Privacy Policy
Date of the last update 09.05.2024
WE RESPECT YOUR PRIVACY AND PROTECT YOUR DATA
Since you utilize services offered by the Integer.pl Group of Companies, we process your personal data. Below you'll will find why and how we do it. You will learn about your rights and how we protect your data.
- 1.1 Your personal data - all the information about you, which make it possible to identify you directly (e.g. your e-mail address) and indirectly (e.g. Your activity on a given website, including the IP of the device, location data, online ID, and any information collected by means of cookie files and other similar technology.).
- 1.2 GDPR - Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016 on the protection of natural persons in connection with the processing of personal data, and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). GDPR imposes particular duties on the entities which perform operations on any personal data (both in their own name and commissioned by another entity).
- 1.3 Websites - a website at www.inpost.pl and any other websites managed by the Controller.
- 1.4 Mobile Application - an app dedicated for mobile devices (smartphones, tablets) downloadable with the use of the links available at https://inpost.pl/aplikacja-mobilna, which helps you with the processes related to handling shipment deliveries, and also makes it possible to pay for and collect purchases from different stores.
- 1.5 Parcel Manager - a system for dispatching parcel locker and courier shipments, which operates at https://manager.paczkomaty.pl/.
- 2.1 The Controller of your data is, depending on the type of the service performed, the respective company having capital links with the Integer.pl company ("Controller"). The detailed information in this respect is included in the Appendix to the Privacy Policy.
- 2.2 Depending on the type of the service performed, the Controller of your personal data can be:
- 2.2.1 InPost sp. z o.o. („InPost") with the seat in Kraków;
- 2.2.2 InPost Paczkomaty Sp. z o.o. having its registered office in Kraków;
- 2.2.3 Integer.pl S.A. based in Krakow.
WE WILL USE YOUR DATA FOR DIFFERENT PURPOSES, BUT ONLY WHEN JUSTIFIED
- 3.1 We process your data since:
- 3.1.1 this is necessary, in order to perform the contract for providing parcel locker, courier, or other services. Thus, you can use our services, and we can provide them correctly and effectively;
- 3.1.2 we perform the responsibilities resulting from the regulations (eg. tax, accounting duties, resulting from the Act - Postal Law, the Act Carriage Law, or the Act on the Prevention of Money Laundering and Terrorism Financing);
- 3.1.3 this is necessary, in order to make it possible for you to use our Websites, the Mobile App, or the Parcel Manager. This way, you can browse available content, use the available functionalities, and contact us through the contact form and the chat;
- 3.1.4 we want to make it possible for you to participate in competitions, lotteries, and promotions we organize;
- 3.1.5 this is necessary, in order to make it possible for you to receive our newsletter;
- 3.1.6 we want to make it possible for you to contact us directly. You can send us a message through the contact forms, the chat, by e-mail, by mail, or contact us by phone;
- 3.1.7 we analyse the activity of yourself and other users, to develop our services and make our services convenient, including using our Websites, the Mobile App, and the Parcel Manager;
- 3.1.8 we want to know your opinion about us. We can ask you to participate in our satisfaction study;
- 3.1.9 we want to ensure secure services, and protect our and our customers' rights.
- 3.2 In some cases, we can also use the data collected to pursue our claims, or defend against them.
- 3.3 We can also utilize your data in marketing for our selves and for other Integer Group companies, and for entities cooperating with those companies – the rules of processing in this respect are described in chapter 9.
- 3.5 If you visit our profiles on social media portals, we can utilize your data to notify you of our operations and to promote various events, services, and products – the rules of processing in this respect are described the Appendix to the Privacy Policy
The goals, scope, legal basis, and periods of the processing of your personal data are described in detail in the Appendix to the Privacy Policy. Additional information regarding the processing of your data can be transferred to you also at the stage of collecting.
WE COLLECTYOUR DATA ONLY TO A JUSTIFIED EXTENT
The data provided by you directly
- 4.1 The provision of postal and carriage services, including courier services, and services provided via Parcel Lockers:
- 4.1.1 we process the first and last name of the sender (including the payer) and of the recipient (addressee) of a shipment,
- 4.1.2 we process the address of the sender (street, house number, apartment number, postal code, township), and also the address of the shipment recipient (street, house number, apartment number, postal code, place),
- 4.1.3 we process the new address for deliveries, if, after sending a shipment, the sender asks InPost to deliver it to a new address, or InPost determines with the shipment recipient, before the shipment is delivered, a different delivery address (new address contains the data as the street, house number, apartment number, postal code, and town/city),
- 4.1.4 we process the shipment sender's and recipient's e-mail address, which is processed for the purpose of sending the information regarding the service delivery, in particular the information about the current shipment delivery status, or any data needed to collect the shipment from a Parcel Locker,
- 4.1.5 we process the sender's and recipient's telephone number for the purpose of directly contacting or sending information regarding the service, in particular to contact in order to determine a different place for delivering the shipment, or any data needed to collect the shipment from a Parcel Locker,
- 4.1.6 depending on the service chosen, we can also process your bank account number, as necessary to transfer the collected cash (under the so-called cash on delivery service) to the third person indicated by the dispatching party, and any information needed to identify the circumstances of making the payment of collected monies or account top-ups under the pre-payment for our services,
- 4.1.7 in the case of providing services on behalf of entrepreneurs (B2B contract), the business operation details (among others NIP, REGON, business name, business address, contact details), including the data of the contact persons or persons authorized to represent InPost's business partners (based on the contract concluded), and the data related to cooperating with InPost,
- 4.1.8 we process the IP address of the persons who use our systems for ordering services that we provide.
- 4.2 The provision of services through Refrigerated Parcel Lockers:
- 4.2.1 we process the recipient's e-mail address and telephone number,
- 4.2.2 in the case of providing services on behalf of entrepreneurs (B2B contract), the business operation details (among others NIP, REGON, business name, business address, contact details), including the data of the contact persons or persons authorized to represent the business partners InPost Paczkomaty Sp. z o.o. based in Kraków (based on the contract concluded), and the data related to cooperating with InPost Paczkomaty Sp. z o.o. based in Kraków
- 4.3 Using the Mobile App:
- 4.3.1 we process the identification data, including in particular: the name, the last name, the telephone number, the e-mail address, the residence address, the delivery address, NIP,
- 4.3.2 we process the data regarding the user account, including, in particular: the date of creating the account in the Mobile App, the data related to the location,
- 4.3.3 we process the data regarding the INPOST PAY feature, including, in particular: the first name, the last name, the e-mail address, the residence address, the content of the basket, the store where the purchase was made (in the case of customers), and the data necessary to conclude the INPOST PAY agreement (in the case of Sellers);
- 4.3.4 we process the history of the actions undertaken within the user account, including, in particular, the back-up copies of shipments collected and dispatched, the list of returns.
- 4.4 Using the Parcel Manager:
- 4.4.1 we process the identification data, including, in particular: the first name, the last name, the telephone number, the e-mail address, the postal code, preferred Automatic Parcel Locker, NIP.
- 4.5 The conclusion and performance of the contract, where you, the entity you represent, or your employer are a party:
- 4.5.1 we process the first name, the last name, the address details, the position or role, NIP, REGON, the contact details, the signature and other indicated in the content of the agreement, the data of the person being a party of the given contract;
- 4.5.2 we process the first name, the last name, the position, and the contact details of the person specified under the content of the contract as the contact person appointed for this contract;
- 4.5.3 for persons representing a given entity, we process the first name, the last name, the role, the signature and other data specified in public registers or the content of any power of attorney granted.
- 4.6 Communication with us:
- 4.6.1 we collect the content of the message you send using the chat feature;
- 4.6.2 we process the data that you provide us with in the contact form;
- 4.6.3 we collect all the information that you decide to transfer in a telephone call, through the chat, or in an e-mail;
- 4.6.4 we can send you questionnaires in order to verify your satisfaction with our services, and we process the information you provide us with by answering the questions.
- 4.7 Any information collected through cookie files and other similar technologies, – these are information about your device, your location, the data related to the login and your activity in the Websites, the Parcel Manager, and the Mobile App. More information about how we process the data from the cookie files and other similar technologies can be found in our Cookies Policy
- 4.8 Data Collected while Subscribing to the Newsletter – we process the e-mail address, which you provide us with in the newsletter subscription form.
- 4.9 Data Collected in Relation to Competitions, Lotteries and Promotions we Organize – we process the data you provide us with due to the participation in a given competition, lottery, or promotion.
- 4.10 The data transferred at visiting the profiles on social websites – we process the data you share as public data in a given social website.
- 4.11 The data we collect, in connection with monitoring the Parcel Lockers – we process your image, when you are in the field of view of the camera installed on an Automatic Parcel Locker.
Information from other sources
- 4.12 The personal data we collect from you can be combined in the Websites, the Mobile App, and the Parcel Manager, with the data acquired from public sources and from third parties:
- 4.12.1 the data in the form of technical information and resulting from the method of use, which we have obtained from analytic service providers (eg. Google Analytics);
- 4.12.2 the address and contact details related to the business operations that we have obtained from the suppliers of such information as business intelligence services and entities which build databases of potential business partners, and from publicly available registers (eg. CEIDG).
When using certain services or completing certain forms, you can enter additional personal data. Entering these data is voluntary, but necessary to use a particular service. We will inform you of this, e.g. by marking the mandatory fields.
DO WE OBTAIN DATA FROM CHILDREN?
Our services are not addressed to persons below the age of 16 and we do not obtain information on them intentionally. If we decide that a person below the age of 16 has provide us with their personal data, we will immediately remove it.
WE DO NOT STORE YOUR DATA LONGER THAN NECESSARY
The objectives and time of processing the personal data
- 5.1 The time of processing your data depends on the purposes, for which we use it, and the legal basis for the processing. To determine the correct storage and removal periods, we've taken into consideration their scope, quantity, nature, and sensitivity, and the potential risk of losing it.
- 5.2 We will process your data for as long as deemed necessary to perform the goals for which we've collected it. The goals and periods of the processing of your data are presented in detail in the Appendix to the Privacy Policy
Deleting the Personal Data
- 5.3 We'll erasure your data irretrievably only when they're not needed anymore.
- 5.4 We can erasure some of your data earlier than others. It could be that we won't need it for one processing purpose but it still is necessary for a different purpose.
Cancelling an Account in the MOBILE APP or the Parcel Manager
- 5.5 Once you cancel the account yourself, you won't be able to access your data through any active account. You will be able to access these data only if you exercise your right to access the data and we still process it. The way of exercising your right to access the data is described in chapter 10.
- 5.6 We also may cancel your account. The rules, according to which we can do it, are described in detail in the Mobile App's Terms and Conditions or the Parcel Manager's Terms and Conditions. In such a case, you won't be able to access your data through any active account, but you can exercise your right to access the data and your other rights.
Once your account in the MOBILE APP or the Parcel Manager is cancelled
- 5.7 Once your account is cancelled we'll remove the personal data from it as soon as technically possible. We will do it no later than within 3 months. Throughout this time, we can process these data only for two purposes:
- 5.7.1 in order to perform the responsibilities resulting from the law (e.g. tax or accounting purposes, or in order to provide it to governmental bodies),
- 5.7.2 to protect our legally substantiated interest (eg. to eliminate any abuses or pursue claims and defend against them).
WE TRANSFER YOUR DATA TO OTHER ENTITIES, TO ENSURE THE BEST SERVICES OR WHEN WE HAVE SUCH A LEGAL DUTY
- 6.1 Integer.pl Group of Companies – we can transfer your data to other companies from the Integer.pl Group of Companies, the list of which is available here. These companies help us improve our services, support the customers, run business analyses, provide security, and detect abuses. Transferring the data could be necessary, so that you can use our services
- 6.2 Third parties which provide services – we use third party services which help us maintain and deliver specified solutions related to our services. These are e.g. suppliers responsible for handling the IT systems, entities providing accounting services, entities providing legal services, marketing agencies. These entities process the data in line with our instructions, only to the extent we have specified.
- 6.3 Marketing and Analytic Services Suppliers – to upgrade our services, sometimes we provide your information to such suppliers as Google Analytics, or Facebook Pixels. They help us analyse how the users use the Websites, the Parcel Manager and the Mobile App, and support our online marketing. You'll find more information in our Cookies Policy.
- 6.4 Entities implementing the payment services in the Websites and the Mobile App – in order to implement the payment services available on the Websites and the Mobile App, we provide the payment operator with the data necessary to perform the payments as well as verify and identify the customers. The payment operator becomes a separate controller of your data.
- 6.5 Law enforcement authorities, supervisory bodies, and other – we can disclose your selected information to the competent authorities or third parties who file such a request. We will do it in accordance with the legal provisions.
The goals, scope, and legal basis of transferring your personal data for processing are described in detail in the Appendix to the Privacy Policy
WE PROTECT YOUR DATA ACCORDING TO GDPR ALSO WHEN WE TRANSFER YOUR DATA TO OTHER COUNTRIES' OUTSIDE THE EEA
Technical and Organizational Security Measures
- 7.1 We transfer your personal data outside the EEA only when this is necessary, and with the suitable protection level, required by the GDPR. For this purpose:
- 7.1.1 Your personal data is transferred to countries that the European Commission considers as providing the proper protection level, in certain cases the European Commission additionally requires that such processing entities participate in programmes it has approved which associate entities from beyond the EEA, the participants of which have the obligation to protect the Personal Data to the same level that exists in the European Union (detailed information here), or
- 7.1.2 when we use the services of specified suppliers, we use agreement templates approved by the European Commission (Standard Contractual Clauses). Together with the required extra safety measures, they ensure the same protection to the Personal Data that exists in the European Union. The contract templates are here
- 7.2 In order to obtain a copy of the information on the safeguards we use when transferring data outside the EEA, write us Contact Form.
WE HAVE IMPLEMENTED PROPER TECHNICAL AND ORGANIZATIONAL MEASURES, THAT PROTECT YOUR DETAILS
Technical and Organizational Security Measures
- 8.1 We store all your information we receive on duly protected servers.
- 8.2 We continuously evaluate the safety level of our network, we monitor the internal regulations and procedures. As a result, we can:
- 8.2.1 protect the data against any accidental or unlawful loss, unauthorized access, or disclosure;
- 8.2.2 identify predictable risks in our network;
- 8.2.3 minimize the hazards, including by evaluating the risks and testing continuously.
- 8.3 All the data related to the payments are encrypted using the SSL technology.
Third parties which provide us with services
- 8.4 To maintain and deliver specified solutions related to our services, we use external service providers (processing entities). We inspect these suppliers and we require them to secure your data and to process it according to the law.
- 8.5 As part of the co-operation, we require that these providers process the personal data only for clearly specified purposes, and, according to our instructions.
- 8.6 We do not allow our providers to process your data for their own use.
- 8.7 The data processing contracts we sign with these suppliers clearly define the obligations of the parties, and guarantee proper technical and organizational measures, to secure your data.
LINKS TO THIRD PARTY WEBSITES
Our Websites, the Parcel Manager, and the Mobile App may include links to third party websites or apps. We do not control such websites or apps – their suppliers bear the exclusive responsibility for their policies and their operations. We recommend familiarizing with the privacy policies of each website you visit from a given Website, the Parcel Manager, or the Mobile App.
Communication Related to Our Services
- 9.1 n connection with our services, we will communicate with you via e-mail and short text messages. The goal of these messages is:
- 9.1.1 confirming the sending and delivering of your shipments;
- 9.1.2 informing of the status of your shipments;
- 9.1.3 providing you with other messages associated with our services.
Our Websites, the Parcel Manager, and the Mobile App may include links to third party websites or apps. We do not control such websites or apps – their suppliers bear the exclusive responsibility for their policies and their operations. We recommend familiarizing with the privacy policies of each website you visit from a given Website, the Parcel Manager, or the Mobile App.
- 9.2 We can also communicate with you to learn how you evaluate our services. We undertake such actions occasionally, and you can oppose them according to the information in chapter 10.
- 9.3 If you provide us with your data in the contact form, we will use them in order to respond to your questions, examine your complaint, or present you with an offer (depending on the data transfer purpose).
Marketing Communication
- 9.4 We will use your e-mail address and phone number, to send you direct marketing communication (in the form of e-mail messages, push notifications, short text messages, or phone calls) if you consent to this. You can consent, e.g. by providing the data or by checking the respective field on a Website or in the Mobile Application, or in other situations e.g. when you participate in a competition or a promotional campaign.
- 9.5 You can withdraw your consent to marketing communication at any time, by clicking the resignation link in an e-mail sent to you, or in the consent management panel in the Mobile App. With any problems with the withdrawal of the consent in the aforementioned way, write us at Contact Form.
GDPR GUARANTEES YOU PARTICULAR RIGHTS AND YOU CAN EXERCISE THEM
What are your rights
| TYPE | DESCRIPTION |
|---|---|
| The Right to Access the Data | You can check if we process your personal data, and if yes, you can receive a copy of your data. |
| The Right to Rectification | You can request amending any incomplete, untrue, or outdated data. While fulfilling your request, in some cases, we would have to verify the correctness of any new data that you provide us with. |
| The Right to Restrict the Processing | You can ask us to stop the processing of your data:
|
| The Right to Object Against the Processing | Pertains to a situation when we process your data based on (ours or a third party's) legally justified interests. You can submit an objection for reasons related to your specific case, when, in your opinion, the processing affects your rights or liberties. Sometimes we could have justified grounds to process your data which prevail over your rights and liberties (e.g. the need to secure the Website and prevent frauds). Still, you can always file an objection against the processing for the needs of direct marketing. |
| The Right to Erasure | You can request the removal of your data if they are not needed anymore for the purposes for which they have been collected. You can also request the deletion of your data if:
|
| The Right to Data Portability | While exercising this right, we will provide you or any person you appoint with your personal data. Still, you have this right only in the scope of the data processed based on the consent, or under a contract, and the processing is automated (in IT systems). |
| Consent Withdrawal | If you have consented to the processing of some of your data by us, you are entitled to withdraw this consent at any time. The withdrawal of the consent does not affect the compliance with the law of any processing completed prior to its withdrawal. |
Exercising your Rights
- 10.1 You can exercise your rights by contacting us:
- 10.1.1 to the e-mail address dane_osobowe@inpost.pl ;
- 10.1.2 at the phone number: + 48 722 444 000 lub + 48 746 600 000;
- 10.1.3 by traditional mail, ul. Pana Tadeusza 4, 30-727 Kraków;
- 10.1.4 or using the Contact Form
- 10.2 You can exercise your objection right in different ways, depending on what it applies to:
- 10.2.1 for marketing e-mails – click the subscription resignation link in the content of the message;
- 10.2.2 for marketing short text messages, push notifications, or phone calls – change the notification settings on your account to resign;
- 10.2.3 for cookie files – click the resignation option on our Consent Management Platform;
- 10.2.4 in other situations, contact us via Contact Form , or by e-mail: dane_osobowe@inpost.pl.
- 10.3 Exercising the rights is usually free of charge. You do not pay for exercising your right to access your data (or any other rights). We can charge a fee in a reasonable amount, if your request is demonstrably unjustified or excessive, particularly owing to its persistent nature. In such cases, we can also refuse to fulfil your request.
- 10.4 We make sure to respond to your request within one month. If your request is particularly complicated or we have received several requests from you, examining the requests may take more time. In such a case, we will inform you that it will take more time, and we will inform you on a current basis about the status of your request.
Complaint to the Supervisory Authority
- 10.5 You are entitled at any time to file a complaint to the competent supervisory body. In cases related to the processing of your data within our services, you can contact the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw.
Before filing a complaint, give us a chance to handle your case. Simply contact us via Contact Form
- 11.1 In order to obtain additional information or exercise your rights:
- 11.1.1 contact us through Contact Form, by e-mail to: dane_osobowe@inpost.pl, or by phone: +48 722 444 000 or +48 746 600 000;
- 11.1.2 mail us to the address: ul. Pana Tadeusza 4, 30-727 Kraków.
- 12.1 We can change or update this Privacy Policy. We will publish any changes on a Website, on the Parcel Manager website, and in the Mobile App. If you have provided us with your e-mail address, we can additionally notify you of the changes in an e-mail.
- 12.2 If you do not express your consent to any changes in the Privacy Policy. you can cancel your account in the Parcel Manager or in the Mobile App. The account cancellation option can be found in the settings.
APPENDIX TO THE PRIVACY POLICY
The scope, objectives, and duration of the processing of your data vary depending on which of our services you use. They may also result from your consents and the method and circumstances in which you contacted us. That is why we have divided this appendix into sections, which help understand how we can use your data depending on the type of our relation.
Each section contains information regarding:
- the categories of your personal data that we process;
- the purposes of the processing;
- the legal bases for the processing of your data;
- retention of the personal data .
When you use specific services or promotional campaigns, the detailed information on the processing of your personal data are also in the terms and conditions of these services and campaigns.
We have divided this appendix into several parts. First of all, we specify the Controller, who processes your personal data by dividing the content of the appendix into two basic parts.
Then, when your personal data is processed by InPost, we divide the given portion into further two parts. Part A. THE PROVISION OF THE SERVICES applies to different types of services. Part B. OTHER PURPOSES applies to the processing of your data for other purposes. Such processing is directly related to the service being provided, but it is always justified by legal requirements or our important interest.
YOUR DATA RETENTION PERIOD
For each processing purpose in a given section, we have specified the legal basis and the maximum personal data retention period. Once this period expires, we will not use your data for the purpose specified. This doesn't always mean, however, that we will remove it. We will retain your personal data for the longest of periods applicable to them. For example, once you cancel your account, we cease the processing of your data to provide the services within your account, but we will keep it for a period allowed by the legal regulations, so you can claim your rights.
Thereforeto obtain full information about the processing of your data, learn all the sections applicable to you.
A. PROVISION OF SERVICES
- 1. the provision of postal and carriage services, including courier services, and services provided via parcel lockers For the purpose of providing services at your order or you behalf, we process Your and other persons' personal data (among others the recipient's or the sender's data). The purpose of the processing of your personal data is defined each time in particular in the respective contract or terms and conditions on the basis of which we provide the services to you or can access your personal data, or directly when you consent to the processing of your personal data.
- 2. In order to provide our services, we process the following personal data:
- the first and last name of the sender (including the payer) and the recipient (addressee) of the shipment,
- the address of the shipment sender (street, house number, apartment no., postal code, place),
- address of the shipment recipient (street, house number, apartment no., postal code, place),
- new address for shipment delivery, if, after sending the shipment, the sender reports a request to InPost to deliver it to a new address, or InPost determines a different delivery address with the shipment recipient before shipment delivery (the new address contains the data as the street, house number, apartment number, postal code and town/city),
- the shipment sender's and recipient's e-mail address, which is processed for the purpose of sending the information regarding the service delivery, in particular the information about the current shipment delivery status, or the information needed to collect the shipment from a Parcel Locker,
- the sender's and recipient's telephone number for the purpose of directly contacting or sending information regarding the service delivery, in particular contacting in order to determine a different place for the shipment delivery, or information needed to collect the shipment from a Parcel Locker,
- depending on the service chosen, we can also process your bank account number, as necessary to transfer the collected cash (under the so-called cash on delivery service) to the third person indicated by the dispatching party, and any information needed to identify the circumstances of making the payment of collected monies or account top-ups under the pre-payment for our services,
- in the case of providing services on behalf of entrepreneurs (B2B contract), the business operation details (among others NIP, REGON, the business name, business address, contact details), including the details of the contact persons or persons authorized to represent InPost's business partners (based on the contract concluded), and the data related to cooperating with InPost;
- IP address of the persons who use our systems for ordering the services that we provide.
PROCESSING PURPOSES PROCESSING LEGAL BASIS DATA RETENTION PERIOD The performance of postal or carriage services, and any accompanying services, including delivering the shipments The need to process for the preparation of the contract (Art. 6 section 1 letter b of GDPR) The time necessary to correctly perform the services we provide, and, after this period - no longer than by the expiration of the limitation period for the claims which can be raised in connection with these services.
In the case of the personal data of the senders, being at the same time the payers - for a period of no more than 6 years, starting from the date of dispatching a given package, or the
USING THE WEBSITES
- 1. When you view the content of our Websites, also as a guest, we can collect the data of your activity via cookie files. In addition, we use also other technologies on the Websites, e.g. web beacons, which constitute small graphic elements, also known as "tracing pixels". These are used together with the cookie files to identify our users and their behavior. It helps us display the content in the Websites correctly, analyze and improve our services, and reach you with customized information.
- 2. In this regard, we still collect information about you that identify you directly, such as Your name and surname, telephone number, or e-mail address. And we can utilize:
- The device data – such as the operating system version, and the unique identifiers; the name of the network which you use; your IP address; the settings of the device's language, the device's brand and type, the operating system, and the device version, the type and version of the browser, and the device's software information, such as the font, the system's and browser's time zone, available videos and audio formats;
- the website activity data – we collect information regarding your activity in the Websites, and these include the websites you've come to us from, the date of each visit, the results of your searches, and advertising banners you've clicked, your interactions with such ads, the duration of your visit, and also the sequence in which you've visited particular sections of the given Website.
- 3. The types of the cookies and your ability to manage your consent to use them are described in the Cookie Policy.
- 4. If you decide to provide us with your location data, we can use your data in order to measure and monitor your interactions with third party advertising banners we place in the Websites.
- 5. We use the data collected through the cookies and similar technologies for different purposes described in the table below.
| PROCESSING PURPOSES | PROCESSING LEGAL BASIS | DATA RETENTION PERIOD |
|---|---|---|
| Electronic Services (within the scope of providing the users with the content present on the Websites) | The need to process for the preparation of the contract (Art. 6 section 1 letter b of GDPR) | Until the expiry of the service life of particular cookie files described in the Cookie Banner |
| Adjusting our and our partners' advertisements on the Websites, re-marketing | User's Consent (art. 6 section 1 letter a of GDPR) to use the cookies and other technologies | Until the expiry of the service life of particular cookie files described in the Cookie Banner, or until you withdraw your consent or remove the cookie files from your device (if you do it before the service life of the cookie files expires) |
| Analyzing the users' activities in the Websites for any purposes other than advertisement | User's Consent (art. 6 section 1 letter a of GDPR) to use the cookies and other technologies |
PARCEL MANAGER
- 1. During the registration, please provide the first name, last name, telephone number, the e-mail address, the zip code, preferred Automatic Parcel Locker, the NIP number. These data are necessary to create, operate, and activate your account under the Parcel Manager.
- 2. You can log in to your account in the Parcel Manager via your Allegro account. We will download only the data necessary to register, operate, and activate your account: the first name, the last name, and the e-mail address, from your Allegro account
- 3. Information regarding the scope and the purposes of the data processing by the aforementioned website can be found in the privacy policy of the website.
- 4. Due to the registration and operation of your account, we process your data for the purposes described in the table below.
| PROCESSING PURPOSES | PROCESSING LEGAL BASIS | DATA RETENTION PERIOD |
|---|---|---|
| The provision of the services related to the creation, operation, and activation of your account in the Parcel Manager | The need to process to prepare the contract (Art. 6 section 1 letter b of GDPR) | Until the cancellation of your account |
MOBILE APPLICATION
- 1. During the registration, please specify the phone number. It is necessary to create and operate your account, as well as to provide the services offered within your account.
- 2. To provide you with the services under the basic features available in the Mobile App, we will process your identification data, including in particular: the first name, the last name, the telephone number, e-mail address, the residence address, the delivery address, NIP.
- 3. As part of processing and operating your account in the Mobile App, we will also process the data with regard to this account, including, in particular: the account creation date in the Mobile App, the history of the actions undertaken within the account, including, in particular, the list of shipments collected and dispatched the list of returns.
- 4. After creating the account, you may use a number of additional services, including, in particular, the INPOST PAY service. In this case, it may be necessary to provide us with additional data, described in the section "INPOST PAY SERVICE" below. You provide this data voluntarily, still, they could be necessary to use the services described later in this appendix.
- 5. We might also process your marketing data, including the data on how to use a mobile device and the Mobile App, including, in particular: clicks and traffic in the Mobile App, the manufacturer, the operating system, and the model of the mobile device, the IP address, opening push notifications (if you consent to receive push notifications).
- 6. If you consent to this, we collect and we process information about your present location. To determine your location, we use different technologies, including the IP address, GPS, Wi-Fi access points, and mobile telephony stations. The data of your location allow us to locate and display the InPost and Automatic Parcel Locker sites in your vicinity. If we need the data of your location, first we will display a pop-up window, we will ask you to grant or refuse access to the data about your location on your mobile device.
- 7. Due to the registration and operation of your account and the provision of the services, we process your data for the purposes described in the table below.
| PROCESSING PURPOSES | PROCESSING LEGAL BASIS | DATA RETENTION PERIOD |
|---|---|---|
| The provision of the services related to the creation and operation of your account in the Mobile App | The need to process to prepare the contract (Art. 6 section 1 letter b of GDPR) | Until the cancellation of your account |
| Analyzing the users' activities in the Mobile App | The Controller's legitimate interest (article 6 section 1 letter f of GDPR) consisting in analyzing the activity of the users as well as their preferences in order to improve the functionalities and services provided | Until the cancellation of your account, not longer than until you express an effective objection |
| Optimizing the feature based on the user's geolocation | User's Consent (art. 6 section 1 letter a of GDPR) | Until the withdrawal of the consent |
The InPost PAY service
- 1. If you are a buyer, as part of the Mobile App, you can use an additional service enabling a quick purchase path in the online store of the selected merchant cooperating with us, using the data stored within your Mobile App account, including identification data, payment data and delivery data.
- 2. If you are a merchant cooperating with us, as part of the Mobile App, we provide you with the following services:
- the service of carrying out the process of purchasing goods or services by the customer in your online store as part of the Mobile App, including making your terms and conditions available to the customer as part of the Mobile App and collecting consents and statements required to complete the purchase process from the customer;
- the service of storing customer data, such as address and payment data, and automatically completing this data during the purchasing process;
- the service of providing customers, acting on your behalf, as recipient of payments, the service of saving card data as part of the customer's account in the Mobile App and initiating payment by card, for your benefit, using the above-mentioned card data.
- 3. In any case, activating the INPOST PAY service requires you to provide your name, surname, e-mail address and address of residence. If you are a buyer, as part of the service provided, we will additionally process your personal data, such as the content of the cart and information about the store in which you made the purchase.
- 4. When you make a payment as part of the INPOST PAY service, depending on the payment method, we may ask you to provide us with payment details (e.g. ...) and credit card details. We will pass this information on to the payment service provider for the purpose of processing the transaction.
- 5. We do not store your credit card details unless you opt to save them to facilitate future payments. In this case, we only store the full name of the cardholder, the expiry date of the card, the card type and the last four digits of the card number.
- 6. We do not store credit card code verification values. We only provide them in an encrypted manner together with the credit card number for processing of payment by the operator.
- 7. In connection with the provision of the INPOST PAY service and payment processing, we process your data for the purposes listed in the table below.
| PROCESSING PURPOSES | LEGAL BASIS FOR PROCESSING | DATA STORAGE PERIOD |
|---|---|---|
| Enabling payments within the INPOST PAY functionality | Necessity of processing to perform the contract (art. 6 s. 1 letter b of the GDPR) | Until payment is completed |
| Saving card details to facilitate future transactions | User consent (art. 6 s. 1 letter a of the GDPR) | Until the consent is withdrawn |
B. OTHER PURPOSES
HANDLING NOTIFICATIONS AND CONTACT FORMS
- 1. We collect the data that you provide us with through the chat and any types of contact forms. We process any Personal Data obtained from the contact forms solely for the purpose of identifying the sender and responding, also to send a commercial offer at your request.
- 2. In the case of a telephone call or an e-mail, we collect all the information that you decide to transfer during the call or in the correspondence with our employees or representatives.
- 3. We record each phone call. If you object to the recording, we end the call.
- 4. Within handling calls, applications, and complaints transferred via available contact channels, including the contact form, we process your data for the purposes described in the table below.
| PROCESSING PURPOSES | PROCESSING LEGAL BASIS | DATA RETENTION PERIOD |
|---|---|---|
| Handling the Complaints | The need to process the data to perform the Contract (art.6 section 1 letter b of GDPR), and in the case of providing postal and carriage services - any legal obligation (Art. 6 section 1 letter c of GDPR) | Until the end of the processing of a request or for the period specified in the commonly binding legal regulations |
| Handling other applications and notifications | Legal obligation (Art. 6 section 1 letter c of GDPR) | Until the end of the processing of a request or for the period specified in the commonly binding legal regulations |
| Obsługa innych wniosków i zgłoszeń | The Controller's legitimate interest (article 6 section 1 letter f of GDPR), consisting in answering any questions addressed to them with regard to their business; for any optional details, the legal basis for the processing is a consent (art. 6 section 1 letter a of GDPR) | Until the end of the processing of a request, or until you express an effective objection, and for any data provided optionally - until the withdrawal of your consent |
ANALYTICS AND IMPROVEMENT IN THE QUALITY OF SERVICES
- 1. To make our services comfortable, including the Websites, the Mobile App, and the Parcel Manager, for the whole time, we are working to develop our services. To do this, we can run different analyses, tests and research activities, using information on your activity on the Websites, the Mobile App, and the Parcel Manager, including the details specified by you in different surveys and forms. When you use a given account, we also collect data, among others, about the history of your shipments or transactions.
- 2. We analyze your communication with us to improve our services, and provide better experience.
- 3. On the basis of your contact information, which include your-mail identifier and phone number, we identify different devices (such as your stationary computer, mobile phone, tablet), on which you access the Websites, the Mobile App, and the Parcel Manager. It helps us combine your activity on the Websites, the Mobile App, and the Parcel Manager on all devices, and make it possible for you to use them comfortably regardless of which device you use.
- 4. From time to time we can contact you in order to study your satisfaction with the quality of our services.
- 5. In order to improve the quality of our services and verify whether or not our employees keep the highest customer service standards, we record your calls or correspondence. We do it e. g. during employee trainings and within the internal quality control processes. We have introduced many data protection procedures, among others their pseudonymization and encryption.
- 6. The data processing rules described in this chapter are described in the table below.
| PROCESSING PURPOSES | PROCESSING LEGAL BASIS | DATA RETENTION PERIOD |
|---|---|---|
| Improving the quality of services and customer service | Controller's legitimate interest (art.6 section 1 letter f of GDPR) consisting in analysing the activity of the users in the Websites, the Mobile App, and the Parcel Manager, and also the preferences of the users in order to improve the features | For the time of analysing the users' activity, or until you express an effective objection |
| Personalizing the content on the Websites, the Mobile App, and the Parcel Manager | Controller's legitimate interest (art. 6 section 1 letter f of GDPR) consisting in improving the quality of the services being provided, and the experiences related to the use of the Websites, the Mobile App, and the Parcel Manager by adapting the content available to the users' preferences | While the account is used actively or until it is removed from the Websites, the Mobile App, or the Parcel Manager, or until you express an effective objection |
| The development of new features | Controller's legitimate interest (art. 6 section 1 letter f of GDPR) consisting in the development and improvement of the services being provided | While the account is used actively or until it is removed from the Websites, the Mobile App, or the Parcel Manager, or until you express an effective objection |
| Studying the Satisfaction | Controller's legitimate interest (Article 6 section 1 letter f of GDPR) consisting in improving the quality of the services being provided | While the account is used actively or until it is removed from the Websites, the Mobile App, or the Parcel Manager, or until you express an effective objection |
MARKETING AND COMMERCIAL COMMUNICATION
- 1. We use your e-mail address and mobile phone number (via SMS), to send you offers and recommendations of our or third parties' services or goods which could interest you. We prepare this information using algorithms, which analyze your utilization of our services, including analyzing your activity on the Websites, the Mobile App, and the Parcel Manager. We make it possible for you to resign from such messages, by placing a link to the resignation from the subscriptions. We use this form of communication to improve our services and provide better experience by offering more appropriate goods, services, and solutions.
- 2. We will use your e-mail address and phone number to send you direct marketing messages (through e-mail messages, push notifications, short text messages, or phone calls). We will do it only when you consent to this, by checking the respective field during the registration on the Websites, the Mobile App, and the Parcel Manager, when using our services, or in other situations e.g. when you participate in a competition or a promotional campaign. You can withdraw your consent at any moment.
- 3. You can ask us to stop sending you marketing communications by clicking the resignation link in an e-mail sent to you, or by changing the settings of your account in the Websites, the Mobile App, and the Parcel Manager. With any problems with changing the settings, contact us via Contact Form..
- 4. If you consent to this, we will use your e-mail address to send you direct marketing and commercial messages in the form of a newsletter (by e-mail). At any moment you can withdraw your consent by clicking the resignation link in an e-mail with a newsletter sent to you, or by sending such a request to the address dane_osobowe@inpost.pl.
- 5. We use your contact details and information regarding your business operations to promote our services and encourage you to establish or expand your cooperation with us. If we've obtained your data from publicly available sources or from third parties, we will take appropriate steps to inform you of the rules of the processing of your data and obtain your consent to receive marketing communications. Also we will make it possible for you to express an objection to the processing of your data for such purposes.
- 6. If you represent entities which cooperate or want to cooperate with us, or you represent the media or public administration bodies, we use your data for communication, to establish commercial cooperation, perform the contracts concluded by your company or organization with us, and also to handle requests or matters related to the duties of administration bodies.
- 7. We use browsing data to monitor and report the effectiveness of our campaigns to our business partners, and in our internal business analyses.
- 8. Under marketing activities, we process your data for the purposes indicated in the table below.
| PROCESSING PURPOSES | PROCESSING LEGAL BASIS | DATA RETENTION PERIOD |
|---|---|---|
| Sending offers and recommendations under the provision of the services, | User's Consent (art. 6 section 1 letter a of GDPR) | Until the withdraw of the consent |
| The provision of the newsletter service | The need to process for the preparation of the contract (Art. 6 section 1 letter b of GDPR) In the case of marketing content within the newsletter service – the legal basis for the processing, including by means of profiling, is the Controller's legitimate interest (art. 6 section 1 letter f of GDPR in connection with the expressed consent to receive the newsletter |
Until the withdrawal of your consent to receive messages or information (based on the provisions of the Act on the provision of electronic services or the Telecommunication Law), or until you express an effective objection to the processing of your data |
| Establishing commercial relations with business entities | Controller's legitimate interest (Article 6 section 1 letter f of GDPR in connection with the expressed consent to a specific marketing communication channel | Until you express an effective objection |
| Sending electronic direct marketing messages, push notifications, short text messages, or phone calls | Controller's legitimate interest (Article 6 section 1 letter f of GDPR in connection with the expressed consent to a specific marketing communication channel | Until the withdrawal of your consent to receive messages or information (based on the provisions of the Act on the provision of electronic services or the Telecommunication Law), or until you express an effective objection to the processing of your data |
PROMOTIONAL CAMPAIGNS AND COMPETITIONS
- 1. Once you decide to participate in our competition or campaign, we will use your data for this purpose. The purposes of the processing of your data in this respect are in the table below. The terms and conditions of particular events may, however, specify other processing purposes or periods, they also include more detailed information.
| PROCESSING PURPOSES | PROCESSING LEGAL BASIS | DATA RETENTION PERIOD |
|---|---|---|
| Making it possible to participate in a competition or promotional campaign (that are not a public promise) | The need to process for the preparation of the contract (Art. 6 section 1 letter b of GDPR) | Until the completion of the competition or the promotional campaign |
| Making it possible to participate in a competition or promotional campaign (which are a public promise) | Controller's legitimate interest (Article 6 section 1 letter f of GDPR) consisting in performing the obligations resulting from making a public promise, organizing competitions, or similar activities | Until the completion of the competition or the promotional campaign |
LEGAL, TAX, AND ACCOUNTING GOALS
- 1. The provision of services by us may entail the need to meet duties specified in the regulations of the law.
- 2. The scope of the personal data processed by us will be different depending on the type of the legal obligation that we are obliged to meet, still, it is each time limited down to the data scope specified in the respective legal regulations.
| PROCESSING PURPOSES | PROCESSING LEGAL BASIS | DATA RETENTION PERIOD |
|---|---|---|
| The implementation of the tax, legal, and settlement obligations, including the obligations related to preventing money laundering and terrorism financing | legal duty (Art. 6 section 1 letter c of GDPR) | 6 years or for a period specified in the absolutely binding legal regulations, |
Social media
- 1. If you visit our profiles on social networks (Facebook, Instagram, Twitter, TikTok, LinkedIn, YouTube), we use your data only in connection with operating the profile, including to inform you about our activities and promote various types of events, services and products.
- 2. We only process data that you make public on the respective social media portal.
| PROCESSING PURPOSES | PROCESSING LEGAL BASIS | DATA RETENTION PERIOD |
|---|---|---|
| Operating the social network (Facebook, Instagram, Twitter, TikTok, LinkedIn, YouTube) profile | The legitimate interest of the data controller (art. 6 s. 1 letter f of the GDPR) comprising of promoting the own brand of the controller | Until you effectively object to the processing of Your data or cease to follow the profile on the social network |
VISION MONITORING
- 1. The Controller of your personal data being processed within the Parcel Lockers' visual monitoring is InPost Paczkomaty sp. z o.o. based in Kraków.
- 2. We process your image, when you are in the field of view of the camera installed on an Parcel Locker.
- 3. The rules of the processing of your image are described in the table below.
| PROCESSING PURPOSES | PROCESSING LEGAL BASIS | DATA RETENTION PERIOD |
|---|---|---|
| Visual monitoring of Parcel Lockers | Controller's legitimate interest (Article 6 section 1 letter f of GDPR) consisting in protecting the device and its users and handling complaints concerning the services provided by InPost | Maximum three months counting from the day of registering the image |
THE PROVISION OF SERVICES THROUGH REFRIGERATED LOCKERS
- 1. We process your personal data for the purpose of providing the services. The purpose of the processing of your personal data is defined each time, in particular in the respective contract or terms and conditions on the basis of which we provide the given services or can access your personal data, or directly when you consent to the processing of your personal data.
- 2. In order to provide our services, we process your e-mail address and telephone number.
- 3. In the case of providing services on behalf of entrepreneurs (B2B contract), the business operation details (among others NIP, REGON, the business name, business address, contact details), including the data of the contact persons or persons authorized to represent the business partners of InPost Paczkomaty sp. z o.o. (based on the contract concluded), and the data related to cooperating with InPost Paczkomaty sp. z o.o.
| PROCESSING PURPOSES | PROCESSING LEGAL BASIS | DATA RETENTION PERIOD |
|---|---|---|
| Provision of the shipment delivery service | The need to process for the preparation of the contract (Art. 6 section 1 letter b of GDPR) | The time necessary to correctly implement the service, and, after this period - no longer than by the expiration of the claims which can be raised in connection with these services |