Data source:

Consigners using the services of DPD Hungary Korlátolt Felelősségű Társaság (hereinafter referred to as the "Company").

Description of the course of processing:

The Company provides express delivery and related ancillary services to its customers within the framework of postal services (other postal services not replacing universal postal services, courier mail services, express postal services) and outside the framework of postal services. Customers who use the service become consigners. The Company processes the personal data of the consignees collected from the consigner in order to provide the service.

When the mail item is dispatched, we obtain the name, address, telephone number and e-mail address of the consignee as contact details. This information also appears on the parcel label. The Company sends a notification of the time of delivery to the telephone number provided by the consigner in the form of an SMS or Viber message. This activity is performed by contracted external partners in the telecommunications sector as data processors. The Company may contact the recipient at the email address provided by the consigner of the mail item in order to provide information about the parcel. The Company makes the former enquiries exclusively for the purpose of providing information about the parcel via a secure, closed system from the [email protected] address.

The last five characters of the number of the photographic document and the signature of the recipient are recorded when the parcel is delivered by our couriers or received at the parcel points. In the event that the recipient does not wish to collect the parcel, the person authorised by the recipient may do so by means of an authorisation which can be downloaded from the website https://www.dpd.com/hu/hu/pickup-csomagpont/csomagpont-kereso/.

In order to provide the service, our Company involves subcontractors/carriers and parcel points as contracted partners in the processing of data.

In all cases, the Company concludes a contract for data processing with these partners.

The purpose of processing:

The performance of the service ordered by the consigner is the receipt of the mail item.

Legal ground of the processing:

Article 6(1)(c) of GDPR, according to which the processing is necessary for the fulfilment of a legal obligation applicable to the controller, pursuant to Section (2) of Art. 40§ of Act CLIX of 2012 on Postal Services.

Scope of the data processed:

Name, address, email address as contact details, telephone number, name and address of authorised representative, name and address of witnesses

Proof of delivery: name and signature of the consignee, delivery address, parcel number, courier name, route number, GPS coordinates of parcel delivery.

Data on the authorisation:  Name and address of consignee,  name and address of authorised representative, details of parcel point and mail item, address of witnesses.

Processors involved in the processing and indication of the processing operation:

Processor: Vodafone Global Enterprise Limited (registered office: Vodafone House, The Connection, Newbury, Berkshire, RG14 2FN United Kingdom)

Activities relating to processing: business message sending services.

Processor: LINK Mobility Hungary Kft. for messaging sent on the Viber platform.

In the course of the processing, the data are transferred to the following third parties based on the legal ground indicated:

The Company does not transfer the data to third parties, but draws the attention of data subjects to the fact that the disclosure of personal data to courts and authorities may be required by law. If a court or authority requires the Company to provide personal data in the course of its legal proceedings, the Company is obliged to provide the requested data to the court or authority in question in order to comply with its legal obligation.

Preservation period of the personal data:

The Company will store your personal data in relation to this processing for one year from the date of recording.

• The Company will erase the data recorded on the label from its system after 1 year,
• The Company will keep a proof of delivery for 1 year, during which time the data on the delivery receipt are available to the sender of the mail item if necessary to deal with any objection to the mail item or its delivery,
• The Company will destroy the data recorded on the authorisation after 1 year.

The fact of automated decision-making:

No automated decision-making is performed during the processing.

Rules regarding the exercising of data subject rights:

The Company informs you that, pursuant to the GDPR, you may, after having verified your identity, exercise the following rights:

• request information about the processing of your personal data,
• access to personal data,
• request the rectification of your personal data,
• request the erasure of your personal data (under the conditions set out in Article 17(1) of the GDPR)
• request the restriction of the processing of your personal data,
• exercise your right to data portability (when the processing is performed by automated means).

For more information on the protection and transfer of personal data, the rights and obligations of the data subject and the controller, the limitation of liability and the enforcement of claims, read the section "General information on data processing".

Data source:

Contracted (regular) consigners using the services of DPD Hungary Korlátolt Felelősségű Társaság (hereinafter: Company).

Description of the course of processing:

The Company provides express delivery and related ancillary services to its customers within the framework of postal services (other postal services not replacing universal postal services, courier mail services, express postal services) and outside the framework of postal services.

The service may be ordered depending on the type of service.

Business customers may also request price quotations in advance before placing an order by contacting Customer Services or by visiting the website https://www.dpd.com/hu/hu/csomagfeladas/#sending_request_prices. They can also visit the Company's website under https://www.dpd.com/hu/hu/kapcsolat/ menu.

Data recorded in the case of a request for a quotation: name/company name, address/registered office of the requesting party, contact details (e-mail address, telephone number), delivery information for the mail item.

When ordering parcel delivery services, the Company will also provide ancillary services to its customers on request. The scope of these services is available on the Company's website at https://www.dpd.com/hu/hu/csomagfeladas/  When ordering ancillary services, in addition to the consigner, consignee and cost bearer data provided when ordering the "primary" service, other data, necessary due to the nature of the ancillary service, may be required for the purpose of the service.

Ancillary services may include, inter alia, insurance services. In the event of a claim, the customer's details and a description of the claim will be transmitted to the insurer.

The order is created by sending a request for parcel dispatch in WEBLABEL, which requires additional information on delivery and payment in addition to the customer's details (consigner, consignee, cost bearer).

The Company electronically stores the personal data collected during the ordering of services and the transaction data related to the service. Orders are recorded by the Company in an electronic WEBLABEL system, to which only DPD [(DPD and its subsidiaries)  employees (or other people employed in a different legal relationship) with the appropriate level of authorisation and involved in the performance of the service have access. These data are transmitted through the scanner (MDA) of the delivery courier, who processes the data necessary for delivery. The Company also employs subcontractors for the delivery service, who are involved as data processors in relation to the processing of the data. In addition, if a parcel is delivered outside the border or in a third country, the Company transfers the data necessary for the provision of the service to Geopost's subsidiaries or contracted partners.

The paper documents generated in the course of the Company's service activities are archived and destroyed after storage of by an external contracted partner, who acts as a data processor for this data processing.

In order to ensure data security and compliance with data protection requirements, the Company always concludes a contract for data processing with the data processors.

For information on the scope of the services, their content and the conditions of provision of the service, please read the General Terms and Conditions available on the Company's website https://www.dpd.com/hu/hu/, and at the Customer Service Point.

The purpose of processing:

Conclusion and performance of contracts for the delivery of the mail items and related ancillary services.

Legal ground of the processing:

Legal ground under Article 6 (1) b) of the GDPR according to which processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Scope of the data processed:

Data recorded in the case of a request for a quotation: name/company name, address/registered office of the requesting party, contact details (e-mail address, telephone number), delivery information for the mail item.

In the case of contracting: name, registered office, tax number, name of the financial institution holding the account, bank account number; charges related to the transport activity (discounts, tariffs), in the case of a private contractor: name, registered office, tax number, name of mother, place and date of birth, identity card number.

As contact details for financial accounting purposes: e-mail address, telephone number.

For the supply of services:

Cost bearer data (person, partner code or other means of payment),

Consigner’s data (partner code, name of natural person, company’s name, name of the contact person, address, postcode, telephone number or e-mail address),

Consignee’s data (name of the natural person, name of the company, name of the contact person, delivery address, postcode, country, telephone number or email address),

In the case of a request for parcel collection, the following data fields must be completed as necessary, according to the type of service requested by the Customer: Mail item insurance and value (if intended to be used), Customs requirements (for customs goods), Ancillary services (if intended to be used), Consigner reference or other identifier (if applicable).

Processors involved in the processing and indication of the processing operation:

The list of subcontractors involved in the provision of the delivery service is included in a separate table.

Activities relating to processing: Postal courier activities

Preservation period of the personal data:

• In the case of a tender, until the end of the tender period, up to a maximum of 30 days,
• The Company shall store the contract data and the data generated during the performance of the contract, forming the basis of the accounting documents for 8 years from the termination of the contract (issue of the last invoice issued), on the basis of the legal obligation laid down in Article 169 of Act C of 2000 on Accounting.

In the course of the processing, the data are transferred to the following third parties based on the legal ground indicated:

The Company shall transfer the data to third parties if the customer orders an insurance service in addition to the delivery service and the insured goods are damaged. In that case, the customer's data will be transferred to the insurance company, which will then be able to carry out the claim administration.

Addressed to: Marsh Kft. (registered office: 1082 Budapest, Futó utca 47-53. 5th floor.) Wáberer Hungária Biztosító Zrt. (registered office: 1211 Budapest, Szállító u. 4.)

the data transmitted: customer data and description of the claim

legal ground for the transfer of the data: Legal ground under Article 6 (1) b) of the GDPR according to which processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

frequency of data transfer: Customers using insurance services for the administration of individual cases.

We also draws our clients’ attention to the fact that the disclosure of personal data to courts and authorities may be required by law. If a court or authority requires the Company to provide personal data in the course of its legal proceedings, the Company is obliged to provide the requested data to the court or authority in question in order to comply with its legal obligation.

Rules regarding the exercising of data subject rights:

The Company informs you that, pursuant to the GDPR, you may, after having verified your identity, exercise the following rights:

• request information about the processing of your personal data,
• access to personal data,
• request the rectification of your personal data,
• request the erasure of your personal data (under the conditions set out in Article 17(1) of the GDPR)
• request the restriction of the processing of your personal data,
• exercise your right to data portability (when the processing is performed by automated means).

For more information on the protection and transfer of personal data, the rights and obligations of the data subject and the controller, the limitation of liability and the enforcement of claims, read the section "General information on data processing".

Data source:

Occasional consigners using the services of DPD Hungary Korlátolt Felelősségű Társaság (hereinafter: Company).

Description of the course of processing:

The Company provides express delivery and related ancillary services to its customers within the framework of postal services (other postal services not replacing universal postal services, courier mail services, express postal services) and outside the framework of postal services.

The service may be ordered depending on the type of service.

Occasional customers can arrange their parcel delivery from the comfort of their home  via the website, https://www.packlink.com/hu-HU/futarok/dpd/or at the Company's contracted PICKUP parcel points. The Company also employs subcontractors for the delivery service, who are involved as data processors in relation to the processing of the data.

At the Parcel Points, our occasional customers can dispatch parcels following the conclusion of an occasional contract of engagement. After that, the label is printed, the parcel is collected and the payment is made. The data required to print the parcel label is recorded in the Weblabel system. The cost of the service is paid by the occasional customer to the parcel point partner on the basis of a receipt issued by the contracted partner. For the purposes of such data processing, the parcel point partner is the data controller. In addition, if a parcel is delivered outside the border or in a third country, the Company transfers the data necessary for the provision of the service to Geopost's subsidiaries or contracted partners.

For information on the scope of the services, their content and the conditions of provision of the service, please read the General Terms and Conditions available on the Company's website https://www.dpd.com/hu/hu/, and at the Customer Service Point.

The purpose of processing:

Delivery of posted mail items

Legal ground of the processing:

Article 6(1) f) of the GDPR: the processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party.

Scope of the data processed:

Contact details: consigner's e-mail address, telephone number.

Data to be recorded on the label: consigner's name, address, consignee's name, address, telephone number, e-mail.

Processors involved in the processing and indication of the processing operation:

The list of subcontractors involved in the provision of the delivery service is included in a separate table.

Activities relating to processing: Postal courier activities

Preservation period of the personal data:

• The data recorded on the Weblabel interface/label will be deleted from the system after 1 year by the Company.

In the course of the processing, the data are transferred to the following third parties based on the legal ground indicated:

We also draws our clients’ attention to the fact that the disclosure of personal data to courts and authorities may be required by law. If a court or authority requires the Company to provide personal data in the course of its legal proceedings, the Company is obliged to provide the requested data to the court or authority in question in order to comply with its legal obligation.

Rules regarding the exercising of data subject rights:

The Company informs you that, pursuant to the GDPR, you may, after having verified your identity, exercise the following rights:

• request information about the processing of your personal data,
• access to personal data,
• request the rectification of your personal data,
• request the erasure of your personal data (under the conditions set out in Article 17(1) of the GDPR)
• request the restriction of the processing of your personal data,
• exercise your right to data portability (when the processing is performed by automated means).

For more information on the protection and transfer of personal data, the rights and obligations of the data subject and the controller, the limitation of liability and the enforcement of claims, read the section "General information on data processing".

Data source:

A person turning to the customer service of DPD Hungary Korlátolt Felelősségű Társaság (hereinafter: Company) or making a complaint.

Description of the course of processing:

The customer service is responsible for recording and processing inquiries received from the customer or consignee in connection with the ordered service, if necessary with referral to the associated departments, tracking the route of parcels, providing information about services, transferring information and registering complaints.

The scope of the data processed in the course of customer service administration and the course of processing are determined by the type of case to be handled. For information on the scope of the services, their content and the conditions of provision of the service, please read the General Terms and Conditions available on the Company's website www.dpd.com/hu, and at the Customer Service Point.

The Company will electronically process your personal data collected in the course of the Customer Service in its Ticketing system.

The Company acts in accordance with the relevant provisions of Article 57 of Act CLIX of 2012 (hereinafter: Postal Act), and Article 17/B of Act CLV of 1997 on Consumer Protection (hereinafter: Consumer Protection Act).

Complaints can be made to the Company's Customer Service Centre by telephone and in writing (by post, e-mail) or via the Company's website www.dpd.com/hu/ (contact for complaint/complaint).

Complaints will be channelled to the responsible employee, all complaints will be registered and investigated. Pursuant to Article 57 of the Postal Act, the Company must also register compensation claims among the complaints. The Company will respond to complaints and claims for damages within 30 days of notification and will ensure that they are dealt with substantially.

All customer complaints are recorded in the Ticketing system, which is the Company's own local electronic system.

The detailed rules for complaint handling are set out in the Company's General Terms and Conditions, which are available at the customer service points and on the website https://www.dpd.com/hu/hu/aszf/.

The purpose of processing:

Administration via the Customer Service. Receiving complaints from users/recipients, handling complaints/compensation claims related to service activities, liaising during the complaints procedure.

Legal ground of the processing:

General customer service

If the consignee is a private individual user: the legal ground defined in Article 6 (1) b) of the GDPR, according to which processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract

In the case of legal person consignee users (contact person as data subject):

the legal ground under the Article 6(1) f) of the GDPR, according to which processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party.

In case of complaints and claims handling activities (private person consignee)

Article 6 (1) c) of the GDPR, according to which processing is necessary for compliance with a legal obligation applicable to the Controller pursuant to Article 57 of the Postal Act and Article 17/A and 17/B of the Consumer Protection Act,

Complaints and claims handling activities in the case of legal person consignee (contact person as data subject): Article 6 (1) c) of the GDPR, according to which processing is necessary for compliance with a legal obligation applicable to the Controller pursuant to Article 57 of the Postal Act.

processed data:

The personal data provided by the consignee during administration by the customer service.

Name of the complainant, contact details (telephone number, e-mail address, postal address), description of the complaint, data concerning the mail item.

If a record of the complaint is made: The record of the complaint must contain the following information: the name, address of the consumer, the place, time and manner of lodging the complaint, a detailed description of the consumer's complaint, a list of documents, records and other evidence presented by the consumer, a statement by the undertaking of its position on the consumer's complaint, if an immediate investigation of the complaint is possible, the signature of the person who took the record and, except for oral complaints communicated by telephone or other electronic communication services, the consumer's signature, and in the case of oral complaints communicated by telephone or other electronic communication services, the unique identification number of the complaint (Article 17/A (5) of the Consumer Protection Act)

Processors involved in the processing and indication of the processing operation:

Processor: Aloha Informatikai Kft. (1117 Budapest, Alíz utca 1. 7^th floor)

Activities related to data processing Provision and maintenance of the Ticketing system.

The controller has concluded a data processing contract with all data processors.

In the course of the processing, the data are transferred to the following third parties based on the legal ground indicated:

The Company does not transfer the data to third parties, but draws the attention of data subjects to the fact that the disclosure of personal data to courts and authorities may be required by law. If a court or authority requires the Company to provide personal data in the course of its legal proceedings, the Company is obliged to provide the requested data to the court or authority in question in order to comply with its legal obligation.

Preservation period of the personal data:

For general customer service activities: The time limit for asserting a legal claim is 3 years after the service has been provided.

In case of complaints and claims administration: The Company shall keep the record of the complaints and a copy of the reply, as well as the recorded audio recording, for 3 years in accordance with Article 17/A of the Consumer Protection Act. 

The fact of automated decision-making:

no automated decision-making is performed during the processing.

Rules regarding the exercising of data subject rights:

General customer service

When the consignee is a private individual user:

The Company informs you that, pursuant to the GDPR, you may, after having verified your identity, exercise the following rights in relation to this processing:

• request information about the processing of your personal data,
• request the rectification of your personal data,
• access to personal data,
• request the erasure of your personal data (under the conditions set out in Article 17 (1) of the GDPR),
• request the restriction of the processing of your personal data,

exercise your right to data portability (when the processing is performed by automated means).

In the case of legal person consignee users (contact person as data subject):

The Company informs you that, pursuant to the GDPR, you may, after having verified your identity, exercise the following rights:

• request information about the processing of your personal data,
• request the rectification of your personal data,
• access to personal data,
• request the erasure of your personal data (under the conditions set out in Article 17 (1) of the GDPR),
• request the restriction of the processing of your personal data,
• object to the processing.

In the case of complaints and claims handling activities (private person consignee)

Complaints and claims handling activities in the case of legal person consignee (contact person as data subject)

The Company informs you that, pursuant to the GDPR, you may, after having verified your identity, exercise the following rights in relation to this processing:

• request information about the processing of your personal data,
• request the rectification of your personal data,
• access to personal data,
• request the erasure of your personal data (under the conditions set out in Article 17 (1) of the GDPR),
• request the restriction of the processing of your personal data,

For more information on the protection and transfer of personal data, the rights and obligations of the data subject and the controller, the limitation of liability and the enforcement of claims, read the section "General information on data processing".

Data source:

Individuals taking part in the customer satisfaction survey of DPD Hungary Korlátolt Felelősségű Társaság (a hereinafter: Company).

Description of the course of processing:

It is important for the Company to provide its services at a consistently high level and for its customers to be satisfied with the service ordered.

In order to achieve this objective, it carries out customer satisfaction surveys among its mail recipients.

For each successfully delivered parcel, the consignee receives an e-mail notification with a link to a questionnaire to assess the quality of the service. Once the responses to the questionnaire have been evaluated, a Consignee backtesting Report is sent to the managers of the organisations concerned.

The evaluated consignee satisfaction reports and the information gathered are submitted once a year by the marketing coordinator to the senior management, who evaluate them and set targets for process improvement and, if necessary, take corrective and preventive action.

The purpose of processing:

To understand the opinion of customers and improve the quality of service through customer satisfaction surveys

Legal ground of the processing:

The legal ground under the Article 6(1) f) of the GDPR, according to which processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party.

processed data:

Parcel number, name of consignee, e-mail address, other data provided when filling in the satisfaction questionnaire.

In the course of the processing, the data are transferred to the following third parties based on the legal ground indicated:

The Company does not transfer the data to third parties, but draws the attention of data subjects to the fact that the disclosure of personal data to courts and authorities may be required by law. If a court or authority requires the Company to provide personal data in the course of its legal proceedings, the Company is obliged to provide the requested data to the court or authority in question in order to comply with its legal obligation.

Preservation period of the personal data:

The data will be erased by the Company after 18 months from the processing of the customer satisfaction questionnaire.

The fact of automated decision-making:

no automated decision-making is performed during the processing.

Rules regarding the exercising of data subject rights:

The Company informs you that, pursuant to the GDPR, you may, after having verified your identity, exercise the following rights in relation to this processing:

• request information about the processing of your personal data,
• request the rectification of your personal data,
• access to personal data,
• request the restriction of the processing of your personal data,
• request the erasure of their personal data (under the conditions set out in Article 17 of the GDPR)
• object to the processing.

For more information on the protection and transfer of personal data, the rights and obligations of the data subject and the controller, the limitation of liability and the enforcement of claims, read the section "General information on data processing".

Data source:

Partners of DPD Hungary Korlátolt Felelősségű Társaság (hereinafter: Company).

Description of the course of processing:

The Company issues and receives invoices in the course of its business.

The invoices handled by the Company contain, in the case of private individuals and individual entrepreneurs, the mandatory elements of personal data pursuant to Article 169 of Act CXXVII of 2007 on Value Added Tax: the name and address of the customer, as well as the customer's tax number and bank account number. In addition, the invoices also contain information on discounts and tariffs.

The Company issues invoices electronically or, on request, on paper, using an invoicing software. The invoices are archived in the Company's own global electronic system.

The purpose of processing:

Issue, storage of invoices in connection with the services, ensuring financial and accounting processes,

Legal ground of the processing:

article 6 (1) c) of the GDPR, according to which processing is necessary for compliance with a legal obligation applicable to the Controller  [Article 165 of Act C of 2000 on Accounting (Accounting Act)]

processed data:

Name and address, tax identification number and bank account number of the customer.

Processors involved in the processing and indication of the processing operation:

Processor: UNIT4 CODA Hungary Informatikai Kft., registered office: 1023 Budapest. Lajos utca 28-32.

Activities relating to processing: Provision of hosting service for electronic invoices.

In the course of the processing, the data are transferred to the following third parties based on the legal ground indicated:

The Company does not transfer the data to third parties, but draws the attention of data subjects to the fact that the disclosure of personal data to courts and authorities may be required by law. If a court or authority requires the Company to provide personal data in the course of its legal proceedings, the Company is obliged to provide the requested data to the court or authority in question in order to comply with its legal obligation.

Preservation period of the personal data:

5 years from the date of recording. [Article 169 (1)-(2) of the Accounting Act]

The fact of automated decision-making:

no automated decision-making is performed during the processing.

Rules regarding the exercising of data subject rights:

The Company informs you that, pursuant to the GDPR, you may, after having verified your identity, exercise the following rights in relation to this processing:

• request information about the processing of your personal data,
• access to personal data,
• request the rectification of your personal data,
• request the erasure of your personal data (under the conditions set out in Article 17(1) of the GDPR)
• request the restriction of the processing of your personal data,

For more information on the protection and transfer of personal data, the rights and obligations of the data subject and the controller, the limitation of liability and the enforcement of claims, read the section "General information on data processing".

Data source:

Partners of DPD Hungary Korlátolt Felelősségű Társaság (hereinafter: Company) and authentic, public databases

Description of the course of processing:

In the scope of its service activities, the Company performs arrears management activities in relation to customers in arrears according to its internal procedures. The Company sends a payment notice to the customer in arrears to the contact e-mail provided. If the internal arrears management is unsuccessful, the case will be forwarded to the Company's external engaged lawyer.     

If an external lawyer is engaged, the Company will transfer the customer details, contact details and details of the debt (account number, invoice date, invoice amount, etc.).

The purpose of processing:

In the field of service activities, the processing of customer data for the purpose of arrears management.

Legal ground of the processing:

Article 6(1) f) of the GDPR: the processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party.

processed data:

Customer data recorded in relation to a contract, contact details, arrears data, invoice data.

In the course of the processing, the data are transferred to the following third parties based on the legal ground indicated:

• recipient’s name: dr. Attila Sándor Gergye (address: 1065 Budapest, Révay köz 4. I/2.)
• the data transmitted: data on the customer in arrears, contact details and details of the debt (invoice number, date of invoice, amount of invoice), and documents generated during arrears management
• the legal ground of the transfer of data is Article 6 (1) b) of the GDPR, i.e., processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

The Company draws attention to the fact that the disclosure of personal data to courts and authorities may be required by law. If a court or authority requires the Company to provide personal data in the course of its legal proceedings, the Company is obliged to provide the requested data to the court or authority in question in order to comply with its legal obligation.

Preservation period of the personal data:

Until payment of the arrears or until the expiry of the limitation period for a civil claim relating to the arrears.

The fact of automated decision-making:

no automated decision-making is performed during the processing.

Rules regarding the exercising of data subject rights:

The Company informs you that, pursuant to the GDPR, you may, after having verified your identity, exercise the following rights in relation to this processing:

• request information about the processing of your personal data,
• access to personal data,
• request the rectification of your personal data,
• request the erasure of your personal data (under the conditions set out in Article 17(1) of the GDPR),
• request the restriction of the processing of your personal data,
• object to the processing

For more information on the protection and transfer of personal data, the rights and obligations of the data subject and the controller, the limitation of liability and the enforcement of claims, read the section "General information on data processing".

Description of the course of processing:

The Company operates its own website, which can be accessed at https://www.dpd.com/hu//. Automatic data collection (cookies, Google Analytics, etc.) takes place on the website.

Visitors' access to and exit from the website is facilitated by small data packets, so-called cookies, which are placed on and read back from the visitors' computer devices by the website. Cookies are used to ensure the proper functioning of the website, to provide a more efficient service and to collect anonymised data for statistical purposes.

Visitors can erase cookies from their computer devices and they are automatically deleted when the browser is closed, or the visitor can manually set their browser to disable cookies. The visitor can also use the website if they manually disables the use of cookies in their browser settings.

On the one hand, the website uses a unique, temporary "spublic" cookie to identify workflows, i.e. to determine whether the visitor is logged in to the website or not. The "spublic" cookie therefore helps visitors to enter and leave the website. A "spublic" cookie is a temporary cookie which is automatically deleted from the visitor's computer when the browser is closed, or can be manually deleted by the visitor in the browser settings.

The following cookies are used in order to establish the following statistical data on the visits to and the number of visitors to the website, and other data collected for this purpose:

• the visitor reached the website through a search engine, keyword or link ("utmz" cookie),
• the number of times the visitor has visited the website ("utmb" cookie),
• how long the visitor stayed on the website ("utma" and "utmv" cookies),
• when the visitor first visited the website ('utma' and 'utmv' cookies),
• when the visitor last visited the website ('utmc' and 'utmv' cookies).

In addition to the above, some cookies protect the website against overloading ("utmt" cookie) and some cookies used by Google Analytics also record the IP address of the visitor's computer device for analytical, statistical and security purposes. The data is stored on the visitor's computer device. The independent measurement and auditing of the website's traffic and other web analytics data is therefore facilitated by Google Analytics servers as an external service provider, using the cookies listed above. The data controller of these data provides detailed information on the processing of the measurement data on the website https://www.google.com/analytics/ and more information on Google's privacy principles is available via the link http://www.google.hu/intl/hu/policies/privacy/. The data transmitted from the website to the Google Analytics servers cannot be used to identify the visitor directly and exclusively, but only to identify the IP address of the computer device.

By visiting the Website and by clicking on the "Accept" button, the visitor consents to the use by the data controller of cookies managed by external service providers or by the data controller itself, in connection with the operation of the Website, for the possible recording of data and information described in this statement, depending on the settings.

Such data are the data of the visitor’s computer generated during the use of the Website and registered by the cookies used on the Website as the automatic result of technical processes. The system logs the automatically recorded data without any specific declaration or act of the user when the user visits or leaves the Website.

Depending on the setting, the data saved will not be linked to other personal user data and will be accessed by the third party cookie service provider (e.g. Google) and the data controller. The visitor cannot be identified from those data.

The purpose of processing:

Visitor data are recorded when visiting the website in order to monitor the functioning of the service and to prevent abuse.

Legal ground of the processing:

The legal ground of processing is the consent of the data subject pursuant to Article 6(1)a) of the GDPR

Scope of the data processed:

date, time, IP address of the user's computer, address of the page visited, address of the page previously visited, data relating to the user's operating system and browser

In the course of the processing, the data are transferred to the following third parties based on the legal ground indicated:

The Company does not transfer the data to third parties, but draws the attention of data subjects to the fact that the disclosure of personal data to courts and authorities may be required by law. If a court or authority requires the Company to provide personal data in the course of its legal proceedings, the Company is obliged to provide the requested data to the court or authority in question in order to comply with its legal obligation.

Preservation period of the personal data:

The personal data are electronically processed by the Company for 30 days from the date of visiting the website.

The fact of automated decision-making:

No automated decision-making is performed during the processing.

Rules regarding the exercising of data subject rights:

The Company informs you that, pursuant to the GDPR, you may, after having verified your identity, exercise the following rights:

• request information about the processing of your personal data,
• access to personal data,
• request the rectification of your personal data,
• withdraw their consent to the processing;
• request the erasure of your personal data (under the conditions set out in Article 17 (1) of the GDPR),
• request the restriction of the processing of your personal data,
• exercise your right to data portability (when the processing is performed by automated means).

In the case of data processing pursuant to Article 6(1)(a) GDPR, you may also request the erasure of your personal data by withdrawing your consent to the processing.

For more information on the protection and transfer of personal data, the rights and obligations of the data subject and the controller, the limitation of liability and the enforcement of claims, read the section "General information on data processing".

Data source:

The person who visits the website of DPD Hungary (hereinafter: Company) initiating the contact.

Description of the course of processing:

1. On the Company' s website at [https://www.dpd.com/hu/hu/kapcsolat you can contact the Company on various topics.
2. You can submit an application as a subcontractor on the Company’s website at https://www.dpd.com/hu/hu/szallitasi-partner-futar if you wish to become a delivery partner of the Company.
3. You can submit an application as a subcontractor on the Company’s website at https://www.dpd.com/hu/hu/pickup-csomagpont/csomagpont-partner/ if you wish to become a parcel point partner of the Company.

In all cases, however, you can only send your message if you accept the Company' s data processing policy, which you can do by ticking a box.

The purpose of processing:

1. To facilitate your contact with the Company via the website at the https://www.dpd.com/hu/hu/kapcsolat menu item.
2. To contact the Company to submit a delivery partner application via the website under the https://www.dpd.com/hu/hu/szallitasi-partner-futar menu item.
3. To contact the Company to submit a delivery partner application via the website under the https://www.dpd.com/hu/hu/pickup-csomagpont/csomagpont-partner/ menu item.

Legal ground of the processing:

For point a): The legal ground of processing is the consent of the data subject pursuant to Article 6(1)a) of the GDPR

In the case of points b) and c) if the data subject is an individual entrepreneur, the legal ground pursuant to Article 6 (1) b) of the GDPR, namely that the processing is necessary for the performance of a contract to which the data subject is a party or, in the case of a legal person( contact person as data subject) who is necessary for taking steps at the request of the data subject prior to the conclusion of the contract, the legal ground under  Article 6 (1) f) of the GDPR, according to which the is necessary for the enforcement of the legitimate interest of the Controller or a third party.

Scope of the data processed:

For point (a): name of the notifier, e-mail address, telephone number, delivery address and parcel details, description of the incident.

For points b) and c): data relating to the notifier's business, professional data, contact details such as name, work telephone number, e-mail address.

Processors involved in the processing and indication of the processing operation:

The Company involves a processor(s) in the processing:

Name: Invitech Megoldások Zrt. (registered office: 2040 Budaörs, Edison utca 4.).

Activities relating to processing: hosting service.

In the course of the processing, the data are transferred to the following third parties based on the legal ground indicated:

The Company does not transfer the data to third parties, but draws the attention of data subjects to the fact that the disclosure of personal data to courts and authorities may be required by law. If a court or authority requires the Company to provide personal data in the course of its legal proceedings, the Company is obliged to provide the requested data to the court or authority in question in order to comply with its legal obligation.

Preservation period of the personal data:

For point a): the Company will store the data for 5 years.

For points b) and c): the Company will erase the data processed in the application form after the selection process has been completed.

The fact of automated decision-making:

No automated decision-making is performed during the processing.

Rules regarding the exercising of data subject rights:

The Company informs you that, pursuant to the GDPR, you may, after having verified your identity, exercise the following rights in relation to this processing:

• request information about the processing of your personal data,
• access to personal data,
• request the rectification of your personal data,
• request the erasure of your personal data (under the conditions set out in Article 17(1) of the GDPR),
• request the restriction of the processing of your personal data,
• object to the processing (in case of a legal ground under Article 6(1)(f) GDPR),
• exercise your right to data portability (in the case of the legal ground defined in Article 6(1) a) of the GDPR when the processing is performed by automated means).
• seek legal remedy.

In the case of data processing pursuant to Article 6(1)(a) GDPR, you may also request the erasure of your personal data by withdrawing your consent to the processing.

Under the GDPR, the scope of the rights affected may vary according to the different legal grounds.

For more information on the protection and transfer of personal data, the rights and obligations of the data subject and the controller, the limitation of liability and the enforcement of claims, read the section "General information on data processing".

Data source:

Any person who visits the career portal or website of DPD Hungary Korlátolt Felelősségű Társaság (hereinafter: Company) and initiates a contact.

Description of the course of processing:

You may apply to the Company for advertised vacancies, through a contracted headhunting company or through a career site maintained and operated by the Company.

Interested parties can apply for advertised vacancies by sending their CV to the address indicated in the job advertisement.

Applications may also be made for vacancies not yet advertised with the Company. If you apply for a vacancy that has not yet been advertised, your personal data will be treated in the same way as for advertised vacancies.

Applying for a job through a headhunting company:

In this case, the source of the data is the headhunting company contracted by the Company, to which you have sent your application for a vacancy at the Company and to which you have consented to the transfer of your personal data relating to the application to the Company .

The headhunting companies contracted by the Company  search for suitable candidates to fill vacancies in the Company on the basis of specific instructions from the Company.

The headhunting companies will transmit to the Company  the CVs, any motivation letter sent to them and any other personal data voluntarily provided by the applicants when applying for the job advertisement, as well as the pre-screening conducted by the headhunting companies, on the basis of the consent of the data subjects.

The data of candidates pre-screened by headhunting companies are processed in the same way as the applications for the advertised vacancies.

Application on the careers site:

The Company operates a careers page which can be accessed via the links below: https://dpd.karrierportal.hu/allasok.

Job vacancies advertised on the Company's careers portal are open to users who are already registered on the careers portal or who have registered by uploading their CV.

When registering for the career portal, the data subjects are required to upload their name, email address and, if the registration is done by uploading a CV, their CV into the online system. In all cases, the Company will send a confirmation e-mail to the registrant upon successful registration. In the case of unconfirmed registration or interrupted registration, the Company will send a notification to the person concerned to confirm their registration or to terminate their registration, otherwise their data will be erased.

If the registrant does not confirm this, the Company will delete their data.

During the selection process, a telephone/in person/online interview will be conducted on the basis of the CVs. The selection of the right employee will be the responsibility of the Company's HR staff, the prospective Head of Profession and the respective chief executive officer. The CV data will be accessible to the HR staff, the prospective Head of Profession and the chief executive officer. In the selection process for certain positions, the Company uses the Assessment Center method, which assesses the competencies required for the position to be filled.

The data of applicants applying through the career portal are stored on the system of the external company operating the portal.

As a general rule, the Company stores the  unintended CVs for future use and builds a database of them for positions that become vacant or open at a later date. The data in the database will be kept for two years. Before the expiry of the retention period, the Company will send an enquiry letter to the e-mail address indicated in the CV, asking whether the personal data of the person concerned should be deleted from the database or kept in the Company's database for a further two years. If the data subject's answer to the letter of enquiry is in the negative, the Company will ensure that the data provided when applying for the job are erased, otherwise it will keep them in its database for a further two years.

If the applicant does not want their CV to be stored, they can delete their registration from our system by logging into their profile. In this case all your data and uploaded documents will be deleted. You can also indicate your wish to delete your profile by sending an e-mail to [email protected].

Application for becoming a DPD courier:

On the Company' s website, you can apply to become a DPD courier on the following the links below: https://www.dpd.com/hu/hu/szallitasi-partner-futar/futar/

If you apply only in Budapest and Pest county, DPD will forward the data you enter on the website to the subcontractor responsible for the area

The purpose of processing:

a) In the case of internal job advertisements, to fill the vacancies by selecting suitable prospective employees and establishing employment relationships in the future.

b) In the case of courier job advertisements, and applications from the Budapest and Pest counties, to direct the applicants to the subcontractors responsible for the area in question.

c) In the case of Assessment Centre processing, to select the most suitable candidate for each vacant position.

Legal ground of the processing:

For points a) and b): the legal ground for processing is the data subject's consent pursuant to Article 6(1)(a) GDPR.

For paragraph c) the legal ground under the Article 6(1) f) of the GDPR, according to which processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party.

Scope of the data processed:

a) For point (a), the data provided by the data subject when applying for the vacancy: natural person identification data (the following data in aggregate: name, other contact details (telephone number, e-mail address,) CV, motivation letter data (previous, current job data, data on education, language skills, any other data provided by the applicant concerned in the CV, motivation letter, career portal application).

b) For point (b), the name, e-mail address, telephone number, the city in which the job is sought, the year of obtaining the driving licence, details of experience, starting date and type of work, and the net salary requirement.

c) For (c), the name of the person concerned and the results of the selection methods used in the recruitment process.

Processors involved in the processing and indication of the processing operation:

The Company involves a processor in the processing:

Nexum Magyarország Kft. (registered office 6726 Szeged, Temesvári krt. 5.)

Activities relating to processing: Providing the recruitment software, web server operation and system administration in connection with the operation of the career portal.

In the course of the processing, the data are transferred to the following third parties based on the legal ground indicated:

The Company shall transfer the data to third parties in the case of the processing referred to in point b) to KÖVENDI Bt. and BBG.EXPRESS Kft. as  controllers pursuant to Article 6 (1) a) of the GDPR, based on the consent of the data subject.

The Company draws attention to the fact that the disclosure of personal data to courts and authorities may be required by law. If a court or authority requires the Company to provide personal data in the course of its legal proceedings, the Company is obliged to provide the requested data to the court or authority in question in order to comply with its legal obligation.

Preservation period of the personal data:

a) In the case of point a), the main rule is that for two years after the data has been entered in the database, if the data subject replies in the negative to the enquiry letter sent before the storage period expires, their data will be deleted. If the applicant does not request the deletion of their data after the enquiry, the Company will keep the personal data in the database for a further two years.

b) In the case of point (b), the Company and the subcontractors involved in the joint processing shall keep the personal data of the unsuccessful data subjects for 30 days from the date of provision of the data, after which the data shall be erased.

c) In case of point (c), the Company shall process the results of the competency assessment of the successful candidate until the termination of the employment relationship. The Company shall store the results of the competency assessment of a candidate who is not hired for 180 days and then destroy them.

The fact of automated decision-making:

No automated decision-making is performed during the processing.

Rules regarding the exercising of data subject rights:

In the case of an application for an internal or courier vacancy

The Company informs you that, pursuant to the GDPR, you may, after having verified your identity, exercise the following rights:

• request information about the processing of your personal data,
• access to personal data,
• request the rectification of your personal data,
• withdraw their consent to the processing;
• request the erasure of your personal data (under the conditions set out in Article 17 (1) of the GDPR),
• request the restriction of the processing of your personal data,
• exercise your right to data portability (when the processing is performed by automated means).

In the case of data processing pursuant to Article 6(1)(a) of GDPR, you may also request the erasure of your personal data by withdrawing your consent to the processing.

When the Assessment Center method is used

The Company informs you that, pursuant to the GDPR, you may, after having verified your identity, exercise the following rights in relation to this processing:

• request information about the processing of your personal data,
• request the rectification of your personal data,
• access to personal data,
• request the restriction of the processing of your personal data,
• request the erasure of their personal data (under the conditions set out in Article 17 of the GDPR)
• object to the processing.

For more information on the protection and transfer of personal data, the rights and obligations of the data subject and the controller, the limitation of liability and the enforcement of claims, read the section "General information on data processing".