Menu

PRIVACY NOTICE

DATA OF THE CONTROLLER

Name of Controller: Direct Parcel Distribution SK s.r.o.

Identification number: 35 834 498

Registered office of the Controller: Pri letisku 5, 821 04 Bratislava – mestská časť Ružinov

E-contact of the Controller: [email protected]

Contact details of the Data Protection Office: [email protected]

PRIVACY NOTICE

GPDR_alternative illustration GDPR_illustration mobile

DATA OF THE CONTROLLER

Name of Controller: Direct Parcel Distribution SK s.r.o.

Identification number: 35 834 498

Registered office of the Controller: Pri letisku 5, 821 04 Bratislava – mestská časť Ružinov

E-contact of the Controller: [email protected]

Contact details of the Data Protection Office: [email protected]

DECLARATIONS

DATA PROCESSING CONFORMITY DECLARATION

Please note that during the preparation for the application of Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: ‘GDPR’ or ‘Regulation’), we outlined the personal data processing processes of the undersigned Direct Parcel Distribution SK s.r.o. with its registered office at Pri letisku 5, 821 04 Bratislava – mestská časť Ružinov (hereinafter: ‘DPD SK’) covered by the Regulation. A record was created of the data identified during the processes, which operate legally in accordance with the expected principles.

The purposes and legal grounds of each processing, the scope of personal data involved in the processing (according to the categories of data subjects) and the criteria system of data retention were recorded. The technical and organisational measures for data security have been taken. In the case of data stored on paper and data stored on IT devices, networks and servers, technical organisational measures have been developed, such as the rights management process, servers and server security requirements. A Data Protection Officer has been appointed at our company. Our Data Protection and Data Security Policy sets out the rules for detecting and handling personal data breaches, conducting data protection impact assessments and interest balancing tests.

With regard to further tasks, we are aware of the goals that must be achieved in order for the rights of the data subject to be fully enforced. While striving for the maximum protection of personal data, we respect the right to informational self-determination. We inform the data subjects on the legal remedies available to them. The data processing path used at DPD SK can be tracked and controlled by everyone.

We declare that, in addition to the GDPR Regulation, we carry out our activities in compliance with the provisions of Act No. 18/2008 Coll. on the Protection of Personal Data and on Amendments and Supplements to Certain Acts, as amended. We require strict compliance with legal regulations from all our partners, and in the course of our activities we engage exclusively partners and subcontractors who meet the legislative requirements for the processing of personal data of data subjects.

 

Ing. Peter Pavuk

managing director, Direct Parcel Distribution SK s.r.o.

STATEMENT ON THE CONCLUSION OF DATA PROCESSING CONTRACTS UNDER THE GDPR

Dear Clients,

Direct Parcel Distribution SK s.r.o., with its registered office at Pri letisku 5, 821 04 Bratislava – mestská časť Ružinov (hereinafter: ‘DPD SK’) issues the following statement in connection with the request for the conclusion of data processing contracts from its customers, taking into account Article 28 of Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as GDPR).  

Under Article 28 of the GDPR, a data processing contract must be concluded between the controller and the processor in order to oblige the processor to respect the rules on the processing of personal data, to provide adequate guarantees to ensure compliance with the requirements of the Regulation and to implement technical and organisational measures to ensure the protection of data subjects.

DPD SK is acting as a independent controller and not as a processor in the performance of its courier services. Legal ground of the processing - data processing required for the performance of the contract under Article 6 (1) b) of the GDPR.

DPD SK independently determines the purposes and means of the processing of the personal data during the provision of the service. DPD SK is responsible for the collection, organisation, processing and storage of the personal data.

DPD SK has the right to retain the data collected even after the termination of the contract (it is not obliged to erase them at the customer's request) for the period necessary to satisfy and assess any legal claims (e.g. but not exclusively assessment of compensation claims for lost or damaged parcels).

Thus, in the above-mentioned case, where DPD SK provides only courier services, it is not acting as a processor of personal data relating to customers, but as a controller. Thus, in such a case, the Regulation does not impose the obligation to conclude a contract for processing.

For more information on the processing of personal data, please see our website, where details are provided below.

 

Ing. Peter Pavuk

GENERAL INFORMATION ON DATA PROCESSING

HOW DO WE PROTECT PERSONAL DATA?

Direct Parcel Distribution SK s.r.o. (hereinafter “Company”) ensures the security of the data and takes all technical and organisational measures necessary to enforce the GDPR and other data and confidentiality protection regulations. It protects the data against unauthorised access, alteration, transfer, disclosure, erasure or destruction and against accidental destruction or damage.

The Company  applies the following measures in order to secure the personal data processed on paper:

  • the data can only be accessed by authorised persons, with no one else having access thereto

  • the continuously processed documents are only accessible by the competent persons

  • if the personal data processed on paper is digitized, the Company applies the security rules governing digitally stored documents

If the purpose for the processing of the paper-based personal data is achieved, the Company arranges for the destruction of the paper.

In order to ensure the security of personal data stored on a computer or network, the Company applies the following measures and guarantee elements:

  • the computers used in the processing are the property of the Company, or it exercises its rights equivalent to ownership rights over them

  • the data on the computer can only be accessed with a valid, personal and identifiable authorisation - at least with a username and password -, and the passwords are changed by the Company on a regular basis or in justified cases

  • the data stored on the network server computer (hereinafter: ‘server’) can be accessed only with appropriate authorisation and only by designated persons

  • if the purpose of the processing has been achieved and the deadline for the processing has expired, the file containing the data is permanently erased, making it impossible to recover

  • the Company protects the servers with an infrastructure of high level-availability for the security of the data stored on the network, avoiding data loss with backups and archiving

  • the data carrier storing the saved data is stored in a safe box designed for this purpose, in a fireproof place and manner

  • it provides continuous virus protection for the personal data processing network

  • it prevents unauthorised persons from gaining access to the network by using the available IT equipment

The purpose of the regulation of right management is for the allocated rights to be accurately trackable and preserved in a documented form, and for the activities of the persons with individual rights and the range of data used by them to be controlled. The up-to-dateness of this data greatly assists the Company in meeting the level of security expected of it or to be achieved by it, as well as to operate the IT network in accordance with legal and professional standards.

In order to ensure the security of the personal data, the Company applies the following rights management regulations:

  • The setting up of a new right or the modification of a right is performed by the IT specialist based on the authorisation of the right holder

  • When establishing rights, we only allocate the rights necessary and sufficient for the work

  • The allocation of full access or administrator rights to persons who perform other work or not requiring the rights, should be avoided

In order to comply with the GDPR, the Company strives to minimise the processing of personal data, to pseudonymise the personal data as soon as possible, to ensure the transparency of the functions and processing of the personal data, to allow the data subject to monitor the processing, and to enable the controller to create and improve security features.  Built-in data protection (privacy by design), as a result of which the Company complies with the requirements of the GDPR even before the actual start of processing - e.g. already during the project preparation period -, was introduced. Built-in data protection is the sum of the Company's own internal procedures, with which, regardless of external regulations, it seeks to comply with the requirement to protect the privacy of the data subject as much as possible.

DO WE TRANSFER DATA TO THIRD PARTIES?

Direct Parcel Distribution SK s.r.o. (hereinafter “Company”) uses your data only for the purposes stated in connection with our business activity. The data we process is not disclosed to anyone and for purposes that are not directly related to our services, with the exception of the following cases:

Compliance with legal requirements

In certain cases, in accordance with applicable legal regulations, the Company is obliged to provide the data it processes upon request of the competent authorities. Examples of such authorities include tax offices, law enforcement authorities, other public administration and state authorities, auditors, etc.

Processors

Natural or legal persons, public authorities, agencies or any other bodies that process personal data on behalf of the Controller.

The types of data processors are listed below, but are not exhaustive:

  1. Subcontracting carriers

Contractors who collect and deliver parcels on behalf of the Company under contract.

  1. Organisations cooperating with the GeoPost group and partners involved in transportation

Within the framework of international services, the delivery/forwarding of parcels abroad is carried out by the organisational units or partners of the GeoPost Group that are responsible for such services provided in the given country.

  1. Infocommunication service providers

If necessary, the Company also communicates data to infocommunication service providers within a controlled framework. Such cases include, for example:

  • to ensure the efficiency of the services (especially to optimise transportation processes)

  • when using notification services (transfer of parcel data),

  • in connection with the service fee for cash on delivery services, etc.

  1. Service providers

There are companies that have a limited involvement in certain activities of the Company, during which they come into contact with data. By this we usually mean subcontractors whose employees are responsible for loading and sorting parcels.

WHAT ARE THE RIGHTS AND OBLIGATIONS OF DPD AS A CONTROLLER?

Direct Parcel Distribution SK s.r.o. (hereinafter “Company”) processes data in its proceedings only and exclusively in accordance with the provisions of the applicable legislation. The Company  processes personal data only on the basis of a legal authorisation or the prior and, in the case of specific personal data, written consent of the data subject or on the basis of a law or a legal authorisation.

The use of personal data processed by the Company for private purposes is prohibited and our processing will at all times comply with the purpose limitation principle: that is, personal data are processed for a specific purpose, for the exercise of a right or the performance of an obligation, and for the minimum time and scope necessary to achieve that purpose.

If the purpose of the processing ceases to exist or the processing is otherwise unlawful, the data will be erased.

Employees of the Company' s departments who perform data processing and employees of organisations involved in the processing on behalf of the Company and performing processing operations are obliged to keep the personal data obtained by them as trade secrets. If any personal data processed by the Company is incorrect, incomplete or out of date, it must be corrected or the correction must be requested from the employee responsible for the data.

WHAT ARE YOUR RIGHTS AND OBLIGATIONS AS A DATA SUBJECT OF PERSONAL DATA?

Direct Parcel Distribution SK s.r.o. (hereinafter referred to as the “Company”) is, in accordance with applicable legal regulations, obliged to grant the data subject the following rights in relation to his or her personal data. Please note that the exercise of the data subject’s rights depends on the legal basis of the processing; therefore, this description constitutes a general summary.

  1. Right to request access to personal data – you may request information on whether and how the Company processes your personal data, with the subsequent right to access such personal data.

  2. Right to rectification of personal data – you may request the correction of inaccurate or incomplete personal data that the Company processes about you.

  3. Right to erasure of personal data – you may request that the Company erase your personal data, for example if one of the following situations occurs:
    a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
    b) you have withdrawn the consent on the basis of which your personal data were processed and there is no other legal ground for the processing;
    c) the personal data have been processed unlawfully;
    d) your personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the Company is subject.

  4. Right to restriction of processing of personal data – you may request that the Company restrict the processing of your personal data if one of the following situations occurs:
    a) you contest the accuracy of the personal data, for the period necessary to allow us to verify their accuracy;
    b) the processing of your personal data is unlawful, but you oppose the erasure of the data and request the restriction of their use instead;
    c) the Company no longer needs your personal data for the purposes of processing, but you require them for the establishment, exercise or defence of legal claims;
    d) you have objected to the processing of your personal data, pending the verification of whether the legitimate grounds of the Company as controller override your legitimate grounds.

  5. Right to object to the processing of personal data – you may object to the processing of your personal data.

  6. Right to data portability – in cases provided for by law and/or regulation, you have the right to obtain personal data concerning you in a structured, commonly used and machine-readable format. This right shall not adversely affect the rights and freedoms of others.

  7. Right to withdraw consent – where the processing of your personal data is based on your consent, you have the right to withdraw your consent to the processing of personal data for the purpose for which it was granted at any time.

  8. Right to lodge a complaint with the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27, www.uoou.sk, to initiate proceedings on the protection of personal data.

DPD does not directly provide services to persons under the age of 16. The processing of personal data of persons under the age of 16 is therefore assumed to be based exclusively on the consent of their legal representative.

IN WHICH CASES CAN DPD'S LIABILITY AS CONTROLLER BE LIMITED?

Direct Parcel Distribution SK s.r.o. (hereinafter referred to as the “Company”) independently determines the purposes and means of the processing of personal data in the course of providing its services. The Company is responsible for the collection, organisation, processing and storage of personal data.

The Company is responsible for ensuring the security of the data it processes and for any damage that may arise as a result of fault or negligence on the part of the Company.

However, there are cases in which the Company’s liability is excluded, for example:

  • where damage or harm is caused by the fault of the data subject himself/herself or of the original data controller who provided the data to us for processing. The reason may in particular be an incorrect or unlawful procedure in obtaining the data. This also includes, for example, the behaviour of the data subject when, after unpacking a shipment, he or she handles DPD documents improperly, such as an invoice, the packaging of the shipment, or the address label of the shipment containing personal data;

  • in cases where the Company demonstrably bears no responsibility for the specific processing of the data. For example, our websites also contain several links to external websites of other entities that are not directly connected with the Company (e.g. advertisements). If you access such websites, the Company is not responsible for the content of those websites or for their data protection conditions.

WHAT ARE THE CLAIM ENFORCEMENT OPTIONS?

The Company endeavours to ensure that the information provided to you is as concise, transparent, comprehensible, easily accessible, clear and understandable as possible, in all cases, while complying with the rules set out in the GDPR.

If you wish to exercise your rights under the GDPR for the purposes set out in this Notice, you may submit your request in writing, in particular to the contact details of the data protection officer as indicated in this Notice. However, if you request information verbally, an authorised employee of the Company may, after verifying your identity, provide you with the information verbally, provided that the necessary data are available to them. In all other cases, your request will be recorded by our staff and you will be informed of your request within one month of its receipt. This deadline may be extended by a maximum of two additional months if justified by the complexity of the request or the number of requests currently being processed, but you will be informed electronically within one month of the receipt of your request.

If we do not act on your request or if you do not accept our action, you may seek legal remedy. You may lodge a complaint about our processing practices here:

Úrad na ochranu osobných údajov Slovenskej republiky

Námestie 1. mája 18

811 06 Bratislava

https://dataprotection.gov.sk/sk/

DATA PROTECTION STATEMENTS RELATED TO BUSINESS PROCESSES

PROCESSING OF PERSONAL DATA RELATING TO CONSIGNEE

DATA SOURCE:

Direct Parcel Distribution SK s.r.o. (hereinafter referred to as the “Company”) obtains personal data about consignee from the consigners of consignments.

DESCRIPTION OF THE COURSE OF PROCESSING:

The Company provides forwarding services to its customers. Customers who use the service become consigners. The Company processes the personal data of consignee obtained from the consigner for the purpose of providing the service. The consigner is responsible for the accuracy of the personal data and for having lawfully obtained them from the consignee.

When a consignment is dispatched, the Company obtains the consignee’s name and surname, address, telephone number and email address as contact details. These details are also stated on the parcel label.

Where the consigner so chooses, the Company sends shipment notifications, in particular information about the delivery date and time, and details of the pickup point or collection point where the consignment can be collected, to the telephone number provided by the consigner in the form of an SMS message. This activity is carried out by contractual external partners in the telecommunications sector acting as data processors.

The Company also contacts the consignee at the email address provided by the consigner for the purpose of providing information about the shipment.

Where the consigner orders the additional ID check service (typically when ordering goods subject to age restrictions under applicable legislation), the Company records the full identification document number.

In the case of delivery of standard consignments against a paper delivery list or upon presentation of an identification document at a pickup point instead of a PIN code, the Company records the last five digits of the consignee’s identification document number.

THE PURPOSE OF PROCESSING:

Provision of the forwarding service ordered by the consigner, i.e. delivery of the consignment to the consignee.

LEGAL GROUND OF THE PROCESSING:

Article 6(1)(f) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and Section 13(1)(f) of Act No. 18/2018 Coll. on the Protection of Personal Data.

SCOPE OF THE DATA PROCESSED:

Name and surname, address, email address, telephone number – contact details of the consignee as the authorized person, and, where applicable, the name and address of witnesses to whom the consignment was handed over.

Proof of delivery, where delivery is not made against a PIN code: name and surname and signature of the consignee, delivery address, parcel number, courier name, route number, GPS coordinates of the delivery, and, where applicable, the last five digits of the identification document number.

PRESERVATION PERIOD OF THE PERSONAL DATA:

The Company will store personal data relating to this processing for one year from the date of recording.

RULES REGARDING THE EXERCISING OF DATA SUBJECT RIGHTS:

For more information on the protection and transfer of personal data, the rights and obligations of the data subject and the controller, the limitation of liability and the enforcement of claims, read the section “General information on data processing”.

PROCESSING OF PERSONAL DATA RELATING TO CONTRACTED CONSIGNERS

DATA SOURCE:

Direct Parcel Distribution SK s.r.o. (hereinafter referred to as the “Company”) obtains personal data about the consigners in the course of concluding forwarding contracts.

DESCRIPTION OF THE COURSE OF PROCESSING:

The Company provides forwarding services to its customers on the basis of a forwarding contract. Customers who use the service become consigners.

The customer orders the forwarding service by submitting an order – a request for dispatch of a parcel through the Company’s system, which requires, in addition to the customer’s data, data relating to the sender, the consignee, as well as other information relating to delivery and payment.

The Company electronically stores personal data collected in the course of ordering services and transaction data related to the service. Orders are recorded in the Company’s electronic system, which is accessible only to the Company’s employees or other persons engaged by the Company under another legal relationship, with the appropriate level of authorization and involved in the performance of the service.

These data are transmitted via the courier’s mobile data acquisition (MDA) scanner, which processes data necessary for the delivery. The Company also uses subcontractors for delivery services who are involved as data processors. Where a parcel is delivered across borders or to a third country, the Company transfers data necessary for the provision of the service to Geopost subsidiaries or contractual partners.

Paper documents, if generated in the course of providing the Company’s services, are archived and, after the expiry of the retention period, disposed of by the Company itself or by an authorized external contractual partner.

THE PURPOSE OF PROCESSING:

Provision of the forwarding service ordered by the consigner, i.e. delivery of the consignment to the consignee.

LEGAL GROUND OF THE PROCESSING:

Article 6(1)(b) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and Section 13(1)(b) of Act No. 18/2018 Coll. on the Protection of Personal Data.

SCOPE OF THE DATA PROCESSED:

Name and surname, address, email address, telephone number, bank details – contact details of the consigner as the authorized person.

PRESERVATION PERIOD OF THE PERSONAL DATA:

Personal data will be processed and stored for the duration of the contractual relationship. Following its termination, personal data will be stored for the period necessary for the establishment, exercise or defense of legal claims arising from the terminated contract, as well as for the period required by applicable legal regulations, in particular accounting and tax regulations.

RULES REGARDING THE EXERCISING OF DATA SUBJECT RIGHTS:

For more information on the protection and transfer of personal data, the rights and obligations of the data subject and the controller, the limitation of liability and the enforcement of claims, read the section “General information on data processing”.

PROCESSING OF PERSONAL DATA RELATING TO OCCASIONAL CONSIGNERS

DATA SOURCE:

Direct Parcel Distribution SK s.r.o. (hereinafter referred to as the “Company”) obtains personal data about occasional consigners when concluding a forwarding contract for the provision of a forwarding service for a specific consignment, via the dpdmojkurier.sk application.

DESCRIPTION OF THE COURSE OF PROCESSING:

The customer orders the forwarding service through the Company’s dpdmojkurier.sk application, and when placing the order, the system requires, in addition to the customer’s data, the consignee’s data and other information related to delivery and payment.

The Company electronically stores personal data collected during the ordering of services and transaction data related to the service. Orders are recorded in the Company’s electronic system, which is accessible only to the Company’s employees or other persons engaged under another legal relationship, with the appropriate level of authorization and involved in the performance of the service.

These data are transmitted via the mobile data acquisition (MDA) scanner of the delivery courier, which processes the data necessary for delivery. The Company also uses subcontractors for the delivery service, who are involved as data processors. Where a parcel is delivered across borders or to a third country, the Company transfers data necessary for the provision of the service to Geopost subsidiaries or contractual partners.

THE PURPOSE OF PROCESSING:

Provision of the forwarding service ordered by the consigner, i.e. delivery of the consignment to the consignee.

LEGAL GROUND OF THE PROCESSING:

Article 6(1)(a) (b) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and Section 13(1) (a) and (b) of Act No. 18/2018 Coll. on the Protection of Personal Data.

SCOPE OF THE DATA PROCESSED:

Name and surname, address, email address, telephone number, bank details – contact information of the consigner as the authorized person.

PRESERVATION PERIOD OF THE PERSONAL DATA:

Personal data will be processed and stored for the duration of the contractual relationship, i.e. until the consignment is delivered to the consignee. After the termination of the contractual relationship, personal data will be retained for the period necessary to assert, exercise, or defend legal claims arising from the terminated contract, as well as for the period required by applicable legal regulations, in particular accounting and tax regulations.

RULES REGARDING THE EXERCISING OF DATA SUBJECT RIGHTS:

For more information on the protection and transfer of personal data, the rights and obligations of the data subject and the controller, the limitation of liability and the enforcement of claims, read the section “General information on data processing”.

PROCESSING OF PERSONAL DATA RELATING TO INDIVIDUALS CONTACTING CUSTOMER SERVICE OR SUBMITTING COMPLAINTS

DATA SOURCE:

Personal data of a person contacting the customer service of Direct Parcel Distribution SK s.r.o. (hereinafter referred to as the “Company”) or submitting a complaint regarding the Company’s services.

DESCRIPTION OF THE COURSE OF PROCESSING:

The customer service department is responsible for recording and processing inquiries received from consigners, consignees, or third parties in relation to the ordered/performed service, including, where necessary, forwarding them to the relevant departments, tracking the shipment route, providing information about services, transferring information, and recording complaints.

The scope of personal data processed and the processing activities within the customer service depend on the type of case being handled.

The Company processes personal data collected within customer service activities electronically through its ticketing system.

Complaints can be submitted to the Company’s customer service by phone or in writing (mail, email, chatbot).

Complaints are forwarded to the responsible employee; all complaints are recorded and investigated.

THE PURPOSE OF PROCESSING:

Administrative processing by the customer service, and where necessary by other departments, for the purpose of verifying the legitimacy and handling of complaints from consigners, consignees, or third parties, managing claims for damages related to the provision of services, and enforcing the Company’s value framework.

LEGAL GROUND OF THE PROCESSING:

Article 6(1) (b), (c) and (f) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and Section 13(1) (b),(c) and (f) of Act No. 18/2018 Coll. on the Protection of Personal Data.

SCOPE OF THE DATA PROCESSED:

Name and surname of the complainant, consignee, consigner, or third party, address, email address, telephone number, and, where applicable, other data related to the shipment or the specific escalated case.

PRESERVATION PERIOD OF THE PERSONAL DATA:

For general customer service activities: personal data will be retained for a maximum of 1 year from the provision of the service. Personal data of a complainant who has received financial compensation will be retained for the period required by applicable legal regulations, in particular accounting and tax regulations.

RULES REGARDING THE EXERCISING OF DATA SUBJECT RIGHTS:

For more information on the protection and transfer of personal data, the rights and obligations of the data subject and the controller, the limitation of liability and the enforcement of claims, read the section “General information on data processing”.

PROCESSING OF PERSONAL DATA RELATING TO PERSONS PARTICIPATING IN CUSTOMER SATISFACTION SURVEYS

DATA SOURCE:

Personal data of natural persons participating in satisfaction surveys regarding the services provided by Direct Parcel Distribution SK s.r.o. (hereinafter referred to as the “Company”).

DESCRIPTION OF THE COURSE OF PROCESSING:

It is important for the Company to provide its services at a consistently high level and to ensure the satisfaction of its customers as well as consignees. To achieve this goal, the Company conducts satisfaction surveys among consigners as well as consignees of shipments.

The Company sends email notifications with a link to a questionnaire evaluating the quality of the service. After evaluating the responses from the questionnaire, a report on customer or consignee feedback is prepared and sent to the managers of the relevant organizational units.

Aggregated assessments of customer and consignee satisfaction, collected suggestions, and information are continuously submitted to the Company’s management, which evaluates them, sets objectives for process improvement, and, if necessary, implements corrective and preventive measures.

THE PURPOSE OF PROCESSING:

To gather opinions of customers and consignees and to improve the quality of the services provided.

LEGAL GROUND OF THE PROCESSING:

Article 6(1) (f) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and Section 13(1) (f) of Act No. 18/2018 Coll. on the Protection of Personal Data.

SCOPE OF THE DATA PROCESSED:

Shipment number, name and surname of the consigner and the consignee, email addresses, as well as any additional information provided when completing the satisfaction questionnaire.

PRESERVATION PERIOD OF THE PERSONAL DATA:

The personal data will be stored by the Company for a maximum of 18 months from the processing of the customer satisfaction questionnaire.

RULES REGARDING THE EXERCISING OF DATA SUBJECT RIGHTS:

For more information on the protection and transfer of personal data, the rights and obligations of the data subject and the controller, the limitation of liability and the enforcement of claims, read the section “General information on data processing”.

PROCESSING OF PERSONAL DATA RELATING TO PERSONS PARTICIPATING IN MARKETING COMPETITIONS

DATA SOURCE:

Personal data of natural persons participating in competitions organized by Direct Parcel Distribution SK s.r.o. (hereinafter referred to as the “Company”) as part of its marketing activities.

DESCRIPTION OF THE COURSE OF PROCESSING:

The Company organizes marketing competitions in which natural persons (hereinafter referred to as “competition participants”) may participate via the website, social media channels, electronic forms, the dpdmojkurier.sk web application, or other communication channels designated by the Company.

Personal data of competition participants are provided voluntarily by the participants themselves when registering for the competition, primarily by completing the competition form, checking the consent box, or fulfilling other competition requirements. The processing of personal data is carried out exclusively for the purpose of implementing the competition, in particular for registering participants, verifying compliance with competition requirements, evaluating the competition, contacting winners, and delivering prizes.

The personal data are processed electronically and are protected by appropriate technical and organizational security measures against loss, misuse, unauthorized access, or disclosure.

THE PURPOSE OF PROCESSING:

The personal data of competition participants are processed for the purposes of organizing, implementing, and administering marketing competitions, registering participants, verifying compliance with competition requirements, evaluating the competition, determining winners, contacting winners, ensuring the handover or delivery of prizes, handling possible complaints, enforcing the Company’s legal claims, and fulfilling the Company’s statutory obligations related to the organization of competitions.

LEGAL GROUND OF THE PROCESSING:

Article 6(1) (a) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and Section 13(1) (a) of Act No. 18/2018 Coll. on the Protection of Personal Data.

SCOPE OF THE DATA PROCESSED:

Name and surname of the competition participant, data relating to a shipment for which the participant was the sender or the recipient, as well as any other data provided when completing the competition form.

PRESERVATION PERIOD OF THE PERSONAL DATA:

Personal data of competition participants are retained for the duration of the competition and, after its completion, for the period necessary to evaluate the competition, deliver or hand over prizes, handle possible complaints or disputes, and fulfill the Company’s statutory obligations.

The retention period of personal data shall not exceed 1 year from the end of the competition, unless a specific legal regulation or given consent provides for a longer retention period.

RULES REGARDING THE EXERCISING OF DATA SUBJECT RIGHTS:

For more information on the protection and transfer of personal data, the rights and obligations of the data subject and the controller, the limitation of liability and the enforcement of claims, read the section “General information on data processing”.

PROCESSING OF PERSONAL DATA SUBMITTED THROUGH THE WEBSITE

DATA SOURCE:

Personal data of individuals who visit the website of Direct Parcel Distribution SK s.r.o. (hereinafter referred to as the “Company”) and initiate contact.

DESCRIPTION OF THE COURSE OF PROCESSING:

On the Company’s website at https://www.dpd.com/sk/sk/kontakt/, you can contact the Company via forms on various topics. For example:

A request to cooperate as a service subcontractor can be submitted via the Company’s website https://www.dpd.com/sk/sk/stan-sa-kurierom-dpd/stan-sa-dopravcom/#Stan_sa_dopravcom if you wish to become a delivery partner of the Company.

A request to cooperate as a Pickup parcel point can be submitted via the Company’s website https://www.dpd.com/sk/sk/pickup/ if you wish to act as a collection and delivery point for the Company.

The Company also allows individuals to establish contact via the form for purposes other than those listed above; in such cases, the same principles of personal data processing described in this section apply.

In all cases, by submitting the message/form, the individual confirms that they have been informed about how the Company processes their personal data.

THE PURPOSE OF PROCESSING:

To facilitate contact between individuals and the Company via the website for the purpose of establishing a contractual relationship, recommending a suitable pickup point, or for a similar purpose.

LEGAL GROUND OF THE PROCESSING:

Article 6(1) (a) and (b) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and Section 13(1) (a) and (b) of Act No. 18/2018 Coll. on the Protection of Personal Data.

SCOPE OF THE DATA PROCESSED:

First name and last name, address, email address, telephone number, as well as any other information provided when submitting a message or filling in a form.

PRESERVATION PERIOD OF THE PERSONAL DATA:

The personal data will be retained for 1 year from the date the message/form is submitted via the Company’s website, unless a specific legal regulation or given consent stipulates a longer retention period.

RULES REGARDING THE EXERCISING OF DATA SUBJECT RIGHTS:

For more information on the protection and transfer of personal data, the rights and obligations of the data subject and the controller, the limitation of liability and the enforcement of claims, read the section “General information on data processing”.

PROCESSING OF PERSONAL DATA FOR INVOICING PURPOSES

DATA SOURCE:

Personal data of natural persons who are in a contractual relationship with Direct Parcel Distribution SK s.r.o. (hereinafter referred to as the “Company”).

DESCRIPTION OF THE COURSE OF PROCESSING:

The Company issues and receives invoices as part of its operations.
Invoices issued by the Company contain personal data to the extent required by the applicable accounting and tax regulations, in particular for natural persons and sole proprietors, including identification and contact details such as first and last name, address, identification number, tax identification number, bank account number, and other data required by law; invoices also include information on prices, discounts, tariffs, and other data related to the services or goods provided.

The Company issues invoices electronically or, if necessary, in paper form and performs invoicing activities using an invoicing system. Invoices are archived in the Company’s own global electronic system.

THE PURPOSE OF PROCESSING:

Issuing and managing invoices in connection with the provision of services, ensuring financial and accounting processes.

LEGAL GROUND OF THE PROCESSING:

Article 6(1) (b) and (c) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and Section 13(1) (b) and (c) of Act No. 18/2018 Coll. on the Protection of Personal Data.

SCOPE OF THE DATA PROCESSED:

First and last name, address, company registration number (IČO), tax identification number (DIČ), bank account number, and other data to the extent required by the applicable accounting and tax regulations.

PRESERVATION PERIOD OF THE PERSONAL DATA:

Personal data contained in invoices issued by the Company are retained for the period necessary to fulfill the purpose of processing, in accordance with the currently applicable accounting and tax regulations.

RULES REGARDING THE EXERCISING OF DATA SUBJECT RIGHTS:

For more information on the protection and transfer of personal data, the rights and obligations of the data subject and the controller, the limitation of liability and the enforcement of claims, read the section “General information on data processing”.

PROCESSING OF PERSONAL DATA RELATING TO VISITS TO THE WEBSITE - COOKIES

DATA SOURCE:

Personal data are collected directly from the data subject when visiting the website. Data are generated automatically during the use of the website through technical means, primarily cookies and analytical tools (e.g., Google Analytics).

DESCRIPTION OF THE COURSE OF PROCESSING:

The Company operates its own website, which is available at https://www.dpd.com/sk/sk/. Automatic data collection takes place on the website (cookies, Google Analytics, etc.).

Visitor access to and departure from the website is facilitated via small data packets, so-called cookies, which the website stores on visitors’ devices and subsequently reads from them. Cookies are used to ensure the proper functioning of the website, provide more efficient services, and collect anonymized data for statistical purposes.

Visitors may delete cookies from their devices, which are also automatically deleted upon closing the browser, or they can manually disable the use of cookies in their browser settings. The website can still be used if cookies are disabled in the visitor’s browser.

The website uses a unique, temporary cookie named “spublic” to identify workflow processes, i.e., to determine whether the visitor is logged in to the website or not. The “spublic” cookie thus assists visitors when accessing and leaving the website. It is a temporary cookie that is automatically deleted from the visitor’s device upon closing the browser or can be manually removed by the visitor in the browser settings.

The following cookies are used to collect statistical data about website traffic, the number of visitors, and other information:

  • whether the visitor came to the website via a search engine, keyword, or link (cookie “utmz”),

  • the number of website visits by the visitor (cookie “utmb”),

  • the duration of the visitor’s stay on the website (cookies “utma” and “utmv”),

  • the time of the first visit to the website (cookies “utma” and “utmv”),

  • the time of the last visit to the website (cookies “utmc” and “utmv”).

In addition, some cookies protect the website from overload (cookie “utmt”), and some cookies used by Google Analytics also record the IP address of the visitor’s device for analytical, statistical, and security purposes. The data are stored on the visitor’s device. Independent measurement and auditing of website traffic and other analytical data are carried out by Google Analytics servers as an external service provider, using the cookies listed above. The operator of these data provides detailed information on processing collected data at https://www.google.com/analytics/, and further information on Google’s privacy policies is available at http://www.google.sk/intl/sk/policies/privacy/. Data transferred from the website to Google Analytics servers cannot be used for the direct and exclusive identification of the visitor; they serve solely to identify the IP address of the device.

By visiting the website and clicking the “Accept” button, the visitor consents to the use of cookies by the data controller or external service providers in connection with the operation of the website, including the possible recording of data and information described in this statement, depending on the settings.

Such data include information about the visitor’s device, which is generated during the use of the website and recorded via cookies as an automatic result of technical processes. The system records this data automatically, without a separate declaration or action by the user upon entering or leaving the website.

Depending on the settings, the stored data will not be linked to any other personal data of the user and will be accessible to third-party service providers of cookies (e.g., Google) and the data controller. Based on these data, it is not possible to identify the visitor.

THE PURPOSE OF PROCESSING:

Visitor data is recorded during the visit to the website for the purpose of monitoring the functioning of the service and preventing its misuse.

LEGAL GROUND OF THE PROCESSING:

Article 6(1) (a) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and Section 13(1) a) of Act No. 18/2018 Coll. on the Protection of Personal Data.

SCOPE OF THE DATA PROCESSED:

Date, time, IP address of the user’s device, address of the visited page, address of the previously visited page, information about the user’s operating system and browser.

PRESERVATION PERIOD OF THE PERSONAL DATA:

Personal data are processed electronically by the Company for a period of 30 days from the date of the website visit.

RULES REGARDING THE EXERCISING OF DATA SUBJECT RIGHTS:

For more information on the protection and transfer of personal data, the rights and obligations of the data subject and the controller, the limitation of liability and the enforcement of claims, read the section “General information on data processing”.

PROCESSING OF PERSONAL DATA FOR RECRUITMENT PURPOSES

DATA SOURCE:

The data are obtained directly from the individual visiting the career portal or the website of Direct Parcel Distribution SK s.r.o. (hereinafter referred to as the “Company”) who establishes contact.

DESCRIPTION OF THE COURSE OF PROCESSING:

The Company operates a careers page, accessible at: https://www.dpd.com/sk/sk/kariera/.

Applicants may also apply for a position that has not been advertised by the Company. In such cases, the processing of the applicant’s data is identical to the processing described for advertised positions.

Applicants enter their contact information into the Company’s online system and upload their CV or other related documents.

During the selection process, telephone, in-person, or online interviews are conducted based on the CVs. Recruitment staff, the potential professional manager, and the current executive manager are responsible for selecting suitable candidates. These persons have access to the data provided in the CVs.

The Company generally retains CVs for potential future use and creates a database for positions that may become available or need to be filled later. Data in this database are retained for one year.

THE PURPOSE OF PROCESSING:

Personal data of job applicants are processed for the purposes of conducting and evaluating recruitment for vacant positions within the Company, assessing professional qualifications, work experience, and suitability of the applicant, contacting applicants regarding the selection process, maintaining records of applicants during the process, establishing an employment relationship with the selected candidate, and demonstrating compliance with the Company’s obligations or asserting its legal claims. If consent is granted, data may also be used to include the applicant in a database of potential employees for future recruitment processes.

LEGAL GROUND OF THE PROCESSING:

Article 6(1) (a) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and Section 13(1) a) of Act No. 18/2018 Coll. on the Protection of Personal Data.

SCOPE OF THE DATA PROCESSED:

Personal data of the applicant, including first and last name, email, phone contact, and all personal data provided by the applicant in the CV or other submitted documents (in particular, residential address, information about previous and current employment, qualifications, and language skills).

PRESERVATION PERIOD OF THE PERSONAL DATA:

The personal data are retained for 1 year from the submission of contact information on the Company’s portal, unless a specific legal regulation or granted consent provides for a longer retention period.

RULES REGARDING THE EXERCISING OF DATA SUBJECT RIGHTS:

For more information on the protection and transfer of personal data, the rights and obligations of the data subject and the controller, the limitation of liability and the enforcement of claims, read the section “General information on data processing”.