InPost Privacy Policy
Last updated: 1.07.2025
We respect your privacy and we are committed to protecting your data.
Introduction - what does this privacy policy apply to?
- 1. If you use InPost services, this Privacy Policy will explain how we process your personal data. If you want to know the list of services provided digitally, take a look at Appendix A of the InPost Digital Services Regulations.
- 2. We have prepared this Privacy Policy to show you how we process your personal data. You will find here the following information:
- 2.1 which company is the controller?
- 2.2 what data we process?
- 2.3 how and for what purposes we process the data?
- 2.4 to whom and where we send the data?
- 2.5 what your rights are and how to exercise them?
- 3. We guess that reading regulations or policies is not a pleasant activity, but it is worth knowing our policies to find out what your rights are and how to exercise them, and how we use our data processing rights.
- 4. Some basic terms:
- 4.1 personal data - all information about you that allows us to identify you directly (e.g. your email address) and indirectly (e.g. your activity on a given website);
- 4.2 GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation). The GDPR imposes specific obligations on entities that use personal data (whether on their own behalf or on behalf of another entity). The GDPR guarantees the exercise of your data protection rights - you can read more about this in Chapter 6;
- 4.3 Service - the website operated at www.inpost.pl and all other websites operated by the Controller, including: dodajinpost.pl, greencity.pl, szybkiezwroty.pl, urzad24.inpost.pl, bliskociebie.inpost.pl, inpostpay.pl, inpostfresh.pl, outofthebox.pl, integer.pl, lodowkomaty.pl, loteriainpost.pl, manager.paczkomaty.pl, inpost.eu;
- 4.4 Mobile Application - an application that can be downloaded at https://inpost.pl/aplikacja-mobilna or at https://inpostfresh.pl/, supporting you in the processes related to the parcel delivery service, as well as allowing you to pay for and receive purchases from various stores;
- 4.5 user - you are a user if you visit our Service or use InPost services or if you use the functionalities described in this Privacy Policy;
- 5. Capitalized terms not defined above have the meaning given to them in the relevant Terms and Conditions.
- 1.1 Depending on the type of service performed, the Controller of your data is the relevant company with capital ties to the company Integer.pl (later referred to as the “Controller”).
- 1.2 Depending on the purpose of personal data processing, the Controller of your personal data may be:
Company name Registered office Main business profile InPost sp. z o.o. (later: “InPost”) ul. Pana Tadeusza 4, 30-727 Kraków - delivery of parcels through an innovative system of automatic post office boxes,
- courier services for business and retail customers,
- handling cooperation with allegro.pl,
- handling the complaints process,
- carrying out marketing activities on behalf of the Integer Group, including sending a newsletter
Integer Group Services sp. z.o.o. ul. Pana Tadeusza 4, 30-727 Kraków lease, rental and management of a network of devices designed to receive parcels (InPost Parcel Lockers), including management of their security InPost Paczkomaty sp. z o.o. ul. Pana Tadeusza 4, 30-727 Kraków consulting services, supporting the activities of Integer Group subsidiaries, including, among other things, being responsible for recruitment and employment InPost Paczkomaty sp. z o.o. ul. Pana Tadeusza 4, 30-727 Kraków - manufacture and sale of parcel collection equipment, including Parcel Lockers®,
- provision of services in the areas of Fulfillment and Refrigerated Locker Machines,
- research and development activities,
- management of websites (hosting)
- holding activities, which consist of managing the Integer Group
- 1.3 Providing personal data is voluntary, but necessary to use the functionalities and services offered by InPost in connection with your use of the Website or Mobile Application.
-
2.1 We may process your personal data based on the following grounds:
- 2.1.1 consent (Article 6(1)(a) GDPR): When you give us consent, we will process your personal data for the specific purpose for which you consented. This basis is used, for example, when you sign up for our newsletter.
- 2.1.2 contract (Article 6(1)(b) GDPR): When providing you with products and services, we will process your personal data necessary for the performance of the contract concluded with you and for the fulfilment of any obligations arising from that contract.
- 2.1.3 legal requirement (Article 6(1)(c) GDPR): When the processing of your personal data is necessary to fulfil our legal obligations.
- 2.1.4 legitimate interest (Article 6(1)(f) GDPR): We may process your personal data when it is necessary for our legitimate interests and when these interests do not outweigh your rights and interests. This is especially true for processing for customer service support, improving or developing our services, and for security purposes, including fraud prevention.
- 3.1 Depending on your relationship with InPost, including depending on the service you use, we will process your personal data for the following purposes:
Purposes and legal basis for processing:
-
1. provision of postal and shipping services, including courier services and services provided through the Parcel Lockers®
legal basis for processing: contract - Article 6(1)(b) GDPR; - 2. handling of complaints
legal basis for processing: legal obligation - Article 6(1)(c) GDPR; consent to process special category personal data - Article 9(2)(a) GDPR
What personal data do we process?
- name of the sender (including the payer) and recipient (addressee) of the parcel;
- address of the parcel's sender (street, house number, premises number, postal code, city/town);
- address of the parcel’s recipient (street, house number, premises number, postal code, city/town);
- a new address for delivery of the parcel if, after the parcel has been posted, the sender notifies InPost to order delivery of the parcel to a new address or InPost agrees with the recipient before delivery of the parcel to a different address for delivery;
- e-mail address of the sender and the receiver of the parcel, which is processed in order to send messages regarding the performance of the service, in particular information about the current delivery status of the parcel, or information enabling the collection of the parcel from the Parcel Locker®;
- the telephone number of the sender and recipient of the parcel for the purpose of direct contact or sending messages regarding the performance of the service, in particular contact to determine another delivery location for the parcel, or information to enable the collection of the parcel from the Parcel Locker®;
- depending on the service selected for performance, we may also process the bank account number necessary to transfer the collected cash (as part of the collection service, the so-called cash on delivery) to the person designated by the sender, and information to identify the circumstances under which the collection payments or account top-ups are made in the course of paying for the services we offer by pre-paid (prepaid) method;
- in the case of the provision of services to entrepreneurs (B2B contract), data on business activities (including NIP, REGON, business name, business address, contact data), including the data of contact persons or persons authorized to represent the recipient and their data on cooperation with InPost;
- IP address of the persons who use our systems;
- information obtained from you as part of the complaint procedure and as part of the liquidation procedure (loss adjustment), including information about your health condition, if you choose to share it with us.
More information:
- In connection with the payment process, your data will be processed at Przelewy24 by PayPro S.A., based in Poznań, which is a separate controller.
- If your shipment is an international shipment, your data will be processed by our partner - a courier company - in the destination country, which acts as a separate controller of your personal data - a list of these entities is available here.
- On the other hand, if you have filed a claim - your personal data may be shared with our insurer (an insurance company with which we have a contract, such as Generali Towarzystwo Ubezpieczeń Spółka Akcyjna based in Warsaw), which is a separate controller of your personal data.
- In the case of substitute delivery, the actual recipient's personal data (such as name, surname, and signature) may be transferred to the original addressee. This is to ensure transparency in the delivery process and to enable the original addressee to identify the person who actually received the shipment.
Controller:
InPost sp. z o.o.Storage period:
The time necessary for the proper performance of the service, and thereafter, no longer than the expiration of the period of limitation for claims.
Purposes and legal basis for processing:
ensuring the security of the Packet machine® by conducting video monitoring
legal basis of processing: legitimate interest of the Controller consisting in ensuring the security of the device and its users and handling complaints concerning the services provided by InPost - Article 6(1)(f) RODO
What personal data do we process?
image
More information:
We process your image when you are in the field of the camera placed on the Parcel Locker®.
Controller:
InPost Paczkomaty sp. z o.o.Storage period:
The time necessary for the proper fulfilment of the purpose, and thereafter - no longer than the expiration of the period of limitation for claims.
Purposes and legal basis for processing:
to ensure the security of the facilities through video surveillance
legal basis for processing: legitimate interest of the controller to ensure the security of the facilities, infrastructure, its employees and associates - Article 6(1)(f) GDPR
What personal data do we process?
image
More information:
We process your image when you are in the field of a camera placed in/near the facility (office, sorting office, branch, other buildings)
Controller:
InPost Paczkomaty sp. z o.o.Storage period:
The time necessary for the proper fulfilment of the purpose, and thereafter - no longer than the expiration of the period of limitation for claims.
Purposes and legal basis for processing:
- provision of services through the Parcel Locker Plus (formerly: Refrigerator Machine)
legal basis for processing: contract - Article 6(1)(b) GDPR; - handling of complaints
legal basis for processing: legal obligation - Article 6 (1) (c) GDPR;
What personal data do we process?
- Identification data, including, in particular: name, surname, telephone number, e-mail address;
- in the case of the provision of services to entrepreneurs (B2B contract), we also process: data on business activities (including NIP, REGON, business name, business address, contact data), including data of contact persons or persons authorized to represent you, and data on cooperation with our company;
- information obtained from you as part of the complaint procedure and as part of the liquidation procedure (loss adjustment), including information about your health condition, if you choose to share it with us.
More information:
As part of the handling of the complaints process, your personal data may be shared with our insurer (the insurance company with which we have a contract, e.g. Generali Towarzystwo Ubezpieczeń Spółka Akcyjna based in Warsaw), which acts as a separate controller of your personal data.
Controller:
Integer S.A.Storage period:
The time necessary for the proper fulfilment of the purpose, and thereafter - no longer than the expiration of the period of limitation for claims.
website at the address inpost.pl and other websites kept by the Controller, including: dodajinpost.pl, greencity.pl, szybkiezwroty.pl, urzad24.inpost.pl, bliskociebie.inpost.pl, inpostpay.pl, inpostfresh.pl, outofthebox.pl, integer.pl, lodowkomaty.pl, loteriainpost.pl, manager.paczkomaty.pl, inpost.eu
Purposes and legal basis for processing:
- provision of services by electronic means (to the extent of providing users with access to content collected on the Services), where applicable placing and processing of orders
legal basis for processing: contract - Article 6(1)(b) GDPR; - own and partner marketing (for details see point 4.1)
legal basis for processing: legitimate interest of the controller to market the controller's own products or services - Article 6(1)(f) GDPR; consent to the use of cookies and other technologies - Article 6(1)(a) GDPR; - analysis of user activity on the Services for purposes other than advertising, including for analytical and statistical purposes
legal basis for processing: legitimate interest of the controller to conduct analysis of users' activity on the Service - Article 6 (1) (f) GDPR; - recognition and handling of complaints
legal basis for processing: legal obligation or legitimate interest of the controller to handle complaints regarding services provided by InPost - Article 6(1)(c) or (f) GDPR; - investigation of claims and defense against claims
legal basis for processing: legitimate interest of the controller to investigate, establish or defend against claims - Article 6(1)(f) GDPR
What personal data do we process?
- Identification data, including, in particular: name, surname, telephone number, e-mail address;
- information about purchases on the Website, including account, shopping cart information, delivery and payment methods;
- data about activity on the Website;
- marketing data, including data on the use of the user's devices of the Mobile Application or web browser, in particular: clicks and traffic on the site, opening of push notifications (if the user agrees to receive notifications);
- device identifiers and other on-line identifiers;
- location data
We use a variety of technologies to determine your location, including IP address, GPS, Wi-Fi access points and cell phone stations. Your location data allows us to locate and display InPost points and ® Parcel Lockers located in your neighbourhood; - information obtained from you as part of the complaints process and as part of the loss adjustment process.
More information:
As part of the handling of the complaints process, your personal data may be shared with our insurer (the insurance company with which we have a contract, e.g. Generali Towarzystwo Ubezpieczeń Spółka Akcyjna based in Warsaw), which acts as a separate controller of your personal data.
Controller:
InPost sp. z o.o.Storage period:
The time necessary for the proper fulfilment of the purpose, and thereafter - no longer than the expiration of the period of limitation for claims.
Cookies: until the expiration of the life of the individual cookie or until you withdraw consent or delete the cookie from your device (if you do so before the cookie expires)
Purposes and legal basis for processing:
- setting up an Account
legal basis for processing: contract - Article 6(1)(b) GDPR; consent - Article 6(1)(a) GDPR (to the extent of optionally provided data); - operation and maintenance of the Account
legal basis for processing: contract - Article 6(1)(b) GDPR; - optimization, improvement of functionalities based on device data
legal basis for processing: legitimate interest of the controller to conduct analysis of users' activities, as well as their preferences in order to improve applied functionalities and provided services - Article 6(1)(f) GDPR; - analysis of user activity in MP for purposes other than advertising, including for analytical and statistical purposes
legal basis for processing: legitimate interest of the controller to conduct analysis for analytical and statistical purposes - Article 6(1)(f) GDPR; - recognition and handling of complaints
legal basis for processing: legal obligation or legitimate interest of the controller to handle complaints regarding services provided by InPost - Article 6(1)(c) or (f) GDPR; - investigation of claims and defense against claims
legal basis for processing: legitimate interest of the controller to investigate, establish or defend against claims - Article 6(1)(f) GDPR
What personal data do we process?
- identification data, including, but not limited to: first name, surname, phone number, email address, zip code, NIP;
- preferred device ® Parcel Locker; type of account; type of business;
- shipping address, delivery address;
- data about the Account, including, in particular: date of creation of the account in MP, history of actions taken within the account;
- data about how you use your mobile device and MP, including in particular: clicks and traffic on MP;
- information obtained from you as part of the complaint procedure and as part of the claim procedure (loss settlement);
- location data
We use a variety of technologies to determine your location, including IP address, GPS, Wi-Fi access points and mobile phone stations. Your location data allows us to locate and display InPost points and Parcel Lockers® located in your neighbourhood.
More information:
- You can log in to your Parcel Manager account via your Allegro account. We will download only the data necessary for registration, operation and activation of the account: name, surname and e-mail address, from your allegro account.
- As part of the handling of the complaints process, your personal data may be shared with our insurer (the insurance company with which we have a contract, e.g. Generali Towarzystwo Ubezpieczeń Spółka Akcyjna based in Warsaw), which acts as a separate controller of your personal data.
Controller:
InPost sp. z o.o.Storage period:
The time necessary for the proper performance of the service, and after this period - no longer than the expiration of the period of limitation for claims.
Cookies: until the expiration of the life of the individual cookie or until you withdraw consent or delete the cookie from your device (if you do so before the cookie expires)
Purposes and legal basis for processing:
- setting-up an Account
legal basis for processing: contract - Article 6(1)(b) GDPR; consent - Article 6(1)(a) GDPR (to the extent of optionally provided data); - operation and maintenance of the Account, the ability to authenticate the user within the services available through the Mobile Application, including:
- 2.1 postal and shipping services (postage, returns, pickups, parcel extensions, for more: see Table "Provision of postal and transport services"),
- 2.1 InPost Pay (for more: see “Loyalty Programme” Table)
- 2.1 Loyalty Programme (see: “InPost Pay” Table)
- optimization, improvement of functionality based on location data
legal basis for processing: consent - Article 6(1)(a) GDPR; - analysis of user activity in the Mobile Application for purposes other than advertising, including for analytical and statistical purposes and to detect and resolve cases of non-compliance with the Terms and Conditions.
legal basis for processing: legitimate interest of the controller to conduct analysis of user activity and use the results of such analysis to improve the quality of services provided and for analytical and statistical purposes - Article 6(1)(f) GDPR or consent (push notifications) - Article 6(1)(a) GDPR; - own and partner marketing (for details see point 4.1)
legal basis for processing: legitimate interest of the controller to market the controller's own products or services - Article 6(1)(f) GDPR; consent to the use of cookies and other technologies - Article 6(1)(a) GDPR; - recognition and handling of complaints
legal basis for processing: legal obligation or legitimate interest of the controller to handle complaints regarding services provided by InPost - Article 6(1)(c) or (f) GDPR; - investigation of claims and defense against claims
legal basis for processing: legitimate interest of the controller to investigate, establish or defend against claims - Article 6(1)(f) GDPR
What personal data do we process?
- Identification data, including in particular: first name, surname, phone number, e-mail address, address of residence, delivery address, NIP;
- concerns the maintenance of an Account in the Mobile Application: data concerning that Account, including, in particular: the date of setting up the Account, history of actions taken in the Account, including, in particular, an archive of parcels received and sent, an archive of returns;
- marketing data, including data on the use of the user's devices of the Mobile Application or web browser, in particular: clicks and traffic on the website, opening of push notifications (if the user agrees to receive notifications);
- device identifiers and other on-line identifiers;
- location data
We use a variety of technologies to determine your location, including IP address, GPS, Wi-Fi access points and mobile phone stations. Your location data allows us to locate and display InPost points and Parcel Lockers® located in your neighbourhood.
More information:
As part of the handling of the complaints process, your personal data may be shared with our insurer (the insurance company with which we have a contract, e.g. Generali Towarzystwo Ubezpieczeń Spółka Akcyjna based in Warsaw), which acts as a separate controller of your personal data.
Controller:
InPost sp. z o.o.Storage period:
The time necessary for the proper performance of the service, and after this period - no longer than the expiration of the period of limitation for claims.
Cookies: until the expiration of the life of the individual cookie or until you withdraw consent or delete the cookie from your device (if you do so before the cookie expires)
Purposes and legal basis for processing:
- fulfilment of obligations and entitlements arising from participation in the loyalty program, including notification of rewards and benefits of membership, such as offers, promotions and recommendations, services, events and many others organized by us or our partner companies.
legal basis for processing: contract - Article 6(1)(b) GDPR; consent - Article 6(1)(a) GDPR (to the extent of data provided on an optional basis); - own and partner marketing (for details see point 4.1)
legal basis for processing: legitimate interest of the controller to market the controller's own products or services - Article 6(1)(f) GDPR; consent to the use of cookies and other technologies - Article 6(1)(a) GDPR; - recognition and handling of complaints
legal basis for processing: legal obligation or legitimate interest of the controller to handle complaints regarding services provided by InPost - Article 6(1)(c) or (f) GDPR; - investigation of claims and defense against claims
legal basis for processing: legitimate interest of the controller to investigate, establish or defend against claims - Article 6(1)(f) GDPR
What personal data do we process?
- Loyalty Program activity, including the number and history of exchanging/receiving/expiring points (InCoins) and history of tasks completed and rewards received;
- marketing data, including data on the use of the user's devices of the mobile application or web browser.
More information:
- As part of the handling of the complaints process, your personal data may be shared with our insurer (the insurance company with which we have a contract, e.g. Generali Towarzystwo Ubezpieczeń Spółka Akcyjna based in Warsaw), which acts as a separate controller of your personal data.
- If you declare your intention to purchase an InBox prize, we will share your data in the form of: your phone number, Loyalty Program participant status, application user status to the lottery organizer responsible for the realization of these prizes in order to enable the lottery and verify your eligibility to participate in this lottery, as a separate controller. We will also share the data with selected partners of the Loyalty Program in order to fulfil obligations and entitlements arising from participation in the Loyalty Program and for reporting purposes.
Controller:
InPost sp. z o.o.Storage period:
The time necessary for the proper performance of the service, and after this period - no longer than the expiration of the period of limitation for claims.
Purposes and legal basis for processing:
Provision of the InPost Pay service, including:
- the service of carrying out the process of purchase of goods or services in the online store of the retailer cooperating with us (within the Mobile Application),
legal basis for processing: contract - Article 6(1)(b) GDPR; - the service of storing customer data, such as address and payment data and automatically completing these data in the purchase process
legal basis for processing: contract - Article 6(1)(b) GDPR; - service of enabling customers to save their card data within the user account in the Mobile Application
legal basis for processing: consent - Article 6(1)(a) GDPR; - service of executing payments within InPost Pay
legal basis for processing: contract - Article 6(1)(b) GDPR; - own and partner marketing (for details see point 4.1)
legal basis for processing: legitimate interest of the controller to market the controller's own products or services - Article 6(1)(f) GDPR; consent to the use of cookies and other technologies - Article 6(1)(a) GDPR; - recognition and handling of complaints
legal basis for processing: legal obligation or legitimate interest of the controller to handle complaints regarding services provided by InPost - Article 6(1)(c) or (f) GDPR; - investigation of claims and defense against claims
legal basis for processing: legitimate interest of the controller to investigate, establish or defend against claims - Article 6(1)(f) GDPR
What personal data do we process?
- Identification and contact data, including in particular: name, surname, phone number, e-mail address, address of residence, delivery address;
- data on transactions using InPost Pay, including: shopping cart and payment information, information about the store where you made the purchase;
- payment card data;
- transaction history;
- marketing data, including data on how you use your Mobile Application or web browser devices.
More information:
- Within the Mobile Application, as a buyer, you can use an additional service that allows you to make a fast track purchase from the on-line store of a selected cooperating seller, using the data stored within your account on the mobile application, including identification data, payment data and delivery data. Then the controller of the data processed in connection with the conclusion and performance of the sales contract is the seller.
- We do not store the buyer's credit card data unless you choose to save it to facilitate future payments. In that case, we will only store the card holder's name, card expiration date, card type and the last four digits of the card number. We do not store the verification values of the credit card code. We only transmit them in an encrypted manner along with the credit card number for the purpose of payment execution by the operator, as a separate controller. The controller of buyers' personal data processed in connection with the payment process is Aion bank S.A. joint-stock company branch in Poland.
- As part of the handling of the complaints process, your personal data may be shared with our insurer (the insurance company with which we have a contract, e.g. Generali Towarzystwo Ubezpieczeń Spółka Akcyjna based in Warsaw), which acts as a separate controller of your personal data.
Controller:
InPost sp. z o.o.Storage period:
The time necessary for the proper performance of the service, and after this period - no longer than the expiration of the period of limitation for claims.
Purposes and legal basis for processing:
If you are a user of the InPost Fresh application then we process your data for the following purposes:
- provision of services as part of the InPost Fresh Platform
legal basis for processing: contract - Article 6(1)(b) GDPR; - analytical and statistical
legal basis for processing: legitimate interest of the controller consisting in conducting analysis of users' activity, as well as their preferences in order to improve applied functionalities, provided services, create analysis and statistics- Article 6(1)(f) GDPR; - recognition and handling of complaints within the services provided via the InPost Fresh Platform
legal basis for processing: legitimate interest of the controller consisting in handling complaints regarding services provided by InPost - Article 6(1)(f) GDPR or legal obligation - Article 6(1)(c) GDPR; - investigation of claims and defense against claims
legal basis for processing: legitimate interest of the controller consisting in investigation, establishment or defense of claims and defense against claims - Article 6(1)(f) GDPR; - own and partner marketing (for details see point 4.1)
legal basis for processing: legitimate interest of the controller to market the controller's own products or services - Article 6(1)(f) GDPR; consent - Article 6(1)(a) GDPR - consent to use cookies and other technologies.
If you are a participant in our Loyalty Programme, we also use your data to fulfil the obligations and entitlements arising from your participation in the programme (see (see "Loyalty Program" table).
What personal data do we process?
- Identification data, including in particular: first name, surname, phone number, e-mail address, address of residence, delivery address, NIP;
- account data, including in particular: date of account creation, activity data, location data;
- history of actions taken under the user's Account with details of transactions, and including: cart value, form of payment and details related to making payments and transactions, transaction history, payment history, address history, information about complaints made, correspondence history; shopping habits;
- marketing data, including data about the user's device usage of the mobile application or web browser, and including: clicks and traffic on the website/mobile application, device information, IP address, opening of push notifications (if the user agrees to receive notifications).
More information:
- The controller of buyers' personal data (your data) processed in connection with the conclusion of a sales contract through the Platform is the seller with whom you conclude a sales contract. For details on the processing of buyers' personal data by individual sellers, please refer to the seller's profile on the Platform.
- In connection with the implementation of services provided electronically, your personal data will be disclosed to, among others, the vendor responsible for the operation of IT systems (VTex).
- If you wish to share your opinion about your purchase and give your consent, you will receive a questionnaire for the customer satisfaction survey Trusted Opinions, implemented by ceneo.pl sp. z o.o., Wroclaw, which will process your e-mail address and information about your purchase at InPost Fresh as a separate controller.
- As part of the handling of the complaints process, your personal data may be shared with our insurer (the insurance company with which we have a contract, e.g. Generali Towarzystwo Ubezpieczeń Spółka Akcyjna based in Warsaw), which acts as a separate controller of your personal data.
Controller:
InPost sp. z o.o. (Controller of personal data of Platform users)Storage period:
The time necessary for the proper fulfilment of the purpose, and thereafter - no longer than the expiration of the period of limitation for claims.
Purposes and legal basis for processing:
- to provide the ability to interact with the user (you), to provide answers to the questions asked, to provide technical support, as well as to monitor and improve this process
legal basis for processing: legitimate interest of the controller to be able to interact with the person concerned, to provide answers to the question asked, to process the requests and claims made, to provide technical support - Article 6(1)(f) GDPR; - handling of customer service complaints
legal basis for processing: legal obligation (in case of provision of postal and shipping services) or legitimate interest of the controller - Article 6(1)(f) GDPR; - handling of requests from data subjects
legal basis for processing: legal obligation - Article 6(1)(c) GDPR or legitimate interest of the controller - Article 6(1)(f) GDPR
What personal data do we process?
- Identification data, including, in particular: name, surname, telephone number, e-mail address;
- customer ID and interaction log;
- user-generated content, such as emails and chat records.
More information:
- Before we start recording conversations with you, we will always inform you and ask for your consent.
- The chatbot provided to users does not collect or process users' personal information without their express consent. Where the chatbot allows users to leave contact information, such as an e-mail address or telephone number, the processing of such data is carried out in accordance with the rules set forth in this privacy policy.
Controller:
InPost sp. z o.o.Storage period:
The time necessary for the proper fulfilment of the purpose, and thereafter - no longer than the expiration of the period of limitation for claims.
Purposes and legal basis for processing:
- implementation of the recruitment process
legal basis for processing: with respect to candidates: legal obligation - Article 6(1)(c) GDPR or consent - with respect to additional data provided voluntarily by the candidate - Article 6(1)(a) GDPR. a GDPR; with regard to referrers and persons involved in the recruitment process of candidates (external companies): the necessity of processing for the performance of the contract (Article 6(1)(b) GDPR); - expansion of the CV database (only in the case of the candidate's consent to be contacted for future recruitment)
legal basis for processing: with regard to candidates: consent - Article 6(1)(a) GDPR; - verification of qualifications and skills possessed and determination of terms of cooperation
legal basis for processing: with regard to candidates: legitimate interest of the controller to verify job candidates and determine terms of possible cooperation undertaking activities promoting the activities of the Foundation and conducting its activities - Article 6(1)(f) GDPR; - verification of skills of job candidates by conducting a test
legal basis for processing: with regard to candidates: consent - Article 6(1)(a) GDPR
What personal data do we process?
- identification and contact data, including in particular: name, surname, education, professional qualifications, history of previous employment, phone number, e-mail address;
- information contained in CV and data contained in recruitment documents.
As part of this process, we may process personal data belonging to:
- candidates,
- employees,
- co-workers,
- referrers,
- persons involved in the recruitment process of candidates (external companies).
More information:
- This section deals with job offers and offers for internships and apprenticeships. It applies to recruitment of employees, associates, employee referrals and internal recruitment, as well as recruitment by external companies.
- The controller of your personal data is the potential employer. In some cases, your data may also be processed by external entities, such as Recruitment Agencies that act on our behalf and for our benefit
Controller:
InPost sp. z o.o., Integer Group Services sp z o.o. , Integer.pl S.A., IT Technology Luxmeburg s.a.r.lStorage period:
We will retain your personal data for as long as is necessary for us to fulfil the purposes listed above and to comply with any related legal obligations.
After 2 years from the end of the recruitment process, the data is automatically deleted from the system.
Purposes and legal basis for processing:
- prevention of harassment and discrimination
legal basis for processing: legal obligation - Article 6 (1) (c) GDPR; - handling reports and irregularities (whistleblowing policy), including: confirming receipt of the report and providing feedback
legal basis for processing: legal obligation - Article 6 (1) (c) GDPR; - verification of the report and follow-up
legal basis for processing: With respect to the person to whom the notification relates: legal obligation; in specific cases, obligation or consent to process special category of personal data; With respect to the person involved in the investigation: legitimate interest of the controller
What personal data do we process?
- identification and contact information, including in particular: name, surname, contact details such as phone number, email address;
- information contained in your application or obtained during the investigation, including health information, if you choose to provide it
As part of an ongoing investigation, we may process personal data belonging to:
- the whistleblower;
- the person who is the subject of the report;
- the person involved in the investigation.
Controller:
Integer Group Services sp z o.o.Storage period:
The time necessary for the proper fulfilment of the purpose, and thereafter - no longer than the expiration of the period of limitation for claims.
Purposes and legal basis for processing:
- undertaking the administration and follow-up of contests and events, such as confirming participation, contacting winners, transferring prizes, contacting you to provide relevant information about the contest and/or event and granting you access to the venue
legal basis for processing: legitimate interest of the controller to organize and adjudicate contests (when promotional actions are of public promise) - Article 6(1)(f) GDPR or contract (when promotional actions are the result of a concluded agreement); - undertaking promotional, marketing, and customer relationship shaping activities
legal basis for processing: legitimate interest of the controller consisting in conducting promotional and marketing activities with regard to contests - Article 6(1)(f) GDPR
What personal data do we process?
- identification data, including, in particular: name, surname, telephone number, e-mail address;
- information submitted as part of a contest.
Occasionally, our events are photographed and filmed, and this content will be used to market our services and promote future events on our website, social media channels and in marketing materials (if necessary, we will ask for your permission).
More information:
Regulations of individual promotional campaigns may indicate other purposes or processing periods.
Controller:
InPost sp. z o.o.Storage period:
The time necessary for the proper fulfilment of the purpose, and thereafter - no longer than the expiration of the period of limitation for claims.
Purposes and legal basis for processing:
- running the Foundation, fulfilling its statutory objectives
legal basis for processing: running the Foundation's activities in terms of fulfilling its obligations under the law - Article 6(1)(c) GDPR; legitimate interest of the controller consisting in running the Foundation's activities and undertaking activities of an organizational nature - Article 6(1)(f) GDPR; - promoting the activities of the Foundation, disseminating information regarding the statutory goals and their implementation
legal basis for processing: legitimate interest of the Controller consisting in undertaking activities promoting the activities of the Foundation and conducting its activities - Article 6(1)(f) GDPR
What personal data do we process?
- identification data, including, in particular: name, surname, telephone number, e-mail address;
- other personal data required by law.
Controller:
InPost sp. z o.o.Storage period:
The time necessary for the proper fulfilment of the purpose, and thereafter - no longer than the expiration of the period of limitation for claims.
Purposes and legal basis for processing:
- Supporting sports activities of individuals, clubs, sports events and other activities
legal basis for processing: legitimate interest of the controller consisting in conducting activities for conducting sponsorship activities - Article 6(1)(f) GDPR or legal obligation (unless there is a specific legal obligation, the processing of your personal data for this purpose is based on our legitimate interest); - to inform you about the activities undertaken by InPost for the purposes of supporting professional athletes, clubs, sports associations/other activities
legal basis for processing: legitimate interest of the controller consisting in conducting activities for conducting sponsorship activities - Article 6(1)(f) GDPR or legal obligation (unless there is a specific legal obligation, the processing of your personal data for this purpose is based on our legitimate interest); - to inform about InPost's sponsorship activities, dissemination of information regarding the objectives and their implementation
legal basis for processing: legitimate interest of the controller to carry out activities aimed at conducting sponsorship activities - Article 6(1)(f) GDPR or legal obligation (unless there is a specific legal obligation, the processing of your personal data for this purpose is based on our legitimate interest)
What personal data do we process?
- identification data, including in particular: name, surname;
- information on sports achievements and interests, information on the course of previous activities, membership of clubs/teams/groups;
- information on the material and financial situation of the person and/or family;
- image.
Controller:
InPost sp. z o.o.Storage period:
The time necessary for the proper fulfilment of the purpose, and thereafter - no longer than the expiration of the period of limitation for claims.
Purposes and legal basis for processing:
To provide on-line (customers, users, visitors, resources) and stationary (persons, facilities, infrastructure, equipment and the information contained therein) security.
Personal data may be processed by us when analyzing incidents or (suspected) violations:
- to analyse, investigate, document and report individual incidents;
- to develop analyses and reports on security status;
- to establish, assert and/or defend legal claims.
legal basis for processing:
legitimate interest of the controller to ensure safety, protection of people and property and clarification of incidents or violations - Article 6(1)(f) GDPR or legal obligation - Article 6(1)(c) GDPR (unless there is a specific legal obligation, the processing of your personal data for safety and security purposes is based on our legitimate interest).
What personal data do we process?
- customer ID;
- order history;
- payment data;
- purchasing behavior;
- surveillance recordings;
- incident and accident records.
Individual records may include data such as health information, information on fraud, including (suspected) criminal activity.
More information:
- We take a number of measures to ensure the safety of:
- 1.1 persons
- our employees, co-workers, contractors, partners, visitors, members of the public;
- customers, users,,
- 1.2 property,
- 1.3 facilities and infrastructure of InPost
- 1.1 persons
- We strive to protect our resources from cyber-attacks, fraud, abuse and other malicious activities.
- We use, among other things, monitoring (cameras) of our facilities, infrastructure, offices, sorting facilities and warehouses to ensure stationary security.
Controller:
InPost sp. z o.o.Storage period:
The time necessary for the proper fulfilment of the purpose, and thereafter - no longer than the expiration of the period of limitation for claims.
Purposes and legal basis for processing:
We process your data for the following purposes:
- analytical purposes: to develop and improve our services and enhance the customer experience;
- creating new functionalities;
- personalizing content on the Services and Mobile Application
legal basis for processing:
legitimate interest of the controller to carry out analytical, optimization and support activities for sales, provision of services and advertising activities - Article 6(1)(f) GDPR or consent - Article 6(1)(a) GDPR (if data will be used for marketing purposes)
What personal data do we process?
- e-mail address/phone number;
- customer ID;
- gender;
- parcel/complaint number and history;
- transactional data, such as shopping cart information, order value, payment type and preferences;
- behavioral and contextual data;
- MAC addresses;
- other system-generated data from your actions and interactions with us.
Data used for development and improvement has been collected for various purposes. For example, we may use online transaction data to develop our online ordering system, and we use anonymized data for this purpose. All analysis is conducted at the aggregate data level. If sufficient and possible, we use anonymous data.
More information:
- Our goal is to create easily accessible and personalized services, which requires analysis of user/customer needs and requirements. This includes analysis to make our services more user-friendly (to you), such as modifying the user interface to simplify the flow of information or to identify and develop services and their functionality.
- Sometimes we use surveys and customer satisfaction evaluation forms. In this case, any personal data used and obtained from you will be processed only for the specific purpose described therein. We try to conduct anonymous surveys, and in situations where we already have your personal data - we anonymize it.
- We create and collect statistics, including via your smart devices, in order to optimize our assortment and services, as well as analyze and plan the use of personnel, equipment and facilities.
- We want to be able to perform analysis and segmentation to provide you with personalized services/purchases.
- We may share your data with our advertising partners for advertising optimization and targeting purposes.
Controller:
InPost sp. z o.o.Storage period:
The time necessary for the proper fulfilment of the purpose, and thereafter - no longer than the expiration of the period of limitation for claims.
Purposes and legal basis for processing:
- sending suggestions and recommendations as part of the provision of services
legal basis for processing: legitimate interest of the controller to conduct its own marketing to customers - Article 6(1)(f) GDPR; - sending direct marketing messages via email, push notifications, SMS or phone calls
legal basis for processing: consent - Article 6(1)(a) GDPR
What personal data do we process?
- identification data, including in particular: phone number and email address;
- information about user interactions;
- information about the user and his/her habits (e.g. shopping habits).
More information:
- We use various forms and channels of communication, i.e. we contact you via email, via MMS / SMS, via phone calls and push notifications. The content we send you includes suggestions and recommendations for our or third-party services or goods that may be of interest to you. We prepare this information using algorithms that analyze how you use our services, including analyzing your activity on services or mobile applications.
- By signing up for the newsletter, you agree to receive messages by email (Article 6(1)(a) GDPR).
- If you do not like the marketing activities we undertake, or you do not wish to use the selected forms of contact with you, please contact us (see section 7 for contact details)
Controller:
InPost sp. z o.o.Storage period:
The time necessary for the proper fulfilment of the purpose, and thereafter - no longer than the expiration of the period of limitation for claims.
- 4.1 Marketing
- 4.1.1 We process your personal data to carry out marketing activities, which may consist of:
- 4.1.1.1 displaying marketing content that matches your interests (behavioral advertising), as well as targeting advertising messages to you on other websites and social networks (remarketing);
- 4.1.1.2 displaying marketing content to you that is not tailored to your preferences (contextual advertising);
- 4.1.1.3 sending you commercial information through various channels, including email (including in the form of a newsletter), SMS/MMS, through push notifications or by phone, containing information about interesting offers or content regarding our products and services, Integer.pl Group companies and entities cooperating with these companies.
- 4.1.2 In the case of activities referred to in 4.1.1.1 above, we act on the basis of our legitimate interest (Article 6(1)(f) GDPR) to conduct personalized advertising campaigns, and to the extent required by law - on the basis of your consent.
- 4.1.3 In the case of the activities referred to in 4.1.1.2 above, we act on the basis of our legitimate interest (Article 6(1)(f) GDPR) in increasing the scale of our marketing campaigns.
- 4.1.4 In the case of the activities referred to in 4.1.1.3 above, we operate on the basis of your consent to transmit marketing content to your email, phone number, or push messages (if such functionality is provided). You can give your consent by checking the appropriate checkbox located under the form available on the website or in your account settings. You may withdraw your consent at any time, and withdrawal of consent does not affect the validity of actions taken prior to withdrawal.
- 4.1.5 We may use the data we obtain from you to create your profile (user profile). This means that through automatic data processing we will be able to predict or evaluate various aspects related to your person, e.g. your age, gender, interests, economic situation, location. This allows us to better tailor the content displayed or transmitted to your preferences and interests, allowing you to take advantage of better offers and saving you time. The processing of personal data is carried out in connection with the fulfillment of our legitimate interest (Article 6(1)(f) GDPR), which is to target marketing messages to those interested in our services and to conduct personalized marketing campaigns. Our trusted partners are also involved in the process of displaying personalized advertising to you.
- 4.1.6 We may process your personal data for the purpose of marketing our own services, including sending information about offers, promotions and news about the services we provide and activities to promote our services and brand. The activities we undertake may also consist of repeating advertising messages to people who use the service or mobile application, on websites and social networks. Processing of personal data then includes profiling of users.
- 4.1.7 Both InPost and our trusted partners may process your personal data, including personal data collected through cookies and other similar technologies, for marketing purposes in connection with targeting you with advertising.
- 4.1.8 We use cookies on our sites to make it easier for you to use our sites, such as to remember your settings and preferences and to simplify logging into your account. We use cookies for this purpose. You can give your consent to the use of cookies (professionally, it is the consent to store information on your terminal device and obtain information) through the so-called “Cookie Banner”, which is displayed when you enter the website or when you open the mobile application. Please refer to the cookie policy for more information. You may withdraw your consent at any time, and withdrawal of consent does not affect the validity of actions taken prior to withdrawal.
- 4.1.9 We process your personal data when you visit our profiles maintained on social media (e.g. Facebook, Youtube, Instagram, Twitter, Linkedin, Pinterest). This data is processed solely in connection with the operation of the profile, including to inform users about our activities and to promote various events, services and products. The legal basis for the processing of personal data by us is our legitimate interest (Article 6(1)(f) GDPR) in promoting our own brand.
- 4.1.1 We process your personal data to carry out marketing activities, which may consist of:
- 4.2 Combining information obtained from different sources
- 4.2.1 If you have given your marketing consent, we will use information collected about you that we have obtained from various sources, i.e. in connection with the execution of other processes (e.g. account maintenance), and we will use it for marketing purposes in pursuit of our legitimate interest (Article 6(1)(f) GDPR). These data may be used for user profiling.
- 4.2.2 With the personal data we collect from you on the Services or mobile application, we may combine data obtained from public sources and from third parties:
- 4.2.2.1 data in the form of technical and usage-based information that we have obtained from analytics providers (e.g. Google Analytics);
- 4.2.2.2 address and contact data related to business activities, which we have obtained from information providers such as business intelligence agencies and entities that build databases of potential contractors, and from publicly available records (e.g. CEIDG).
- 4.3 Conclusion and performance of contracts for entrepreneurs, powers of attorney
- 4.3.1 When you are an entrepreneur or a person representing an entity with whom InPost enters into or performs a contract (e.g., you represent your employer or principal), we may process the following data about you:
- 4.3.1.1 data of the person who is a party to the contract: name, surname, address data, position or function, NIP, REGON, contact data, signature and other data indicated in the content of the contract;
- 4.3.1.2 data of the person indicated in the body of the contract as a dedicated contact person in connection with the contract: name, surname, position and contact data;
- 4.3.1.3 in the case of persons representing the entity in question: name, surname, position or function, signature and other data indicated in public records or the content of the power of attorney granted.
- 4.3.2 In the situation described in point 4.3.1 above, the purpose of the processing is: (1) fulfilment of the controller's legal obligation (Article 6.1.c RODO) to fulfil legal obligations in connection with the conclusion, performance and settlement of the contract, including the correct identification of persons authorized to represent and incur obligations on the part of the counterparty at the time of signing the contract, delivery, issuance of a vat invoice or receipt, the assertion and defense of claims, as well as related to the obligation to keep accounting books and tax settlements; (2) the controller's legitimate interest (Article 6(1)(f) RODO), consisting of conducting activities aimed at concluding and executing a contract, conducting correspondence and e-mail exchanges, contact related to the execution and performance of contractual provisions.
- 4.3.1 When you are an entrepreneur or a person representing an entity with whom InPost enters into or performs a contract (e.g., you represent your employer or principal), we may process the following data about you:
- 4.4 Processing of children's personal data
- 4.4.1 Some of our services are intended for people over the age of 13. If you are under the age of 16, i.e. you are not eligible to use InPost's digital services on your own, you must have the consent of your parent or legal guardian to use these services. If we do not receive such consent, we cannot process your information and must delete your personal data. This may mean that we will not be able to provide you with the services you have requested from us.
- 4.4.2 We may process such information about you: name, surname, date of birth and contact details of your guardian, other information necessary for a specific purpose.
- 4.4.3 We make every effort to collect only the data that is necessary to provide the services. We do not knowingly collect additional information from or about minors. If we learn that we have inadvertently collected such personal information, we will take action to enforce our terms and conditions and take action to promptly remove the personal information from our records.
- 4.4.4 We may use your data to: providing and fulfilling the services you have requested (they must be age-appropriate), participating in contests or events, communicating with your legal guardian's permission.
- 4.4.5 We take care to use your information securely and protect it so that no unauthorized person can access it without your parent or guardian's permission. We only use collected data about you for an appropriate amount of time.
- 4.4.6 Your parent or guardian may request access to your data, change it, delete it, or may withdraw consent to processing at any time.
- 4.5 Closing an account in the Mobile Application or Parcel Manager
- 4.5.1 When you close your account yourself (delete your account in the Mobile Application or Parcel Manager and then uninstall the application), you will lose access to your data under your active account. You may only have access to this data if you exercise your right to access to your data and we will continue to process it. For information on how to exercise your right to access your data, see Section 6.
- 4.5.2 We can also close your account. The rules under which we can do this are described in detail in the mobile application terms and conditions and the Parcel Manager terms and conditions. In such a case, you will also lose access to your data under your active account, but you will be able to exercise your right of access and other rights as long as we continue to process the data.
- 4.6 Deletion of personal data
- 4.6.1 The period of data processing by the controller depends on the type of service provided and the purpose of processing. As a general rule, data are processed for the duration of the service, until the withdrawal of the consent given or the filing of an effective objection to data processing in cases where the legal basis for data processing is the legitimate interest of the controller.
- 4.6.2 We delete personal data when the following temporal conditions are met:
- 4.6.2.1 when you are a shipper (payer): both when you have an account and when you do not have an account, but use our services as a shipper (including a payer) - we store your personal data for a maximum period of 6 years counting from the date of shipment of a given parcel or deletion of your account, and after that time we may store the data for a period no longer than the period of limitation for possible claims;
- 4.6.2.2 when you are a receiver of a parcel: we may keep your personal data for a period no longer than the period of limitation for possible claims for the provision of services by us under generally applicable law;
- 4.6.2.3 when you make a complaint or grievance about the services that InPost provides: we process the personal data contained in that complaint or grievance for the time necessary to process that complaint or grievance, and after that time we may keep them for a period no longer than the period of limitation for possible claims for the complaint or grievance made, resulting from generally applicable laws;
- 4.6.2.4 if you submit any other application or inquiry to us: we will keep your personal data for the period of service and possible execution of the application, and after that period we may keep them for a period no longer than the period of possible period of limitation for claims under generally applicable law;
- 4.6.2.5 if the duration of storage of your personal data results from the mandatory provisions of the law, we store your personal data for the period specified in those provisions.
- 4.6.3 The above action is in accordance with Article 17(3)(b) and (e) GDPR, where it is indicated that the right to erasure does not apply to the extent that the processing is necessary for, among other things:
- 4.6.3.1 to comply with a legal obligation requiring processing under Union or Member State law to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
- 4.6.3.2 to establish, assert or defend claims.
- 4.7 Security of personal data
- 4.7.1 The security of your personal data is a priority for us. To this end, we conduct a risk analysis on an ongoing basis - to ensure that your personal data is processed by us in a secure manner, ensuring above all that only authorized persons have access to the data and to the extent necessary for their tasks.
- 4.7.2 We make every reasonable effort to ensure the security of the personal data processed, using effective technical and organizational safeguards.
- 4.7.3 We store all information we receive about you on properly secured servers.
- 4.7.4 We constantly assess the security level of our network, and monitor internal regulations and procedures. This enables us to:
- 4.7.4.1 protect data from accidental or unlawful loss, unauthorized access or disclosure;
- 4.7.4.2 identify foreseeable risks to the security of our network;
- 4.7.4.3 minimize security risks, including through risk assessment and regular testing.
- 4.7.5 All payment-related data is encrypted using SSL technology.
- 5.1 In connection with the implementation of our services provided electronically, personal data is disclosed to:
- 5.1.1 Integer.pl Capital Group – we may share your data with other companies in the integer.pl capital group, a list of which is available here. These companies help us improve our services, support our customers, conduct business analysis, ensure security and detect abuse. The transfer of data may be necessary for you to use our services.
- 5.1.2 Third-party service providers – we use third-party service providers to help us maintain and provide certain solutions related to our services or who provide certain services to us. These include, but are not limited to, Suppliers responsible for operating information systems, accounting service providers, legal service providers, insurance companies, marketing agencies. Some of these entities act as separate controllers, and some - depending on the service provided to us - process personal data as processors, i.e. in accordance with our instructions, only to the extent indicated by us.
- 5.1.3 Marketing and analytics providers – to improve our services, we sometimes share your information with providers like google and meta. They help us analyze how users use the services, and mobile apps, and support our online marketing. For more information, see our cookie policy..
- 5.1.4 Entities providing payment services on websites or mobile applications – to provide payment services made available on websites or mobile applications, we provide the payment operator with the data necessary to execute the payment and verify and identify the customer. The payment operator becomes a separate controller of your data.
- 5.1.5 Law enforcement, supervisory authorities and others – we may disclose selected information about you to competent authorities or third parties who make such a request. We will do so in accordance with the law.
- 5.2 Transfer of data outside the EEA
- 5.2.1 As a general rule, we do not use suppliers who are based in countries outside the European Economic Area (“EEA”). However, it may happen that some entities whose services we use directly or indirectly (e.g. Service media providers ) are based in countries outside the EEA or may use subcontractors who are based outside the EEA.
- 5.2.2 If the situation described in sentence 2 above arises , we will transfer your personal data outside the EEA only when necessary, and with the appropriate degree of protection as required by the GDPR. To this end:
- 5.2.2.1 we transfer your personal data to countries that have been recognized by the European Commission as providing an adequate level of protection for personal data, or.
- 5.2.2.2 we use certain suppliers, we use model contracts that have been approved by the European commission (standard contractual clauses). Together with the required additional security measures, these provide personal data with the same protection as they enjoy in the European Union.
| TYPE | DESCRIPTION |
|---|---|
| Right to access data | You can check whether we process your personal data and, if so, you can obtain a copy of your data. |
| The right to rectification | You can request the correction of incomplete, incorrect or outdated data. You can check if we process your personal data, and if yes, you can receive a copy of your data. |
| Right to restrict processing | You can ask us to stop processing your data when:
|
| The Right to object against the processing | Applies when we process your data on the basis of a legitimate interest (ours or that of third parties). You can object on grounds relating to your particular situation where you believe the processing affects your rights or freedoms. Occasionally, it may be that we have legitimate grounds for processing your data that override your rights and freedoms (e.g. the need to ensure the security of the Service and prevent fraud). |
| The right to erasure | You can request the deletion of your data if it is no longer necessary for the purposes for which it was collected. You can also request the deletion of data if:
|
| The right to portability | In exercising this right, we will provide you or a third party designated by you with your personal data. However, you only have this right in respect of data processed on the basis of consent or in the performance of a contract and the processing is carried out by automated means (in IT systems). |
| Withdrawal of consent | If you have given us consent to process some of your data, you have the right to withdraw this consent at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out before its withdrawal. Your personal data has been processed not in line with the law; |
- 6.2 How your rights are exercised:
- 6.2.1 You can exercise your rights by contacting us:
- to the email address dane_osobowe@inpost.pl;
- at the phone number +48 722 444 000 lub +48 746 600 000;
- by post: ul. Pana Tadeusza 4, 30-727 Kraków.
- or via the Contact Form.
- via chat (see https://inpost.pl/en/contact)
- 6.2.2 You can exercise your right to object in different ways depending on what it concerns:
- for marketing emails - click on the unsubscribe link in the body of the email;
- for marketing SMS messages, push notifications or phone calls - change the notification settings in your account to opt out;
- for cookies, click on the opt-out option within the cookie banner (bottom bar of the "Manage cookies" page)
- otherwise contact us via the Contact Form or by e-mail: dane_osobowe@inpost.pl.
- via chat (see https://inpost.pl/en/contact))
- 6.2.3 Everyone has the right to the protection of their personal data, and under the RODO, you can exercise your rights at no charge (this is the case in most cases). We may charge a reasonable fee if your request is manifestly unreasonable or excessive, particularly due to its statutory nature. In such cases, we may also refuse to comply with your request.
- 6.2.4 We endeavour to respond to your requests within a month. If your request is particularly complex or we have received several requests from you, it may take us longer to recognise your request. If this is the case, we will inform you that it will take longer and keep you updated on the status of your request.
- 6.2.1 You can exercise your rights by contacting us:
- 6.3 Complaint to the supervisory authority
- 6.3.1 You have the right to lodge a complaint with the competent supervisory authority at any time. In matters relating to the processing of data as part of the services we provide, you may contact the President of the Data Protection Authority, ul. Stawki 2, 00- 193 Warszawa.
- 6.3.2 Before you file a complaint, give us a chance to address your case. Simply contact us via the Contact Form..
- 7.1For further information or to exercise your rights:
- 7.1.1 contact us via the contact form, by email: dane_osobowe@inpost.pl or by phone: +48 722 444 000 or +48 746 600 000;
- 7.1.2 send us a letter to the following address: ul. Pana Tadeusza 4, 30-727 Kraków.
- or via Contact Form.
- via chat (see https://inpost.pl/en/contact)
- 7.2 We have appointed a Data Protection Officer whom you can contact via email dane_osobowe@inpost.pl on any matter concerning the processing of your personal data.
- 8.1 We can change or update this Privacy Policy. We will publish any changes on a Website, on the Parcel Manager website, and in the Mobile App. If you have provided us with your e-mail address, we can additionally notify you of the changes in an e-mail.
- 8.2 If you do not express your consent to any changes in the Privacy Policy. you can cancel your account in the Parcel Manager or in the Mobile App. The account cancellation option can be found in the settings.