1
M.10810496.2
EXPRESS ONE PRIVACY POLICY
(“Privacy Notice”)
DATA RELATING TO THE CONTROLLER
Express One Hungary Korlátolt Felelősségű Társaság (hereinafter referred to as Express One”)
pays particular attention to the protection of personal data processed and managed in connection with
the use of its parcel services and to compliance with the applicable privacy legislation.
With this in mind, in this Privacy Notice, Express One aims to provide comprehensive, transparent and
concise information about its data processing activities.
This Privacy Policy forms Annex 7 to Express One's current General Terms and Conditions (“GTC”).
This Privacy Notice aims to provide data subjects with adequate information in accordance with
Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”). Access and
download the GTC at the following link: http://expressone.hu/public/ASZF_2018_05_04.pdf. Access
and download this Privacy Notice at:
https://expressone.hu/public/Express_One_Hungary_Kft_Adatkezelesi_tajekoztato.pdf.
Subject to changes in the underlying legal environment, Express One expressly reserves the right to
amend and/or repeal this Privacy Notice at any time without prior direct notice to the data subjects. In
the event of a modification to this Privacy Notice, Express One will publish a notice and an alert on its
website (http://www.expressone.hu) at least 15 days before the amendment(s) take effect.
The details of Express One are as follows:
Name of the controller:
Express One Hungary Korlátolt Felelősségű Társaság
Registered office:
H-1239 Budapest, Európa utca 12.
Company registration number:
01-09-980899
Tax identification number:
13947109-2-43
Website:
http://www.expressone.hu
Email address:
ugyfelszolgalat@expressone.hu
Fax:
(+36) 1 8 777 499
Postal address:
H-1239 Budapest, Európa utca 12.
Community tax ID number:
HU13947109
2
M.10810496.2
Should you have any questions or comments about Express One's data processing and/or this Privacy
Notice, or if you wish to exercise any of the data subject rights provided in this Privacy Notice, you are
entitled to notify Express One using the contact details set out in Clause 4(II) hereof.
I.
DETAILS OF THE PROCESSING ACTIVITY
EXPRESS ONE CARRIES OUT DATA PROCESSING ACTIVITIES IN RELATION TO THE
FOLLOWING ACTIVITIES:
A.
COURIER AND EXPRESS POSTAL SERVICES
Subject to Act CLIX of 2012 on Postal Services (hereinafter: “Postal Services Act”)
1)
Domestic and international delivery to contracted partners and occasional customers
(courier and express postal services) for delivery by courier
2)
Domestic delivery to contracted partners (courier and express postal services)for
delivery at parcel lockers
3)
EURODIS
4)
Other postal services not replacing the universal service
and shipping services subject to Act V of 2013 on the Civil Code
5)
(hereinafter: "Civil Code")
B.
OTHER DATA PROCESSING
1.
Damage management
2.
Claims management
3
M.10810496.2
A.
COURIER AND EXPRESS POSTAL SERVICES
1.
DOMESTIC DELIVERY FOR CONTRACTED AND AD HOC CUSTOMERS, DELIVERY BY
COURIER
1.1.
Description of the service
Domestic home delivery is a service provided to both natural person and corporate consignors,
whereby Express One delivers or attempts to deliver the consignment the consignor wishes to send
and hands over to Express One, to the consignee or person entitled to receive it, as specified by the
consignor, subject to the conditions set out in the GTC and as set out in the courier service contract
concluded between the parties for home delivery.
1.1.1.
For ad hoc consignors
In the event of contracts concluded by an ad hoc principal by filling in the consignment note, the order
form or by registering online (eBox).
For the purposes of this section, Express One is a controller.
Data
subject
Personal data
processed in
relation to the
data subject
and
their source
Purpose of data
processing
1
Natural
person
consignor
Collected by
Express One
from the data
subject: name;
address; billing
address; place of
birth;
date of birth;
mother's maiden
name; tax
identification
number;
telephone
number; fax
number; email
address
Preparation and
performance of the
postal services
contract, accounting,
verification and ex-
post control of the
performance,
provision of data to
the supervisory
authority, and liaising.
for contracts
concluded via
eBox:
Collected by
Express One
Drafting a contract
for the provision of
services relating to
the information
society,
1
Government Decree No. 335/2012. (XII. 4.) on the detailed rules for the provision of postal services and the postal service for
official documents, and on the general terms and conditions of postal service providers and on items excluded from or
conditionally deliverable by postal services (hereinafter: “Postal Services Decree”)
4
M.10810496.2
Data
subject
Personal data
processed in
relation to the
data subject
and their
source
Purpose of data
processing
from the data
subject: natural
person’s
identification data
required for
identification;
address; date,
duration and
place of use of
the service;
personal data
technically
necessary for the
provision of the
service.
determination and
amendment of its
content, monitoring
its performance,
invoicing the fees
arising from it, and
liaising for the
purpose of pursuing
claims in relation to
it.
For contracts
concluded via
eBox:
Collected by
Express One
from the data
subject: email
address.
To confirm receipt of
the customer's order
to the customer by
electronic means
without delay, and to
conclude the
contract.
2
.
Natural
person
representing
the
contracting
party
Collected from
the natural
person
representing the
contracting party:
name; telephone
number; fax
number.
Preparation for and
performance of the
contract to be
concluded with the
contracting party
and for the postal
services contract,
settlement of
accounts with,
certification and
post-contractual
control of
performance,
reporting data to the
supervisory
authority, and
liaison.
2 Act CVIII of 2001 on Specific Issues Related to Electronic Commerce and on Information Society Services (hereinafter: “E-
Commerce Act”)
5
M.10810496.2
Data
subject
Personal data
processed in
relation to the
data subject
and their
source
Purpose of data
processing
for contracts
concluded via
eBox:
Collected by
Express One
from the natural
person
representing the
contracting party:
natural person’s
data required for
identification;
address; date,
duration and
place of use of
the service;
personal data
technically
necessary for the
provision of the
service.
Preparation a
contract for the
provision of services
relating to the
information society,
determination and
amendment of its
content, monitoring
its performance,
invoicing the fees
arising from it, and
liaising for the
purpose of pursuing
claims in relation to
it.
for contracts
concluded via
eBox:
Collected by
Express One
from the natural
person
representing the
contracting party:
email address
To confirm receipt of
the customer's order
to the customer by
electronic means
without delay, and to
conclude the
contract.
2
Act CVIII of 2001 on Specific Issues Related to Electronic Commerce and on Information Society Services (hereinafter: “E-
Commerce Act”)
6
M.10810496.2
Data
subject
Personal data
processed in
relation to the
data subject
and their
source
Purpose of data
processing
3
Natural
person
consignee
Collected and
transmitted by
the consignor:
name, residential
address, delivery
address, place of
birth; date of
birth; mother's
maiden name;
tax identification
number; phone
number; fax
number; email
address
Preparation and
performance of the
postal services
contract, accounting,
verification and ex-
post control of the
performance,
provision of data to
the supervisory
authority, and liaising.
Collected and
transmitted by
the consignor (as
other data
controller): email
address
By dispatching a
questionnaire via
email to assert
Express One’s
legitimate interests
(quality assurance
and
monitoring/improvin
g the quality of its
services)
Possibly
collected from the
consignor or the
consignee:
different delivery
address and/or
date. It may also
include an email
address or phone
number other
than the one
previously
specified, as well
as the
information
provided by the
modifying party in
the comment
box.
Preparation
and performance of
the postal services
contract, settlement
of accounts with,
certification and ex-
post control of its
performance.
Collected from
the consignee:
signature,
personal
Number
and type of
identification
7
M.10810496.2
Data
subject
Personal data
processed in
relation to the
data subject
and their
source
Purpose of data
processing
document for the
postal services
contract
fulfilment of the
related legal
obligations, proof of
performance of the
contract, and
compliance with
legal obligations.
Result of the
satisfaction
survey made with
the consignee
and the
waybill number.
By dispatching a
questionnaire via
email to assert
Express One’s
legitimate interests
(quality assurance
and
monitoring/improvin
g the quality of its
services).
4
Natural
person
representing
the consignee
(or other
person
entitled to
receive the
consignment)
Collected and
transmitted by
the sender or the
natural person
consignee: name,
residential
address, phone
number;
Preparation and
performance of the
postal services
contract, accounting,
verification and ex-
post control of the
performance,
provision of data to
the supervisory
authority, and liaising.
Collected and
transmitted by
the consignor (as
other data
controller): email
address
By dispatching a
questionnaire via
email to assert
Express One's
legitimate interests
(quality assurance
and
monitoring/improvin
g the quality of its
services).
3
Government Decree No. 335/2012. (XII. 4.) on the detailed rules for the provision of postal services and the postal service
for official documents, and on the general terms and conditions of postal service providers and on items excluded from or
conditionally deliverable by postal services (hereinafter: “Postal Services Decree”)
8
M.10810496.2
Data
subject
Personal data
processed in
relation to the
data subject
and their
source
Purpose of data
processing
Possibly
collected from the
consignor or the
consignee:
different delivery
address and/or
date. It may also
include an email
address or phone
number other
than the one
previously
specified, as well
as the
information
provided by the
modifying party in
the comment
box.
Preparation
and performance of
the postal services
contract, settlement
of accounts with,
certification and ex-
post control of its
performance.
Collected from
the person
representing the
consignee:
signature;
number and type
of the document
that can be used
for personal
identification;
indicating the
relationship
between the
consignee and
the
representative or
the capacity of
the consignee.
Fulfilment
of the legal
obligation relating to
the contract for
postal services,
proof of fulfilment of
the contract, and
compliance with the
legal obligation.
9
M.10810496.2
Data
subject
Personal data
processed in
relation to the
data subject
and their
source
Purpose of data
processing
Result
By dispatching
of the satisfaction
a questionnaire
survey
via email to assert
made with the
Express One's
natural person
legitimate interests
representing
(quality assurance
the consignee
and monitoring/
and the waybill
improving the
number.
quality of
its services)
.
.
5
Witness
Collected from
the witness:
his/her capacity;
name, age,
signature; data
relating to proof
of identity
Proof of delivery of a
registered
consignment to a
consignee who is
illiterate, does not
know Latin
characters or is
otherwise unable to
write, and proof of
the consignee's
eligibility.
6
Legal re-
presentative
or guardian
Collected from
the legal
representative:
data required for
personal
identification;
signature;
Collected from a
guardian: non-
appealable
official decision;
official identity
card or official
certificate,
signature
Proof of delivery of a
personal delivery
request to a natural
person who is
incapacitated or
subject to
guardianship that
excludes his or her
capacity to act.
10
M.10810496.2
1.1.2.
For a contracted partner consignor
For the purposes of this section, Express One is a controller.
Data
subject
Processed
personal data of
the data subject
and its source
Legal basis for data
processing
Purpose of data
processing
1
.
The
natural
person
representin
g the
contracted
partner
Collected from the
natural person
representing the
contracting party:
name; phone
number; and fax
number.
Article 6(1)(b) of the GDPR
(processing is required for the
performance of the contract)
AND
Article 6(1)(c) of the GDPR
(required for the performance
of a legal obligation)
[legislation containing legal
obligations: Article 54(1) of
the Postal Services Act]
Preparation and
performance of the
contract concluded
with contractual
partners for postal
services, accounting,
verification and ex-
post control of the
performance, and
provision of data to
the supervisory
authority, and liaising.
2
.
Natural
person
consignee
Collected and
transmitted by the
contractual
partner: name,
residential address,
place of birth; date
of birth; mother's
maiden name; tax
identification
number; phone
number; fax
number; email
address
Article 6(1)(b) of the GDPR
(processing is required for the
performance of the contract)
AND
Article 6(1)(c) of the GDPR
(required for the performance
of a legal obligation)
[legislation containing legal
obligations: Article 54(1) of
the Postal Services Act]
Preparation and
performance of the
postal services
contract, accounting,
verification and ex-
post control of the
performance,
provision of data to
the supervisory
authority, and liaising.
Collected and
transmitted by the
contractual
partner: email
address
Article 6(1)(f) of the GDPR
(Express One's legitimate
interests).
By dispatching a
questionnaire via
email to assert
Express One's
legitimate interests
(quality assurance
and
monitoring/improving
the quality of its
services).
Possibly collected
from the consignor
or the consignee:
different delivery
address and/or
date. It may also
include
an e-mail
Article 6(1)(b) of the GDPR
(processing is required for the
performance of the contract)
AND
Preparation and
performance of the
postal services
contract, settlement of
accounts with,
11
M.10810496.2
Data
subject
Personal data
processed in
relation to the
data subject and
their source
Legal basis for data
processing
Purpose of data
processing
address or phone
number other than
the one previously
provided, and the
information
provided by the
amending party in
the comment box.
Article 6(1)(c) of the GDPR
(required for the performance
of a legal obligation)
[legislation containing legal
obligations: Article 41(6) of
the Postal Services Act and
Article 9(3) of the Postal
Services Decree]
certification and ex-
post control of its
performance.
and Article 6(1)(a) and (f) of
the GDPR
(consent and legitimate
interest)
Collected from the
consignee:
signature, the type
and
number of the
document that can
be used for
personal
identification
Article 6(1)(b) of the GDPR
(processing is required for the
performance of the contract)
AND
Article 6(1)(c) of the GDPR
(required for the performance
of a legal obligation)
Fulfilment of the legal
obligation relating to
the contract for postal
services, proof of
fulfilment of the
contract, and
compliance with the
legal obligation.
[legislation containing legal
obligations: Articles 41(10)
and 54(1) of the Postal
Services Act and Article
22(5)(a) of the Postal
Services Decree]
Result of the
satisfaction survey
made with the
consignee and the
waybill number.
Article 6(1)(a) of the GDPR
(the data subject’s consent)
By dispatching a
questionnaire via
email to assert
Express One's
legitimate interests
(quality assurance
and
monitoring/improving
the quality of its
services).
3
.
Natural
person
representin
g the
consignee
(or other
Collected and
transmitted by the
contractual partner
or the natural
person
consignee (as other
data controller):
name;
Article 6(1)(b) of the GDPR
(processing is required for the
performance of the contract)
AND
Preparation and
performance of the
postal services
contract, settlement of
accounts with,
certification
and ex-post control
12
M.10810496.2
Data
subject
Personal data
processed in
relation to the
data subject and
their source
Legal basis for data
processing
Purpose of data
processing
person
entitled to
receive the
consignmen
t)
residential address;
phone number;
Article 6(1)(c) of the GDPR
(required for the performance
of a legal obligation)
of its performance,
provision of data to
the supervisory
authority,
and liaising.
[legislation containing legal
obligations: Article 54(1) of
the Postal Services Act]
Collected and
transmitted by the
contractual
partner: email
address
Article 6(1)(f) of the GDPR
(Express One's legitimate
interests).
By dispatching a
questionnaire via
email to assert
Express One’s
legitimate interests
(quality assurance
and
monitoring/improving
the quality of its
services).
Possibly collected
from the consignor
or the consignee:
different delivery
address and/or
date. It may also
include an
email address or
phone number other
than the one
previously specified,
as well as the
information
provided by the
modifying party in
the comment box.
Article 6(1)(b) of the GDPR
(processing is required for the
performance of the contract)
AND
Article 6(1)(c) of the GDPR
(required for the performance
of a legal obligation)
[legislation containing legal
obligations: Article 41(6) of
the Postal Services Act and
Article 9(3) of the Postal
Services Decree]
Preparation and
performance of the
postal services
contract, settlement of
accounts with,
certification and ex-
post control of its
performance.
and Article 6(1)(a) and (f) of
the GDPR
(consent and legitimate
interest)
Collected from the
person representing
the consignee:
signature; number
and type of the
document that can
be used for personal
identification;
indicating the
Article 6(1)(b) of the GDPR
(processing is required for the
performance of the contract)
AND
Article 6(1)(c) of the GDPR
(required for the performance
of a legal obligation)
Fulfilment of the legal
obligation relating to
the contract for postal
services, proof of
fulfilment of the
contract, and
compliance with
13
M.10810496.2
Data
subject
Personal data
processed in
relation to the
data subject and
their source
Legal basis for data
processing
Purpose of data
processing
relationship
between the
consignee and the
representative or
the capacity of the
consignee.
[legislation containing legal
obligations: Articles 41(10)
and 54(1) of the Postal
Services Act and Article
22(5)(a) of the Postal
Services Decree]
a legal obligation.
AND
[Article 6(1)(f) of the GDPR]
(required for asserting the
data controller’s legitimate
interests)
Result of
the satisfaction
survey made with
the natural person
representing the
consignee and the
waybill number.
Article 6(1)(a) of the GDPR
(the data subject’s consent)
By dispatching a
questionnaire via
email to assert
Express One's
legitimate interests
(quality assurance
and
monitoring/improving
the quality of its
services).
4
.
Witness
Collected from the
witness: his/her
capacity; name,
age, signature; data
relating to proof of
identity
Article 6(1)(b) of the GDPR
(processing is required for the
performance of the contract)
AND
Article 6(1)(c) of the GDPR
(required for the performance
of a legal obligation)
Proof of delivery of a
registered
consignment to an
consignee who is
illiterate, does not
know Latin characters
or is otherwise unable
to write, and proof of
the
consignee's eligibility.
[legislation containing legal
obligations: Article 26(1) of
the Postal Services
Decree]
5
.
Legal
representati
ve or
guardian
Collected from the
legal representative:
data required for
personal
identification;
signature;
Article 6(1)(b) of the GDPR
(processing is required for the
performance of the contract)
AND
Article 6 (1)(c) of the GDPR
Proof of delivery of a
personal
delivery request to a
natural person who is
incapacitated or
subject to
guardianship that
excludes
14
M.10810496.2
Data
subject
Personal data
processed in
relation to the
data subject and
their source
Legal basis for data
processing
Purpose of data
processing
Collected from a
guardian: non-
appealable official
decision; official
identity card or
official certificate,
signature
(required for the performance
of a legal obligation)
[legislation containing legal
obligations: Article 26(2) of
the Postal Services Decree]
his or her capacity to
act.