The GDPR at PostNord
The General Data Protection Regulation* (GDPR) is the EU Regulation that came into force as a mandatory law in May 2018. GDPR has replaced national legislation in this area.
Examples of major changes in the new law include increased requirements regarding documentation, processes and information security, as well as the introduction of the role of data protection officer (DPO), which can be likened to the role of the personal data representative defined in the PUL but with increased requirements.
Prior to the new law coming into force, PostNord has ensured that technical and organizational measures meet the requirements of the regulation.
For the purpose of conducting various types of deliveries of, for example, parcels and letters, PostNord processes personal data that we receive from our customers. In most cases, this includes sender details and recipient details (e.g. name, address, phone number and email address). The processing of this personal data is carried out physically in our terminals, in our distribution hubs and at our partner outlets/distribution points, as well as in our IT systems.
With regard to the retention of personal data, this is only saved for as long as is necessary to fulfill the agreement with PostNord customers, or as long as PostNord has a statutory obligation to retain the data. Normally, this retention period includes the warranty period for the particular service.
Due to the introduction of GDPR, PostNord revised its general and special terms and conditions of service so that these are in alignment with GDPR.
If as a consumer you have any further questions about GDPR at PostNord, please contact our Data Protection Officer at the following email address: email@example.com. If you are a corporate customer, please contact PostNord's customer service or your key account manager.
* Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.