Deutsche Post AG (hereinafter called DPAG) and its subsidiaries operating under the brand DHL (hereinafter called 'DHL') is pleased that you have visited our website and are interested in our company, products and services. It is important to us to protect your personal data during handling throughout the entire business process.
In the following, we explain what personal data DPAG collects when you visit our website and how this data is processed and for what specific purposes.
WHAT IS PERSONAL DATA?
Personal data means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes information such as your real name, address, telephone number and date of birth. Information which cannot be linked to your real identity - such as favorite websites or number of users of a site - is not considered personal data.
WHO IS RESPONSIBLE?
This Privacy Notice applies for the data processing carried out by:
Deutsche Post AG
Data Protection Officer of Controller; contact details:
Deutsche Post AG
Global Data Protection
If you have queries with regard to the processing of your personal data, please contact the Data Protection Officer.
If you have any further queries regarding data protection in connection with our website or the services offered there, please contact data protection:
WHAT ARE THE PURPOSES OF AND THE LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA?
Visiting our website
DPAG is committed to preserving the privacy of users of our websites. When you visit our web pages, the following data are collected: IP address, hostname of the accessing computer, website from which you accessed this website, a list of the sites you visited within the scope of our overall internet presence, the date and duration of your visit, notification of whether the visit was successful, volume of data transferred, information about the identification data of the browser type and operating system used by you. Temporary storage of this data is necessary during your visit to the website in order to allow the website to be delivered to you. Further storage in log files is performed to ensure the functionality of the website and the security of our IT systems. The legal basis for the processing of the aforementioned data categories is Art. 6 (1) (f) of the European General Data Protection Regulation (GDPR). Due to the said purposes, in particular to guarantee security and a smooth connection setup, we have a legitimate interest to process this data.
Additional personal information such as your name, address, telephone number or e-mail address is not collected unless you provide this data voluntarily, e.g. while completing an online contact form, as part of a registration, survey, competition or an information request.
The data are deleted as soon as they are no longer needed to achieve the purpose for which they were collected. For the provision of the website, this is the case when the session terminates. The log files (access logs) are kept for administrators to access directly and exclusively for a period of 24 hours. After that, they are only available indirectly through a restore from backups and are permanently deleted after 30 days.
Performance of a contract
For pre-contractual and contractual reasons, we also need personal data to provide our services and comply with the obligations arising from contractual agreements concluded with you.
On https://developer.dhl.com we offer the following services:
Log-in as DPDHL employee
If you log-in as DPDHL employee your name, your username and your email address is processed. The legal basis for this is the employment contract (Art. 6 (1) b) GDPR).
Create a developer account
As a customer with a “developer account” you can access more in-depth information and start managing your access to the various APIs and DPDHL Services we are offering. To this end, i.e. to sign up we ask for your full name, your email address, your company name and the country you are located in. We further ask you to choose a user name. It is not possible to create a personal account without this information being supplied. Once the sign up process has been completed we will send you an email to verify your application. The aforementioned data are necessary to create your account and to let you therefore start managing your access to the APIs and the DPDHL Services The legal basis for this is Art. 6 (1) b) GDPR, the performance of the contract with you, respectively the pre-contractual relationship with you.
Your email address and your company name will also be used for our internal reporting and accounting purposes. The legal basis for the processing of the aforementioned data categories is Art. 6 (1) (f) GDPR. Due to the said purposes we have a legitimate interest to process this data and since this processing benefits to the contractual relationship we have with you an opposing interest is not evident.
Once your account is active you can log-in by using your username and a password you have chosen.
Use of and Access to the respective API and DPDHL Service
Depending on the respective API and DPDHL Service you wish to integrate additional authentication features may be required. Each API and DPDHL Service is provided to you by a different DHL business unit (“DPDHL Service Provider”) as named in the Services Specifics for the relevant API. You will find more information in the “legal terms” linked to each API/DPDHL Service.
Submit a ticket
As registered user with a developer account you also have the option to submit a ticket in case of questions, technical problems or other issues. In order to provide support to you as soon and as good as possible we ask your for name, the subject matter, a description and, if you like, you can also upload a document. The respective data processing serves solely for the purpose to solve your request as a registered user and is therefore based on the (pre-)contractual relationship with you (Art. 6 (1) b) GDPR).
Processing for advertising purposes
If you are an existing customer, your data (name and email address) will be processed to contact you in order to provide you with the latest information about our offers, news, products and services. Apart from an existing consent, we will process your e-mail address exclusively in order to provide you with information regarding our products and services where it is legally allowed.
Legal basis for the aforementioned processing is Art. 6 (1) f) GDPR. The processing of customer data for own direct marketing purposes is regarded as carried out for a legitimate interest.
You have right to object at any time to the said processing. To exercise your right, get in touch with us by using the contact details mentioned under "Who is Responsible".
If you register for one of our newsletters, we are entitled to use your email address for this purpose. You may unsubscribe from the newsletter at any time by clicking the relevant link at the bottom of the newsletter.
In case you file an objection or unsubscribe from our newsletter, the respective data will be removed from the mailing list, or blocked, respectively deleted and no longer be processed for such purposes.
ONLINE PRESENCE AND WEBSITE OPTIMIZATION
We use tracking software to determine how many users visit our website and how often. We do not use this software to collect personal data or individual IP addresses. The data is used solely in anonymous and summarized form for statistical purposes and for making improvements to the website.
When you access our website, a Privacy Preference Center will inform you that technically necessary cookies are set and, in addition, that your consent is required to the use of certain technologies, such as analytical cookies or similar technologies.
The processing of data by means of technically necessary cookies is based on our legitimate interest according to Art. 6 (1) f) GDPR to ensure that you can use our website the best possible way, to ensure that our website operates correctly and to guarantee an convenient and undisturbed user experience. These kinds of cookies are stored exclusively for the duration of your visit to our website. They are automatically deleted when you close your browser.
In addition, you will be informed via the Privacy Preference Center that we use other technologies (performance, functional or analytics technologies) for storing information about visitors who repeatedly access one of our internet pages. The purpose of using these technologies is to be able to offer you optimal user guidance as well as to "recognize" you and thus be able to present (as much as possible) diversified internet pages and new contents during repeated use. These technologies will only be processed on the basis of your prior given consent according to Art. (1) a) GDPR.
You will find more information under the Privacy Preference Center including the option to revoke a given consent.
JOBS & CAREER AT DEUTSCHE POST AND DHL
Career opportunities within Deutsche Post DHL Group are as diverse as our teams all over the world. With approximately 590,000 employees in over 220 countries, we connect people, improving their lives. If you would like to apply for one of our open jobs you will find more information here and, also on data protection, here.
WILL MY DATA BE PASSED ON TO THIRD PARTIES?
DPAG does not share, sell, transfer or otherwise disseminate your personal data to third parties and will not do so in future, unless required by law, unless required for the purpose of the contract or unless you have given explicit consent to do so.
However, in the context of the data processing as described in this Privacy Notice and the respective legal basis given, DPAG will transfer your data to the following categories of recipients:
- DPDHL Group companies: transfer is required within the DPDHL Group, its legal entities and shared service centers in order to manage our relationship with you, in particular in cases where APIs are affected which are provided by our business units.
- Third party business partners: The transfer to third party business partners is limited to what is required by applicable law and / or in order to fulfill our contractual obligations.
- Third party processors: which process data are contractually obliged to maintain strict confidentiality as per Art. 28 GDPR. DPAG retains responsibility for safeguarding your personal data in such circumstances. The business partners follow the instructions of DPAG, and this is guaranteed by technical and organizational measures, as well as by means of checks and controls. As for the DPDHL API Developer Portal this is Google Cloud’s Apigee API Management Service, which is a platform for developing , maintenance and administration of APIs.
- Public authorities: transfer is required by applicable law (e.g. to fulfil a legal obligation during shipment processing).
Your data is only transferred outside the European Economic Area (EEA) to other Deutsche Post DHL Group companies, third party business partners or public authorities when permitted by applicable data protection law. In such cases, we will make sure that appropriate safeguards are in place to ensure the transfer of your data (e.g. our binding corporate rules, standard contractual clauses).
WHAT ARE MY DATA SUBJECT’S RIGHTS?
Apart from the right to obtain you have the following rights:
- You can request information as to what personal data is stored
- You can request that we correct, delete or block your personal data provided these actions are permitted by law and in compliance with existing contractual conditions.
- You can request to receive personal data you have provided in a structured, commonly used and machine-readable format.
- You may lodge a complaint with the supervisory authority. For the European Union you can find your competent data protection authority here:
Right to object
The right to object applies for all processing of personal data which is based on Art. 6 (1) f) GDPR.
To exercise your right, simply get in touch with us by using the contact details mentioned above under "Who is responsible".
HOW ABOUT INFORMATION SECURITY?
DPAG takes the security of your data very seriously. We have implemented various strategies, controls, policies and measures to keep your data secure. We keep our security measures under close review. We use safeguards such as firewalls, network intrusion systems, and application monitoring. Where appropriate, we secure your data by using pseudonymization and encryption techniques when storing and transferring your data. For instance, your data is saved in a secure operating environment which is not accessible to the public. In certain cases, your personal data is encrypted by Secure Socket Layer technology (SSL) during transmission. This means that an approved encryption procedure is used for communication between your computer and the DHL servers if your browser supports SSL. We ensure that there are strict physical access controls in our buildings and certified data centers.
As a part of our security strategy, we have set up auditing programs to make sure that our systems and services comply with the DPDHL information security policy, and by extension the ISO 27001 standard.
In addition, we are taking a number of ongoing measures to reduce risk, such as (but not limited to) training our employees regularly and organizing incident simulation exercises by our Cyber Defense Center.
Should you wish to contact DHL by e-mail or contact forms, we would like to point out that the confidentiality of the information sent cannot be guaranteed. The contents of (e-mail) messages can be read by third parties. We therefore recommend you send us confidential information only by post.
CHANGES TO PRIVACY NOTICE
We keep our Privacy Notice under regular review. DPAG reserves the right to change its Privacy Notice at any time with or without prior notice. Please check back frequently to be informed of any changes. By using DPDHL’s websites you agree to this Privacy Notice.
This Privacy Notice was last updated on 26.04.2023.