Data privacy statement

High data protection standards are integral to the Deutsche Post DHL Group brand, and IT security is of critical importance to our business operations. As a globally active company whose business model is based on connecting people and exchanging sensitive data, we believe we have a special responsibility in this regard.

The protection of your personal data throughout the entire business process is important to us. The following information is intended to provide you with an overview of how your data is processed.

General

This data privacy statement applies to data processing at

DHL Paket GmbH
Sträßchensweg 10
53225 Bonn, Germany

If you have any questions regarding the processing of your personal data, please contact the Data Protection Officer at DHL Paket GmbH. The data protection team will be happy to help if you have suggestions, complaints or requests for information.

DHL Paket GmbH
Gabriela Krader, LL.M
53250 Bonn, Germany
datenschutz@dpdhl.com

Competent supervisory authority:

Data processing in connection with postal and telecommunications services:

The Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragte für den Datenschutz und die Informationsfreiheit)
Husarenstraße 30
53117 Bonn

Any other data processing by the data controller:

The North Rhine-Westphalia Commissioner for Data Protection (Landesbeauftragte für den Datenschutz Nordrhein-Westfalen)
Kavalleriestraße 2-4
40213 Düsseldorf, Germany

We process your data for a variety of reasons such as:

  • To fulfill a contract to which you or a sender are party
  • To make working with our IT systems as pleasant as possible
  • To send or display to you - where permitted - targeted advertising
  • To have your enquiries handled by our customer service
  • To meet our obligations within the framework of statutory requirements (e.g. the German Code of Criminal Procedure (Strafprozessordnung) or the German Foreign Trade and Payments Act (Außenwirtschaftsgesetz))
  • To fulfill our security requirements (e.g. for the purpose of solving crimes)
  • To compile statistics
  • To ensure quality, optimize processes and create planning security

Further details including the type of data, the purpose of data processing and the legal basis can be found on the respective DHL product pages (www.dhl.de).

Rights of the data subject

You have the following rights as a data subject:

a) The right to obtain information regarding the personal data we have stored about you

b) The right to rectification of any inaccurate personal data on file

c) The right to have data that is no longer required for the purpose stated erased or - where a requirement to store data exists - to have the processing thereof restricted

d) The right to receive personal data you have provided and to receive it in a structured, commonly used and machine-readable format

e) The right to file an objection if the processing of your data is based upon a legitimate interest/to its use for advertising purposes

f) The right to lodge a complaint with the competent supervisory authority if you have doubts about whether the processing of your data complies with data protection regulations.

To assert your rights, please contact us (by e-mail or letter) regarding your concerns about disclosure, correction and/or erasure of your personal data.

Send your e-mail to: dhlgeschaeftskundenportal@deutschepost.de

Send your letter to:
DHL Paket GmbH
Data protection enquiries GKP
Kruppstr. 74
45145 Essen

Your personal data will be erased or blocked as soon as the reason for retaining it ceases to apply. Data may also be retained for longer periods if statutory retention periods apply. Data may also be blocked or erased if a data retention period prescribed by law expires unless it is necessary to continue storing the data for the performance of a contract, billing or to provide evidence of correct performance until expiration of the liability periods.

The DPDHL Data Privacy Policy regulates the Group-wide standards for data processing with a special focus upon so-called third country transfers, meaning transfers of personal data to countries outside the European Union (EU) that do not have a recognized, adequate level of data protection. If you are interested in learning more about the DPDHL Data Privacy Policy, please use the following link:

Summary of DPDHL Group Data Privacy Policy (PDF)

Data processing during use of the Post & DHL Business Customer Portal (geschaeftskunden.dhl.de)

Personal data means any information relating to an identified or identifiable natural person (referred to as the "data subject" in this text). This includes information such as name, address, telephone number and date of birth. Information that cannot be directly linked to your real identity - such as favorite websites or number of site users - is not considered personal data.

Access

For users of the Post & DHL Business Customer Portal: To identify you uniquely as a user and communicate with you (e.g. during sign up or creation of a new shipment), we require some personal information from you. This information will be requested from you when you set up your personal user account for the Post & DHL Business Customer Portal and includes the following: Salutation, last name, first name, address, e-mail address, telephone number, and/or cell phone number. We use your personal data exclusively for the technical administration of access to the Post & DHL Business Customer Portal and to fulfill your wishes and requirements - i.e., primarily to process contracts concluded with you or to handle your enquiries. As the data is processed for the performance of a contract to which you are party, the legal basis for that processing is Article 6, Paragraph 1, Lit. b of the EU General Data Protection Regulation (GDPR).

Visiting the Post & DHL Business Customer Portal

DHL is committed to preserving user privacy. For security purposes, our web servers always save the connection data of the computer connecting to our site, a list of the webpages that you visit during your activities and of the functions you used, the date of your visit, the identification data of the type of browser, and the IP address when you use our Post & DHL Business Customer Portal. We do not record personal data such as your name, your address, telephone number or e-mail address unless you provide these details on your own initiative, for instance, by filling out an online contact form or using specific functions (e.g. storage of a sender address).

Article 6, Paragraph 1, Lit. f of the GDPR provides the legal basis for processing the above-mentioned data categories. For these reasons, and in particular to ensure safe and seamless connection, we have a legitimate interest in the processing of such data.

The Post & DHL Business Customer Portal has contact forms that you can use to contact us electronically. If you use this option, the data entered in the input screen will be transmitted to us and stored.

We use the personal data you provide exclusively for the technical administration of the portal and to fulfill your wishes and requirements - i.e., primarily to process contracts concluded with customers or to handle their enquiries.

The following contains examples of data processed when contact forms are used:

  • Names
  • Address
  • Contact information
  • Banking information
  • Personal notifications

Personal data entered on an input screen is used primarily to process contact requests. In addition, data may also be processed for the following purposes whenever we have to address a customer concern or request:

  • Answering enquiries sent to the point of contact listed under contact information
  • Forwarding the inquiry to another responsible party at DHL Paket
  • Revision, correction of created documents (e.g. invoices)
  • Provision of compensation

The data is processed primarily for the performance of a contract pursuant to Article 6, Paragraph 1, Lit. b of the GDPR or if processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party pursuant to Article 6, Paragraph 1, Lit. f of the GDPR. DHL Paket has a legitimate interest in particular in safeguarding smooth process flows.

If you provide your consent, you will receive offers and specific tips on products and information relating to DHL and Deutsche Post AG that are tailored to your interests and preferences. You can unsubscribe to this information at any time simply by using the link in the e-mail or using our customer service contact form.

You will receive offers for interesting products and services from DHL and Deutsche Post AG through the contact channels you provide (also by e-mail and text message) only if you expressly provide your consent. Addressing and sending is handled by DHL Paket GmbH to avoid passing on your address data to third parties. Technical processing is handled by a service provider that will be explicitly required by DHL Paket GmbH to comply with data protection requirements. This process ensures that your address data is not provided to third parties by DHL Paket GmbH. Only in the event that you respond to information from companies that we selected, will they become privy to your address data.

DHL does not provide your personal data to third parties - and will not do so in the future - unless the provision of this information is required by law, required for contractual purposes or you have explicitly provided your consent. It may, for instance, be necessary to provide your address and order details to our sub-contractors when you order our products from us.

The use of the Post & DHL Business Customer Portal may also require us to provide your data to other companies within Deutsche Post DHL Group and their subcontractors (e.g. DHL Express Germany).

Customer service and IT services are also outsourced. External service providers who process data on our behalf provide reasonable assurance that appropriate technical and organizational measures are taken to ensure that processing complies with the requirements of the European Union General Data Protection Regulation (GDPR). Pursuant to Article 28 of the GDPR, they are contractually obligated to maintain strict confidentiality. In such cases, DHL remains responsible for protecting your personal data. These external service providers process personal data only on the basis of documented instructions from DHL.

DHL Paket GmbH uses tracking software to determine how many users visit our website and how often. This software is not used to collect individual personal data or individual IP addresses. The data are used exclusively in anonymous and summary form for statistical purposes and in order to develop the website further.

"Cookies" are small files that allow specific information relating to you to be stored on your device while you visit this website. Cookies help to determine the frequency of use and the number of users who visit this website and to make our services to you as convenient and efficient as possible.

DHL Paket GmbH uses "session cookies" in accordance with Art. 6(1)(f) GDPR in order to optimise this website and ensure convenient and unimpeded use. These cookies are only stored for the duration of your visit to this website. They are automatically deleted when you close your browser.

Secondly, "persistent cookies" are used to record information about visitors who regularly access this website. The reason for using these cookies is to be able to offer you optimum user guidance as well as to "recognise" you and to be able to present you with as varied a website and new content as possible during recurrent use.

When you access this website, a cookie banner will inform you that by using our website you consent to the use of cookies. The legal basis for the processing of personal data using cookies for analytical purposes is Art. 6(1)(a) GDPR provided the user has given their consent. You of course have the possibility to deactivate the storage of cookies (see Handling cookies).

No individual profiling is performed on the basis of usage behaviour. The contents of a persistent cookie are limited to an identification number. Your name, e-mail address, IP address etc. are not stored.

Under the menu item "Cookie settings" in the Post & DHL Business Customer Portal, you can view the cookies used at any time and set your personal preferences.

Overview of the cookies used by the Post & DHL Business Customer Portal

The following overview provides detailed information on all cookies used on the Post & DHL Business Customer Portal:

 

Type Designation Purpose
Authentification _WL_AUTHCOOKIE_JSESSIONID This encrypted cookie is set for authentification as soon as you log in to the Post & DHL Business Customer Portal.  It is removed when the session ends.
Performance AMCV_3505782352FCE66F0A490D4C%40AdobeOrg This is a pattern type cookie name associated with Adobe Marketing Cloud. It stores a unique visitor identifier, and uses an organisation identifier to allow a company to track users across their domains and services.
It is removed after 6 months.
Performance AMCVS_3505782352FCE66F0A490D4C%40AdobeOrg This is a pattern type cookie name associated with Adobe Marketing Cloud. It stores a unique visitor identifier, and uses an organisation identifier.
It is removed when the session ends.
Session Amsel A cookie managed by the portal to maintain the session. The cookie expires after 30 minutes if it is not refreshed during the session.
Session BIGipServerRD_100_POOL_STD A cookie managed by the portal to maintain the session. The cookie expires after 30 minutes if it is not refreshed during the session.
Authentification gkpAccessToken This cookie is set for authentification as soon as you log in to the Post & DHL Business Customer Portal.  It is removed when the session ends.
Session gkpClientId A cookie managed by the portal. Used to enable communication of the functions within the portal. The cookie expires after 30 minutes if it is not refreshed during the session.
Authentification gkpIdToken This cookie is set for authentification as soon as you log in to the Post & DHL Business Customer Portal.  It is removed when the session ends.
Session gkpKeycloakRealm A cookie managed by the portal. Used to enable communication of the functions within the portal. The cookie expires after 30 minutes if it is not refreshed during the session.
Session gkpKeycloakUrl A cookie managed by the portal. Used to enable communication of the functions within the portal. The cookie expires after 30 minutes if it is not refreshed during the session.
Authentification gkpRefreshToken This cookie is set for authentification as soon as you log in to the Post & DHL Business Customer Portal.  It is removed when the session ends.
Session JSESSIONID A cookie managed by the webserver to maintain the HTTP session. The cookie expires after 30 minutes if it is not refreshed during the session.
Session LFR_SESSION_STATE_4796694 A cookie managed by the portal to maintain the session. The cookie expires after 30 minutes if it is not refreshed during the session.
Analysis mbox Adobe Target uses cookies to enable website operators to test the relevance of online content and offerings to visitors.

Global Adobe Target Opt-Out

Weitere Informationen bei Adobe
Session NOLSESSIONID A cookie managed by the portal to maintain the session. The cookie expires after 30 minutes if it is not refreshed during the session.
Settings ratingDateCookieUni This cookie helps to control customer satisfaction surveys on the DHL websites. It registers wether or not a survey has been participated in and ensures that a survey is not displayed again for a certain amount of time. The cookie expires after 6 months.
Session RPISESSIONID A cookie managed by the portal to maintain the session. The cookie expires after 30 minutes if it is not refreshed during the session.
Performance s_cc This cookie is set and read by the JavaScript code to determine whether cookies have been enabled. It is a session cookie and will expire when the browser is closed. 
Performance s_sq This cookie collects information anonymously about which link the user has clicked on in order to determine which links are used and which are not so as to improve the website. It is a session cookie and will expire when the browser is closed. 
Settings vls_isPopUpBlockerActive A cookie managed by the portal. Used to manage the pop-up blocker settings for shipping. This cookie expires after one year at the latest.

Handling cookies

You can also use our products and services without cookies. In your browser, you can deactivate the saving of cookies, limit them to certain websites or set your browser so that you are notified as soon as a cookie is sent. You can also delete cookies from your PC at any time (file: "cookies"). However, please note that in this case you may expect limited page presentation and user guidance.

Most web browsers allow browser settings to manage most cookies to a certain extent.

Please visit the following page for detailed information about cookies, including about how to determine what cookies have been set and how to handle and delete them:
All about cookies

You can visit the following website for further EU-specific recommendations on cookies and the various opt-out choices:
Your online choices

Click on the following Adobe Analytics opt-out link if you wish to switch off general web tracking by Adobe Analytics:
Adobe Analytics Opt-Out

If you previously chose the opt-out and would like to undo this setting, click the Adobe Analytics opt-in link below:
Adobe Analytics Opt-In

You can also disable some or all of the advertising cookies set on your computer by visiting the Network Advertising Initiative (NAI) or the preferences manager of meine-cookies.org.

Not all access to our website is via a web browser. Some users access DHL websites or applications with a mobile device. It may not be possible to disable cookies or change browser settings in this case.

To enable you to customize the Post & DHL Business Customer Portal to your personal needs and usage, we use not only cookies but also the "local storage" of your web browser (also called "local data").

In this process, data is stored locally in the cache of your browser so that it can still be used by you even after you exit the browser or close the browser window - provided you do not delete the cache.

This enables the Post & DHL Business Customer Portal to apply your personal settings when you visit it again.

When you delete the cache or "website data" (the name may vary from browser to browser), the "local storage" is also deleted.

The data from the local storage is used for the "Track parcel & goods" function. This allows you to set whether you want the shipment list to be loaded automatically when you open the "Shipment list" or whether you prefer to trigger this manually.

The legal basis for this is your consent in accordance with § 25 section 1 TTDSG. You can revoke your consent at any time by deactivating the function at the same place. 

The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Transfer to third countries means that data is transmitted to countries outside the European Economic Area (EEA) or is accessed from there. When you use the DHL Business Customer Portal, your data is without exception not processed in a third country.

DHL takes all of the necessary technical and organizational security measures to protect your personal data from being lost or misused. For instance, your data is saved in a secure operating environment which is not accessible to the public. In certain cases, your personal data is encrypted by Secure Socket Layer technology (SSL) during transmission. This means that an approved encryption procedure is used for communication between your computer and Deutsche Post DHL Group servers if your browser supports SSL.

Should you wish to contact DHL by e-mail, it is important to be aware that the confidentiality of the information you send cannot be guaranteed. The contents of e-mail messages can be read by third parties. We therefore recommend you send us confidential information directly from the DHL Business Customer Portal or by postal mail.

The contents of our data privacy statement are reviewed at regular intervals.

DHL reserves the right to change its data privacy statement at any time with or without prior notice. Please check back regularly to ensure you are informed of any changes. By using this DHL website, you declare that you accept this data privacy statement.

“Verfolgen Brief” (mail tracking) is a special service offered by Deutsche Post AG that senders can request if certain conditions are met.

“Verfolgen Brief” (mail tracking) enables customers to track their own machine-franked mail items and view additional KPIs about them on the Deutsche Post & DHL Business Customer Portal. The items must be franked with the customer’s own franking machine and dispatched by them.

Below you will find additional information about our “Verfolgen Brief” (mail tracking) special service.

Contact information

The company responsible for data processing for “Verfolgen Brief” (mail tracking) is:

Deutsche Post AG
Charles.de-Gaulle St. 20
53113 Bonn

If you have any questions about the processing of your personal data, please contact the Data Protection Officer at Deutsche Post AG. The data protection team will deal with any requests for information, suggestions or complaints.

Gabriela Krader
53250 Bonn, Germany
datenschutz@dpdhl.com

Legal basis:

Processing sender data is necessary for the performance of a contract. The legal basis is Article 6 (1) letter b of the European Union General Data Protection Regulation (GDPR).

We see the legal basis for processing recipient data in Article 6 (1) letter e of the GDPR in connection with Section 41a (3) of the German Postal Act (Postgesetz), as “Verfolgen Brief” (mail tracking) is an additional service to standard postal services and inseparably linked with them.

Type of data

The following data are displayed for “Verfolgen Brief” (mail tracking) items:

  • Franking and franking date
  • Recipient’s name
  • Street and street number
  • Zip code and city/town
  • Item number
  • Product
  • Item status (with date, time and tracking history)
  • Machine number
  • Routing region
  • Postage
  • Retention period

Those affected:

Sender and recipient

Duration of storage

For the “Verfolgen Brief” (mail tracking) service, we currently plan to display data on “normal” mail items for 21 days and data on mail items with an additional special service such as Einschreiben (registered items) or Nachnahme (COD) for 3 months.

The data on “normal” mail items will also be stored in other Deutsche Post AG systems for only 21 days and then completely deleted. Data on special services for mail items is stored for 15 months for liability reasons related to these items. Data on payment transactions is subject to a statutory retention requirement of 10 years.

For additional information, please see the data privacy statement on the business customer portal.

Last revised: April 22, 2022