PostNL offers all kinds of services. To perform these services, we collect personal data from you. We believe it is important that we handle these data with due care. We comply with the applicable laws and regulations, such as the General Data Protection Regulation (GDPR). Below we explain what we do with your personal data.
PostNL is responsible for the processing of all personal data that fall within the scope of this privacy statement. By PostNL we mean all companies and services with a PostNL logo that fall under PostNL Holding B.V.
In this privacy statement you will only find information about the processing of your personal data. If you have any questions or complaints about our services or products, please contact our customer service.
This privacy statement is not about how we handle personal data of job applicants or (former) employees of PostNL. This is covered by a separate privacy statement. Read how we handle personal data of job applicants.
Personal data are data that say something about you, such as your name, address, email address or telephone number. But also data that we can link to you, such as your IP address or customer number. Some of these data are provided to us by you yourself. Other data are obtained by us if you use our services or products. Data of deceased persons are not personal data.
Special categories of personal data deserve more protection. This concerns genetic and biometric data, and data about your health, ethnic background, religious and political beliefs, sexual preferences, and trade union membership. Data on criminal offences, such as fraud, are also more sensitive in nature. We may process these special and sensitive personal data if:
In this privacy statement you can read when we process special categories of personal data or sensitive personal data.
We always process personal data for a reason. The legal name for such a reason is a ‘legal basis’. These legal bases are described below. For each legal basis, we also indicate the purpose for which we process personal data and the data concerned. By processing we mean everything we do with your personal data. Such as storing, viewing, analysing, altering, deleting or transmitting them, for example.
You may enter into an agreement with us, for example if you buy something in our webshop (purchase agreement). To perform this agreement, we have to process your personal data. This applies to the following purposes:
If you send a letter or parcel, you enter into an agreement with us. To perform that agreement, we process personal data of you as the sender.
In the case of letters, it concerns personal data such as:
In the case of parcels and registered mail, it concerns personal data such as:
You can send letters and parcels by dropping them off at a PostNL point. A PostNL point may be in a shop or another location. This shop or location will then process your personal data on our instructions. We make agreements about such processing in contracts.
We do not retain the personal data any longer than necessary.
When you create a PostNL account, we provide services that make sending mail and parcels even easier, as well as customised services. For example, we provide an overview of parcels sent and received, and you can set delivery preferences. With a PostNL account, you can also use our services with third parties. For this purpose, data are retrieved from your PostNL account. For example, for automatically completing your address details when you place an order in a webshop. By accepting the account terms and conditions, you enter into an agreement with us. For this purpose, we process personal data such as:
We will retain your personal data as long as you have a PostNL account (and therefore an agreement with us).
When you buy a shipping label or digital stamp online, you enter into an agreement with us. To perform that agreement, we process personal data such as:
We do not retain the personal data any longer than necessary.
When you order something in our webshop, e.g. stamps, we need your data. For this purpose, we process personal data such as:
We do not retain the personal data any longer than necessary.
If you use our forwarding service, you enter into an agreement with us under which we will temporarily deliver your mail at a different address. For this purpose, we process personal data such as:
We do not retain the personal data any longer than necessary.
If you use our removal service, you enter into an agreement with us under which we deliver your mail at a new address. For this purpose, we process personal data such as:
You can also hoose to have us pass on your new address to companies and organisations selected by you. For example, to:
We do not retain the personal data any longer than necessary.
If you use our surviving dependants service, you enter into an agreement with us under which we will deliver the mail of a deceased person at a different address. For this purpose, we process personal data such as:
We do not retain the personal data any longer than necessary. The data of deceased persons are not personal data.
To comply with our legal obligation, we have to process certain personal data. This applies to the following purposes:
We may deliver mail or parcels to you that contain alcohol. Or you may pick them up at a PostNL point. We will only hand over your mail or parcel to you if you show a valid identity document proving you are old enough. We can also leave your mail or parcel with the neighbours or a housemate, if they can provide proof of identity and are old enough.
The deliverer asks for a signature for receipt. This way, we can also show the sender that we performed this check. Depending on the situation and the service purchased by the sender, we process the following personal data:
We do not retain these data any longer than necessary.
For example, for keeping our customer records, or filing a tax return. In order to comply with laws and regulations, we may need to transfer personal data to government institutions or supervisory authorities. This may be necessary for a particular situation. Before sharing these data, we check the powers of these institutions.
For this purpose, we process personal data such as:
We do not retain the personal data any longer than necessary.
Sometimes we process your personal data if you have given consent for this yourself. You can withdraw your consent at any time. This will not affect what we have already done with your consent. This applies to the following purposes:
If you give your consent, we can customise our website and app with information that is of interest to you, or make certain recommendations to you. For these additional functionalities, we process personal data such as:
You can read more about cookies in our cookie statement, where you can also learn how to set your cookie preferences.
We use cookies and similar technologies to show you relevant ads. You can read more about this in our cookie statement, where you can also learn how to set your cookie preferences and other technologies.
Certain services and activities are of great importance to us to perform. In that case, we have a legitimate interest in doing so. We can only perform these services and activities if we process certain personal data. This applies to the following purposes:
We need personal data from you to deliver mail and parcels to you, or if you pick up mail or parcels at a PostNL point. This includes data for track & trace. We will also send you messages to let you know where your letter or parcel is and when we will deliver it. Your personal data come from the sender of the letter or the parcel. For example, a webshop or someone who sends you a card. For this purpose, we may process the following personal data of you:
We do not retain the data any longer than necessary.
We process some data because this is required by law. For example, we are obliged to check the age of the recipient when we deliver alcohol. See also the purpose ‘To deliver mail and parcels to you for which identification is required’ under the legal basis ‘Our legal obligation’.
Sometimes a letter is undeliverable, for example because it does not contain an (existing) address or a return address. In such an exceptional situation, we are allowed to open the letter. In doing so, we hope to find out the address of the addressee or the sender. We have a dedicated department for this purpose. Its employees have signed a statement saying that they will keep the contents confidential and comply with our rules of conduct. They also provided a Certificate of Good Conduct when they joined our company. If they find an (return) address, we will deliver the letter with an accompanying letter explaining why we opened it.
We process personal data of you when you contact us through our customer service or social media. We then process personal data that you provide to us, such as:
If you have a PostNL account and give us your consent, we will use your account details to help you.
If you have a complaint about the delivery of a letter or parcel, we have to be able to handle it properly. For this purpose, it may be necessary for us to share the contents of the complaint and your personal data with other parties. For example, with subcontractors with whom we work, or with the relevant deliverer. This may include personal data such as:
You can contact us through various channels, such as chat, email or telephone. We may record telephone calls with our customer service to train our employees and analyse information. A recorded telephone call is retained for a maximum period of 60 days.
Some telephone calls with business customers are recorded by us. This is the case when we record payment agreements. At the beginning of the conversation, we will ask you if you have any objections to such recording. We will use these recordings and transcripts to record the agreements in our systems. This is always done by an employee. The recorded telephone calls are retained for a maximum period of 60 days.
To offer you the best possible help, our customer service department is assisted by a digital colleague: chatbot Daan. When you choose to chat or call, Daan will ask some questions. This will enable one of our colleagues to work on your query immediately. We will store your answers, the chats and your personal data with the customer service department. This gives us an overview of the questions you asked us at that time and/or in the past. Without these personal data, we are unable to contact you and answer your question. If you only speak to our digital colleague Daan, we will retain these data for a maximum period of 6 months. If Daan puts you through to an employee, we will retain the data for a maximum period of 5 years. If you send a private message via Facebook or X, we will retain that message for a period of 3 months.
Any refund requested by you via chatbot Daan will go through an automated process. We do this to help you better and faster. The data you have entered are checked for accuracy and automatically checked against certain criteria. The decision of whether you will get a refund is made on the basis of the data you have entered and the data we have about your purchase. You will always receive an answer about whether or not you get a refund. You have the right to submit this automatic decision to an employee and to receive an explanation. You can also let us know what you think of the decision and, if desired, object to it. Please read What are your privacy rights? and Do you have any questions about privacy?
To improve our internal processes and business operations, we process data anonymously as much as possible. This may sometimes involve processing of personal data, for example to improve pages on our website, to resolve causes of complaints, to improve our logistics processes, to develop new products, or to make analyses and reports for business customers, such as webshops. These analyses and reports never contain names and addresses, but only information about large groups of users. For example, the number of parcels we have delivered in a particular postcode area.
In order to tailor our services and products to your wishes and needs, we process data from your account and about your account activity, such as setting a delivery preference, so we can determine which products suit you, make recommendations, or send you targeted advertising or information.
We can also contact you to ask your opinion of our services and products. For example, we can ask you to participate in a customer (satisfaction) survey conducted by us. We do this in various ways, for example by sending an email. Sometimes we outsource this to another party.
In order to improve our services, we may process the following personal data:
We do not retain the personal data any longer than necessary.
We use personal data to make our website and app work technically, and to offer you certain functionalities and improve them. For this purpose, we process personal data such as:
In our cookie statement, we explain what types of cookies we use and why, and how you can change your cookie settings.
You can also request additional functionalities on the website and in the app. In some cases, we need your consent to process personal data. See the heading ‘To offer you additional functionalities of our website and PostNL app’.
We do not retain the personal data any longer than necessary.
We use personal data to provide you with information and services that we think may be of interest to you. This enables us to tailor our products and services to your wishes. We also use these data to improve our service to you. For this purpose, we process personal data such as:
We do not retain the personal data any longer than necessary.
We receive visitors at our head office and other locations. On that occasion, we will register your data to give you an access pass. This tells us know who is present in the building. For this purpose, we process personal data such as:
We retain these data for a period of 2 weeks.
We process personal data to prevent and combat fraud within our (logistics) processes. This concerns personal data that we already have. We use them for analyses and investigations, and take measures when necessary. In the process, we process all personal data required for thispurpose.
We do not retain the personal data any longer than strictly necessary. This may vary from case to case.
We process personal data for proper business operations. Examples include sending invoices, general management, and asset management. By analysing and combining data, we endeavour to continue improving our business processes. We also process personal data for purposes of finance and accounting, archiving and insurance, legal and business advice, and in settling legal conflicts. For this purpose, we process personal data such as:
We will retain these data for as long as necessary. This may vary for each business process.
We use personal data to send you offers and newsletters. And to develop, conduct and analyse market surveys and marketing strategies. For this purpose, we process personal data such as:
We do not retain the personal data any longer than necessary.
We may exchange your personal data with the companies that fall under PostNL Holding B.V. We do this for internal business processes, to perform analyses, and to provide you with services and improve them. PostNL employees only have access to personal data that are necessary for their work.
We share personal data with other parties if this is necessary for the reasons set out above. This concerns two types of parties:
We engage other parties that perform services or work for us. We call these parties “processors”. They process the data exclusively for us. These parties include, for example:
When we engage third parties, they only work on our instructions. In other words, they do not process the data for their own purposes. We make agreements about such processing in contracts. We also check whether these parties secure the data properly and handle them with due care.
In addition to processors, there are other parties with whom we may share personal data. We only do this when permitted or required by law. These parties include, for example:
We will retain your data for as long as necessary for the purpose for which we collected them. We have described this above for each separate purpose. The exact duration of the retention period depends on:
If your data are no longer needed for the purpose for which we processed them, we will remove them or render them anonymous.
We use various technical and organisational measures to secure your data. For example, we store personal data in encrypted form where possible. And we continuously invest in the security of our systems that process personal data. We also have our security checked regularly by external experts. And we have a dedicated department that monitors the digital security of our data.
Furthermore, employees may only access your personal data if they need them to do their job. All our employees have signed a confidentiality agreement. We also require our suppliers to handle your personal data with the same care and level of security as we do. And we require them to have the appropriate security certificates.
We process personal data mainly within the European Economic Area (EEA).
When sharing your data with countries outside the EEA, we make sure that they are given sufficient protection. We do this in accordance with the rules of the General Data Protection Regulation.
You have the right to know which personal data we have of you and what we do with those data. Below we explain what rights you have, whether there are exceptions, and how you can use this right.
You have the right to access the personal data that we process of you. This means that you can request information about these data from us. You can use this information to check whether your data are correct and complete. If necessary, you can modify the data (or have them modified). We will provide you with these personal data, unless an exception applies.
You have the right to modify the personal data that we process of you if they are incorrect or incomplete.
You have the right to have your personal data deleted. We cannot always comply with this request. For example, where we are required by law to retain the data for a certain period of time. Or when we still need the data for the purpose, for example delivering a letter or parcel or receiving a payment for such delivery from you. You can use the right to have your personal data deleted if:
You have the right to ask us to restrict the use of your personal data. This is possible if:
You have the right to receive personal data that we have of you in such a way that you can easily give them to another person or organisation. This is only possible if you have personally transferred the personal data to us, and if we process those data automatically, based on your consent or an agreement that you have with us.
You have the right to object to our processing of your personal data.
Do you want to use a right? This is how you can do it:
If you make a privacy request, we are obliged to make sure that we give the data to the right person. Do you use the access form? If you have a PostNL account, you do not need to add proof of identity. If you do not have a PostNL account, upload a copy of your identity document, so that we know who you are. You may render your citizen service number (BSN) illegible. Tip: use the KopieID app of the Dutch Central Government. After your request has been dealt with, we will dispose of your copy.
If you send your request by letter, add a copy of your identity document. For example, your passport or driving licence. Please note: render your BSN number invisible on the copy. And write the date on it, and why you are sending us the copy. This helps prevent fraud.
This privacy statement was last amended on 1 November 2024 and may be amended from time to time.
There are 2 organisations that monitor how we process personal data:
In addition, our own data protection officer checks whether we are handling personal data in a proper manner.
If you have any questions about how we use your personal data, please send an email to our data protection officer via fg@postnl.nl.
If you have any questions or complaints about our services or products, please contact our customer service.
If you are not satisfied with our answers to your privacy questions, you can submit a complaint to the Dutch Data Protection Authority.
