also contain links to other websites, with DPD expressly declaring that this Privacy Policy does not apply to these websites. DPD therefore does not assume any responsibility for the protection of personal information on such websites and recommends that you visit the data protection policy that applies to the individual website you are accessing when visiting any other website.

DPD provides individuals whose personal data it processes the possibility to exercise their rights: right of access, right of rectification, right of erasure, right to restrict the processing of personal data concerning an individual, right to transfer personal data, right to object and right to appeal . An individual can exercise their rights by sending an appropriate request to the address: [email protected] or by registered mail addressed to the business address of DPD. DPD is obliged to respond to the individual's request in a concise, transparent, understandable and easily accessible form and in clear and simple language, in writing or in e-form, without undue delay or at the latest within one month of receiving the individual's request.

If the individual considers that he / she has not received an appropriate answer about the exercise of his / her rights, he / she has the right to file a complaint with the Information Commissioner at the following address:

Information Commissioner, Dunajska cesta 22, 1000 Ljubljana, e-mail: [email protected].

DPD is not responsible for any occasional problems with the operation of this website, nor for any damage that may occur to you due to incorrect, untimely or incomplete information published on this website. All content published on this DPD website is the property of DPD or its affiliates and may not be reproduced, copied, reproduced or distributed in any other way without the permission of DPD.

This Privacy Policy is subject to change. Any changes to this Privacy Policy will only take effect when the amended Privacy Policy is made public on this website. By using the website after the Privacy Policy has been changed, you agree to the changed Privacy Policy.

In order to provide a pleasant user experience on this website we use cookies.

What are cookies?

Also known as browser cookies or tracking cookies, cookies are small, often encrypted text files, located in browser directories. They are used by web developers to help users navigate their websites efficiently and perform certain functions. Due to their core role of enhancing/enabling usability or site processes, disabling cookies may prevent users from using certain websites.

How do cookies work?

On your first visit on a website, cookies are downloaded to your computer. Cookies allow that the use of the site becomes more enjoyable, more efficient and adjusted to the individual user. We use cookies to store information on the language and location settings, … Website managers are able to acquire information about the number of visitors to the websites, the most popular content, the most commonly used functionality, …

Types of Cookies

  • Session cookies - these are temporary cookie files, which are erased when you close your browser. When you restart your browser and go back to the site that created the cookie, the website will not recognize you.

  • Persistent or stored cookies (persistent cookies) are saved even when you close the browser. They are used to store information on registration, language settings page, to analyze traffic,

  • First-party cookies (1st party cookies) are cookies located on the viewing webpage, and can be permanent or temporary.

  • Other cookies (3rd party cookies) come from other partner sites

What cookies are used on http://www.dpd.com/si:

  • Loadbalancer Cookie -This cookie contains the information if a user is on server A or B – No client information is saved.

  • Important notice Cookie - This cookie contains the information if a user have already seen the important notice box and closed the box so it doesn’t show on the next visit – No client information is saved.

  • Portal Cookie - If you are clicking on a country on the flash map on www.dpd.com a cookie is saved which contains the information about the country and leads you directly to that country on the next visit – No client information is saved.

  • myDPD - A cookie for the session ID and language ID is saved. This cookie is readout within myDPD.

  • Web Analytics tool - This is used with the primary goal of providing our website with better user experience and easier data review.

Your cookie settings

There are several ways to manage and control the settings for cookies. Deactivating cookies by clicking on the Web site http://www.dpd.com/si. The settings on the use of cookies can be edited via the "Privacy Settings".

Deactivating cookies in your web browser:

Deactivating cookies from elsewhere

 

1. The controller of the personal data files:

DPD d.o.o. COURIER AND PARCEL DISTRIBUTION
Brnčičeva ulica 31
SI-1231 Ljubljana-Črnuče

Tel: +386 (0) 1 513 23 00
Fax: +386 (0) 1 513 23 06
Email: [email protected]

Registration number: 1966812000

Tax number: SI46749845

Data Protection Officer (DPO): [email protected]

2. Purpose of personal data processing

  • to perform the parcel distribution service in accordance with the General Terms and Conditions - including parcel tracking, delivery notifications to recipients and management of delivery preferences (name, surname, address, telephone number, e-mail);
  • for proof of parcel delivery (eg GPS location of the parcel recipient, signature);
  • carrying out customs formalities and embargo control;
  • conducting direct marketing and research, informing about the offer, novelties and benefits and other advertising material about the DPD offer;
  • to manage subscribers' requests for information on the status of package delivery, to predict scheduled delivery;
  • measure the level of recipient satisfaction and improve services.

3. Legal basis for the processing of personal data

Processing of personal data on a legal basis: The processing of personal data in the DPD is also based on the legislation in force at any time, which regulates the protection of personal data, postal services, electronic communications and relevant European legislation.

Processing of personal data based on customer consent: The processing of personal data may also be based on the specific consent of the individual, which allows DPD to use his / hers personal data for the purposes specified in the consent, namely to perform contractual obligations, perform marketing activities such as offering notifications, news and benefits and other promotional material about the offer of DPD, related companies of DPD.

Processing of personal data on a contractual basis: Processing is necessary for the performance of a contract concluded between the client and DPD, for the performance of a service to the data subject or for the implementation of measures at the request of such individual before the conclusion of the contract. In the event that an individual does not give consent to carry out the above purposes of personal data processing, gives it in part or revokes the consent (in part), DPD will inform such individual only in cases and to the extent of consent or in ways permitted by applicable law ( eg general information). The conclusion of a contract or the provision of DPD parcel distribution services is not conditional on the consent. Giving consent is voluntary and if the individual decides that he / she does not want to give it or revokes it later, this in no way reduces his / hers rights, arising from the business relationship with DPD nor does it represent additional costs or aggravating circumstances. The personal data provided by the client to DPD are necessary for the performance of the mutual contract, ie the delivery of parcels.

4. Types of personal data concerned

  • name, surname, address, telephone number, e-mail of shippers and recipients, GPS location, signature

5. Users or categories of users of personal data, if any

Users of personal data are DPD employees, the DPDgroup, of which DPD is a member, DPD's contractual partners as processors (including, but not limited to, couriers, storekeepers, payment service providers) who, on the basis of labour law, personal data processing contracts data in accordance with the GDPR or confidentiality agreements, committed to respecting and protecting the personal data of individuals. Users access personal data in accordance with the authorizations and assigned access rights to the data.

6. Information on transfers of personal data to a third country or international organization:

DPD may also provide personal data of individuals, if they have given consent for the purposes specified in the consent, or if the transfer is necessary for the implementation of the contract and support to business processes in the implementation of the contract, to related parties of which the company is a member: Geopost SA rue Guynemer, 92130 Issy-les-Moulineaux, France, its subsidiaries and branches and confirms that DPD can do the same with the personal data of the recipient of the parcel. Geopost SA and DPD have concluded contracts with all entities located outside the EU on the processing of personal data with standard contractual clauses issued by the European Commission, if necessary.

7. Period of retention of personal data or, where this is not possible, the criteria used to determine this period

The retention period of personal data depends on the basis of processing and the purpose of processing each category of personal data. Personal data shall only be kept for as long as is necessary to achieve the purpose for which they were collected or further processed. Personal data shall be deleted, destroyed, blocked, blocked, anonymised or pseudonymised after the purpose of the processing has been fulfilled, unless there is no other legal basis or if this is necessary for the assertion, implementation or defence of legal claims.

8. Information on an individual's right to request access to personal data and the rectification or erasure of personal data or restrictions, or the existence of a right to object to the processing and a right to data portability

a) The right of the data subject to access data

If an individual would like to obtain information on personal data, DPD has the right to request the following information from DDP: contact details of the controller and his legal representative, purposes of processing, users of personal data, envisaged retention period or, if not possible, criteria used to determine this period, where the processing of personal data is based on the personal consent of the individual, the existence of the right to revoke the consent at any time, without prejudice to the lawfulness of the processing of personal data to the data subject, all available information regarding their source, the right to lodge a complaint with the Information Commissioner, the existence of the right to request DPD access, rectification or deletion of personal data or restrictions on the processing of personal data concerning the individual, or the existence of a right of objection to such processing, the existence of a right of transferability personal data, whether the provision of personal data is a statutory or contractual obligation and whether the data subject must provide personal data and what the consequences are if such data are not provided.

b) The right of the data subject to data rectification

An individual has the right to obtain that DPD corrects inaccurate personal data relating to him without undue delay. Subject to the purposes of processing, the individual has the right to supplement incomplete personal data, including the submission of a supplementary statement.

c) The right of the data subject to data erasure

The individual has the right to have the DPD delete personal data relating to him without undue delay. DPD must delete personal data without undue delay when one of the following reasons applies: (1) personal data are no longer necessary for the purposes for which they were collected or otherwise processed, (2) the individual revokes the consent on the basis of which the processing takes place and where there is no other legal basis for the processing, (3) the individual objects to the processing and there are no overriding legitimate reasons for their processing, (4) the personal data have been processed unlawfully, (5) if so provided by law.

d) The right of the data subject to a restriction on processing data

An individual has the right to have the DPD restrict processing when one of the following cases applies: (1) the individual disputes the accuracy of the data, for a period that allows the DPD to verify the accuracy of personal data, (2) the processing is illegal and the individual opposes the deletion of personal data , and instead requests a restriction on their use, (3) DPD no longer needs personal data for processing purposes, but the individual needs them to assert, enforce or defend legal claims, (4) the individual has filed an objection in accordance with paragraph 21. of the GDPR with regard to data processing until it is verified that the legitimate reasons of the controller outweigh the reasons of the individual. Where the processing of personal data has been restricted in accordance with the preceding paragraph, such personal data, with the exception of their storage, shall be processed only with the consent of the data subject or for asserting, enforcing or defending legal claims. persons. The DPD must inform the individual before canceling the processing restriction.

e) The right of the data subject to data tranfer

The data subject has the right to receive personal data concerning him / her provided by DPD in a structured and readable form and has the right, where technically feasible, to pass this data on to another controller when processing based on written consent and when processing is carried out by automated means.

f) The right of the data subject to object

The data subject whose processing is necessary for legitimate interests has the right to object to such processing. In this case, DPD must stop processing personal data unless it proves compelling legitimate reasons for the processing that outweigh the interests of the individual. An individual whose personal data are processed for the purposes of direct marketing has the right to object to such processing, and in this case DPD must stop processing personal data for these purposes. An individual can exercise his / her above-mentioned and described rights in a way that enables his / her identification by sending a request to the e-mail. address: [email protected]. DPD is obliged to respond to the individual's request in a concise, transparent, understandable and easily accessible form and in clear and simple language, in writing or in e-form, without undue delay or at the latest within one month of receiving the individual's request. DPD must provide a copy of personal data that are processed or. provide the requested information to the individual free of charge. For additional copies requested by an individual, DPD may charge a reasonable fee, taking into account administrative costs. However, where an individual's requests are manifestly unreasonable or excessive, in particular because they are repetitive, the DPD may (1) charge a reasonable fee, taking into account the administrative costs of providing the information or message or implementing the requested action;

9. Information on the right to withdraw consent where processing is based on consent

Consent may be revoked at any time without prejudice to the lawfulness of the data processing carried out on the basis of the consent up to its revocation.

10. Information on the right to lodge a complaint with the supervisory authority

You can submit a complaint to the Information Commissioner (address: Dunajska 22, 1000 Ljubljana, e-mail: [email protected] phone: 012309730, website: www.ip-rs.si).

11. Information on the source of personal data and whether they come from publicly available sources

Personal data is obtained from contractual partners (subscribers of delivery services).

12. Information on the existence of automated decision-making, including profiling

N/A