DPD Ireland Privacy Policy

The Data Protection Laws (Data Protection Acts 1988-2018 GDPR of Ireland and the EU General Data Protection Regulation) protect the rights and freedoms of living, identifiable individuals known under the Data Protection Laws as Data Subjects. This Privacy Policy relates to the personal information of the following individuals that is processed by DPD Ireland: A 'Customer' is a person or organisation who has a contract with DPD Ireland to deliver parcels to or collect parcels from a Consignee. The Customer shares Consignees personal data with DPD Ireland for the purpose of providing a delivery service. A 'Consignee' is someone who is intended to have a collection or delivery from DPD Ireland or one of our Customers. Where DPD Ireland processes your personal data in the circumstances set out in this Privacy Policy, DPD Ireland acts as a Data Controller. If you are a Consignee, we recommend that you also refer to the Privacy Policy of our Customer (the company or individual you ordered the goods from) to find out details of how they process your personal data. All processing activities are subject to the provisions of the Data Protection Laws. DPD Ireland must have a legal basis to process your personal information and this Privacy Policy explains what our lawful basis is in respect of each purpose for which we keep and use information about you. Generally, we are allowed to process your personal information where: You have provided consent for us to do so; It is necessary in connection with a contract between us (such as a contract to supply our services to you as a Customer); It is necessary in order for us to comply with our legal obligations, or It is necessary for the purposes of a legitimate interest that we or a third party are pursuing, save where we determine that your rights override our interest.

Data Subject Rights DPD Ireland respects the fundamental rights and freedoms of data subjects. GDPR increases the privacy rights of the data subject. Under this regulation you have several rights. These rights include: Right of access: you may obtain a copy of your Personal Data being processed by DPD Ireland. Right to rectification: you may update your Personal Data or ask us to rectify your Personal Data processed by DPD Ireland. Right to object, to prevent direct marketing: you may notify your preference not to receive direct marketing from DPD Ireland or ask DPD Ireland to stop processing your Personal Data. Right to object to processing data on grounds relating to your situation based on legitimate interests or the performance of a task in the public interest. Right to erasure: you may ask DPD Ireland to delete your Personal Data. Right to restrict processing: you may ask DPD Ireland to suspend the processing of your Personal Data. Right to data portability: you may ask DPD Ireland to retrieve your Personal Data for reuse. The above is subject to the provision that the necessary legal requirements are fulfilled. DPD Ireland is committed to ensuring the protection, security, and confidentiality of Personal Data. If you want to exercise your rights as a data subject or withdraw an explicit consent given please contact the Data Protection Officer of DPD Ireland explaining what right you want to exercise so that DPD Ireland can take the necessary further steps to respect your rights. The address is confirmed as: Data Protection Officer, DPD Ireland, Athlone Business Park, Dublin Rd, Kilmacuagh, (Castlemaine), Athlone, Co. Westmeath, N37 XK83 Email: yourdata@dpd.ie Tel: (090) 642 0500 Please be aware that we might ask for a proof of identification to protect your information against unauthorised access. Please note, should your query be parcel or delivery related, please know the Data Protection team do not have access to the parcel system and are therefore unable to assist you. https://dpd.ie/Contact-Us

DPD Ireland is committed to personal data protection both during our business operations and as part of the services provided. This Policy sets out the principles and guidelines we apply to protect your Personal Data. It is designed to explain: The types of Personal Data we collect and the reasons why we collect it, How we use your Personal Data, Your rights as the data subject. This Policy applies to all services of DPD Ireland. Personal data includes particulars on personal or factual circumstances of a specific or determinable individual person. This includes for instance information such as name, address, telephone number and email address. DPD Ireland considers the protection of your Personal Data and privacy when designing new products and services. To ensure the security of your Personal Data and safeguard the proper exercise of your rights, DPD Ireland implements measures designed to protect your Personal Data.

To ensure the security of your Personal Data and safeguard the proper exercise of your rights, DPD Ireland implements measures designed to protect your Personal Data. All employees are required to acknowledge and adhere to terms including (but not limited to) the following: General measures about remaining within the law Compliance with regulatory measures, e.g. copyright law, protecting relevant data Equipment protection and protection mechanisms (antivirus, patching etc) Data protection, i.e. data classification, confidentiality and leakage Specific measures relating to systems access, use of email and internet Monitoring measures used to ensure proper use of IT services Outcome of non-compliance, e.g. disciplinary procedure and/or civil or criminal law We have relationships with external vendors to deploy advanced technology to provide us with an early warning against threats and build enterprise-wide prevention, protection, response and recovery capabilities.

To which services or companies are your Personal Data transferred to? We may share a customer’s information with other DPD entities to provide information and services the customer may request from us and to improve our services. We will not share a customer’s information with third parties without a customer’s consent, unless required by law or governmental authority. Your data may be transferred to: Departments within DPD Ireland in charge of performing the requested services. External providers: technical service providers, including sub-contractors. Companies of Groupé La Poste, for the performance of the services. Can your Personal Data be transferred to non-EU countries? DPD Ireland carry out all Personal Data processing activities within the European Union (EU) and the European Economic Area (EEA). However, for some specific services, DPD Ireland may use data processors located outside of the EU and the EEA. Some of your Personal Data may therefore be transferred to them for the strict purposes of their services. In such cases and in accordance with the regulations in force, DPD Ireland requires its data processors to provide the necessary safeguards to ensure regulated, secure transfers, mainly by requiring them to sign the European Commission’s Standard Contractual Clauses, where there is an Adequacy Decision in place or where Binding Corporate Rules exist between the business entities concerned.

DPD Ireland is 100% committed to protecting the privacy and security of the personal data we hold about our Customers, Consignees, and Employees. Our appointed Data Protection Officer (DPO) is responsible for overseeing this Privacy Notice and responding to any Data Protection concerns you may have, meets with the Stakeholders bi-annually to review and approve GDPR policies and procedures within the company. The Data Protection Officer leads a team of data protection advocates who work throughout the company, placed in each internal department and depot throughout the country. The role of the Advocate is to assist the DPO and main GDPR team in Training staff in data protection procedures, policy and best practise. Conducting audits to ensure compliance and address potential issues proactively. Serving as the point of contact between the Data Protection Officer and their individual department or depot. Monitoring performance and providing advice on the impact of data protection efforts Maintaining comprehensive records of all data processing activities conducted by the company, including the purpose of all processing activities, which must be made public on request. Maintaining the DPD Data Inventory, each quarter reviewing with the Advocates to ensure what is recorded is up to date. Interfacing with data subjects to inform them about how their data is being used, their rights to have their personal data erased, and what measures the compan has put in place to protect their personal information. All staff have received GDPR training as part of the overall comprehensive DPD staff training programme. The comprehensive training programme is also delivered to all new starters and refresher training is given at regular intervals. Regular data privacy and security communication is provided to staff as well as phishing simulations and training.

Third Party links will be found on our websites from time to time and these entities will have and will be responsible for their own Privacy Policy and notices, which should be viewed prior to use. We, DPD Ireland, accept no responsibility or liability for the processing of your personal data or for their respective Privacy Notices and policies whatsoever. These are beyond our control.

Always consider who you are sharing your personal data with, and aim to limit your sharing of sensitive personal data with trusted recipients. Pause and take a few minutes to read over the privacy policy or data protection notice of a service, app, or website, to be sure who your personal data is being shared with, where it will be stored or processed, and what purposes it will be used for, amongst other important information. If data protection or privacy policy information is inadequate or not available, you should be wary of sharing personal data with this service, app, or website, and may want to take further steps, such as contacting them, to clarify. Even when you are considering sharing personal data with a trusted recipient through an app, website, SMS, or email, make sure that it is actually them you are sharing the personal data with, and not just and app, website, phone number, or email address, which is disguised to look like it’s theirs. Be wary of links that are forwarded by SMS, messaging apps, or email, particularly if you’re not expecting them or you think it has been automatically forwarded, as this is a common way to spread malicious links. Avoid clicking links or opening attachments that you are unsure about. In particular, be wary of attachments which you were not expecting. Keep in mind that displayed text for a link can look like a legitimate URL, but the link when you click it may lead somewhere else. Pay attention to links in emails and on webpages that you connect to. Try hovering over the link before you click it; you should see the destination URL at the bottom right of your browser. Is it familiar to you? If not, think again about using it. Ensure you have up-to-date antivirus or online security software installed on all of your devices – don’t forget that smartphones and tablets are just in need of antivirus and malware protection these days as laptops or desktops.

DPD Ireland may in its sole discretion, update this information by posting the amended information on this site. This information was last updated in March 2024.

You have the right to lodge a complaint with the data protection Commission of Ireland if you believe that your rights have been violated. The Data Protection Commission can be contacted at: 21 Fitzwilliam Square S, Dublin 2, D02 RD28 For further information on how to contact the Commission please use the following link: https://www.dataprotection.ie/en/contact/how-contact-us