The General Data Protection Regulation (GDPR), which came into effect on 25 May 2018, creates consistent data protection rules across Europe. It applies to all companies that process personal data about individuals in the EU, regardless of where the company is based. Processing is defined broadly and refers to anything related to personal data, including how a company handles and manages data, such as collecting, storing, using and destroying data.
Your privacy is very important to us. We want to make your experience on the Internet as enjoyable and rewarding as possible, and we want you to use the Internet\’s vast array of information, tools, and opportunities with complete confidence.
Data Subject – a natural person whose personal data is processed by a controller or processor.
Data Controller – the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
1.1. We are committed to protecting the personal data that we hold and use and to respecting your privacy.
1.2. This policy and other documents that we may refer to within this policy describes the data that we collect from you or about you, and the way we use it.
1.3. This policy applies where we are acting as a data controller; in other words, where we are determining where and how we use the personal data you provide to us.
Data Processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Where personal data is provided directly to us by the data subject through use of our website and/or services or by registering for events, competitions or marketing updates or by any other means where we are determining the way in which that personal data is being processed for our own use, then we (courier.ie) will be the data controller of such information.
Otherwise we will act as the data processor for all other personal data provided by a data controller and require this data to fulfil the delivery contract and meet legal obligations only.
1.4. This policy applies where we are acting as a data processor; in other words, where we are processing personal data on behalf of the controller and carrying out their instructions.
2. How we use your personal data
In section 2 we describe:
- The types of data we may collect and/or process;
- The source of data we may collect;
- The purposes for which we may process that personal data and the legal basis of that processing.
2.1. The types of personal data we may collect:
- Technical data about how you use our websites and services. This may include your IP address, geographical location, details of your browser type and version, your operating system, referral source, information about how you use our website such as pages viewed and duration of your visit.
- Account data such as your email address and login password if you are registered on our websites.
- Profile data that you voluntarily provide to us, such as your name, address, telephone number and date of birth.
- Transaction data, including your credit or debit card details for the purpose of completing a transaction to use the services available through our websites.
- Service data that you provide for the purpose of fulfilling the service that you purchase through our websites. Specifically, data about your shipment(s) including address information for both the sender and recipient of your shipment(s), details required for customs such as the contents of your shipment(s) and the value of the contents.
- Correspondence data, such as transcripts and recordings of any conversations you may have with us.
2.2. The source of data we may collect:
Data we collect may be from one of the following sources:
- Directly from you: Information you voluntarily provide when using our websites (for example, when you register, buy a service, leave a review or contact our customer service team). This includes information you may provide about the recipient of the parcel such as their name, address, email and telephone number.
- From other sources: We work closely with third parties providing services to us, and we may receive information about you from them, for example:
- Through your browser or device, or through our servers:
- Your browser automatically discloses certain information to us when you use our websites (see Section 2.1.A for examples).
- Our servers may log your IP address and the pages you view on our websites.
2.3 The purposes for which we may process that personal data and the legal basis of that processing:
We may use your data for a variety of purposes related to the products and services we provide. The legal basis for such processing is set out below:
|Why we use your data||Lawful Basis|
|To perform our contract with you||To comply with legal obligations||To pursue legitimate interests|
|To provide you services under our terms and conditions||X|
|To verify your identity||X||X||X|
|To deal with enquiries or complaints you have||X||X|
|To detect and prevent fraud, money-laundering and other crimes||X|
|To make improvements to services we provide||X|
|To let you know about important changes to our policies||X|
|Management purposes such as accounting, or auditing||X||X|
|To review and enhance the performance of our systems, processes and staff (including training) to improve user experience||X|
|To ensure the information we hold about you is up to date||X||X|
|For advertising and marketing purposes||X|
3: How we share your data:
We will never sell, rent or swap your personal data or give it to anybody else for them to use for their own purposes without making that clear to you. There are however various ways in which we will share your data:
3.1. We may disclose your personal data to any member of our group of companies (including subsidiaries or our holding company) insofar as it is reasonably necessary and on the legal basis set out in section 2.3 of this policy.
3.2. We may disclose your personal data to suppliers and contractors insofar as it is reasonably necessary and on the legal basis set out in section 2.3 of this policy.
3.3. We may disclose your personal data to payment service providers in order to process payment for services or otherwise insofar as it is reasonably necessary and on the legal basis set out in section 2.3 of this policy.
3.4. We may disclose your personal data where necessary for compliance with our own legal or regulatory obligations.
3.5. International transfer of your data: Some business process may require that your data be transmitted or stored in countries outside of Europe, for example where our service to you requires delivery or collection to/from somewhere outside of the EEA and we engage international third-party suppliers to fulfil that service to you. Whenever we send (or permit a third party) to send your data outside of the EEA we will take the necessary steps to protect your data as is required by law. For example, we may rely on service providers or contractors to adhere to certain compliance programmes overseas.
4. Security & retention of your personal data:
4.1. We take data security very seriously. We have implemented various strategies, controls and measures to protect and keep your data secure and regularly review those measures. For example, all transfer of data between your browser and our websites are encrypted with SSL technology and payment card data is protected in accordance with the industry approved security controls, the Payment Card Industry (“PCI”) Data Security Standard.
4.2. We will only retain your data for as long as is necessary for the purposes outlined in this policy. The periods for which we retain data vary according to the type of data and the purpose for which we originally collected it. For example, certain transaction data may be retained for many years to comply with our legal obligations, and other data may be kept for a different period to provide the contracted services and stored until such time that all and any claims and legal disputes have been settled and there is no direct risk of fraudulent activity from erasing the data.
Our internal data retention policy is regularly reviewed. Once a retention period has elapsed any data held is deleted or irreversibly anonymised securely.
5. Your Rights:
The law gives you a number of rights to your personal data and our use of it. You have the right:
5.2. To see what personal data we hold about you and find out how we process the data.
5.3. To ask us to update personal data we hold about you.
5.4. To ask us to delete your personal data without unnecessary delay. However we reserve the right to retain data where necessary for us to complete our regulatory or other legal compliance obligations.
5.5. To ask us to stop using your data if you don’t believe we have a right to use it.
You also have the right to complain about our use of your personal data. You may do so in the EU member state that you live, your place of work or the place of the alleged infringement.
6. How to contact us:
6.1. By email at firstname.lastname@example.org.
7. Amendments to this policy:
7.1. We may update this policy from time to time, all new version will be published on our website.
7.2. We may email you to inform you of changes to this policy.
7.3. You should check our website occasionally to check for any updates or changes to this policy.