- Who we are? How to contact us?
- Why do we process and collect personal data?
- For how long do we store them?
- What are my rights?
- What are the security and confidentiality measures?
- With whom do we share them?
(I) Who we are? Our contact?
Your personal data are processed by DPD Portugal - Transportes Expresso Internacional, S.A., with registered office at Avenida Infante D. Henrique, Lote 10, Olivais Sul, 1849-003 Lisbon, registered under the single registration and body corporate number 501.964.991 at the Companies Registry Office of Lisbon, with the share capital of € 700,000.
(II) Why do we process and collect personal data?
DPD only collects ans processes, directly or indirectly, your personal data:
- When DPD has a legitimate interest do to it, namely to have a commercial business relationship, to provide its services, to ensure the access to its websites, applications ans social netwoks, to prevent and detect fraud, to ensure the security of th enetwork and information for the provision of services or of information.
- When DPD has obtained your consent to process your personal data for specific, explicit and legitimate purposes; and / or
- When it is required to comply with legal obligations that applying to DPD.
The purposes of the collection and processing of personal data relate to the scope of the provision of contract services, the analysis and promotion of the commercial relationship, the control and management of complaints about the services provided, computer security, credit recovery and commercial risk analysis.
(III) For how long do we store them?
Pursuant to applicable national and Community law, DPD's policy is to preserve data on its own basis and only for the period necessary to comply with the purpose for which it was collected, unless the right is exercised within the time limit. opposition, right to erase or withdraw consent.
(IV) What are my rights?
At any time, the Customer may
1. Request access to the data we hold about you:
As a holder of personal data, you have the right to obtain confirmation that the data concerning you are or are not subject to processing and, if applicable, to access your personal data and access the information provided for by law.
2. Request data rectification if they are inaccurate or incomplete:
As a holder of personal data, you have the right to have DPD, without undue delay, rectify inaccurate or incomplete data concerning you.
3. Request the deletion of your personal data:
As a holder of personal data, you have the right to ask DPD to erase your data without undue delay, and DPD has the obligation to delete your personal data without undue delay, when one of the following reasons applies, in particular:
a) Personal data are no longer necessary for the purpose that motivated their collection or treatment;
b) You have withdrawn your consent to the processing of data (in cases where the processing is based on consent) and there is no other basis for said processing;
c) Opposes treatment and there are no prevailing legitimate interests that justify treatment.
4. Request to limit the processing of your personal data:
As a data subject, you have the right to request DPD to limit the processing of your data if, in particular, one of the following situations applies:
a) To object the accuracy of personal data for a period that allows DPD to verify its accuracy;
b) Data processing is lawful and the data subject opposes the deletion of personal data and requests, in return, to limit its use;
c) DPD no longer needs personal data for processing purposes, but that data is required by the holder for the purposes of declaring, exercising or defending a right in a judicial process;
d) If you have opposed the processing, until it is found that the legitimate reasons of the controller override those of the data subject.
5. Oppose the processing of your personal data and the right to object to automated decisions.
At any time you can object to the processing of your personal data, such as when processing data for the purposes of direct marketing.
DPD does not use any form of automated decision making or profiling.
6. Have the right to the Portability of your personal data
DPD will provide the data holder, if requested, with personal data stored in a commonly used and machine-readable format, with the data holder having the right to transmit the data stored in that format to other entities without interference from the DPD.
7. If the treatment depends on your consent, you have the right to withdraw it.
If consent is legally necessary for the processing of personal data, the data subject has the right to withdraw consent at any time, although this right does not compromise the lawfulness of the treatment carried out on the basis of the previously given consent or the further processing of the same data, based on another legal basis, such as compliance with the contract or legal obligation to which the DPD is subject.
If you intend to exercise any of your rights, you should contact the DPD EPD / DPO via e-mail: firstname.lastname@example.org.
Your requests will be treated with special care so that we can ensure the effectiveness of your rights. You may be asked to provide proof of your identity to ensure that personal data is shared only with the holder.
You must keep in mind that in certain cases (for example, due to legal requirements) your request cannot be immediately satisfied.
In any case, you will be informed of the measures taken in this direction, within one month from the moment the order is placed.
- You also have the right to file a complaint with the National Data Protection Commission whose website is https://www.cnpd.pt/.
(V) What are the security and confidentiality measures?
(VI) With whom do we share them?
DPD may have recourse to third entities that have access to personal data of our Customers. These third entities, as subcontractors, may have access to personal data, following, for such effect, the instructions of DPD.
These third parties are essentially partners or suppliers of goods and providers of services, which include providers of logistics, transportation, IT, archiving, support for back office activity, consulting, private security, contact center, intermediaries of creditors, bank promoters, etc.
DPD ensures that such subcontracting entities offer sufficient guarantees for the execution of appropriate technical and organizational measures so that the processing meets the requirements of the applicable law and ensures the security and protection of the rights of data subjects, under the terms of the subcontracting agreement entered into with said subcontracting entities.
DPD may also transmit personal data of its Customers to third entities, when such data communications are necessary or appropriate (i) in the light of the applicable law, (ii) in compliance with legal obligations / court orders, (iii) to respond to requests from public or government authorities, or (iv) when you have given us your consent.
The company GeoPost, with registered office at 26 rue Guynemer 92130 Issy-Les-Moulineaux France, that is the parent company of the DPD, Seur and Chronopost subsidiaries, is the controller of myDPD.
The personal data are processed in the course of delivery services agreements. GeoPost hereby informs Users that the personal data collected are not mandatory for the performance of the delivery services, but they facilitate it.
The data will be used by GeoPost, its European entities and/or any third party involved in the performance of the services, particularly:
- To perform the delivery services
- To issue offers of similar products and services, by any mean of communication, as part of customizing business relations
- To measure the level of satisfaction of the Users and improve the offers and services of GeoPost and its subsidiaries.
The personal data of the User are kept for a maximum of three (3) years following his last connection to myDPD, except for the physical address of the User that is kept five (5) years.
The User shall have the right of access, and to rectification, object, restriction of processing, data portability by transmission of his data where technically feasible, and erasure of his personal data. These rights may be exercised by sending an e-mail to email@example.com.
For any problem linked to the management of his personnel data, the User shall have the right to lodge a complaint with any relevant supervisory authority.