This Privacy Notice explains how wei use, collect and look after your personal data.

The legal context

ParcelSpacei seeks to safeguard your personal data, and to be compliant with applicable data protection legislation. This is primarily found in the Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR). ParcelSpace is registered with the UK Information Commissioner under registration number Z2272558.

ParcelSpace acts as a data controller for information entered by consumer users who have signed up to our services. We are a data processor for our retailer and delivery partner customers, in respect of the third party data they send us.

The personal data we collect

Personal data or personal information means any information about an individual from which that individual can be identified. We seek to collect and use the minimum amount of personal data necessary to run our services. We do not collect any information regarded as being in a special category (by virtue of it being particularly personal or sensitive).

  1. For consumer users who have signed up to use ParcelSpace, the main personal data which we collect consists of:
    1. Minimum data to open an account: first name, last name, address and email address. Where a user chooses to sign in with Facebook, we also collect Facebook IDs (we do not collect or examine other data which may be available from Facebook).
    2. Minimum additional data to track parcels: tracking numbers, and, where required for tracking, post codes; we also collect the relevant addresses with post codes.
    3. Where users log in using our apps, we collect device tokens for Android devices, and we may collect other identifiers for iOS devices.
    4. If consumer users make payments, we collect sufficient information from PayPal to record a financial transaction with them, including location information in order to process our VAT liabilities; we do not store credit card information.
    5. Users may provide their mobile numbers for receiving text messages, which we will send if they have provided sufficient user credit or if retailers or delivery partners pay for sending text messages.
    6. Users may provide multiple addresses or secondary email addresses, retailer and order information, and other personal data so that we can share delivery information with others.
    7. We also collect log files to improve the performance of our service and these may include users' Internet protocol (IP) addresses, other technical information and some of the above personal data. We generally keep log files for considerably less than one year.
    8. Users may contact us directly and may provide other personal information in the process.
  2. For retailer and delivery partner customers, the main personal data we collect for their users consists of:
    1. Minimum data to identify a consumer: first name, last name, address and email address.
    2. Additional information to track parcels and match them to consumer records: tracking numbers, order numbers and, where available, delivery addresses and post codes.
    3. Consumer mobile numbers may be provided where available in order to allow text message alerts to be sent.
    4. We may collect some personal details of our customers' staff who operate their ParcelSpace account.
    5. We record some of the above information in log files to improve the performance of our service. We generally keep log files for considerably less than one year.

Cookies

We also use some small cookie text files that are saved via your web browser on your hard drive to enable the operation of the website. The cookie names, source and a comment on them are:
  • PHPSESSID - generated by ParcelSpace
    This is a session cookie which stores temporary session information which does not contain personal data and enables the website to operate. When you close your web browser, this cookie is deleted.

  • __utma, __utmb, __utmc, __utmt and __utmz - generated by Google
    These are the cookies required to run Google Analytics, which helps us learn how visitors use our website and how we can improve it. This may give Google some personal data, and you can disable these cookies in your browser without directly degrading our service. These cookies persist for periods between the duration of the browsing session and one year.

How we use personal data

We use your personal data or the personal data of your customers:
  1. To provide the services you have requested from us, with your explicit consent and/or for the legitimate purpose of providing our services;
  2. To respond to your communications;
  3. To inform you of significant changes to our services, if you have given us consent to do so; and
  4. To comply with our legal and ethical responsibilities.

When we share personal data

  1. We never sell email addresses and we do not share your personal information for marketing purposes.
  2. We transfer personal data to trusted third party service providers for IT systems and software-as-a-service (SaaS) services which support our business. Our main providers are based in the European Economic Area; some personal information may be transferred to the US, and we check that those providers comply with the EU-US Privacy Shield.
  3. We may be required to share some personal data with professional service providers, tax authorities, regulators, public bodies or other parties where we have a regulatory or legal obligation, or to protect your vital interests or the interests of another natural person. In these circumstances, we would seek to share the minimum personal data possible.

Data security

We have put in place security measures to prevent your personal data from being accidentally lost, altered, disclosed or used in an unauthorised way. These security measures include: physical and organisational controls; network security measures; the use of secure code frameworks; unit, integration and security testing; the use of Secure Sockets Layer (SSL) connections on pages containing personal data; and data backups. We continually look to refactor our codebase to make our systems more robust.

We regularly monitor activity in our systems, and we will notify you and any applicable regulator if we become aware of a security breach which affects your personal data where we are legally required to do so.

Your rights over your personal data

Through a consumer user's account, you have access to the majority of the personal data which we hold for you. You can edit or delete most of this data, though there may be a few fields you do not have access to.

If you want us to assist you managing the personal data we hold for you, you have the right to request that we give you that data, or that we correct or delete it. Please send requests about this to us through our contact form; there is no charge for this, and we will endeavour to complete any changes within one month.

If we are providing services to you indirectly as a data processor on behalf of a retailer or delivery partner, please make your requests through them.

We assume that if you use our website and services, you are comfortable with our processes to use and safeguard your personal data as described in this Privacy Notice. Please contact us if you have any queries or concerns about this. In addition, you have a right to lodge a complaint with the Information Commissioner's Office (ICO) if you have a concern about how we are handling your personal data.

We are continually looking to improve our processes for managing and securing your personal data; please check our Privacy Notice for changes which we may record here from time to time.


i ParcelSpace Ltd, "we", "us" or "our".


Revision: 1.14
Updated: 8.7.2018