Privacy policy

Purpose

PostNord processes personal data in order to provide a service, i.e. in particular in order to be able to deliver letters to the right recipient at the right address, including sorting by machine, redirecting and returning letters, and to be able to charge any penalty postage. PostNord also processes personal data when required by law or government decisions. PostNord also processes personal data in order to be able to communicate with you, send invoices, develop and test PostNord's IT systems, to be able to compile anonymised statistics and to be able to offer additional services that are naturally associated with the provision of its services.

When sending letters to countries outside the EU and if your letters contain anything other than ordinary correspondence, you must specify the content and its value to ensure fast and correct customs clearance.

When you receive letters from countries outside the EU and if such letters contain anything other than ordinary correspondence and the value of the content is above a certain limit, pay customs duties, VAT, any taxes and possibly an import fee to PostNord must be paid. This can happen when you have purchased goods online, such as in China or the United States. If you have agreed to this, PostNord will carry out customs clearance on your behalf as a customs representative, i.e. PostNord will declare the goods and pay the necessary import duties etc. on your behalf. PostNord will then collect the import duties from you as the buyer and charge a fee for its services. For more information about import charges, see "When you have to pay an import charge."

Which personal data?

PostNord processes personal data about you as the sender and recipient of the letters, e.g. your name and address. If you have purchased postage or anything else online, we process your payment information and email address, and if you have chosen additional services, we may also process the telephone number and email address of the recipient. We also process the customs data in question.

We try to avoid processing sensitive data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, health data or data concerning a natural person's sex life or sexual orientation. If you provide us with sensitive information, e.g. in a chat or email, we will delete it as soon as possible. However, if the information is part of, for example, a complaint case, it will be necessary to store the information until the case is closed. In this case, the processing will be based on Art. 9(2)(f) GDPR on processing necessary for the establishment, exercise or defence of legal claims.

Basis for processing

PostNord's processing takes place on the basis of Article 6(1)(b) or (f) of the General Data Protection Regulation, i.e. based either on the performance of an agreement or on PostNord's legitimate interest. In addition, the Danish Postal Act (Postloven) applies.

If you have agreed to this, PostNord will carry out customs clearance on your behalf. This means that PostNord collects the import duty (customs duties and possibly VAT) on behalf of the Danish Customs Agency. This takes place pursuant to Section 32 of the Danish Customs Act (Toldloven). We also process the relevant customs data, including payment information about customs payment.

Storage periods

We process your personal data only for as long as necessary to fulfil the purposes of the processing, to comply with an agreement with you or the sender, when PostNord has a legitimate interest, or to fulfil PostNord's legal obligations. We will then delete your personal data. Thus, it is in particular the purpose of the processing and the necessity of storage that determine that determines how long we store personal data.

Where do we get the information from?

PostNord receives information about you as our customer or from the sender when you are the receiver, and from the Danish Civil Registration System (CPR). We can also obtain information from the Central Business Register (CVR) and the Building and Housing Register (BBR).

PostNord can also obtain information, cf. section 13 of the Danish Postal Act, cf. section 9, if you have an agreement with the municipality to have mail delivered to your door.

PostNord can also obtain information from, for example, lawyers about guardianship, bankruptcy and death, or from relatives in the event of long-term hospitalisation or the like, when mail needs to be diverted for that reason.

Who do we share personal data with?

PostNord may disclose address information to other postal companies/distributors abroad if the shipment is to be delivered there.

We share customs information with the Danish Customs Agency.

Purpose

PostNord processes personal data in order to provide a service, i.e. in particular, to be able to deliver shipments to the right recipient at the correct address, including sorting by machine, redirecting and returning shipments, and to be able to charge any penalty postage. PostNord also processes personal data in order to leave shipments at the agreed place, e.g. if RecipientFlex, FlexChange, parcel box or similar services have been selected, and to be able to send notifications to the recipient and so that the recipient can continuously track the shipments (Track &Trace) and to be able to prove to the sender that the shipment has been delivered.

PostNord also processes personal data when required by law or government decisions. PostNord also processes personal data in order to communicate with you, invoice, develop and test PostNord's IT systems, to be able to compile anonymised statistics and to be able to offer additional services that are naturally associated with the service delivered to you.

When sending parcels and goods to countries outside the EU, you must specify the content and its value to ensure fast and correct customs clearance.

When you receive parcels and goods from countries outside the EU and if the value of the content is above a certain limit, customs duties, VAT, any taxes and possibly an import fee to PostNord must be paid. This may be the case if you have purchased goods online, such as in China or the United States. If you have agreed to it, PostNord will carry out customs clearance on your behalf as your customs representative, i.e. PostNord will declare the goods and pay the necessary duties for you. PostNord will then collect the import duties from you as the buyer and charge an import fee for its services. For more information about import charges, see "When you have to pay an import charge."

Which personal data?

PostNord processes personal data about you as our customer and as the recipient or sender of shipments, e.g. about your name, address, mobile number and/or email address, and if a shipment is sent with a signature requirement (e.g. value parcels), PostNord processes the signature. If you have purchased postage or anything else online, we process payment information. We also process the above-mentioned customs data, including payment information about customs payment.

We try to avoid processing sensitive data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, health data or data concerning a natural person's sex life or sexual orientation. If you provide us with sensitive information, e.g. in a chat or email, we will delete it as soon as possible. However, if the information is part of, for example, a complaint case, the information will be stored until the case is closed. In this case, the processing will be based on Art. 9(2)(f) GDPR on processing necessary for the establishment, exercise or defence of legal claims.

Basis for processing

PostNord's processing takes place on the basis of Article 6(1)(b) or (f) of the General Data Protection Regulation, i.e. based either on the performance of an agreement or on PostNord's legitimate interest. In addition, the Danish Postal Act applies.

If you have agreed to this, PostNord will carry out customs clearance on your behalf. This process takes place pursuant to Section 32 of the Danish Customs Act.

Storage periods

We process your personal data only for as long as it is necessary to fulfil the purposes of the processing, to comply with an agreement with you, when PostNord has a legitimate interest, or to fulfil PostNord's legal obligations. We will then delete your personal data. Thus, it is in particular the purpose of the processing and the necessity of storage that determine how long we store personal data.

Where do we get the information from?

PostNord receives information about you as our customer or from the sender when you are a recipient, and from the Danish Civil Registration System (CPR). We can also obtain information from the Central Business Register (CVR) and the Building and Housing Register (BBR).

PostNord can also obtain information, cf. section 13 of the Danish Postal Act, cf. section 9, if you have an agreement with the municipality to have mail delivered to your door.

PostNord can also obtain information from, for example, lawyers about guardianship, bankruptcy and death, or from relatives in the event of long-term hospitalisation or the like, when mail needs to be diverted for that reason.

Who do we share personal data with?

PostNord may disclose address information to other postal companies/distributors abroad if the shipment is to be delivered there.

We share customs information with the Danish Customs Agency.

If the sender of a parcel has chosen email notification, PostNord may share the recipient's name and email address with Trustpilot A/S. PostNord uses Trustpilot to conduct customer satisfaction surveys in order to improve PostNord's products and services. Trustpilot only uses the personal data for customer satisfaction surveys.

Purpose

When shipments come from countries outside the EU and if they contain more than ordinary correspondence, and the value of the content is above a certain limit, customs duties, VAT, possibly taxes and possibly an import fee to PostNord must be paid. This is the case when you have purchased goods online, such as in China or the United States.

If you have accepted this, PostNord will carry out customs clearance on your behalf as your customs representative, i.e. PostNord will declare the goods and pay the necessary duties on your behalf. PostNord will then collect the import duties from you as the buyer and charge an import fee for its services.

Import collection covers the payment of customs duties, VAT and taxes ("import duties") to the Danish Customs Agency as well as payment of a fee for handling customs clearance ("import fee") to PostNord.

Which personal data?

In connection with import collection, we process personal data about you, e.g. your name and address. In addition, we process customs data, including payment information about customs payment.

Basis for processing

PostNord's processing takes place on the basis of Article 6(1)(b) or (f) of the General Data Protection Regulation, i.e. based either on the performance of an agreement or on PostNord's legitimate interest.

PostNord collects the import duty on behalf of the Danish Customs Agency pursuant to section 32 of the Danish Customs Act.

You can read about how PostNord processes personal data etc. in the privacy policy under "When you send and receive parcels in Denmark and to and from abroad".

Who do we share personal data with?

We share customs information with the Danish Customs Agency.

Purpose

PostNord has and uses various digital channels, e.g. the PostNord App, our Customer Portal , PostNord.dk. and social media on which PostNord is present.

In general, when you use PostNord's digital channels, PostNord processes personal data in order to provide a service. For example, when you search for information on our website, buy products on Online Porto and in our online shop or follow our news on social media, PostNord processes your personal data in this connection. This includes data such as your name, your address and payment information in order to manage and collect payments and deliver the ordered service. PostNord also processes personal data when we register information about your online behaviour, and we use it to compile anonymised statistics, to create better user experiences and to be able to offer better and targeted services to you. PostNord may collect personal data such as transaction history and technical data about the devices you use to access PostNord's digital channels, e.g. your IP address, unique device ID and browser type.

Which personal data?

PostNord processes your personal data, e.g., name, address, telephone number and email address, if you interact with us on digital channels. If you have purchased postage or anything else online, we process payment information. PostNord may collect personal data such as transaction history and technical data about the devices you use to access PostNord's digital channels, e.g. your IP address, unique device ID and browser type.

Basis for processing

PostNord's processing takes place on the basis of Article 6(1)(f) of the General Data Protection Regulation, i.e. based on PostNord's legitimate interest.

Where do we get the information from?

We obtain the personal data from you via your digital devices when you access and use our digital channels or from your employer.

Read about PostNord's processing of personal data in connection with cookies here.

When using specific digital channels

1. PostNord App

Purpose

In order to use the PostNord App, you need to create a profile with personal data in PostNord Account.

If you choose MitID validation, you must enter your CPR number as part of the identification. In the PostNord app, your CPR number is used only to confirm your name and address with the Danish Civil Registration System (CPR), and your CPR number is not stored.

If you are employed by one of PostNord's customers (the Customer), you must have been granted user rights in the Customer's organisation before you can use the PostNord App. This means that you must have access to use the PostNord Account and all its functions on behalf of the Customer. PostNord processes your personal data to provide you with a username, to be able to communicate with you and the Customer, manage accounts, provide access to the PostNord App, provide customer service, compile anonymised statistics, and develop and test PostNord's IT systems. You can read more about the processing of your personal data as an employee of one of PostNord's customers under "When you are employed by PostNord's business customer and PostNord processes your personal data".

Which personal data?

When you have user rights, PostNord will process the associated personal data, usually your name, job title, user ID and login information, information about your employer and the company in which you are employed.

2. Customer Portal

2.1 PostNord as data controller

Purpose

PostNord's customers must grant their employees user rights in order for them to be able to use the functions of the Customer Portal on their behalf. If you are employed by one of PostNord's customers (the Customer) and if you have been granted user rights, PostNord processes your personal data in order to provide you with a username, be able to communicate with you and the Customer, manage accounts, provide access to the Customer Portal, provide customer service, compile anonymised statistics, and develop and test PostNord's IT systems. You can read more about the processing of your personal data as an employee of one of PostNord's customers under "When you are employed by PostNord's business customer and PostNord processes your personal data".

Which personal data?

When you have user rights, PostNord will process the associated personal data, usually your name, job title, user ID and login information, information about your employer, and the company in which you are employed.

2.2 PostNord as data processor

Purpose

When PostNord processes personal data on customer lists created or uploaded by the Customer to the Customer Portal, PostNord is the data processor under the data protection legislation and processes the personal data on behalf of the Customer, who is the data controller for the customer lists. PostNord processes the personal data in the customer lists in order to provide the services and functions on the Customer Portal that the Customer has ordered. Usually, the processing of names etc. from customer lists will consist only in PostNord making the functionality available and storing the customer list in PostNord's system.

It should be noted that the Customer is responsible for deleting any personal data uploaded or created by the Customer on the Customer Portal.

If you are listed in a customer list, PostNord processes your personal data on behalf of the Customer.

Which personal data?

PostNord processes information about you as our Customer's customer, such as your name, address, email address and telephone number.

Purpose and categories of personal data

When you participate in competitions, customer surveys or marketing activities organised by PostNord, we process your personal data, such as contact information, competition entries, views, preferences and other personal data that you have provided or that can be derived from your responses.

We process your personal data for the following purposes:

• to administer the marketing activity, competition or customer survey, including getting back to you and paying any prizes

• provided that you have consented to it, in order to inform you about and offer you additional marketing activities, competitions and customer surveys

• to be able to direct marketing activities to you, including marketing by post, email and SMS/MMS when you have given your consent

• to compile anonymised statistics in order to improve our services

• to maintain, develop, test and improve PostNord's services and the technical platforms on which they are made available.

Basis for processing

PostNord's processing takes place on the basis of Article 6(1)(a), (b) or (f) of the General Data Protection Regulation, i.e based on consent, the performance of an agreement or PostNord's legitimate interest.

Where do we get the information from?

We obtain personal data from you via your digital devices when you access and use our digital channels.

Purpose and categories of personal data

When you contact us, e.g. via our customer service functions, including chats, we process your personal data. This includes information from your customer case, typically your name, address and a parcel number if you have asked us questions. If you visit or communicate with us through our social media accounts (i.e. third-party platforms such as Facebook), PostNord may also receive information about you and your interactions on the third-party platform from its provider.

When you communicate with our customer service functions, PostNord may also need to process information such as images, audio recordings and location. PostNord never collects such information unless you have expressly consented to this.

Your personal data are processed for the following purposes:

• to be able to communicate with you and manage your case in connection with contact via our customer service, email forms and our social media accounts

• to analyse conversations and chats in order to improve our communications and for security reasons (yours and ours)

• to compile anonymised statistics on the use of PostNord's communication functions

• to maintain, develop, test and improve PostNord's services and the technical platforms on which they are made available.

Basis for processing

PostNord's processing takes place on the basis of Article 6(1)(a), (b) or (f) of the General Data Protection Regulation, i.e based on either consent, the performance of an agreement or PostNord's legitimate interest.

Where do we get the information from?

We get the personal data from you.

PostNord's services are generally not targeted at children. However, PostNord processes personal data about children in connection with Greetings to Santa Claus (Hilsen til Julemanden).

If you are a parent or guardian and discover that your child has provided personal data to PostNord, you can contact us if you want to exercise your child's right to, for example, have the personal data corrected or deleted. See "Contact information" above.

Purpose and storage periods

When your child chooses to send a letter to Santa Claus, you consent to PostNord processing personal data about your child. PostNord processes children's personal data when such data are provided in connection with them or their parents/guardians sending a letter to PostNord addressed to "Santa Claus". Every child gets an answer. From among the letters received, lots are drawn and a small number of children are sent a gift/prize.

Personal data about the winners are stored for six months. The rest of the letters are processed by machine by PostNord's data processor, which is part of the PostNord Group, and the personal data are stored for 30 days.

The purpose of the campaign is to brand and market PostNord.

Read about the campaign and the conditions for taking part here. 

Which personal data?

PostNord processes the names and addresses of the children and their parents/guardians, if they also appear from the letter and communication about the prize. In addition, children include their wish lists with their Christmas greetings. The parents of the winner of the main prize will be contacted directly by us by phone and email. We take pictures and film the child as they are presented with the prize, and this image material is published on PostNord's social media.

PostNord blocks/deletes any content and images deemed to infringe third-party rights, including the rights of the child.

Basis for processing

PostNord's processing takes place either on the basis of Article 6(1)(f) of the General Data Protection Regulation, i.e. based on PostNord's legitimate interest in marketing itself, or on the basis of Article 6(1)(a), i.e. based on consent.

The parent/guardian of the winner of the main prize consents to us taking pictures and presenting the main prize to the child at their home address, and to the images being used on PostNord's social media.

Where do we get the information from?

PostNord receives the personal data from the parent/guardian sending the letter, and possibly from the child once they have written the letter.

Photos and video recordings will be made with the winner of the main prize.

Who do we share information with?

PostNord uses a data processor that is part of the PostNord Group and which processes the letters by machine only. PostNord does not share the information with others.

Once the parent/guardian has given their consent, photos and video recordings of the child are shared on Facebook and Instagram.

Purpose 

PostNord processes personal data that are necessary for the performance of the agreement made with a business customer or partner of PostNord, including for the purpose of being able to communicate, manage accounts and provide access to, for example, the PostNord Customer Portal. In your case, PostNord processes personal data about you, e.g., if you are assigned by your employer to having direct contact with PostNord, or because you have an outgoing job function that may involve being contacted by PostNord. It may be that you are the named contact for a shipment, or perhaps your name and work mobile number are listed as customer information on behalf of your workplace, or you may have been assigned a username and password as an administrator of your employer's access to the PostNord Account or Customer Portal.

The business customer or partner of PostNord, i.e., your employer, is responsible for informing you about PostNord's processing of your personal data. 

Which personal data? 

In this situation, PostNord only processes personal data about you that are linked to the business customer of PostNord, usually your name, job title, work mobile number, and the name and address of your place of work (both head office and local department etc.).  Personal data may also include IP addresses, browsing times, cookie information and website history as well as history regarding inquiries, complaints etc.

Basis for processing 

PostNord's processing takes place on the basis of Article 6(1)(b), (c) or (f), i.e. based on the performance of an agreement, compliance with a legal obligation or PostNord's legitimate interest.  

Where do we get the information from? 

PostNord obtains personal data about you as an employee via your employer or from you yourself or your colleagues in situations where contact is made with PostNord, typically in connection with shipments. Data may also come from a sender who names you as your employer's contact in connection with a shipment. 

Who do we share personal data with? 

PostNord may disclose address information to other postal companies/distributors abroad if the shipment is to be delivered there. 

Purpose

PostNord processes image material from CCTV (TV surveillance) of PostNord's facilities, e.g. production areas and warehouses. We process the video recordings:

• to create safety and security for PostNord's employees, suppliers and customers

• to examine any quality deficiency in connection with our production processes including causes of e.g. operational breakdown of our sorting machines

• to prevent and solve crimes and other incidents giving rise to a sense of insecurity

• to protect the assets of employees, customers and PostNord and provide documentation to insurers, including documentation in connection with accidents and injuries

• to prevent and detect unauthorised access to PostNord's premises

• to provide and examine documentation in connection with accidents at work etc. for the purpose of preventing and minimising physical risks.

The purpose of using TV surveillance in parcel shops is crime prevention and control.

Which personal data?

If you are identifiable on CCTV images, such images constitute personal data.

Basis for processing

PostNord's processing primarily takes place on the basis of Article 6(1)(f) of the General Data Protection Regulation, i.e. based on PostNord's legitimate interest to pursue the purposes described above.

If CCTV images show criminal offences and/or contain sensitive personal data, the basis for processing is section 8(3)-(5) of the Danish Data Protection Act, cf. Article 9(2)(f) of the General Data Protection Regulation on the prosecution of legal claims. This is also the basis for processing disputes about damages.

If PostNord discloses video recordings to the police, this can be done in accordance with section 8(3)-(5) of the Danish Data Protection Act and Article 6(1)(e) and (f) and Article 9(2)(f) of the General Data Protection Regulation. In addition, section 4c of the Danish TV Surveillance Act[1] (TV-overvågningsloven) applies.

Storage periods

We retain CCTV images for a maximum of 30 days, except in the case of ongoing investigations that may lead to the establishment, exercise or defence of legal claims.

In the case of CCTV surveillance of parcel shops for the purpose of crime prevention and control, we delete the image material after 30 days at the latest, except if it is necessary for us to report a criminal offence, if there is a specific dispute, or if the processing takes place as part of a crime prevention and control effort.

Who do we share personal data with?

PostNord may disclose personal data, e.g. image material to a third party such as the police in cases relating to the investigation of a crime, or if we otherwise have an obligation to disclose such information under the law or pursuant to a decision of a public authority. In certain situations, image material recorded at our own premises may be passed on to other traders, e.g. an insurance company.

[1] TV-overvågningsloven, LBK nr 182 af 24/02/2023, https://www.retsinformation.dk/eli/lta/2023/182