Your delivery experts

DPD France Personal Data Confidentiality and Protection Policy



DPD France views the protection of Personal Data as a key part of its missions and the services it provides to customers.
This Policy sets out the principles and guidelines for protecting the Personal Data entrusted to it by its customers under the contract of carriage, and its purpose is to inform customers about:

  • the Personal Data that DPD France collects and why it is collected,
  • the way in which this Personal Data is used,
  • its customers’ rights in relation to their Personal Data.

This Policy applies to all corporate departments of DPD France.

How does DPD France protect Personal Data?

DPD France is committed to protecting the Personal Data and privacy of its customers, starting from the design phase of every new product or service it offers to them. Measures designed to protect the Personal Data provided to DPD France are implemented to this end, in particular to ensure the security of such Data and guarantee the respect and proper exercise of its customers' rights.

What Personal Data is used by DPD France?

When DPD France receives optional data, it clearly informs its customers as to which Personal Data is required to perform the requested service and which Personal Data is provided to it voluntarily.
Personal Data is provided to DPD France by its customers and is used only for the purposes of which they have been made aware.
Personal Data may be used to offer other services to DPD France's customers only when such customers have agreed to receive marketing communications.

How is Personal Data collected from minors?

Some services may be used by minors. In these cases, minors must obtain the consent of their parents or legal guardians.

To which departments or companies Personal Data provided to DPD France by its customers may be sent ?

Personal Data provided to DPD France by its customers may be sent:

  • to DPD France's internal departments, i.e. the departments in charge of performing the requested services, including Customer Service, Sales, etc.
  • to DPD France's third-party service providers, i.e. technical suppliers including subcontractors.

Can Personal Data that is provided to DPD France be sent outside the European Union?

DPD France carries out all Personal Data processing operations within the European Union (EU).
However, for certain specific services, DPD France may use the services of subcontractors located outside the European Union. Some Personal Data may then be transferred to them strictly for the purposes of their missions. In this case, in accordance with current regulations, DPD France requires that its subcontractors provide the necessary safeguards for supervising and guaranteeing the security of such transfers, in particular by signing the standard contractual clauses of the European Commission.

How long does DPD France keep the Personal Data provided to it?

The amount of time for which Personal Data is kept depends on the service that is purchased.
DPD France undertakes not to store the Personal Data provided to it for longer than is necessary for the performance of the service, in addition to the length of time imposed by applicable statutory limitation rules.

Is the Personal Data provided to DPD France protected?

DPD France is committed to taking every possible measure to ensure the security and confidentiality of the Personal Data provided to it, in particular to preventing it from being damaged, erased, or accessed by unauthorised third parties.
In addition, in the event of a security incident affecting its customers’ Personal Data (destruction, loss, alteration, or disclosure), DPD France undertakes to comply with its obligation to notify any Personal Data breaches, in particular to the CNIL (French Data Protection Authority).

What are the rights of DPD France's customers with regard to their Personal Data?

DPD France's customers may at any time, subject to compliance with the relevant conditions, exercise the rights provided for by applicable current Personal Data regulations, by contacting DPD France. These rights include:

  • right of access: customers have the right to access their Personal Data that is processed by DPD France
  • right to rectification: customers may update their Personal Data or have their Personal Data that is processed by DPD France rectified
  • right to object, in particular the right to object to processing for direct marketing purposes: customers may express their desire to no longer receive marketing communications from DPD France or request that their Personal Data no longer be processed
  • right to erasure: customers may request that their Personal Data be erased
  • right to restriction of processing: customers may request the suspension of processing of their Personal Data
  • right to data portability: customers may ask to recover their Personal Data from DPD France in order to use it as they wish.
  • When entering into a contract of carriage or when their Personal Data is collected, customers must be informed of the address (postal and/or electronic) to which they may send their request to exercise their rights.
    Proof of identity must be sent with all requests. DPD France is committed to responding to all customer requests to exercise their rights as quickly as possible and in all cases within the statutory time limits.

    Has DPD France appointed a Data Protection Officer?

    By appointing a Data Protection Officer, DPD France has demonstrated its commitment to the protection, security, and confidentiality of its customers’ Personal Data.
    The Data Protection Officer may be contacted at the following address:
    Madame la Déléguée à la Protection des Données du groupe La Poste (La Poste Data Protection Officer), CP C703, 9 rue du Colonel Pierre Avia 75015 Paris.
    Customers may also contact DPD France to exercise their data protection rights:

    • by sending a registered letter with acknowledgement of receipt to the DPD France’s Legal Department at the following address: Service Juridique de DPD France SAS, 9 rue Maurice MALLET, 92130 ISSY-LES-MOULINEAUX, or
    • by email at rectificatif-cnil@dpd.fr
    specifying their surname, first name and postal address and attaching a copy of both sides of their ID document.
    In case of difficulties related to the management of their Personal Data, customers are entitled to file a claim with the CNIL or any competent supervisory authority.

    GLOSSARY

    Each term beginning with a capital letter has the meaning given to it below.

    • “Personal Data Confidentiality and Protection Policy” and “Policy” mean the present Policy describing the measures taken for the processing, use, and management of the Personal Data entrusted to DPD France and the rights of data subjects.
    • “Personal Data” means any information relating to a customer of DPD France and making it possible to identify such customer directly or indirectly.
    • “Processing” means any operation or set of operations applied to the Personal Data of DPD France's customers.
    • “Data Controller” means the DPD France entity that processes the Personal Data.
    • “Personal Data Breach” means a security breach resulting, accidentally or unlawfully, in the unauthorised destruction, loss, alteration or disclosure of the Personal Data provided to DPD France by its customers or in the unauthorised access to such Data.
    • “Recipient” means the department or company that receives communication of and can access the Personal Data.