Data Protection Addendum and Privacy Policy

1. Roles and Responsibilities

1.1 Customer as Data Controller

When you use Deliverd's services to process shipments, you act as the Data Controller for personal data relating to your customers, recipients, and employees. You determine the purpose and means of that processing.

1.2 Deliverd as Data Processor

Deliverd acts as your Data Processor when processing personal data on your behalf — such as shipment, label, or account data within the Deliverd Platform. Deliverd will only process such data in accordance with your documented instructions, the Terms of Service, and this Addendum.

1.3 Deliverd as Independent Controller

For certain types of data (e.g. account information, billing records, analytics, and website usage data), Deliverd acts as an independent Data Controller. This allows Deliverd to manage its own operations, prevent fraud, ensure platform security, and improve its services.

2. Categories of Data Processed

Deliverd may process the following categories of personal data on your behalf:

• Customer account information (name, address, contact details, billing information)
• Shipment information (sender, recipient, address, tracking numbers)
• Parcel contents data (as required for customs or carrier requirements)
• Technical usage data (IP address, browser type, activity logs)

Deliverd does not require or deliberately process special categories of personal data (e.g. health information) unless specifically provided by the Customer in shipment details.

3. Purpose of Processing

Deliverd processes personal data only to:

• provide, manage, and improve the shipping platform;
• create and process shipping labels and carrier orders;
• communicate notices and service updates;
• ensure technical and account security;
• provide support and billing;
• and meet its legal or regulatory obligations.

No data will be processed for other purposes without the Customer's authorisation.

4. Sub‑processors

Deliverd may engage trusted third‑party subprocessors to assist in providing the Services, including:

• data hosting providers (e.g. European data centres compliant with GDPR);
• carriers and shipping service providers;
• IT and support technology partners.

Deliverd will ensure that any sub‑processors are bound by written agreements imposing equivalent data protection obligations. An up‑to‑date list of subprocessors may be requested at any time via privacy@deliverd.com.

5. Data Security

Deliverd applies appropriate technical and organisational measures to protect personal data, including:

• encryption in transit and at rest;
• access controls, authentication, and logging;
• network and infrastructure security;
• regular audits and vulnerability assessments.

Should a personal data breach occur, Deliverd will notify the Customer without undue delay and provide relevant information to support compliance with GDPR Articles 33 and 34.

6. International Data Transfers

Deliverd stores and processes data primarily within the European Economic Area (EEA).

If data is transferred outside the EEA, such transfer will be subject to appropriate safeguards, such as European Commission Standard Contractual Clauses or equivalent mechanisms.

7. Data Retention

Deliverd retains personal data only for as long as is necessary to fulfil the purposes outlined in these Terms or as required by law.

Upon termination of the Customer's account, Deliverd will delete or anonymise customer data within a reasonable period, unless retention is required for legal or accounting reasons.

8. Rights of Data Subjects

Individuals whose personal data is processed by Deliverd have the right to request:

• access to their personal data;
• correction or deletion of data;
• restriction or objection to processing;
• portability of their data to another provider.

Requests can be submitted via email to privacy@deliverd.com.

If you are a customer of a Deliverd Customer (for example, the recipient of a parcel), please contact that Customer directly, as they are the primary Data Controller.

9. Cookies and Tracking

Deliverd uses functional and analytical cookies on its websites and platform to provide a better user experience, perform analytics, and improve services.

Where legally required, Deliverd will request your consent before placing non‑essential cookies. Detailed information is available in the Cookie Policy on deliverd.com.

10. Confidentiality

All Deliverd employees and partners with access to personal data are subject to strict confidentiality obligations. Access is limited to personnel with a legitimate business need.

11. Assistance and Cooperation

Deliverd will provide reasonable assistance to the Customer to ensure compliance with GDPR obligations, including:

• responding to data subject requests;
• implementing technical and organisational measures;
• cooperating with supervisory authorities as required.

12. Termination and Data Return

Upon termination of Services or upon request by the Customer, Deliverd will promptly delete or return all personal data processed on behalf of the Customer, unless legal retention duties apply.

13. Independent Processing by Deliverd (Platform Operations)

When acting as an independent controller (for example, in managing website visitors, billing, or analytics data), Deliverd processes data for legitimate business interests, including service improvement and fraud prevention. Individuals may object to such processing where permitted under applicable law.

14. Complaints and Supervision

If you have concerns about Deliverd's data practices, please contact us first at privacy@deliverd.com.

You may also submit a complaint to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.

15. Governing Law

This Policy and Addendum are governed by Dutch law, as set out in the Deliverd Terms of Service. Any disputes will be handled by the competent court in the judicial district of Midden‑Nederland (location Utrecht).

16. Contact

Deliverd / Offlane B.V.

Velperengh 28, 3941 BZ Doorn, The Netherlands

Email: contact@deliverd.com

Website: https://deliverd.com