Founded as Interlink Ireland Ltd in 1986 and now trading as DPD Ireland, we are part of DPD Group, the parcel delivery network of GeoPost, a holding company owned by Le Groupe La Poste. DPD Ireland provides logistics and parcel delivery services in Ireland.
Interlink Ireland Limited operates centralised distribution depots in partnership with franchisees and contracted third parties. The administration, oversight and in particular, GDPR compliance and review are conducted by the GDPR team under the direction of the companies Data Protection Officer based at the companies headquarters in Athlone, County Westmeath.
DPD Ireland are Data Controllers and are responsible for, and must be able to demonstrate compliance with its obligations under the provisions of the Data Protection Laws. Data Controllers are to handle personal data in a manner ensuring appropriate organisational and technical security of the personal data including protection against unlawful processing or accidental loss, destruction or damage. It is important that the personal data we hold about you is accurate. Please keep us updated if any of your personal data changes during your relationship with us.
DPD Ireland is committed to personal data protection both during our business operations and as part of the services provided. This Policy sets out the principles and guidelines we apply to protect your Personal Data. It is designed to explain:
The types of Personal Data we collect and the reasons why we collect it,
How we use your Personal Data,
Your rights as the data subject.
This Policy applies to all services of DPD Ireland.
This Policy applies to all services of DPD Ireland, its subsidiary companies, DPD Group and of Geopost SA.
- Personal data includes particulars on personal or factual circumstances of a specific or determinable individual person. This includes for instance information such as name, address, telephone number and email address. DPD Ireland considers the protection of your Personal Data and privacy when designing new products and services. To ensure the security of your Personal Data and safeguard the proper exercise of your rights, DPD Ireland implements measures designed to protect your Personal Data.
Applicable Data Protection Law and Commitment to Data Protection
DPD Ireland is subject to the regulations of the General Data Protection Regulation (GDPR) and the Data Protection Acts 1988-2018. DPD Ireland considers the protection of your Personal Data and privacy when designing new products and services.
To ensure the security of your Personal Data and safeguard the proper exercise of your rights, DPD Ireland implements measures designed to protect your Personal Data.
What Personal Data is used by DPD Ireland?
DPD Ireland undertakes to only collect the data that is strictly necessary for the provision of the requested services and so that we can process your delivery and manage your account.
If optional data is requested, you will be given a clear explanation of the Personal Data DPD Ireland needs to provide the requested service and the data you may decide to provide voluntarily.
Your Personal Data is collected from you directly or from the sender of your parcel and will only be used for the purposes notified to you. Your Personal Data will only be used to propose other services if you have agreed to receive commercial or marketing communication.
All employees are required to acknowledge and adhere to terms including (but not limited to) the following:
- General measures about remaining within the law
- Compliance with regulatory measures, e.g. copyright law, protecting relevant data
- Equipment protection and protection mechanisms (antivirus, patching etc)
- Data protection, i.e. data classification, confidentiality and leakage
- Specific measures relating to systems access, use of email and internet
- Monitoring measures used to ensure proper use of IT services
- Outcome of non-compliance, e.g. disciplinary procedure and/or civil or criminal law
We have relationships with external vendors to deploy advanced technology to provide us with an early warning against threats and build enterprise-wide prevention, protection, response and recovery capabilities.
DPD Ireland is 100% committed to protecting the privacy and security of the personal data we hold about our Customers, Consignees, and Employees.
Our appointed Data Protection Officer (DPO) is responsible for overseeing this Privacy Notice and responding to any Data Protection concerns you may have. The Data Protection Officer also implements data protection policies, adhering to codes of conduct, implementing technical and organisational measures, as well as adopting techniques such as data protection by design and default, DPIA’s, breach notification procedures and incident response plans communicating updates to all stakeholders on a regular basis through scheduled meetings.
The Data Protection Officer leads a team of data protection advocates who work throughout the company, placed in each internal department and depot though out the county. The role of the Advocate is to assist the main GDPR team in:
- Training staff in data protection procedures, policy and best practise.
- Conducting audits to ensure compliance and address potential issues proactively.
- Serving as the point of contact between the Data Protection Officer and their individual department or depot.
- Monitoring performance and providing advice on the impact of data protection efforts.
- Maintaining comprehensive records of all data processing activities conducted by the company, including the purpose of all processing activities, which must be made public on request.
- Maintaining the DPD Data Inventory, each quarter reviewing with the Advocates to ensure what is recorded is up to date.
- Interfacing with data subjects to inform them about how their data is being used, their rights to have their personal data erased, and what measures the company has put in place to protect their personal information.
All staff have received GDPR training as part of the overall comprehensive DPDgroup staff training programme. The comprehensive training programme is also delivered to all new starters and refresher training is given at regular intervals. Regular data privacy and security communication is provided to staff as well as phishing simulations and training.
How do we collect your data?
You directly provide DPD Ireland with most of the data we collect. We collect data and process data when you:
DPD Ireland Website
Depending on how you use our website, we may also gather and store different types of information about you. We may match the information we gather from different sources to build up a better picture of how we provide our services to you.
We collect information in the following ways:
Information you give us: For example, our service of parcel wizard requires you to sign up for a parcel wizard account, where we ask you for your personal information like Name, Address etc.
Information we get from your use of our websites (dpd.ie, parcelwizard.ie): We collect information about the services/websites that you use, like when you visit any of our websites.
If you are browsing our site as a visitor, we may gather anonymous information about where you are and how you navigate and use our site. We will use this information to improve the functioning and user-friendliness of the site and so that we can keep track of traffic on the site.
If you visit the "Contact Us" section of our site and fill in the information requested in the "How can we help you section" we will use your information to deal with your queries and in order to respond to you. We may store the information you provide for future reference in order to assess how well we provide our service to you and others on an on-going basis.
If you write to, call or email us, we will use your details to respond to you and will keep a record of your correspondence with us.
If you visit the "My DPD" section of the site, you will see that there is an option to log into your personal user account. In order to set up a user account you can contact us to request a log-in. We will need your DPD account number to set up your account, and we will use these details to provide the services that you sign up for (for example Track & Trace, Web Collections).
We will store information about how you use our services through your user account, as well as your user details. We may contact you using these details to keep you informed of the
services we provide and any news, new products, or other information you might be interested in receiving. If you do not wish to receive news and information, you can let us know at any time by emailing us at firstname.lastname@example.org.
We will also include the option to unsubscribe with all such communication we send to you Please do not share your login details with anyone else. You will be responsible for any activity from your user account, and we will always assume that you are in sole control of the account. We will not be liable to you for any third party's activity from your account unless we are at fault.
To which services or companies are your Personal Data transferred to?
Your data may be transferred to:
Departments within DPD Ireland and where necessary, within the DPD group: departments in charge of performing the requested services.
External providers: technical service providers, including sub-contractors.
Companies of Groupe La Poste, for the performance of the services.
Can your Personal Data be transferred to non-EU countries?
DPD Ireland and DPD Group carry out all Personal Data processing activities within the European Union (EU) and the European Economic Area (EEA). However, for some specific services, DPD Ireland and DPD group may use data processors located outside of the EU and the EEA. Some of your Personal Data may therefore be transferred to them for the strict purposes of their services. In such cases and in accordance with the regulations in force, DPD Ireland and DPD Group requires its data processors to provide the necessary safeguards to ensure regulated, secure transfers, mainly by requiring them to sign the European Commission’s Standard Contractual Clauses, where there is an Adequacy Decision in place or where Binding Corporate Rules exist between the business entities concerned.
How long will DPD Ireland keep your Personal Data?
Different retention periods apply for the various services we provide and are set out in our Data Retention Policy Document.
DPD Ireland and DPD Group undertakes not to retain your Personal Data any longer than is necessary for the provision of the service or for compliance with the retention periods arising from the applicable limitation periods.
Archived data is recorded on storage media accessible only for authorised personnel. After the legal retention period has expired, the data is deleted.
Personal Data Protection
DPD Ireland undertakes to adopt all measures protecting the security and confidentiality of your Personal Data and to prevent any damage, erasure, or unauthorised access by a third party.
If your Personal Data is affected by a security breach (destruction, loss, alteration or disclosure), DPD Ireland undertakes to fulfil our obligation to notify Personal Data Breaches, in particular to the Data Protection Commission, 21 Fitzwilliam Square S, Dublin 2, D02 RD28.
Data Subject Rights
DPD Ireland respects the fundamental rights and freedoms of data subjects. GDPR increases the privacy rights of the data subject. Under this regulation you have several rights. These rights include:
Right of access: you may obtain a copy of your Personal Data being processed by DPD Ireland.
Right to rectification: you may update your Personal Data or ask us to rectify your Personal Data processed by DPD Ireland.
Right to object, to prevent direct marketing: you may notify your preference not to receive direct marketing from DPD Ireland or ask DPD Ireland to stop processing your Personal Data.
Right to object to processing data on grounds relating to your situation based on legitimate interests or the performance of a task in the public interest.
Right to erasure: you may ask DPD Ireland to delete your Personal Data.
Right to restrict processing: you may ask DPD Ireland to suspend the processing of your Personal Data.
Right to data portability: you may ask DPD Ireland to retrieve your Personal Data for reuse.
The above is subject to the provision that the necessary legal requirements are fulfilled.
Whenever you sign up for a service or provide Personal Data, DPD Ireland will state the postal and/or email address to which any data subject requests may be sent. All requests must be submitted with proof of your identity as set out in our Subject Data Access Policy document. DPD Ireland undertakes to respond to your data subject requests without undue delay and in any event, within the times imposed by law.
Withdrawal of Consent
In case your consent has been requested for the processing of your personal data, please be informed that you have the right to withdraw that consent at any time in the future, without affecting the lawfulness of the processing based on the consent before its withdrawal.
Exercising your Rights
DPD Ireland is committed to ensuring the protection, security, and confidentiality of Personal Data. If you want to exercise your rights as a data subject or withdraw an explicit consent given please contact the Data Protection Manager of DPD Ireland explaining what right you want to exercise so that DPD Ireland can take the necessary further steps to respect your rights.
The address is confirmed as:
The Data Protection Officer
Athlone Business Park,
Athlone, Co. Westmeath
Tel: (090) 642 0500
Please be aware that we might ask for a proof of identification to protect your information against unauthorised access.
Right to lodge a complaint
You have the right to lodge a complaint with the data protection Commission of Ireland if you believe that your rights have been violated.
The Data Protection Commission can be contacted at:
21 Fitzwilliam Square S, Dublin 2, D02 RD28
See https://www.dataprotection.ie/en/contact/how-contact-us for further information on how to contact the Commission.
Consignment and Consignee Data
If you provide us with information (including personal data) about your consignees, you represent and warrant that you are authorised to do so. We will not be the data controller in respect of such information provided by you and we will process it only in accordance with your instructions. If we receive information directly from consumers (whether such consumers are or have been your consignees) we will be free to use such data as we see fit, subject always to the consumer/data subject's rights.
We may share a customer’s information with other DPD entities to provide information and services the customer may request from us and to improve our services. We will not share a customer’s information with third parties without a customer’s consent, unless required by law or governmental authority.
Cookies are text files placed on a user’s computer to collect standard Internet log information and visitor behaviour information. When a user visits our website, we may collect information from the user automatically through cookies or similar technology
A cookie is a small text file that may be dropped and stored on your device when you visit a website. Cookies perform several different functions. Some cookies are essential to deliver our site and services to the user. Cookies can be "persistent", remaining on your device after you have left the site or can be "session" cookies that are deleted when the user closes their internet browser. Users can use their browser settings to manage your cookie preferences.
Cookies do not in any way compromise the security of a user’s computer. It is possible to allow cookies from specific websites by making them "trusted websites" in a user’s internet browser. Users can find out how to do this by visiting about www.cookies.org.
www.dpd.ie uses several cookies, the most important of which are the forms authentication cookie (created when a user logs in) and the portal roles cookie, which stores what roles a user has access to in the current portal.
Login and Security
The form's authentication cookie is by default temporary (session) cookies and not persistent cookies; however, users can make them persistent by checking the "remember me" checkbox on the login control. This can be removed via the UI or a setting.
The portal's role cookie is persistent, but it only exists for 1 minute - and its contents are encrypted as well as containing a portal id to make sure that they only apply for that portal. We use the expiry here as we want to be sure to refresh the user's portal roles to pick up any alterations that may have occurred e.g., if an admin has added the user to new roles. There is no way to disable this in the application currently, but the user can create an alternative membership provider and alter the logic as the user sees fit.
Please note, that whilst session cookies are typically preferred as this cookie has a short expiration of 1 minute (to ensure role identification is valid), having it as a session cookie would have a longer lasting cookie (by default of 30 minutes since the last period of activity) so a persistent cookie is a better option in this case.
As well as these two, DPD.IE can create a cookie to track affiliates (used to allow sites to track and reward vendor affiliates). Whilst this (little used) function cannot be disabled by a setting, sites that do not allow persistent cookies can safely remove this.
A user may also see one other cookie if they choose to install and use the user's online module as it creates cookies to track when an anonymous user logs in so that it does not miscount active users. To avoid this cookie log in a user may contact us at email@example.com
A cookie is created called "language" to store the current language
A cookie with the name ".ASPXANONYMOUS" is also created by asp.net anonymous authentication.
If a user is using the mobile redirection capabilities (added in 6.1.0 for PE/EE, and 6.1.5 for all editions), two optional cookies may be created. The two cookies store a cookie with a lifetime of 20 minutes to indicate that redirects are not allowed.
The DNNPersonalization cookie is used to store personalization data (such as tab expansion) for anonymous users. Authenticated user’s personalisation data is stored in their profile. This helps us to provide a personalized experience to the user.
Two cookies can be used to read and set the portal specific container and skin - these are both read only cookies.
If you are using the stylesheet widget (or relocation widget or style scrubber widget's which can the stylesheet widget) then two cookies are created StyleSheetWidget_SizeWidget which stores the width, and StyleSheetWidget_TextSizeWidget which stores the text size. These values can then be consumed if you provide alternative stylesheets.
Tabs controls create a cookie to store the last selected tab. This is read back when the page is revisited, and the previously selected tab is then selected. This is to identify the user’s last selected tab to provide a better surfing experience
Panels controls apply a similar logic to tab controls e.g. if you visit admin->site settings, click on "advanced settings" and expand "security settings" it will create a cookie called "dnnSitePanel-SecuritySettings" and store the value "true". This is read back when the page is revisited and the previously expanded panel is correctly expanded.
asp.net_sessionid – This is an asp.net cookie that is required for parcel wizard users to be able to log in. Cookies for identifying Just logged in user, user status and required for status of parcel wizard users is also used when they are logged in.
The following are cookies that are used only on the returns page to facilitate payments and location tracking (required for pickup point finder). These cookies only exist within the returns page and are not present elsewhere in the site:
Cookie for identifying if the user visited the payment page
Cookie for latest transactional reference – stores the transaction ref for the payment so that the returns knows what (sage or paypal) transaction was paid for after coming back from payments screens (either sage or paypal)
Cookie for latitude and longitude values – stores latitude and longitude data for setting up the pickup point finder
Returns Data Cookie – this stores a session ID for the user’s returns data (much like the asp.net sessionid cookie, but serving a very specific set of data).
All of the above cookies are required for the returns to function.
DPD Ireland Data Retention Policy Document
Updates to this data protection information: DPD Ireland may in its sole discretion, update this information by posting the amended information on this site. This information was last updated on 29th September 2022
Right to Erasure Request Form
Subject Access Request Form