Privacy Policy concerning the processing of personal data
Privacy Policies and Procedures for the Processing of Personal Data
Version number: 1.0
Date: September 1, 2022.
We consider it a fundamental commitment to ensure the right to the protection of personal data. SAMEDAY allocates the necessary resources and efforts to process data in accordance with Regulation (EU) 2016/679 (“General Data Protection Regulation” or “GDPR”), as well as other applicable laws. As transparency is one of the main principles of this legal framework, we have prepared this document for your information on how we collect, use, transfer, and protect your personal data when you contact us and use our services, including through our website.
We reserve the right to periodically update and modify this Privacy Policy to reflect any changes in the way we process your personal data or changes in legal requirements. In the case of such changes, we will display the modified version of the Privacy Policy on our website, so please check the content of our Privacy Policy regularly.
Who we are and how you can contact us
SAMEDAY is the commercial name of DELIVERY SOLUTIONS Ltd. It is a legal entity registered in Hungary, with its headquarters located in Budapest, 1033 Budapest, Szentendrei út 89-95. X. bld, Hungary, registered in the Company Registry under no. 01-09-371417, tax number 28730978-2-41. (hereinafter referred to as SAMEDAY or we). Under the data protection law, we qualify as data controllers when we process personal data collected directly from you, and as data processors, when processing personal data collected by you.
Considering that we are always open to hear your opinion, as well as for any additional information you might need regarding the processing of your data, we recommend that you contact SAMEDAY’s data protection officer at
[email protected] by email or by mail or courier at 1033 Budapest, Szentendrei út 89-95. X. bld, with the following note: to the attention of the SAMEDAY data protection officer.
Categories of personal data we process
We generally collect your personal data directly, so you have control over the type of information you provide to us. For example, we receive information from you as follows:
We may store and collect information in cookies and similar technologies on our website, in accordance with the SAMEDAY “Cookie Usage Policy”.
We do not collect or otherwise process sensitive data included in special categories of personal data outlined in the GDPR.
We do not collect and process data of individuals under 16 years old. Any person who transmits personal data to us directly, -or through the collecting sender- does so under their own responsibility, declaring that they are at least 16 years old and are able to provide valid consent for the collection and processing of their data.
Objectives and foundations of processing
We will use your personal data for the following purposes:
This general purpose may include the following:
In most cases, processing your data is necessary for the conclusion and performance of a contract to which you are a party regarding courier services. Applicable laws, including tax and accounting laws, also require this processing for these purposes.
We always want to offer you the best customer experience when purchasing services on our online platform. For this purpose, we may ask you to fill out satisfaction surveys following the completion of an order or conduct market studies and research directly or with the help of partners.
These activities are based on our legitimate business interests, always taking care
not to infringe on your fundamental rights and freedoms.
In order to inform you about the delivery status, we may send you details about shipments to parcel lockers or access codes through electronic communication channels (email / SMS). We always ensure that this is done with respect for your rights and freedoms.
You may request at any time, as described in this document, that we stop processing your personal data for information purposes, and we will process your request as soon as possible. It is important to note that withdrawing your consent may prevent you from being informed about the status of the provided services.
There may be situations when we use or transmit information to protect our rights and commercial activity. These may include:
The general basis for such processing is our legitimate interest in protecting our commercial activity, as we have understood that this ensures that every action taken guarantees the balance between our interests and your fundamental rights and freedoms.
Furthermore, in certain cases, processing is based on legal provisions such as the obligation to protect goods and values, as prescribed by the applicable laws in this matter, the obligation to report security breaches, etc.
How long we keep your personal data
As a general rule, we store your personal data as long as you have an account on the SAMEDAY platform. You can request at any time that we delete certain information or close your account, and we will respond to these requests, except when retaining certain information after closing your account is required by applicable law or our legitimate interests.
If you do not have an account on the SAMEDAY platform, the general rule is that we store information related to your orders for 4 years from the completion of the order (i.e., during the retention period). As in the previous situation, after this period expires, we may retain certain data in accordance with applicable laws or our legitimate interests, especially regarding the right to defend in case of disputes related to the provided services. For this purpose, we will segregate your data from other customers’ data, which we store as a security backup, encrypted and/or pseudonymized, and accessible only in case of disputes. Directly after the retention period expires, SAMEDAY deletes your personal data and its copies from its systems.
Whom we transfer your personal data to
In certain cases, we may transfer or grant access to your personal data to the following categories of recipients:
If we have a legal obligation, or if necessary to protect our legitimate interests, we may also disclose certain personal data to the authorities.
In every case, we ensure that private law third parties and companies have access to your data in compliance with the laws on data protection and the confidentiality of information, based on the contracts signed with them.
In which countries we transfer your personal data
Currently, we store and process your personal data in Romania.
However, from time to time, we may transfer certain personal data to organizations outside Romania. These organizations may be located in the European Union or outside the Union, including in countries where the European Commission has not recognized an adequate level of personal data protection.
In every case, we take measures to ensure that any international transfer of personal data is carefully managed to protect your rights and interests. Transfers to service providers and other third parties are always protected by contractual commitments and, where appropriate, further guarantees, such as the European Commission’s standard contractual clauses or certification schemes like the Privacy Shield for data protection when personal data is transferred from the EU to the United States.
You can contact us at any time at the contact details provided above to learn more about the countries to which we transfer your data and the guarantees related to these transfers.
How we protect the security of your personal data
We are committed to ensuring the protection of personal data through appropriate technical and organizational measures, in line with industry standards.
Your personal data is stored on secure servers, using the most advanced encryption algorithms and
ensuring redundancy in storage.
For payments, we may also use the services of the PayU payment provider. All payment information is encrypted with SSL technology.
Despite the measures taken to protect your personal data, we warn you that the transmission of information over the internet is not completely secure, and there is a risk that data may be seen and used by unauthorized third parties. We cannot be held responsible for vulnerabilities in systems not under our control.
What rights you have
The General Data Protection Regulation grants you several rights regarding your personal data. You can request access to your data, correct errors in our files and/or object to the processing of your personal data. You have the right to complain to the competent supervisory authority or to go to court. If necessary, you also have the right to request the deletion of your personal data, as well as to restrict the processing and portability of your data.
You can read more about your rights in the table below.
To exercise your rights, you can contact us at the contact details listed above.
Please note the following if you wish to exercise these rights:
Identity. We take the confidentiality of all records containing personal data very seriously. Therefore, please send us requests related to such registrations using the email address associated with your Sameday account. Otherwise, we reserve the right to verify your identity by requesting additional information for confirmation.
Fees. We do not charge a fee for exercising your rights related to your personal data, except if your request for access to information is unfounded, repetitive, or excessive. In this case, we will charge a reasonable and proportional amount. We will inform you of any charges before responding to your request.
Response time. We respond to all valid requests within a maximum of 30 days, except in cases that are particularly complex or if you have made multiple requests. In these cases, we will respond within a maximum of 60 days. We will notify you if we need more than 30 days to respond to your request. We may ask you to clarify your questions and the nature and content of the information you request to speed up our response.
Rights of third parties. We cannot comply with requests that may adversely affect the rights of other parties.
Subject rights | Description |
Access | You can request from us
|
Correction | You may request the correction or completion of inaccurate or incomplete personal data.
We may try to verify the accuracy of the data before correcting it. |
Deletion of data | You may request that we delete your personal data, but only if:
We are not required to comply with your request to delete your personal data if the processing of your personal data is necessary:
There are other circumstances where we are not obliged to comply with your deletion request, although those mentioned are the most likely reasons why we might deny your request. Please note that before exercising this right, you must download your Sameday account and save all documents related to the orders, regardless of whether the billing was directed to you or another natural or legal person (for example: invoices, warranty certificates). If you do not do this before exercising the right of deletion, you will lose these documents, and Sameday will not be able to make them available to you, as the data deletion process involves deleting all data and related documents in your Sameday account, which is an irreversible process. |
|
|
Restriction of processing | You can ask us to restrict the processing of personal data, but only if:
After you have made a request for restriction, we can still use your personal data if:
|
Portability of data | You can ask us to provide your personal data in a structured, commonly used, and machine-readable format, or you can request to have it “transferred” directly to another data controller, but in each case only if:
|
Objections | You can object at any time, for reasons related to your particular situation, to the processing of your personal data based on our legitimate interests, if you believe that your fundamental rights and freedoms prevail over this interest.
You can always object to the processing of your data for direct marketing purposes (including profiling) without providing any justification; in this case, we will stop processing as soon as possible. |
Automatic decision-making | You can request not to be the subject of a decision based solely on automated processing, but only when that decision:
This right does not apply if the decision made after automatic decision-making:
|
We remind you that you can contact the SAMEDAY data protection officer at any time by submitting your request through any of the methods mentioned above:
by email: [email protected]