The company Direct Parcel Distribution SK, s.r.o., identification number 35 834 498, with its registered office in Pri letisku 5, 821 04 Bratislava (hereinafter referred to as “DPD”), with the aim to ensure the highest possible level of transparency, provides the following information about the manner and extent of the personal data processing, which it performs.
DPD's basic objective to be primarily but not only the provider of postal and shipping services, is, in its business activity, to comply with all legal requirements.
As a company governed by private law, DPD follows in the personal data processing particularly the provisions of the General Regulation of the European Parliament and of the Council 2016/679 of 27 April 2016 (GDPR) on personal data protection, National Law 18/2018, the latest version of the Federal Data Protection Act (BDSG), the Postal Services Act (PostG), the Data Protection Directive in the Postal Services (PDSV) and other national legal regulations and standards.
For this reason, DPD basically processes personal data under Article 6 of the GDPR (paragraph 1 letter a – consent, letter b – contractual relations, letter c – legal obligation, letter f – legitimate interest), Article 26 of BDSG (personal data of employees) and Article 5 of PDSV (shipping, billing and main data). Further information is provided below and within the description of each service.
For privacy-related questions, you may contact the appointed DPD's Data Protection Officer (hereinafter referred to as “DPO DPD”) at [email protected]
You can address the responsible person even in the case if you suppose that there was a leak of personal data in their processing or that DPD did not secure their adequate protection. DPO DPD will review your suggestions, contact you, or provide you with a relevant answer. Please note that emails do not necessarily have to be sent from DPD because they are listed in the sender's address. Approach all the suspicious answers or questions in this way. DPD never asks for a password or other confidential identifying information. At most, we will ask your consignment number, notification parcel number, recipient's postal code, or your customer number, if necessary.
DPD processes the different categories of personal data of the subjects affected in different ways. However, it is always done only within the extent necessary to achieve the purpose for which they are being processed. As to the "Data Range" below, it should be noted that it is an informative, maximum set of data. In a particular processing, the range of data narrows only to those that DPD inevitably needs to process to achieve a particular purpose.
a. Principal, Sender and Recipient of the parcels
For the purpose of proper and provable provision of services and actions performed, especially but not only processing of orders, picking up and delivering of the Consignments, invoicing of the services and related business activities of DPD, we process the necessary identification data.
Range of Data: Identification data, Contact information (phone, email), and Other necessary Data to achieve the purpose.
For some services, Date of birth, ID Number and Personal identification number may also be included in the Identification data. However, this is the only way we can demonstrate to the Sender, and to be responsible for, the fact, that we have fulfilled its instructions for identity verification, the addressee's age.
We do not need to verify the recipient's identity when handing in a consignment if the individual contractual service setting with the Sender allows to use a security PIN, which proves the person's eligibility to receive the consignment.
b. Suppliers and their representatives
Necessary identification Data of representatives of our suppliers and contractual partners are processed for the purpose of proper fulfilment of the concluded contracts, realization of legitimate interests in business relationship and business and also to fulfil legal obligations.
Range of Data: Identification data, Contact information (phone, email) and Other necessary Data to achieve the purpose.
c. Employees of other employers
Identification Data of other employers' employees who fulfil their job tasks in DPD workplaces or for whom the supplier, for example, ensures its contractual performance (if knowledge of Data is necessary for this contractual fulfilment), we process only in order to fulfil our legal obligations (e.g. health protection at work and fire protection), protection of property and legitimate interests of DPD or communication in business relations.
Range of Data: Identification data, Contact information (phone, email) and Other necessary Data to achieve the purpose.
d. Persons in labour relation or similar relations with DPD
In order to fulfil properly the rights and obligations in employment relations, social security, tax liability, protection of our property and legitimate interests, we process identification and other necessary Data of employees or temporary workers. If necessary according to law, then Data processed for this purpose may also include Data of other persons which are important for the fulfilment of legal obligation, particularly those of family members (child, spouse, partner ...).
Range of Data: Identification data, Contact information (phone, emails), Legal information on health checks, Personal data and Other similar Data, Information on the course of employment relationship, Data on use of work equipment and working hours, data on occupational accidents, etc.
e. Visitors of the DPD websites and Users of Online applications
In order to make the functionality of the DPD websites, the online applications and review of its work more effective and easier for users, and also for their protection, Data on the web site visitors are stored in the so-called "Cookies" – small files that allow DPD to store specific information about PC visitors of the websites while visiting DPD websites. Cookies help DPD to determine the frequency of visits, the number of visitors, and to modify DPD services to make them comfortable and efficient, among other things, to identify users when using online applications and to retain preferred user settings. Cookies cannot penetrate user systems.
Range of Data: IP addresses and user settings within online applications.
f. Addressees of business notifications
For the aim of offering services, other marketing and business purposes, as well as providing information about important facts related to the activities of DPD, we process the contact details of persons representing our contractual clients, potential clients and all other persons who have granted their consent for that particular purpose.
Range of Data: Identification data, Contact information (emails, phone contact).
g. Persons entering monitored areas of DPD
DPD premises, where consignments, cash and personal data are handled, are proportionally secured by the record in a visitor's book, record of entry to the restricted access area; they are monitored by security video camera recording system (CCTV), especially for the reasons of security and property protection. Camera recordings are made available only to a clearly defined circle of DPD employees, and only for the purpose of investigation of security incidents. The camera recordings for such a case are divided into external and internal ones with different retention periods. All monitored areas are properly marked.
Range of Data: appearance and acts of persons moving in monitored premises
h. Other persons and other personal data
In various areas of DPD's activities, there may be situations where it is necessary to process various Data of persons, which cannot be precisely categorized in advance. In such cases, we always process the Data exclusively to the extent necessary to achieve the specific purpose of the processing, and in the controlled mode.
This is the case, for example, increasing the comfort of the provided shipping services, safety and provability of the delivery of consignments, recording of the GPS coordinates of the transport parcel labels.
Range of Data: Specifically as to a determined purpose, with regard to a principle of “Data minimisation”.
In accordance with Article 55 par. 5 of the Act of the National Council of the SR No. 351/201, Coll. of Laws, on electronic communication, as amended, we would like to inform you about the use of permitted cookies and to draw your attention to the possibility of changing the settings of your Internet browser if your current setting of using the cookies is not suitable for you.
Cookies are small text files that can be sent to an Internet browser when you visit a website and stored on your device (computer or other device with Internet access, such as a smartphone or tablet). Cookies are stored in the folder for your web browser files. Cookies usually contain the name of the website, from which they originated, and the date of their origin. When you visit the site the next time, the web browser reloads cookies and sends this information back to the website that originally created the cookies. The cookies we use do not harm your computer.
Upon further visits of the DPD website, cookies are recognized, allowing you to retain your specific settings or to provide you with targeted content that matches your user preferences.
The information generated by the cookies includes an anonymized IP address of the visitor and is transmitted to the servers of the service providers defined below. These servers are located in the EU or the USA and guarantee full compliance with legal requirements. Service providers may only give the information to Third parties if applicable law permits it.
Overview of the types of cookies used on DPD's websites:
a. Cookies necessary for website operation
These are the settings which are necessary for proper website functionality. These settings are not specific information about a user. This also applies to certain cookies that collect information about the visitor's user preferences, but do not allow identification of an individual visitor, and are therefore not covered by the privacy of personal information.
b. Cookies with specific user settings
These are the cookies that store information about user settings on websites. By doing so, they contribute to increase user comfort and making website usage more effective.
These cookies do not record and monitor any user activities when visiting other websites.
Cookies collect information about user preferences during browsing and thus they focus advertising on the user's interests.
The purpose of this processing is to provide the user with the content corresponding to his potential preferences, and this way increasing user comfort. Cookies remember that a user has visited certain site and then they share that information with other web service entities.
Which services do we use for the above aims?
To operate cookies and achieve the purpose for which they are used we use the services:
- operated by the company Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA. The types of cookies processed by Google are available on the following link: https://policies.google.com/technologies/types
The user can prevent cookies from being downloaded to his device or delete the cookies at any time. Because the procedure may vary depending on the browser used, the type of device and so on, we recommend using procedures recommended directly by the product manufacturer that the user applies.
Precise process information can be easily obtained e.g. by typing "How to delete cookies" into any Internet search engine.
Collecting and using cookies within individual services is possible also by means of the procedures offered by individual providers, e.g.:
- at the address https://tools.google.com/dlpage/gaoptout, there is a procedure how to discontinue recording of your data used for analytic purposes;
- at the address https://support.google.com/accounts/answer/2662922#stop_goog_p13 you can find information about the procedure how to turn off the collection of the information allowing personalized advertisements;
- at the address https://www.facebook.com/business/help/1415256572060999 you can find a procedure how to turn off personalised advertisements on Facebook.
DPD stores personal information on protected servers and devices. Both physical and data access is permitted only to authorized and instructed persons who are responsible for technical or editorial work.
Data transmission is fully ensured in accordance with the requirements of the Personal Data Protection Act and the requirements of the EU GDPR Regulation.
DPD protects processed personal data from damage, destruction, loss, alteration, unauthorized access and disclosure, provision or publicising and any other unacceptable processing. To this end, DPD has taken appropriate technical, organizational and personnel measures appropriate to the way of personal data processing.
DPD liquidates personal data whose purpose of processing has ended.
Data related to the provision of DPD services are transmitted abroad for the purpose of:
b. archiving and statistical purposes. In this case, the Data are given for processing to DPDgroup International Services GmbH & Co. KG. KG, Wailandtstrasse 1, 63741 Aschaffenburg, Germany, which is the provider of management and protection services for the Data on transport for as long as DPD is obliged to store the shipping details, i.e. maximum 10 years after the consignment has been given for shipment.
We use and process your data solely for clearly declared purposes related to our business activities. The exceptions are allowed for the following issues:
a. Compliance with legal obligations
In cases provided for by the law, we are obliged to process personal data for a purpose other than the business activity of DPD according to the Commercial Code of the SR. This is, for example, the obligation to monitor and report unusual business operations, to respect international sanctions, to provide Data to administrative bodies and authorities, social and health institutions, audit firms, police forces, financial administration, courts...
b. Intermediators of data processing
Intermediators are the entities for whom we provide, in controlled mode, Data for processing, for a particular operation that is necessary to achieve the purpose for which DPD has collected the data.
In particular the following Intermediators:
i. Contractual Carriers
Entrepreneurs who, on the basis of a concluded contract, carry out for DPD physical pick-up, transport and delivery of the consignments.
Scope of processed data: Identification and Contact Details of Senders and Recipients of Consignments.
ii. For international services, it is necessary to ensure the delivery/transit of Consignments abroad, by organizational part of the DPD Group network, which provides the country's service, or by a contracting entity that is not part of the DPD Group.
Range of Data processed: Identification and Contact information of Senders and Recipients of Consignments.
iii. ICT service providers
Within the necessary extent, Data may also be made available to ICT service providers, in particular:
used for the efficient provision of DPD services, in particular the optimization of delivery processes, provision of notification services, ensuring of transfer of data on Consignments, payment of cash on delivery (COD), etc.;
Range of processed data: Identification and Contact information of Senders and Recipients of Consignments, Identification information of the users of online applications.
used to support DPD's corporate processes, in particular corporate communication, the transmission and processing of information and the exercise of administrative activities.
Range of processed data: Data contained in company information systems.
used to store data for archiving periods, analytical and statistical purposes.
Range of processed data: Identification and Contact information of Principals, Senders and Recipients of Consignments.
iv. Service Suppliers
Companies that are, to a limited extent, involved in certain supporting DPD activities where they may be in contact with Data. Suppliers who provide loading and sorting of the consignments are typical examples.
Range of processed data: Data contained on the parcel labels of Consignments.
v. Providers of the care services for employees
For the purpose of servicing our employees, in particular, processing and paying wages and corporate benefits, ensuring necessary labour law agenda and complying with legal obligations, Employee Data are transmitted to selected contractors.
Range of processed data: Information about employees.
d. Other Recipients of Data
The Recipient of the Data is a natural or legal person, public authority, agency or other entity to whom the personal data are provided, whether it is a so-called "third party" (i.e. natural or legal entity authorised to Data processing) or not. Such disclosure is solely possible if it is necessary for the protection of the rights and claims of DPD or Data subjects. For example, it may be the provision of documents proving the value of a consignments to an insurance company or a person responsible for damage of a consignment in claiming compensation.
With all Data Processors, DPD has concluded Processing Agreements by which Processors have undertaken to comply with the legal data protection requirements and GDPR requirements for Data security.
We guarantee a transparent approach to the exercise of the rights of all persons whose personal data we process. When data subjects claim their rights, we approach processing of their requirements responsibly and with maximum emphasis on making sure that the application is made by a truly authorized person. This means that we must be sure of the identity of the applicant before we process your request (this does not apply to general processing issues).
In accordance with Data protection legislation we respond to the Data subject's rights without undue delay, no later than 30 days after the assertion and assurance that the claim has been made by an authorized person. Exceptionally, in complex cases, this period may be extended, however, maximum by 2 months and with informing the person concerned of this fact.
1. The right to request access to your personal data – you may request us to inform you whether and how we process personal information about you, with the right to access these personal data;
2. The right to correct personal data – you may request us to correct inaccurate or incomplete personal data we process about you;
3. The right to delete personal data – you may ask us to delete your personal information if, e.g. any of the following situations occurs:
a) personal data are no more necessary for the purposes for which they were collected or otherwise processed;
b) you have revoked the consent on the basis of which your personal data have been processed and there is no other legal reason to process them;
c) your personal data has been processed illegally;
d) your personal data must be deleted in order to fulfil a legal obligation under EU or member state law;
4. The right to restrict the processing of personal data - you may ask us to reduce processing of your personal data if any of the following situations occurs:
a) you have denied the accuracy of personal data for the time necessary to verify the accuracy of personal data;
b) processing of your personal data is unlawful, but you refuse to delete such data and instead you ask to restrict their use;
c) we no longer need your personal data for processing purposes but you require them to determine, execute or defend your legal claims;
d) you have raised an objection to the processing of your personal data until it is verified that the legitimate reasons of our company as an operator override your legitimate reasons;
5. the right to object to the processing of personal data – you may anytime object to the processing of your personal data by our company for the purposes of direct marketing based on our legitimate interest;
6. the right of portability of your personal data – in the case presumed by a generally binding provision (law and/or regulation) you have the right to obtain personal information – which relates to you and which you have given us – in a structured, commonly used and machine readable format whereas this right must not adversely affect the rights and freedoms of others;
7. to revoke consent – since the processing of your personal data is based on your consent, anytime you have the right to revoke your consent for the processing of personal data for the purpose for which you have granted it;
8. the right to submit a proposal to the Office for Personal Data Protection of the SR, Hraničná 12, 820 07 Bratislava 27, www.uoou.sk, pursuant to Article 99 et seq. of the Act on Personal data protection;
We process personal data of persons under 16 only with the consent of their attorneys.
DPD is responsible for ensuring safety of the Data we process for the duration of its processing and for any damage caused by fault or negligence on our part.
However, there are cases where DPD's liability is excluded, such as:
• if the damage or injury is caused by the data subject himself or the original data controller who has submitted the Data to us for processing. This may be due, in particular, to an incorrect or unlawful acquisition procedure of a Data processing mandate. The reason for this may be the behaviour of the person concerned, for example, when he/she, after unpacking the consignment, incorrectly handles the DPD invoice, wrapper or address label of the consignment;
• if we have been submitted the Data that we have not requested or have not been contracted with the person providing Data;
• in the event that we cannot be responsible for the specific processing of the Data. For example, our website also contains some links to external websites of other entities that do not have any links directly to DPD (such as advertisements). If you enter them, DPD is not responsible for the content on these sites and their Data protection terms.
National authority for the issue of personal data protection
Úrad na ochranu osobných údajov SR
(Office for Personal Data Protection of the SR)
820 07 Bratislava
a system partner.