Privacy policy GLS Netherlands

I. Identity and contact details of the controller and data protection officer/country data protection manager

The following information applies to GLS Netherlands, responsible for the collection and further processing of personal data within GLS Netherlands (processing manager):

General Logistics Systems Netherlands B.V.
Proostwetering 40
3543 AG UTRECHT

(hereinafter referred to as "GLS Netherlands").

You can contact the Data Protection Officer (hereinafter "Data Protection Officer") at the email address dataprotection@gls-netherlands.com . If you wish to contact us via unencrypted email, please note that we cannot guarantee the confidentiality of the information sent. Unencrypted emails may be read by unauthorised third parties.

You can also contact GLS by sending a letter to the Data Protection Officer of GLS Netherlands.

GLS Netherlands B.V.
Attn. Data Protection Officer
Postbus 9250
3506 GG UTRECHT

Please be aware that we may ask you for proof of identity to protect your information from unauthorised access.

II. General information

1. Personal data
Personal data includes information about personal or factual circumstances of a specific or identifiable individual. This includes, for example, information such as name, address, telephone number and email address.

Information that cannot be linked to a specific or identifiable individual, such as statistical data, is not considered personal data.

2. Applicable data protection legislation
All GLS entities in EU countries are subject to the rules of the General Data Protection Regulation (AVG/GDPR) and other relevant national data protection legislation.

GLS Netherlands provides transport services to the general public or contributes to the provision of such services and is obliged to comply with the applicable legislation.

All employees of GLS Netherlands declare to comply with data protection obligations.

3. Information security
By means of technical and organisational security measures, GLS companies make every effort to protect personal data against loss or misuse. Personal data shall only be processed in systems protected by appropriate security measures in accordance with the GLS IT security policy. Due to technological progress, GLS shall adapt security and data protection measures where necessary.

III. Shipment and recipient data

1. Categories of data, purposes of processing personal data and legal basis

In order to perform parcel services and thus fulfil the contract with its customers (the senders) [pursuant to Article 6(1)(b) of the GDPR], including in particular delivery of the parcel, payment for services, claim handling and complaint handling, GLS Netherlands requires sender data (address and other contact details, payment information and other relevant contractual data in accordance with the services ordered by the sender, as well as recipient data (name, address, postcode, city, country, telephone number and email address if applicable).

Recipient data transferred to GLS companies, transfer data (scans of parcels at different locations) and receipts can be processed and recorded by different GLS branches. GLS uses personal shipping and recipient data only for the fulfilment of its contractual obligations and quality purposes. Further use is not permitted.

In some cases, we may process data on the basis of consent [Pursuant to Article 7 of the GDPR] or because of our legitimate interest [Pursuant to Article 6(1)(f) of the GDPR] (in particular with regard to: solvency checks, compliance and penalty checks).

2. Responsibility
Compliance with the applicable data protection legal requirements is an original task of each GLS company. The transfer of data from a shipper to a GLS company is not data processing on behalf of others.

Some additional services performed by GLS Netherlands require the e-mail address or telephone number of the recipient to inform him/her of the status of parcel delivery. GLS companies receive the telephone number and/or email address from the sender who ordered the additional services. The sender is also responsible for the correct collection of these data and in particular for the recipient's consent to the transfer of his/her email address and/or telephone number to GLS.

If you have any questions about this procedure, please contact your contractual partner (the sender). You can also inform GLS Netherlands of a withdrawal of consent. In that case use the contact details of the Data Protection Officer of GLS Netherlands . If you wish to contact us via unencrypted email, please note that we cannot guarantee the confidentiality of the information sent. Unencrypted emails may be read by unauthorised third parties.

You can also contact GLS by sending a letter to the Data Protection Officer of GLS Netherlands.

3. Data sharing and recipients
Usually only the sender and receiver of a parcel are entitled to information about the parcel. GLS only provides parcel information to third parties (e.g. government agencies) on the basis of legal regulations.

GLS companies do not sell or rent personal data to third parties. However, there are circumstances under which GLS may share your personal data without informing you. The following parties may receive your data:

• GLS branches and contractors in other EU countries or outside the EU in connection with parcel delivery from sender to recipient [pursuant to Article 49(1)(b) and (c) of the GDPR respectively].
• Affiliated or unaffiliated third parties under contract to perform services for or on behalf of GLS (processors), in particular providers of IT services. GLS Netherlands has concluded appropriate data protection contracts with these third parties.
• Other persons or organisations, as permitted under applicable laws and regulations.
• (Personnel of) law enforcement authorities, in connection with compliance with national security requirements or as part of a legal process to protect our property or for the purpose of investigating a violation of GLS rules and policies, unauthorised access to or use of GLS equipment, or any other illegal activity.

4. Retention and disposal
GLS Netherlands processes data for as long as necessary for the purposes for which we use it. We determine how long we retain the data on the basis of the following requirements.

• Operational requirements: for example, how long GLS Netherlands needs the information to be able to provide services.
• Legal requirements: e.g. when GLS Netherlands has to keep records for a certain period of time in order to comply with the law.

Archived data is recorded on storage media to which only authorised personnel have access. At the end of the statutory retention period, the data will be deleted. Once we have deleted the data, we cannot, for technical reasons, remove all copies of the data from our systems and backup systems immediately.

IV. Rights of those concerned, withdrawal of consent, exercise of your rights, complaints to the data protection authority

1. Rights of persons concerned
Those concerned have the following rights:

• Right of access (Article 15 of the GDPR)
• Right of rectification and supplementation (Article 16 of the GDPR)
• Right to oblivion (Article 17 of the GDPR)
• Right to restrict processing (Article 18 of the GDPR)
• Right to data portability (Article 20 of the GDPR)
• Right to object to data processing (Article 21 of the GDPR)

provided that the necessary legal requirements are met.

2. Withdrawal of consent
If your consent has been requested for the processing of your personal data, you have the right to withdraw such consent at any time in the future without this affecting the lawfulness of the processing based on the consent prior to its withdrawal.

3. Exercise of your rights
If you wish to exercise your rights as a data subject or if you wish to revoke explicitly given permission, you can send a message to the Data Protection Officer of GLS Netherlands in which you explain which right you wish to exercise, so that GLS Netherlands can take the necessary follow-up steps to respect your rights.

If you wish to contact us via unencrypted email, please note that we cannot guarantee the confidentiality of the information sent. Unencrypted emails may be read by unauthorised third parties. You can also contact GLS by sending a letter to the Data Protection Officer of GLS Netherlands.

Please be aware that we may ask you for proof of identity in order to protect your information from unauthorised access.

4. The right to file a complaint
You have the right to complain to the data protection authority of your country if you believe that your rights have been infringed ( https://autoriteitpersoonsgegevens.nl/en ).

V. Updating of this data protection information

GLS Netherlands may change this information from time to time. The most current version can be found on this page.

This information was last updated on 19 November 2021.