Information on data protection at a glance

a) Name and contact details of the competent controller:

The competent controller within the meaning of the General Data Protecion Regulation (GDPR) is Deutsche Post AG.

Deutsche Post AG

Charles-de-Gaulle-Straße 20

53113 Bonn, Germany

b) Contact details to exersice any of your rights:

Please use our contact form if you wish to exercise any of your rights.

c) Competent supervisory authority for data processing in connection with mail and telecommunications services:

Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit

(Federal Commissioner for Data Protection and Freedom of Information)

Graurheindorfer Straße 153

53117 Bonn, Germany

Other data processing by the controller:    

Die Landesbeauftragte für den Datenschutz Nordrhein-Westfalen

(State Commissioner for Data Protection of North Rhine-Westphalia)

Kavalleriestraße 2-4

40213 Düsseldorf, Germany

d) Name and contact details of the Data Protection Officer:

Deutsche Post AG

Gabriela Krader, LL.M

53250 Bonn, Germany

datenschutz@dpdhl.com

Personal data denotes any information concerning the personal or material circumstances of an identified or identifiable natural person. This includes, for example, your real name, address, telephone number and date of birth. Information that is not directly linked to your true identity – such as favorite websites or a site’s number of users – does not constitute personal data.

We process your data, for example,

• to satisfy the terms of the contract we signed with you or with a sender;
• to ensure that your visit to our websites/apps is as pleasant as possible;
• to send you a newsletter if you are a subscriber;
• to send or show you tailored advertising, to the extent permissible;
• to conduct a creditworthiness check as necessary;
• to satisfy legal requirements (e.g. the German Code of Criminal Procedure (StPO) or German Foreign Trade and Payments Act (AWG));
• in connection with our security requirements (e.g. to uncover criminal activity);
• to produce statistics;
• to secure payment;
• and for purposes of quality assurance, process optimization and reliable planning.

You will find further details on, for example, the type of data, the purpose of data processing, and the legal basis in the sections on the respective products.

Please use our contact form if you wish to exercise any of your rights.

• to obtain information on and access to the data stored about you,
• to demand that incorrect data we store concerning you be rectified,
• to have your personal data erased or, if statutory retention periods apply, restrict the processing of data no longer required for the specified purpose,
• to access the personal data you provided in a structured, commonly used and machine-readable format,
• to raise an objection if your data is being processed on the grounds of a legitimate interest / to the use of your data for advertising purposes / to your being subject to a decision based solely on automated processing, including profiling,
• to file a complaint with the competent supervisory authority if you suspect that your data has not been processed in compliance with data protection legislation.

If you do not provide the data indicated as being necessary, a contract cannot be established.

Should you wish to exercise any of your rights, please contact us

by contact form: www.deutschepost.de/datenschutz/kontakt.

If you exercise your right to object – especially to the use of your data for advertising purposes – please contact the address given in the relevant “Products and Services” section.

If you have consented to your personal data being used for a certain type of processing, you may withdraw such consent at any time with future effect by notifying us at the address we specified when you gave your consent. You will find this in the details regarding the “Products and Services” for which your consent was obtained.

The data will be stored for as long as necessary. The need therefor follows either from statutory retention periods, for example, as set forth in Section 257 of the German Commercial Code (HGB) or Section 147 of the German Fiscal Code (AO). In the absence of statutory retention periods, the data is stored for the purpose of fulfilling and settling the given contract and for evidencing proper fulfillment until the expiration of applicable liability periods; it is erased thereafter. Please also note that your data will be stored in our backup system and that backup files are continually overwritten whenever the system is updated.

When you visit our websites, our web servers temporarily store the following information as standard for the purpose of system security: the connection data of the requesting computer system, which of our websites you visit, the date and length of your visit, the data identifying the type of browser and operating system used, and the website from which you visit us. Other personal data, such as your name, address, telephone number or e-mail address, is not collected unless you provide this data voluntarily, for example as part of a registration procedure, survey, competition, performance of a contract or request for information.

The companies in the DHL Group would like to contact you with information about offers and other news relating to our products and services. If you register with our websites, we will therefore ask you to tell us whether you would like to receive direct promotional messages from us. As a customer of Deutsche Post, you will naturally continue to receive the necessary information on important changes relating to existing contracts (e.g. price changes).

We use tracking software on our websites to monitor their frequency of use and the number of users. This software does not collect personal data and IP addresses. The data is used exclusively in anonymized, summarized form for statistical purposes and for the development of the website.

If you register for the Deutsche Post AG newsletter, you declare that you agree to receive regular information by email about Deutsche Post AG and DHL Paket GmbH as well as the company’s products and offers.

You can withdraw your consent at any time and unsubscribe from the newsletter by clicking on the unsubscribe link in the email you receive.

Your data will be used exclusively to send you the Deutsche Post newsletter and never passed on to third parties or used for purposes other than those specified here.

Cookies are small files that enable us to store information related specifically to you, the user, on your PC while you visit one of our websites. Cookies help us to determine how frequently our Internet pages are accessed as well as the number of users. They also help us configure our offerings so that they are as convenient and efficient as possible for you.

On the one hand, we use, “session cookies”, i.e. cookies that are stored exclusively for the duration of your visit to one of our Internet pages. On the other, we use “persistent cookies” to retain information about visitors who repeatedly access one of our Internet pages. The purpose of using these cookies is to be able to offer you optimal user guidance as well as to “recognize” you and thus be able to present (as far as possible) diversified Internet pages and fresh content if you use the pages repeatedly. The content of a persistent cookie is limited to an identification number. Your name, IP address, etc. are not saved. We do not create an individual profile of your online activities.

You can also use our offerings without cookies. In your browser, you can deactivate the saving of cookies, limit them to certain websites or set your browser so that you are notified as soon as a cookie is sent. You can also delete cookies from your PC at any time (“cookies” folder). However, please note that in this case you will have to expect restricted page presentation and user guidance.

Deutsche Post takes all necessary technical and organizational security measures to protect your personal data from being lost or misused. For instance, your data is saved in a secure operating environment which is not accessible to the public. In certain cases, your personal data is encrypted by Secure Socket Layer (SSL) technology during transmission. This means that an approved encryption procedure is used for communication between your computer and the Deutsche Post servers if your browser supports SSL.

Should you wish to contact Deutsche Post by e-mail, we would like to point out that the confidentiality of the information sent cannot be guaranteed. The contents of e-mail messages can be read by third parties. We therefore advise you to send us confidential information solely by post.

It is also possible to use our products and services without cookies. You can normally deactivate the saving of cookies in your browser or limit them to certain websites. The browser can be set to notify you when a cookie is sent. You can also delete cookies from your hard drive at any time (“cookies” folder). However, in this case you will have to expect restricted page presentation and user guidance.

For detailed information on cookies, such as how to see which cookies have been set and how to manage and delete them, visit:

All About Cookies

For further EU-specific recommendations on cookies and the various opt-out options, please visit the following website:

Your Online Choices

If you wish to switch off general web tracking by Adobe SiteCatalyst (web-tracking cookies), you can find further information on the following website:

Link for individual cookies

Adobe Sitecatalist Tracking Opting OUT

If you wish to switch off some or all of the advertising cookies set on your computer, you can find further information on the following website:   

Network Advertising Initative (NAI)

The Trade Desk Cookie

We set cookies from The UK Trade Desk Ltd. 10th Floor, 1 Bartholomew Close London EC1A 7BL United Kingdom (for users from the European Economic Area and Switzerland) or from The UK Trade Desk Ltd, Global Privacy Office 2 Park Avenue, 5th Floor New York, NY 10016 (for other users). For more details, please see theTradeDesk privacy policy. The legal basis for this processing is your consent; Art. 6 para. 1 p. 1 lit. a) DSGVO.

Our website uses counting pixel technology provided by WiredMinds GmbH (www.wiredminds.de) to analyze visitor behavior. In connection with this, the IP address of the visitor is processed. The processing occurs only for the purpose of collecting company based information such as company name, for example. IP addresses of natural persons are excluded from any further processing by means of a whitelist.  An IP address is not stored in LeadLab under any circumstances.

While processing data, it is our outmost interest to protect the rights of natural persons. Our interest in processing data is based on Article 6(1)(f) GDPR. At no time is it possible to draw conclusions from the collected data on an identifiable person.

WiredMinds GmbH uses this information to create anonymized usage profiles of the visit behavior on our website. Data obtained during this process is not used to personally identify visitors of our website.

The data owner is Deutsche Post AG.

We use the personal data provided by you for the purpose of technical administration of our websites and to fulfill your wishes and requirements, i.e. generally to perform the contract concluded with you or to respond to your inquiry.

To increase security in online retailing for our customers and safeguard our own legitimate interests, the Deutsche Post Webshop uses AI-powered tools to recognize and prevent fraud in a timely fashion. We compare the data in any order or request with the customer's purchasing history (if there is one) to check for discrepancies that may be suspect. In cases of suspicion, specific payment methods may not be available or your order/request will be checked again manually by our staff. This may lead to a slight delay in order processing in some cases. Data are not forwarded to third parties during this review.

Moreover, Deutsche Post reserves the right to send the surname, first name and full address of the customer to the credit reporting agency Verband der Vereine Creditreform e.V., Postfach 10 15 53, 41415 Neuss, company address: Hellersbergstraße 12, 41460 Neuss, Germany, so that the customer’s creditworthiness can be checked. Further checks on the customer’s creditworthiness may be conducted, depending on the order value.

We also use your postal address, where permitted by law, to send you offerings and information of interest to you. You can object to this use of your data at any time. To do so, please contact our customer service: service-shop[at]deutschepost.de.

We would also be pleased to contact you by e-mail so as to supply you with information on offers and further news about our products and services. If you register with our online shop, we will ask you to tell us whether you would like to receive direct promotional messages from us in the form of a newsletter. It goes without saying that you, as a customer of Deutsche Post AG, will continue to receive the necessary information and details of important changes in connection with existing service agreements, regardless of such consent to or any objection to use of your data for advertising purposes.

Your data is not forwarded, sold or transmitted to third parties unless that is necessary for the purpose of performing the contract or you have given your explicit consent. It may be necessary, for example, for us to disclose your address and order data to our suppliers when you order products. We will disclose data to government bodies only if required by law to do so.

One of the services used by Deutsche Post AG to process credit card payments is the Braintree service of payment service provider PayPal (Europe) S.á r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. If you pay by credit card, the data required to process the transaction (credit card number, expiry date and CVV number) will be collected and processed by the payment service provider. The legal basis for data processing is Article 6(1)(b) of the GDPR as data processing is necessary for payment and thus for the performance of the contract. PayPal’s data protection provisions can be inspected in the PayPal data privacy statement.

Giropay and credit card payments are handled by EVO Payments International GmbH, Elsa-Brändström-Straße 10-12, 50668 Cologne, Germany (EVO). The data required to process the transaction will be collected and processed by the payment service provider. The legal basis for data processing is Article 6(1)(b) of the GDPR as data processing is necessary for payment and thus for the performance of the contract. The relevant data protection provisions for Giropay and credit card payments can be inspected in the data privacy policy of EVO Payments International GmbH.

It is also possible to pay using the online payment service PayPal. The European operator of PayPal is PayPal (Europe) S.á.r.l. & Cie. S.C.A. 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. If you select PayPal as your payment method, the data required for the payment process will be transmitted to PayPal. By selecting this payment option, you consent to the transmission of your personal data necessary for processing your payment. The following data is generally transferred to PayPal: name, address, company name, e-mail address, landline and mobile number, and IP address. Personal data related to the respective shipping order is also required in order to process the contract. The legal basis for data processing is Article 6(1)(b) of the GDPR as data processing is necessary for payment using PayPal and thus for the performance of the contract.

In addition, customers are able to make payments by entering into a billing agreement with PayPal. The following must be transferred in order to create a billing agreement: name, address, e-mail address and possibly a phone number. The legal basis for data processing is Article 6(1)(b) of the GDPR as data processing is necessary for payment and thus for the performance of the contract.  Under certain circumstances, PayPal may transfer the data it receives to credit bureaus. This is for the purpose of identity verification and credit checking. PayPal’s data protection provisions can be inspected in the PayPal data privacy statement. For direct debit payments, Deutsche Post AG does not use a payment service provider. Only the data necessary to complete the payment transaction is processed. The legal basis is Article 6(1)(b) of the GDPR; performance of a contract.

With the exception of the name of the payment service provider used and anonymized IDs (which are necessary in order to process withdrawal or cancellation requests), Deutsche Post AG does not store any details on the payment. The legal basis is Article 6(1)(b) of the GDPR as data processing is necessary for reversal of the payment and thus for the performance of the contract. The entire payment process and the use of the payment data required for this purpose is handled solely by the payment service provider.

We use tracking software (Adobe Analytics) on our website to monitor their frequency of use and the number of users. This software does not collect personal data and IP addresses. The data is used exclusively in anonymized, summarized form for statistical purposes and for the development of the website.

You can find an opt-out, i.e. means of deactivating web tracking on our website for your browser, on the following site:

Web tracking opt-out

• Opening and click rate for the newsletter
• Usage behavior on the website (e.g. purchases)

The analysis is conducted using the technology of Episerver GmbH with the help of what are known as "cookies" - small text files that are saved on your computer or mobile terminal device. These cookies enable us to recognize your browser the next time you visit our website. You can delete the cookies in your browser or change your consent to the use of certain cookies at any time under the cookie settings (in the footer).

The data is never disclosed to third parties or used for purposes other than those specified here. You can revoke your consent at any time with effect for the future. Notifying us by e-mail at service-shop[at]deutschepost.de is sufficient.

In addition, you can cancel your subscription to the newsletter at any time by clicking on the Unsubscribe link in the footer that is included in every newsletter.

Cookies are small files that enable us to store information related specifically to you, the user, on your PC while you visit one of our websites. Cookies help us to determine how frequently our Internet pages are accessed as well as the number of users. They also help us configure our offerings so that they are as convenient and efficient as possible for you.

On the one hand, we use, “session cookies”, i.e. cookies that are stored exclusively for the duration of your visit to one of our Internet pages. On the other, we use “persistent cookies” to retain information about visitors who repeatedly access one of our Internet pages. The purpose of using these cookies is to be able to offer you optimal user guidance as well as to “recognize” you and thus be able to present (as far as possible) diversified Internet pages and fresh content if you use the pages repeatedly. The content of a persistent cookie is limited to an identification number. Your name, IP address, etc. are not saved. We do not create an individual profile of your online activities.

You can also use our offerings without cookies. In your browser, you can deactivate the saving of cookies, limit them to certain websites or set your browser so that you are notified as soon as a cookie is sent. You can also delete cookies from your PC at any time (“cookies” folder). However, please note that in this case you will have to expect restricted page presentation and user guidance.

Cookie Preferences

Adform Cookies

Google Analytics cookies

We have taken extensive technical and organizational security precautions to protect your personal data stored by us against unauthorized access and misuse. Our security procedures are reviewed regularly and adapted to technological advances.

When you visit our websites, our web servers temporarily store the following information as standard for the purpose of system security: the connection data of the requesting computer system, which of our websites you visit, the date and length of your visit, the data identifying the type of browser and operating system used, and the website from which you visit us. Other personal data, such as your name, address, telephone number or e-mail address, is not collected unless you provide this data voluntarily, for example as part of a registration procedure, survey, competition, performance of a contract or request for information.

We use the personal data provided by you exclusively for the purpose of technical administration of our websites and to fulfill your wishes and requirements, i.e. generally to perform the contract concluded with you or to respond to your inquiry.

We only use such data for product-related surveys and marketing purposes if you have given us your prior consent and if you have not filed an objection, insofar as this is permitted by law.

Your personal data is not disclosed, sold or otherwise transferred to third parties, unless that is necessary for handling the contract or you have given your explicit consent. It may be necessary, for example, for us to disclose your address and order data to our suppliers when you order products.

The companies in the DHL Group would like to contact you with information about offers and other news relating to our products and services. If you register with our websites, we will therefore ask you to tell us whether you would like to receive direct promotional messages from us. As a customer of Deutsche Post, you will naturally continue to receive the necessary information on important changes relating to existing contracts (e.g. price changes).

We use tracking software on our websites to monitor their frequency of use and the number of users. This software does not collect personal data and IP addresses. The data is used exclusively in anonymized, summarized form for statistical purposes and for the development of the website.

Cookies are small files that enable us to store information related specifically to you, the user, on your PC while you visit one of our websites. Cookies help us to determine how frequently our Internet pages are accessed as well as the number of users. They also help us configure our offerings so that they are as convenient and efficient as possible for you.

On the one hand, we use, “session cookies”, i.e. cookies that are stored exclusively for the duration of your visit to one of our Internet pages. On the other, we use “persistent cookies” to retain information about visitors who repeatedly access one of our Internet pages. The purpose of using these cookies is to be able to offer you optimal user guidance as well as to “recognize” you and thus be able to present (as far as possible) diversified Internet pages and fresh content if you use the pages repeatedly. The content of a persistent cookie is limited to an identification number. Your name, IP address, etc. are not saved. We do not create an individual profile of your online activities.

You can also use our offerings without cookies. In your browser, you can deactivate the saving of cookies, limit them to certain websites or set your browser so that you are notified as soon as a cookie is sent. You can also delete cookies from your PC at any time (“cookies” folder). However, please note that in this case you will have to expect restricted page presentation and user guidance.

Deutsche Post takes all necessary technical and organizational security measures to protect your personal data from being lost or misused. For instance, your data is saved in a secure operating environment which is not accessible to the public. In certain cases, your personal data is encrypted by Secure Socket Layer (SSL) technology during transmission. This means that an approved encryption procedure is used for communication between your computer and the Deutsche Post servers if your browser supports SSL.

Should you wish to contact Deutsche Post by e-mail, we would like to point out that the confidentiality of the information sent cannot be guaranteed. The contents of e-mail messages can be read by third parties. We therefore advise you to send us confidential information solely by post.

By integrating Open Street Maps for location searches, Deutsche Post has enhanced the user experience on our website. You can use the location finder on this website to search for retail outlets, Packstations and Paketshops, which are then displayed on Open Street Map.

The map is provided by Open Street Map. The following data are processed for this purpose:

• The user's IP address
• The browser and browser preferences such as the size and resolution, plugins, date, and language setting
• The user’s location – only if the user gives explicit consent by confirming the “Allow www.dhl.de to access your location?” browser prompt

Data is processed on the basis of Article 6(1)(a) of the EU's General Data Protection Regulation. By clicking on “Enable map” you consent to the transfer of data to the service provider. In the context of a location search, the map allows customers to view the route from their current location to the retail outlet or Packstation. This service would not be possible without displaying a map.

During the location search, only the search address entered by the user is forwarded. We will not link the search to the user, nor will the search data be saved.

In the location search for postal retail outlets, DHL parcel shops, Packstations and additional automated services, Deutsche Post helps customers navigate to a postal location by linking to the Google Maps website of Google Inc. (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).

To ensure that you do not have to re-enter into Google Maps the starting and destination addresses for your navigation, the following data are transmitted there when you click on “Mit Google Maps navigieren” (“Navigate with Google Maps”):

• Referrer (address of the location finder website)
• IP address of the user
• Browser; browser preferences, size and resolution; browser plugins; date; language setting
• User’s location – only if the user explicitly confirms the browser prompt “www.deutschepost.de möchte deinen Standort abrufen” (“www.deutschepost.de would like to access your location”);
• otherwise, the location entered into the search input field (address, postal code or city/town) is used as the starting address for the navigation
• Destination address of the accessed postal location
• Selected travel mode (walking, car, public transportation)

Data are processed on the basis of Article 6(1)(a) of the General Data Protection Regulation (GDPR). By clicking on “Mit Google Maps navigieren” (“Navigate with Google Maps”), you authorize the transfer of data to Google Maps. In the context of a location search, the map shows customers the route to the retail outlet/Packstation. This service would not be possible without displaying a map.

We neither link the search to the user nor save search-user data.

Data generated through the use of Google Maps and the information obtained through Google Maps are processed according to the terms and conditions of Google and the additional terms and conditions for Google Maps/Google Earth. The Google data privacy statement also applies.

When you visit our websites, our web servers temporarily store the following information as standard for the purpose of system security: the connection data of the requesting computer system, which of our websites you visit, the date and length of your visit, the data identifying the type of browser and operating system used, and the website from which you visit us. Other personal data, such as your name, address, telephone number or e-mail address, is not collected unless you provide this data voluntarily, for example as part of a registration procedure, survey, competition, performance of a contract or request for information.

We use the personal data provided by you exclusively for the purpose of technical administration of our websites and to fulfill your wishes and requirements, i.e. generally to perform the contract concluded with you or to respond to your inquiry.

We only use such data for product-related surveys and marketing purposes if you have given us your prior consent and if you have not filed an objection, insofar as this is permitted by law.

Your personal data is not disclosed, sold or otherwise transferred to third parties, unless that is necessary for handling the contract or you have given your explicit consent. It may be necessary, for example, for us to disclose your address and order data to our suppliers when you order products.

The companies in the DHL Group would like to contact you with information about offers and other news relating to our products and services. If you register with our websites, we will therefore ask you to tell us whether you would like to receive direct promotional messages from us. As a customer of Deutsche Post, you will naturally continue to receive the necessary information on important changes relating to existing contracts (e.g. price changes).

We use tracking software on our websites to monitor their frequency of use and the number of users. This software does not collect personal data and IP addresses. The data is used exclusively in anonymized, summarized form for statistical purposes and for the development of the website.

Cookies are small files that enable us to store information related specifically to you, the user, on your PC while you visit one of our websites. Cookies help us to determine how frequently our Internet pages are accessed as well as the number of users. They also help us configure our offerings so that they are as convenient and efficient as possible for you.

On the one hand, we use, “session cookies”, i.e. cookies that are stored exclusively for the duration of your visit to one of our Internet pages. On the other, we use “persistent cookies” to retain information about visitors who repeatedly access one of our Internet pages. The purpose of using these cookies is to be able to offer you optimal user guidance as well as to “recognize” you and thus be able to present (as far as possible) diversified Internet pages and fresh content if you use the pages repeatedly. The content of a persistent cookie is limited to an identification number. Your name, IP address, etc. are not saved. We do not create an individual profile of your online activities.

You can also use our offerings without cookies. In your browser, you can deactivate the saving of cookies, limit them to certain websites or set your browser so that you are notified as soon as a cookie is sent. You can also delete cookies from your PC at any time (“cookies” folder). However, please note that in this case you will have to expect restricted page presentation and user guidance.

Deutsche Post takes all necessary technical and organizational security measures to protect your personal data from being lost or misused. For instance, your data is saved in a secure operating environment which is not accessible to the public. In certain cases, your personal data is encrypted by Secure Socket Layer (SSL) technology during transmission. This means that an approved encryption procedure is used for communication between your computer and the Deutsche Post servers if your browser supports SSL.

Should you wish to contact Deutsche Post by e-mail, we would like to point out that the confidentiality of the information sent cannot be guaranteed. The contents of e-mail messages can be read by third parties. We therefore advise you to send us confidential information solely by post.

When you visit the Online Franking Post service, our web servers store the following information as standard for the purpose of system security: the connection data of the requesting device, which of our websites you visit, the date and length of your visit, data identifying the type of browser and operating system used and the website from which you visit us. If you place an order, your purchaser data is stored for the period required by law. The legal basis for data processing is Art. 6, para. 1, lit. b of the European Union General Data Protection Regulation (GDPR), as data processing is necessary for the performance the contract.

Your IP address is also temporarily stored as part of an order for a period of 6 months. This data is stored explicitly to ensure IT security and to prevent and investigate fraud. Deutsche Post AG has a legitimate interest in this so as to ensure a smooth process. The legal basis for this is Art. 6 para. 1 lit. f of the GDPR.

Other personal data, such as your name, address or telephone number, is not collected by the Online Franking Post service unless you provide this data voluntarily, for example as part of a survey or request for information. The legal basis in these cases is Art. 6, para. 1, sentence 1 lit. a of the GDPR, i.e. your consent. 

Deutsche Post AG’s Online Franking Post service allows you to purchase stamps (mobile and online stamps) that you can use to send any of your letters or postcards across the country. In order to comply with legal requirements (e.g., Section 99 of the German Code of Criminal Procedure (StPO), Section 65 of the German Postal Act (PostG), Section 257 of the German Commercial Code (HGB), Section 147 of the German Fiscal Code (AO, GoBD)) and to ensure that the contract can be processed and fulfilled in accordance with Article 6 (1)(b) of the GDPR, the buyer’s personal data is processed and retained for the applicable statutory periods. In particular:

• Method of receipt
• Type and number of the product
• Email address of the buyer
• Payment type
• Recent purchases (purchase date, order number, Portocode of the mobile stamp and/or access to the PDF file with the purchased online stamp, email address in case of cancellation)

When you buy a stamp via the Online Franking Post service, various payment methods are available.

One payment method is the online payment service PayPal. The European operator of PayPal is PayPal (Europe) S.á.r.l. & Cie. S.C.A. 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. If you select PayPal as your payment method, the data required for the payment process will be transmitted to PayPal. By selecting this payment option, you consent to the transmission of your personal data necessary for processing your payment.

Alternatively, a credit card can be used for paying for stamps issued by the Online Franking Post service. We use the Braintree payment service offered by PayPal (Europe) S.á.r.l. & Cie. S.C.A. 22-24 Boulevard Royal, 2449 Luxembourg, Luxemburg, for this purpose. The data required to process the transaction (credit card number, expiry data and security code) will be collected and processed by the payment service provider.

We also offer the option of processing payments using Apple Pay. The data required to process the transaction will be collected and processed by the payment service provider. To carry out the payment transaction, personal data such as name, address, company name, email address, landline and mobile number and IP address is regularly transmitted to Apple Pay. The payment provider’s respective data privacy provisions apply. You can find a link in the section below.

These companies to which we transmit personal data are independent controllers, which means that we are not the ones who determine how the data that we transmit is processed. When your data is forwarded to independent controllers, their data privacy provisions apply. We recommend that you read their privacy policies and familiarize yourself with your data privacy rights before interacting with them.

With the exception of the name of the payment service provider used and anonymized IDs (which are necessary in order to process withdrawal or cancellation requests), Deutsche Post AG does not store any details on the payment. The entire payment process and the use of the payment data required for this purpose is handled solely by the payment service provider.

PayPal’s data protection provisions can be inspected in the PayPal data privacy policy. The data privacy policy for the use of the Braintree service can be found at https://www.braintreepayments.com/legal.

You can find the data privacy provisions of Apple Pay at: Apple Pay data privacy provisions.

We would like to point out the possibility of transmission to a third country as part of data transmission to these payment service providers. This means that, in order to provde the listed payment services, we may have to transmit certain data to these payment providers located in countries without an appropriate level of data privacy (e.g. to the United States). You acknowledge that these entities may be subject to laws and regulations in their respective jurisdictions that could obligate them to forward data to the relevant authorities in the respective country. By using the payment services, you consent to us transmitting such data for the purpose of providing the services.

To make it easier for you to use your stamps, purchase-specific data such as your order number, date of purchase, email address and the type of postage purchased is stored locally on your mobile device for 30 days or until you uninstall the Post & DHL app, and can be found in the “Recent Purchases” section of the app. The legal basis for this is Art 6 para. 1, lit. b of GDPR. Your email address is necessary for order processing so that we can confirm your purchase. The legal basis for the processing is Article 6 (1)c of the GDPR in conjunction with section 368 of the BGB (“Quittung”). Additionally, your email address is stored in the app to enable you to cancel if you so choose. Email addresses are only stored locally and are therefore only saved within the application on your mobile device. The legal basis in this regard is Article 6 (1)b of the General Data Protection Regulation (GDPR).

For an easier and more pleasant purchasing process, you can also choose to save your email address so it will already be filled in when you next want to make a purchase. Email address are only stored locally, and so are only saved within the application on your mobile device. The legal basis for this is Article 6, para. 1, sentence 1, lit. a of GDPR, i.e. your consent.

We will disclose data to government bodies only if required by law to do so.

We use tracking software (Adobe Analytics) on our website to monitor their frequency of use and the number of users. This software does not collect personal data or IP addresses. The data is used exclusively in anonymized, summarized form for statistical purposes and for the development of the website.

"Cookies" are small files that allow us to store specific personal information about you, the user, on your device while you are visiting our websites. Cookies help us to determine how frequently our Internet pages are accessed as well as the number of users. And they help us configure our offers so that they are as convenient and efficient as possible for you.

On the one hand, we use "session cookies", i.e. cookies that are stored exclusively for the duration of your visit to one of our Internet pages. On the other, we use "permanent cookies” to retain information about visitors who repeatedly access one of our Internet pages. The purpose of using cookies is to be able to offer you optimal user guidance as well as to "recognize" you and thus be able to present (as far as possible) diversified Internet pages and fresh content during repeated use. The content of a permanent cookie is limited to an identification number. Name, IP address, etc. are not saved. We do not create an individual profile of your online activities.

Using our products and services without cookies is also possible. In your browser, you can deactivate the saving of cookies, limit them to particular websites and set the browser to notify you when a cookie is sent. You can also delete cookies from your computer hard drive at any time (file: "cookies"). Please note that in this case you will have to expect a limited page presentation and limited user guidance.

We have taken extensive technical and organizational security precautions to protect your personal data stored by us against unauthorized access and misuse. Our security procedures are reviewed regularly and adapted to technological advances.

Item tracking allows you to track a shipment addressed to or sent by you and see when it is likely to be delivered. In order to track an item, simply enter your shipment number to see the current status of your consignment. You also receive all the important detailed information on your shipment. In addition, a sender or recipient can obtain further information on the respective shipment by e-mail or text message. To this end, the e-mail address or mobile phone number of the message recipient can be entered and the notification function activated. In this case, the person entering the data must make sure that the message recipient agrees to their e-mail address, mobile phone number and notification being processed.

The following data are processed in the context of item tracking, for example: shipment number, sender’s name and address, recipient’s name and address, sender’s/recipient’s e-mail address if selected, name and address of substitute recipient if selected, sender’s customer data, product or service designation, item transport history, recipient’s signature, confirmation of minimum age check (over 16/over 18).

Data are processed for the performance of a contract on the basis of Article 6(1)(b) GDPR.

In selected cases, DHL shipment tracking offers you a live tracking option for your item. Live tracking enables you to track the route of your parcel on a live map on the day of delivery. The legal basis is Art. 6(1)(b) GDPR, as this processing takes place for performance of a contract.

Tracking of domestic express shipments transported by DHL Express Germany GmbH is also possible on this page using item tracking. The legal basis is Art. 6(1)(b) GDPR, as this processing takes place for performance of a contract.

By integrating Google Maps for delivery to a Packstation or postal retail outlet, DHL Paket GmbH has improved the user experience on this website.

• Item tracking: for some shipments we offer the live tracking function, which allows you to track the route of your item live on a Google Maps map.
• Delivery to Packstation/retail outlet: the item tracking function notifies you when the option exists to reroute your shipment to a Packstation or retail outlet if you will not be home at the designated delivery time. You can select your preferred Packstation or retail outlet on a Google Maps map.

We use Google Maps from Google Inc. (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to display the maps. The following data are transferred to Google:

• Referrer (address of the page on which Google Maps is being used)
• IP address of the user
• Google account (if the user is registered with Google, the account will be recognized and correctly assigned)
• Browser; browser preferences, size and resolution; browser plugins; date; language setting
• User’s location – only if the user explicitly confirms the browser prompt “Soll www.dhl.de auf Ihren Standort zugreifen dürfen?” (“Allow www.dhl.de to access your location?”)

The data are processed on the basis of Article 6(1)(f) GDPR. DHL Paket GmbH has a legitimate interest in displaying the DHL locations as accurately as possible for its customers, as one in ten website visitors submit a search request while on the website. In the context of a location search, the map also shows customers the route from their current location to the retail outlet/Packstation. This service would not be possible without displaying a map.

During the location search, only the search address entered by the user is forwarded. We will not link the search to the user, nor will it be saved.

Google data protection statement

When you visit the website of the Print-Mailing Planner at dm.deutschepost.de, the website from which you visit us, the pages you visit on our website, and the date and time of access are stored. Other personal data, such as your name, address, telephone number or e-mail address, is not collected unless you provide this data voluntarily, for example during registration, when you place an order for a product or service online, or as part of a survey, competition or request for information. If you place an order, your purchaser data is stored for the period of time customary under commercial law.

We use the personal data provided by you exclusively for the purpose of technical administration of our websites and to fulfill your wishes and requirements, i.e. generally to perform the contract concluded with you or to respond to your inquiry.

We only use such data for product-related surveys and marketing purposes if you have given us your prior consent and if you have not filed an objection, insofar as this is permitted by law.

Your personal data is not disclosed, sold or otherwise transferred to third parties, unless that is necessary for handling the contract or you have given your explicit consent. It may be necessary, for example, for us to disclose your address and order data to our suppliers when you order products.

We use tracking software on our websites to monitor their frequency of use and the number of users. This software does not collect personal data and IP addresses. The data is used exclusively in anonymized, summarized form for statistical purposes and for the development of the website.

Cookies are small files that enable us to store information related specifically to you, the user, on your PC while you visit one of our websites. Cookies help us to determine how frequently our Internet pages are accessed as well as the number of users. They also help us configure our offerings so that they are as convenient and efficient as possible for you.

On the one hand, we use, “session cookies”, i.e. cookies that are stored exclusively for the duration of your visit to one of our Internet pages. On the other, we use “persistent cookies” to retain information about visitors who repeatedly access one of our Internet pages. The purpose of using these cookies is to be able to offer you optimal user guidance as well as to “recognize” you and thus be able to present (as far as possible) diversified Internet pages and fresh content if you use the pages repeatedly. The content of a persistent cookie is limited to an identification number. Your name, IP address, etc. are not saved. We do not create an individual profile of your online activities.

You can also use our offerings without cookies. In your browser, you can deactivate the saving of cookies, limit them to certain websites or set your browser so that you are notified as soon as a cookie is sent. You can also delete cookies from your PC at any time (“cookies” folder). However, please note that in this case you will have to expect restricted page presentation and user guidance.

Deutsche Post takes all necessary technical and organizational security measures to protect your personal data from being lost or misused. For instance, your data is saved in a secure operating environment which is not accessible to the public. In certain cases, your personal data is encrypted by Secure Socket Layer (SSL) technology during transmission. This means that an approved encryption procedure is used for communication between your computer and the Deutsche Post servers if your browser supports SSL.

Should you wish to contact Deutsche Post by e-mail, we would like to point out that the confidentiality of the information sent cannot be guaranteed. The contents of e-mail messages can be read by third parties. We therefore advise you to send us confidential information solely by mail.

It is also possible to use our products and services without cookies. You can normally deactivate the saving of cookies in your browser or limit them to certain websites. The browser can be set to notify you when a cookie is sent. You can also delete cookies from your hard drive at any time (“cookies” folder). However, in this case you will have to expect restricted page presentation and user guidance.

For detailed information on cookies, such as how to see which cookies have been set and how to manage and delete them, visit:

All About Cookies

For further EU-specific recommendations on cookies and the various opt-out options, please visit the following website:

Your Online Choices

If you wish to switch off general web tracking by Adobe SiteCatalyst (web-tracking cookies), you can find further information on the following website:

Link for individual cookies

Adobe Analytics Tracking Opting OUT

If you wish to switch off some or all of the advertising cookies set on your computer, you can find further information on the following website:

Network Advertising Initative (NAI)

Our website uses counting pixel technology provided by WiredMinds GmbH (www.wiredminds.de) to analyze visitor behavior. In connection with this, the IP address of the visitor is processed. The processing occurs only for the purpose of collecting company based information such as company name, for example. IP addresses of natural persons are excluded from any further processing by means of a whitelist.  An IP address is not stored in LeadLab under any circumstances.

While processing data, it is our outmost interest to protect the rights of natural persons. Our interest in processing data is based on Article 6(1)(f) GDPR. At no time is it possible to draw conclusions from the collected data on an identifiable person.

WiredMinds GmbH uses this information to create anonymized usage profiles of the visit behavior on our website. Data obtained during this process is not used to personally identify visitors of our website.

When you visit the website of the TRACK&MATCH service at tm.deutschepost.de, the website from which you visit us, the pages you visit on our website, and the date and time of access are stored. Other personal data, such as your name, address, telephone number or e-mail address, is not collected unless you provide this data voluntarily, for example during registration, when you place an order for a product or service online, or as part of a survey, competition or request for information. If you place an order, your purchaser data is stored for the period of time customary under commercial law.

We use the personal data provided by you exclusively for the purpose of technical administration of our websites and to fulfill your wishes and requirements, i.e. generally to perform the contract concluded with you or to respond to your inquiry.

We only use such data for product-related surveys and marketing purposes if you have given us your prior consent and if you have not filed an objection, insofar as this is permitted by law.

Your personal data is not disclosed, sold or otherwise transferred to third parties, unless this is necessary for handling the contract or you have given your explicit consent. It may be necessary, for example, for us to disclose your address and order data to our suppliers when you order products.

We use tracking software on our websites to monitor their frequency of use and the number of users. This software does not collect personal data and IP addresses. The data is used exclusively in anonymized, summarized form for statistical purposes and for the development of the website.

Cookies are small files that enable us to store information related specifically to you, the user, on your PC while you visit one of our websites. Cookies help us to determine how frequently our Internet pages are accessed as well as the number of users. They also help us configure our offerings so that they are as convenient and efficient as possible for you.

On the one hand, we use, “session cookies”, i.e. cookies that are stored exclusively for the duration of your visit to one of our Internet pages. On the other, we use “persistent cookies” to retain information about visitors who repeatedly access one of our Internet pages. The purpose of using these cookies is to be able to offer you optimal user guidance as well as to “recognize” you and thus be able to present (as far as possible) diversified Internet pages and fresh content if you use the pages repeatedly. The content of a persistent cookie is limited to an identification number. Your name, IP address, etc. are not saved. We do not create an individual profile of your online activities.

You can also use our offerings without cookies. In your browser, you can deactivate the saving of cookies, limit them to certain websites or set your browser so that you are notified as soon as a cookie is sent. You can also delete cookies from your PC at any time (“cookies” folder). However, please note that in this case you will have to expect restricted page presentation and user guidance.

Deutsche Post takes all necessary technical and organizational security measures to protect your personal data from being lost or misused. For instance, your data is saved in a secure operating environment which is not accessible to the public. In certain cases, your personal data is encrypted by Secure Socket Layer (SSL) technology during transmission. This means that an approved encryption procedure is used for communication between your computer and the Deutsche Post servers if your browser supports SSL.

Should you wish to contact Deutsche Post by e-mail, we would like to point out that the confidentiality of the information sent cannot be guaranteed. The contents of e-mail messages can be read by third parties. We therefore advise you to send us confidential information solely by mail.

It is also possible to use our products and services without cookies. You can normally deactivate the saving of cookies in your browser or limit them to certain websites. The browser can be set to notify you when a cookie is sent. You can also delete cookies from your hard drive at any time (“cookies” folder). However, in this case you will have to expect restricted page presentation and user guidance.

For detailed information on cookies, such as how to see which cookies have been set and how to manage and delete them, visit:

All About Cookies

For further EU-specific recommendations on cookies and the various opt-out options, please visit the following website:

Your Online Choices

If you wish to switch off general web tracking by Adobe SiteCatalyst (web-tracking cookies), you can find further information on the following website:

Link for individual cookies

Adobe Analytics Tracking Opting OUT

If you wish to switch off some or all of the advertising cookies set on your computer, you can find further information on the following website:

Network Advertising Initative (NAI)

When you visit our websites, our web servers store the following information as standard for the purpose of system security: the connection data of the requesting device, which of our websites you visit, the date and length of your visit, data identifying the type of browser and operating system used and the website from which you visit us. The legal basis for data processing, for the purpose of system security, is art. 6, para. 1, lit. b of the European Union General Data Protection Regulation (GDPR), as data processing is necessary to the performance the contract.

In addition to this, personal data such as your name, address, mobile telephone number or e-mail address is only recorded by E-POST when you voluntarily register for the service or use the online contact option to send us an inquiry. The legal basis in these cases is Art. 6(1) sentence 1 lit. a of the GDPR, i.e., your consent.

We use the personal data provided by you exclusively for the purpose of technical administration of our websites and to fulfill your wishes and requirements, i.e. generally to perform the contract concluded with you or to respond to your inquiry. The legal basis for data processing is art. 6, para. 1, lit. b of GDPR.

Your personal data is not forwarded, sold or otherwise transferred to third parties, unless

• this is necessary for performing the contract, or
• you are to be advised regarding the system for hybrid dispatch using docuguide and/or connected to it. Employees of the Formware GmbH technical service provider are involved in the provision of this service. For this reason, the above-listed data is provided to the technical service provider.
• The legal basis for data processing is art. 6, para. 1, lit. b of GDPR.

DHL Group generally uses tracking software (Adobe Analytics) on all of its websites to monitor their frequency of use and the number of users. This software does not collect personal data or IP addresses. The data is used exclusively in anonymized, summarized form for statistical purposes and for the development of the website.

"Cookies" are small files that allow us to store specific personal information about you, the user, on your device while you are visiting our websites. Cookies also help us to determine how frequently sites are accessed, as well as the number of users, and help us to configure our offers so that they are as convenient and efficient as possible for you.

We only use what are called “session cookies”, that is to say, cookies that are stored only for the duration of your visit to our sites. 

Using our products and services without cookies is also possible. In your browser, you can deactivate the saving of cookies, limit them to certain websites or be notified as soon as a cookie is sent. You can also delete cookies from your computer at any time (“cookies” folder). Please note that in this case you will have to expect a limited page presentation and limited user guidance.

Deutsche Post takes all of the necessary technical and organizational security measures to protect your personal data from being lost or misused. For instance, your data is stored in a secure operating environment which is not accessible to the public. In certain cases, your personal data is encrypted by Secure Socket Layer (SSL) technology during transmission. This means that an approved encryption procedure is used for communication between your computer and the Deutsche Post servers if your browser supports SSL.

Thank you for visiting Deutsche Post AG's social media pages and for your interest in our company and our products and services. Please find below information on some aspects of data protection law in relation to your use of our social media pages.

Our social media pages are provided by the respective social media platform operators in accordance with the valid terms of use. The respective platform operator has sole responsibility for technical operation of these pages.

Deutsche Post AG has sole responsibility for the content placed on its social media pages (e.g. information about our company, products, services, competitions, campaigns), and for interaction with visitors to the pages.

The social media platform operators manage the entirety of the platforms' IT infrastructure, provide their own data protection information notices, and are in an independent relationship with the respective platforms' registered users. The social media platform operators have sole responsibility for all data protection matters relating to your user profile, to which we have no access.

• Firstly, we have no influence on data processing operations carried out by the social media platform operators, and secondly we are unable to ascertain the extent to which, the purposes for which and the duration for which the data are stored by the social media platform operators and, where applicable, are analysed, linked and forwarded to third parties.

Please note that in certain circumstances, your data may also be processed outside of the European Union/the European Economic Area. This can present data protection risks for users as an appropriate level of data protection may not be guaranteed, and enforcing the rights of data subjects may be restricted..

Please ensure that you consult the respective data protection information notices and cookie policies to find out about data processing operations by the social media platforms and how you can exercise your rights vis-à-vis the social media platform operators.

• Facebook: https://www.facebook.com/policy.php
• Instagram: https://privacycenter.instagram.com/policy
• X: https://x.com/de/privacy
• LinkedIn: https://de.linkedin.com/legal/privacy-policy
• YouTube: https://policies.google.com/privacy?hl=de
• TikTok: https://www.tiktok.com/legal/privacy-policy-eea?lang=en
• If you wish to contact Deutsche Post AG directly, i.e. without using social media platforms, please use the contact details provided on our website.

Deutsche Post AG is the controller for the information provided by it and for the data processing operations for which it is responsible on the following social media pages:

• Facebook: https://www.facebook.com/DHLPaket
• Instagram: https://www.instagram.com/deutschepost
• TikTok: https://www.tiktok.com/@deutschepostdhl
• X: https://x.com/deutschepostdhl, https://x.com/DHLPaket
• Youtube: https://www.youtube.com/deutschepostdhl
• LinkedIn: https://de.linkedin.com/company/deutsche-post-und-dhl

Where personal data are processed in the context of page insights, the platform operators designated below have joint responsibility with us for data processing. Joint processing is carried out on the basis of an agreement between the joint controllers pursuant to Article 26 GDPR.

• Facebook/Instagram: Facebook
• LinkedIn: LinkedIn Pages Joint Controller Addendum

3.1    Data processing within the framework of our social media pages

We use our social media pages to share information with you about, for example, our company, products, services, campaigns and competitions, and to interact with you on various topics and answer your enquiries accordingly. The associated data processing is carried out in order to safeguard our legitimate interests pursuant to Article 6 (1) lit. f) GDPR. Our legitimate interest concerns PR and communication.

The data provided by you on our pages such as comments, likes, images, videos, etc. are disclosed by the social media platform operators and are processed by us solely for the aforementioned purposes. We merely reserve the right to delete illegal content should this be necessary. This applies, for example, in the event of infringing or illegal posts, hate comments, offensive comments (explicitly sexual content) or attachments (e.g. images or videos), which may potentially infringe copyright laws, personal rights, penal laws or the ethical principles of Deutsche Post AG.

Within the context of competitions, data are collected for the purpose of their implementation and management. The relevant details, for example on which data are processed for which purpose, can be found in the data protection information notices and terms of participation for the respective competition.

If you wish to replace existing personal data held by us, we recommend that you contact our Customer Service department.

3.2    Data processing of page insights for statistical purposes

The social media platform operators of Facebook, Instagram and LinkedIn provide us with page insights, for which we are responsible together with the platform operators. Page insights are anonymous statistics which are created based on specific events and which are recorded by the social media platforms using cookies and similar technologies when a user such as yourself is active on our social media pages. We can use the page insights, which do not contain any personal data, to identify which types of content are requested particularly frequently by which group of persons. This enables us to optimise our social media pages. This constitutes a legitimate interest of ours for the data processing that is carried out. The legal basis for data processing within the context of the page insights is Article 6 (1) lit. f) GDPR. We would like to point out that data processing may also be carried out irrespective of whether you are logged on to or registered with the social media platform. We cannot exert any influence over the use of cookies and similar technologies on the social media platform and in this respect refer to the option available to you as user to click on the respective cookie banner on the social media platform and apply your settings relating to the associated data processing (granting or non-granting of your consent).

3.2.1 Data processing in the event of contact and other communication

We process personal information if you make contact with us, e.g. via a contact form or Messenger. These data are used solely for the purpose of answering the matter in hand, for making contact and for the associated technical administration, and provided that no other statutory or contractual retention periods apply, are used for a maximum of two years in order to prove proper processing and the further optimisation of services.

Our legitimate interest lies in processing your request properly and as quickly as possible. The legal basis for such processing is Article 6 (1) lit. f) GDPR. If contact is made in order to initiate or conclude a contract, the applicable legal basis is Article 6 (1) lit. b) GDPR.

Where you provide personal data via our fanpage (e.g. in comments), this is done on the basis of your consent pursuant to Article 6 (1) lit. a) GDPR. You can revoke this consent at any time, with effect for the future. If you wish to replace existing personal data held by us, we recommend that you contact our Customer Service department.

Within the context of competitions, data are collected for the purpose of their implementation and management. The relevant details, for example on which data are processed for which purpose, can be found in the data protection information notices and terms of participation for the respective competition.

3.2.2 Data processing for direct marketing purposes

We process personal data in order to inform you about our offers, innovations, products and services. Personal data are processed for direct marketing purposes on the basis of our legitimate interest. The legal basis for such data processing is Article 6 (1) lit. f) GDPR. You have the right to object to processing for direct marketing purposes at any time (see No. 4). Once we are in receipt of your objection, we will no longer process your personal data for these purposes.

3.2.3 "Data processing for consultations without obligation"

You agree that DHL Paket GmbH, Deutsche Post AG and DHL Express Germany GmbH may share data about their respective products, services and business relationships with each other and may organise their own and/or joint marketing measures in a customer-specific way based on the joint analysis and use of data. The consent applies both to data that are protected by postal secrecy (such as geographic volume data and shipment data) and also to other personal data (e.g. names and contact details of the contact persons). You also agree that all company units may reach out to you by telephone and email in relation to the entire portfolio. Details can be found in the supplementary data protection information and, if you re-consider matters at a later date, you can revoke your consent at any time with effect for the future by sending an email to kundendaten[at]dhl.com. The legal basis for such processing is your consent pursuant to Article 6 (1) lit. a) GDPR.

3.3    Social Media Monitoring

We use social media monitoring to generate a picture of how our company, our products and our services are perceived, in order to identify any potential for improvement. During this process, contributions on the social media platform are analysed based on channel links and also relevant hashtag links. Only contributions which you have made available freely to an unrestricted public are used. The legal basis for processing personal data within the context of social media monitoring is Article 6 (1) lit. f) GDPR, as we have a legitimate interest in being able to identify any deficits in our products and services in freely accessible comments and in being able to respond appropriately to them.

According to the GDPR, you have the following rights:

• Pursuant to Article 15 GDPR, you can obtain information about your personal data.
• Pursuant to Article 16 GDPR, you can obtain rectification if your data are not or are no longer applicable.
• Pursuant to Article 17 GDPR, you can obtain the erasure of your personal data.
• SPursuant to Article 18 GDPR, you have the right to obtain restriction of processing of your personal data.
• If the prerequisites of Article 20 (1) GDPR apply, you have the right to receive your data in a structured, commonly used and machine-readable format.
• Pursuant to Article 21 GDPR, you have a right to object where the processing of your data is based on a legitimate interest pursuant to Article 6 (1) lit. f) GDPR and where you can demonstrate grounds for such objection which relate to your particular situation.
• Pursuant to Article 77 (1) GDPR, you have the right to lodge a complaint with the competent data protection supervisory authority.
• You can revoke consents granted to us at any time, with effect for the future.

Please use our contact form to assert your data subject rights.

If you wish to exercise your data subject rights vis-à-vis the social media platform operators, please contact the platform operators using the contact details provided on the social media platform. If we receive a request which falls within the sphere of responsibility of the social media platforms, we will forward this on accordingly for processing.

The duration for which your data are stored depends on the respective context in which they are processed and is based on the general legal conditions relating to data protection. All public contributions by you on our social media pages will remain on them for an unlimited period of time, unless we erase them due to the original contribution being updated, a legal infringement or an infringement of our guidelines. Naturally, you can erase your contribution, content, etc. yourself at any time, or exercise your right to erasure with us.

Since we have no influence concerning the erasure of your data by the social media platform operators, please refer to the data protection information notices of the respective platform operators.

The data is processed primarily for purposes of contract fulfillment pursuant to Article 6(1) letter (b) GDPR. The legal basis for the processing of the (substitute) recipient data in principle is Article 6(1) letter (e) GDPR. The provisions of Section 68 of the Postal Services Act (PostG) allow the processing of personal data to ensure a functioning postal system and are thus in the special public interest as defined in Article 6(1) letter (e) GDPR. This also includes the authorisation under Section 68 para. 3 clause 1 PostG to process the personal data of recipients or substitute recipients insofar as this is necessary for the proper delivery of postal items.

To increase security in online retailing for our customers and safeguard our own legitimate interests, the Deutsche Post Webshop uses AI-powered tools to recognize and prevent fraud in a timely fashion. We compare the data in any order or request with the customer's purchasing history (if there is one) to check for discrepancies that may be suspect. In cases of suspicion, specific payment methods may not be available or your order/request will be checked again manually by our staff. This may lead to a slight delay in order processing in some cases. Data are not forwarded to third parties during this review.

In addition, pursuant to Article 6(1) letter (c) GDPR, data is also processed to comply with statutory requirements such as Section 99 of the Federal Code of Criminal Procedure (StPO), Section 65 of the Federal Postal Services Act (PostG), etc.

Finally, data is also processed for the purposes listed below:

• to secure payment,
• for our security needs (e.g. to detect criminal offenses), 
• to produce statistics,
• for quality assurance, process optimization and reliable planning and
• to provide user-related advertising insofar as this is permitted.

The above constitute legitimate interests of Deutsche Post AG so that it can ensure smooth processes and can continually improve its products and services. Deutsche Post AG is of the opinion that there are no overriding interests to prevent processing because the intensity of interference with rights by such processing is kept to a minimum, e.g. by using pseudonyms. Article 6(1) letter (f) GDPR thus provides the legal basis for the data processing.

If you wish to utilize your right of objection, especially to the use of your data for promotional purposes, please contact:

Customer service – Letter

As a general rule, shipment data is deleted following contract fulfillment; however, certain aspects should be taken into account. Data from shipments for which no proof of delivery is required is stored for a maximum of 15 working days for the purpose of quality assurance and revenue protection, and for the fulfillment of any additional services ordered. For shipments requiring proof of delivery, shipment data is stored for a period of liability of up to four years (cf. Section 439 (1) HGB) and in accordance with statutory retention period obligations of up to ten years (e.g. Section 257 HGB or Section 147 AO). In the case of basic letter tracking, data is stored for 21 days.

DHL Paket GmbH does not disseminate your personal data to third parties and will not do so in future unless this is stipulated by law, required for the purpose of the contract or you have given express consent for us to do so. Data is disclosed to the companies involved in the provision of postal services (e.g. PayPal following the successful purchase of a label via the online franking service. Similarly, data is transmitted to comply with statutory requirements (e.g. to investigating authorities).

Some customer services and IT services are outsourced to external providers. External service providers who process data on our behalf provide sufficient guarantees to implement appropriate technical and organizational measures to ensure that processing will meet the requirements of the General Data Protection Regulation. These providers are contractually bound within the meaning of Art. 28 of the GDPR to maintain strict confidentiality. In these cases, DHL Paket GmbH remains responsible for protecting your personal data.  The external service providers process your personal data solely on documented instructions.

As a matter of principle, your data is not processed in third countries. However, where items are shipped abroad, the data is transmitted to the postal service in that country in order to perform the contract.

Your personal data (first and last name, e-mail address where applicable, telephone number where applicable, first and last names of other persons to whom the redirection service should apply where applicable, your (former) address (street name, house number, postal code, city, any additional address information and/or P.O. box), new address (state, street name, house number, postal code, city, any additional address information and/or P.O. box) for redirection, reason for redirection, dates and duration of the redirection service, any additional services) shall be primarily processed for the purpose of mail redirection and therefore performance of a contract pursuant to Article 6 (1b) GDPR in conjunction with Section 68 (1) sentence 3 of the Federal Postal Services Act (Postgesetz, PostG).

In individual cases, the new address shall also be transmitted pursuant to Article 6 (1c) GDPR, in order to comply with statutory requirements such as Section 99 of the Federal Code of Criminal Procedure (Strafprozeßordnung, StPO), Section 65 PostG, etc. If you consent to the address data being shared with senders who were aware of your former address by selecting the relocation notification service, the data shall be processed on the basis of a declaration of consent pursuant to Article 6 (1a) GDPR.

Your personal data shall also be processed for the purpose of producing statistics, for quality assurance, process optimization and reliable planning, and to provide you with user-related advertising insofar as this is permitted. Deutsche Post AG has a legitimate interest in this in order to ensure a smooth process and to improve products and services on an ongoing basis. Deutsche Post AG believes that data subjects’ privacy interests do not override its own interests because, in terms of the potential magnitude of interference with privacy rights, the data processing is kept to a minimum, e.g. by using pseudonyms. Article 6 (1f) GDPR thus provides the legal basis for the data processing.

Personal data shall be stored for a maximum of two years following submission of the application and then deleted.

Your data shall be transmitted to the companies involved in the provision of postal services. Deutsche Post has outsourced certain customer services and services relating to IT to service providers that are involved in processing orders. We can make the relocation address stated in your redirection application available on request to senders who hold your former address for the purpose of updating your address details. However, we will only do this if:

• the requestor knows your former address
• and you have signed the declaration of consent in the redirection application
• and the redirection application has been made due to a permanent change of address and not due to temporary absence, for example.

If the declaration of consent has not been signed, we will only share the relocation address if we are obligated to provide this information by law:

• in the event of requests from courts and authorities that require the new address for the purposes of issuing mail (Section 65 PostG),
• in the event of requests from consumer protection associations and similar institutions for the purpose of the legal prosecution of breaches of consumer protection and competition law (Section 13 Injunctive Relief Act (Unterlassungsklagengesetz), Section 13 Act against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb)),
• in the event of requests from other postal service providers for their own redirections, provided you have not declined to provide the information to this group of recipients (Section 54 PostG).

If you have signed the declaration of consent and have not objected to Deutsche Post providing your change of address details to other postal service providers, other postal service providers may share the change of address details with the sender of a mail item you have ordered on request for the purpose of ensuring the correct addressing of future mail items. This will therefore ensure that as many future mail items as possible bear the new address immediately. If you do not consent to this particular condition, you may decline to have your relocation address shared with these parties.

Notes regarding the declaration of consent

By requesting a relocation notification, you consent to the storage and transmission of the address data to persons and companies that still hold your former address. We do this in order to meet our customers’ need and desire for all mail to be sent to the correct address. When changing address, people often forget to notify all of their previous communication partners of their new address. To ensure that their mail items continue to reach you, your address shall be transmitted by Deutsche Post itself and/or Deutsche Post Adress GmbH & Co. KG – as well as to other service providers involved in the postal industry where applicable – under the conditions stated above. However, this shall only happen for a maximum of 2 years. Recipients of the new address may use and, if applicable, further process and transmit it in accordance with prevailing data protection legislation. A relocation address outside of Germany shall also only be transmitted under the above conditions, and where the level of data protection in place in the country from which the request originates corresponds with that of the Federal Data Protection Act, i.e. that your address will not be used for any purposes other than those permitted in Germany.

Private customers may include multiple persons on their application for a redirection order with Deutsche Post (for companies, only one company or part of a company may be included per order). In the event that persons making a joint application would prefer to choose different options, this can be amended even after submitting the order. You can withdraw or submit your consent by telephone or online by providing the number on your application confirmation. Our customer service team is available via the following service number +49 (0)228 4333112 (Mon.-Fri. from 8.00 AM - 6.00 PM and Sat. from 8.00 AM - 2.00 PM, excluding national public holidays in Germany) or online at deutschepost.de/meinkundenservice (German only).

Notes on your rights to object

We shall transmit your address details to postal service providers other than Deutsche Post so that they may also redirect your mail items if you do not object to this (Right to Object 1).

To ensure that as many mail items bear your new address as possible going forward and with immediate effect, other postal service providers may also transmit your change of address to senders that have issued mail to your former address if you do not object to this (Right to Object 2, only relevant for redirections due to relocation). If you have not selected the address update service (relocation notification) as part of your order, you will not need to exercise Right to Object 2 as this is exercised automatically.

If you or members of your household would like to exercise a Right to Object, please have the number provided on your application confirmation to hand and contact our customer service team by telephone on +49 (0)228 4333112 (Mon.-Fri. from 8.00 AM - 6.00 PM and Sat. from 8.00 AM - 2.00 PM, excluding national public holidays in Germany) or online at deutschepost.de/meinkundenservice (German only). Please indicate whether each person would like to exercise Right to Object 1, Right to Object 2 or both Rights to Object.

As a matter of principle, your personal data is not processed in third countries. However, if mail is to be redirected to a foreign address, the data shall be passed on to the postal service in that country for the purpose of performance of the contract.

•  First name and last name of the holder of the P.O. box
• Customer number, where available
• Email address of the holder of the P.O. box
• Phone number of the holder of the P.O. box
• Cell phone number of the holder of the P.O. box (optional)
• First names and last names of all other persons using the P.O. box (co-users)
• Postal address of the holder of the P.O. box (street, number, zip code, place, country and, where applicable, additional address details)
• Postal addresses of all co-users (street, number, zip code, place, country and, where applicable, additional address details)
• P.O. box address
• Email addresses of all co-users
• Phone numbers of all co-users
• If the additional service letter notification P.O. box: Image of front of the item placed in the P.O. box (incl. sender and receiver information).

We process the data primarily to fulfill the contract (delivery of the items to the P.O. box plus any additional services ordered) in accordance with Article 6(1), letter b of the GDPR.

In addition, in accordance with Article 6(1) letter c GDPR, data is processed to comply with statutory requirements such as Section 161 of the Federal Code of Criminal Procedure (StPO), Section 65 of the Federal Postal Services Act (PostG), Section 13a of the German Injunctions Act (UKlaG ), etc.

If there is no statutory obligation to pass data on to public offices or third parties, data will only be passed on to third parties if consent has been given by the holder of the P.O. box. The legal basis is Article 6(1) letter a of the GDPR.

Finally, data are also processed for the following purposes:

• To fulfill our security requirements (e.g., for crime detection purposes)
• For the purpose of compiling statistics
• For the purposes of quality assurance, process optimization and planning security

Deutsche Post AG has a legitimate interest in this in order to ensure a smooth process and to improve products and services on an ongoing basis. In Deutsche Post AG’s view, no overriding legitimate interest exists as the intrusiveness of the processing is kept to a minimum, e.g., through pseudonymization. The legal basis for this is Article 6(1) letter f of the GDPR.

If you want to exercise your right to object, please contact us using the following form: Customer service form.

Customers will soon be able to order the additional service of letter notification P.O. box, that is, the forwarding of the letter notification to the customer’s e-mail address. The legal basis for data processing of the additional service is the commission; that is, the processing of this data is necessary in order to fulfill the contract (Article 6(1) letter b of the GDPR).

In addition to being displayed in the customer’s DP AG shop account, which is secured via login/PIN, the item images are sent via the internet on behalf of the customer as unencrypted e-mail and are displayed unencrypted.

Data are passed on to the companies involved in the provision of postal services. Data are also passed on to comply with statutory requirements (e.g. to investigating authorities and to third parties, e.g. on the basis of Section 13a of the German Injunctions Act (UKlaG). Further, data are passed on to third parties if consent has been given by the holder of the P.O. Box. Moreover, some customer services and services in the field of IT are outsourced to external providers.

Your data are not processed in a third country.

When you order crypto stamps (booklets), your customer data is stored for the legally permissible period and then deleted. The legal basis for processing this data is Art. 6(1) lit. b of the GDPR, as its processing is necessary for the performance the contract.

The number of crypto stamp booklets that a customer may purchase is limited. To ensure this, the number of booklets purchased is cross-checked with the customer's first and last names and address. The legal basis for this processing is DPAG's legitimate interest under Article 6(1) lit. f of the GDPR in being able to offer the booklets for sale to the largest possible number of customers.

You can redeem crypto stamps you have purchased on the platform of Royal Joh. Enschede B.V. (Palletweg 78, 2031 DC Haarlem, The Netherlands) with which DPAG collaborates for this purpose.

On the platform of Royal Joh. Enschede B.V., you can consent to the option of having the following data transmitted to DPAG using a secure transmission method: form of address, first name, last name, e-mail address and which NFT is being purchased. In addition, you can optionally consent to having the associated wallet address transmitted to DPAG using a secure transmission method. The legal basis for this is your consent in accordance with Article 6(1) lit. a of the GDPR. You can revoke the consent you granted to Royal Joh. Enschede B.V. at any time. The revocation of your consent will not affect the validity of any processing that was hitherto conducted. In this connection, the data protection statement that applies to said processing takes precedence.

DPAG uses optional data for advertising, quality assurance and production optimization purposes. This data is stored until you revoke your consent, but no longer than six (6) months at most, and then deleted.

• Customer’s name, address and other contact data
• Recipient’s name and address if different
• Bank account data
• Previous orders

The data is primarily used for performing the contract in accordance with Art. 6(1) b of the GDPR.

In addition, data is processed in accordance with Art. 6(1) c) of the GDPR to fulfill statutory requirements such as Section 99 of the Penal Code, Section 65 of the Postal Services Act etc.

In addition, Deutsche Post AG reserves the right to perform a credit check if it provides any goods or services on a credit basis. Accordingly, Deutsche Post AG has a legitimate interest in accordance with Art. 6(1) f) of the GDPR.

Finally, the data is used to ensure that – as far as legally permitted – you receive advertising in accordance with your needs. Here as well, Deutsche Post AG has a legitimate interest in accordance with Art. 6(1) f) of the GDPR. Deutsche Post believes that there is no overriding interest on the part of the customer as scope for lodging an objection is available. If you wish to make use of your rights of objection – particularly with respect to the use of your data for advertising purposes – please contact Deutsche Post AG using the following form: www.deutschepost.de/datenschutz/kontakt.

Data is transmitted to the companies involved in the provision of postal services. Similarly, data is transmitted to comply with statutory requirements (e.g. to investigating authorities). Some customer services and IT services are outsourced to external providers.

Your data is not generally processed in a third country. However, where items are shipped abroad, the data is transmitted to the postal service in that country in order to perform the contract.

• Customer’s name, address and other contact data
• Recipient’s name and address, if different
• Details of the matter including, where applicable, details of the shipped item etc.
• Bank account details, where applicable

Depending on the type of claim, additional data, such as title, date of birth, name at birth, nationality, profession, marital status, motor vehicle holder, date of driving license, arrangements with respect to representation, details of family members, ID data, residential situation, the course of events leading to claim, extent of loss etc., may be requested to handle the claim.

The data are primarily processed for the purpose of handling the matter, in accordance with Article 6 (1) lit. b) GDPR.

In addition, in accordance with Article 6 (1) lit. c) GDPR, the data are also processed in order to comply with legal requirements such as Section 99 of the Code of Criminal Procedure (StPO), Section 65 of the Postal Act (PostG), regulatory requirements, or tax provisions, etc.

If you are not a customer, we process your data within the framework of incident reports on the basis of your consent pursuant to Article 6 (1) lit. a) GDPR. This enables us to inform you of the incident status. You may withdraw this consent at any time with effect for the future. Withdrawing consent will not affect the lawfulness of any processing based on the consent before its withdrawal.

Finally, the data are also used to prepare statistics. In the opinion of Deutsche Post AG, there is no overriding interest worthy of protection, since the intervention intensity of the processing operations is kept as low as possible, e.g. through the use of anonymisation or aggregation. The legal basis for this is thus Art. 6 (1) lit. 1 f) GDPR. 

A matter can be referred to another Group company if this is necessary for processing it. Data may be transmitted to insurance companies in connection with the processing of claims. Similarly, data is transmitted to comply with statutory requirements (e.g. to investigating authorities). Some customer services and IT services are outsourced to external providers.

Service providers outside the European Economic Area (EEA) are involved in handling customer concerns. Personal data is only transmitted if the EU Commission has attested that the third country has an appropriate level of data protection or there are other appropriate safeguards ensuring data protection (such as binding data protection regulations within the company or EU standard contractual clauses).

• Image data

The legal basis for processing the data is Section 6 of the Industrial Compensation Society’s Accident Prevention Rules, which has the status of a statutory requirement (Art. 6 (1) c) of the GDPR).

In addition, Deutsche Post AG has a legitimate interest. The legal basis for this is Art. 6 (1) f) of the GDPR as Deutsche Post AG seeks to protect its staff, its property as well as that of its customers and also postal confidentiality.

Data is only accessed if there is any suspicion of criminal activity. In this connection, image data may also be transmitted to the investigating authorities.

Your data is not processed in a third country.

• Reporting person’s name and e-mail address
• Message contents

The data are used solely as a means to process the matter. The legal basis is a consent according to Article 6 (1) a) of the General Data Protection Regulation (GDPR), which is declared by voluntarily reporting the phishing activity.

The received messages are generally deleted after ten weeks. Data are stored longer only in the rare exceptional cases in which the matter could not yet be conclusively processed.

Service providers were used to process the notifications. In addition, data are forwarded to the registrar and the host of the website concerned so that they can close the domains concerned.

Processing takes place in the European Union. However, it cannot be ruled out that the domain is registered outside the EEA and, consequently, information is transferred to the registrar or host outside the EEA in order to close it.

A sanctions list check involves the screening of persons with whom it is illegal to do business ("Denied Parties"). Such Denied Parties are natural or legal persons who are included on a regulatory authority's list of parties that are blocked from import or export transactions. Shipments to or from such persons can be held back for further scrutiny by Deutsche Post AG until it has been verified that onward transport of the shipment is not prohibited. To facilitate the quick release of the shipment, the sender will usually be requested to submit a copy of your identity card or passport. The following data categories are required: type of document, document number, full first name, any name affixes, full surname, date of birth, place of birth. You can make any other data illegible.

The legal basis for processing is either the compliance with a legal obligation pursuant to Article 6 (1) lit. c) GDPR in conjunction with EU Regulations (EU) 2580/2001, (EU) 881/2002 and (EU) 753/2011 or a legitimate interest pursuant to Article 6 (1) lit. f) GDPR in conjunction with additional lists such as those of the UN and the US OFAC. Depending on circumstances, local, country-specific lists may also be applicable. Deutsche Post AG has a legitimate interest in ensuring compliance with applicable laws, in particular US laws, and not being subject to sanctions by local authorities. In addition, Deutsche Post AG must ensure compliance with all applicable laws and regulations along its entire service and shipping chain as part of its international and highly dynamic network.

You have the right to object to the processing of this data. If you do so, the check will be carried out in another way (for example by examining other documents).

The collected ID documents will be deleted after no more than 5 days.

End-to-end encryption is available if you are sending your ID data by e-mail. This means the e-mail containing the copy of your ID card/passport will be encrypted in line with data protection regulations.

DHL Paket GmbH and Deutsche Post AG regularly conduct satisfaction surveys for various areas and use this customer feedback as a basis to continuously improve their products and services. They welcome your participation, which allows you to inform them what they are already doing well and where you would like to see improvements. Your participation in a satisfaction survey is voluntary and is based on your consent; the legal basis is Article 6 (1), first sentence, lit. a) GDPR.

You can ascertain whether or not a satisfaction survey is anonymous either from the e-mail invitation or from information provided in the questionnaire itself. If a satisfaction survey is not anonymous, your responses can be linked to your contact data. We can thus react directly to your responses and contact you if necessary. In such cases, your personal data is used only in order to communicate with you and is handled in compliance with data protection requirements. If surveys are anonymous, your responses are not linked to your contact data. This means we cannot react to your responses or contact you.

Your consent to participation in the satisfaction survey also includes us being allowed to use your responses for advertising purposes. However, unless separately agreed, the use of your responses for advertising purposes is always on an anonymised basis, i.e., without any reference to you as a natural or legal person, or to your company if you are a business customer of ours.

• Purchaser’s name, address and further contact details
• Recipient’s name and address, if applicable
• Notification of client’s customer number (EKP)
• Bank account data
• Order history

The data are processed primarily for the purpose of processing the request pursuant to Article 6 (1)(b) of the GDPR.

In addition, data are processed in accordance with Article 6 (1)(c) of the GDPR to comply with statutory requirements such as Section 99 of the German Penal Code, Section 65 of the German Postal Services Act, regulatory or tax-rated requirements, etc.

If you are not a customer, we process your data in connection with fault messages based on your consent in accordance with Article 6 (1)(a) of the GDPR. This enables us to inform you about the fault status. You can revoke this consent at any time with effect for the future. The withdrawal does not have any influence on the lawfulness of processing on the basis of the consent prior to the withdrawal of such consent.

Finally, the data are also used to collate statistics. Deutsche Post AG believes that there are no overriding interests that prevent processing because the extent of the interference with rights by such processing is kept to a minimum, e.g., by means of anonymization and aggregation. Article 6 (1)(1 f) of the GDPR forms the relevant legal basis.

Data are passed on to the companies involved in the provision of postal services. Similarly, data are passed on to comply with statutory requirements (e.g., to investigating authorities). Some customer services and IT services are outsourced to external providers.

The client’s customer number is required for the performance of postal services for third parties (such as letter shops, service providers); we are authorized to notify the service provider of this customer number on the latter’s request provided the identity is ensured.

Your personal data are not generally processed in third countries. However, where items are shipped abroad, the data are transmitted to the postal service in that country in order to perform the contract.