Storing, Sharing and Securing Your Data
We will keep your data for as long as necessary to fulfill our purposes, to execute our contracts and to comply with any legal obligation. The retention period may differ per country based on applicable country laws.
To comply with applicable legal obligations, we will keep some of your data for a period up to 11 years, with variations per country as determined by applicable local laws. For example, the storage of shipment documents required for shipment processing. We determine an appropriate and reasonable retention period by considering the nature, the sensitivity and the necessity of your data.
We continuously strive to minimize the retention period of data where the purpose, the law or contracts allows us to do so. For example, in some countries data for the purpose of customer satisfaction is kept for no longer than 3 years. The data that we collect based on your consent will be kept until you withdraw your consent.
DHL takes the security of your data very seriously. We have implemented various strategies, controls, policies and measures to keep your data secure. We keep our security measures under close review. We use safeguards such as firewalls, network intrusion systems, application monitoring and password protection. Where appropriate, we secure your data by using pseudonymization and encryption techniques when storing and transferring your data. We ensure that there are strict physical access controls in our buildings and certified data centers. This means that your data is secured and only accessible on a need-to-know basis.
As a part of our security strategy, we have set up auditing programs to make sure that our systems and services comply with the DPDHL information security policy, and by extension the ISO 27000 series of Security Standard.
In addition, we are taking a number of ongoing measures to reduce risk, such as (but not limited to) training our employees regularly and organizing incident simulation exercises by our Cyber Defense Center.
The goal is to have a continuous IT system operation and to prevent unauthorized access.
DHL will only share or transfer your data in the course of carrying out the purposes outlined in this Privacy Notice, when permitted by applicable law and with appropriate safeguards.
We will transfer your data to the following category of recipients:
- DPDHL Group companies: transfer is required within the DPDHL Group, its legal entities and shared service centers to provide our products and services
- Business partners: transfer is necessary for performance of the contract (e.g. to deliver your package to a Service Point)
- Public authorities: transfer is required by applicable law (e.g. to fulfil a legal obligation during shipment processing)
Your data is only transferred outside the European Economic Area (EEA) to other Deutsche Post DHL Group companies, third party business partners or public authorities when permitted by applicable data protection law. In such cases, we will make sure that appropriate safeguards are in place to ensure the transfer of your data (e.g. binding corporate rules, standard contractual clauses).