Privacy Policy concerning the processing of personal data
Data protection guidelines and procedures for the processing of personal data
Version number: 3.0.
Date: December 10, 2025
We consider it a fundamental commitment to ensure the right to the protection of personal data. SAMEDAY devotes the necessary resources and efforts to the processing of data in accordance with Regulation (EU) 2016/679 (the “General Data Protection Regulation” or “GDPR”) and other applicable legislation. As one of the main principles of this legal framework is transparency, we have prepared this document to inform you about how we collect, use, transfer and protect your personal data when you interact with us and use our services, including through our website.
We reserve the right to update and amend this Privacy Policy from time to time to reflect any changes in the way we process your personal data or changes in legal requirements. In the event of such changes, we will post the amended Privacy Policy on our website, so please check this Privacy Policy regularly.
Who we are and how to contact us
SAMEDAY is the trading name of DELIVERY SOLUTIONS Zrt. , a legal entity registered in Hungary, with its registered office in Budapest, 1097 Budapest, Könyves Kálmán krt. 34., Hungary, company registration number 01-10-141982, tax number 32041848-2-43. (hereinafter referred to as SAMEDAY or we ). Under data protection legislation, we are considered data controllers when we process personal data collected directly from you, and data controller when we process personal data collected from you.
Which categories of personal data do we process?
We generally collect your personal information directly, so you can control what type of information you provide to us. For example, we may receive information from you as follows:
We may store and collect information on our website in cookies and similar technologies, in accordance with SAMEDAY’s “Cookie Policy”.
We do not collect or otherwise process sensitive data falling under the special categories of personal data under the GDPR.
We do not collect or process data from minors under the age of 16. Any person who transmits personal data to us directly, or through a sender who collects it, declares on their own responsibility that they are at least 16 years old and can give valid consent to the collection and processing of their data.
What are the purposes and bases of the processing?
We will use your personal data for the following purposes:
1.Ensuring that SAMEDAY can provide service to you
This general objective may include, where appropriate:
The processing of your data for these purposes is in most cases necessary for the conclusion and performance of a contract for courier services. Applicable laws, including tax and accounting laws, require processing based on these purposes.
We always want to provide you with the best possible customer experience when purchasing services on our online platform. To do this, we may ask you to complete satisfaction surveys after completing your order or we may conduct market studies and research directly/with the help of partners.
We base these activities on the legitimate interests of the business, always taking care not to affect your fundamental rights and freedoms.
In order to inform you about the status of your delivery, we may send you details of deliveries to the luggage storage machines or access codes via electronic communication channels (email / SMS / telephone). We always ensure that this is done in a manner that respects your rights and freedoms.
When you interact with our representatives by phone, these phone calls will be recorded to analyze the quality of our services and your level of service. satisfaction, with a view to improvement. You will be informed of this before the start of the call and if you continue the phone call we will consider that you have given your consent to the recording of the call. In the event that you do not agree with the recording of the phone call, you can contact us through the other dedicated channels, mentioned in the Contact section available here, including Online Support chat.
You can withdraw your consent at any time during or after the call. However, the withdrawal of consent does not affect the processing already carried out on the basis of your consent or the registration already carried out. However, the deletion of personal data recorded in this way may still be retained on the basis of a legitimate interest or legal obligation. In addition, please note that in order to avoid repeated information about the recording of the call, requesting your repeated consent for this processing activity (“information fatigue” / “consent fatigue”), in the case of calls made within less than 24 hours of each other, we will consider informing you about the call recording activity and requesting the consent given during the first call.
As described in this document, you can at any time ask us to stop processing your personal data for information purposes, and we will process your request as soon as possible. It is important to note that withdrawing your consent will not allow us to inform you about the status of the services provided.
4.Protection of our legitimate interests
There may be situations where we use or share information to protect our rights and business. These may include:
Measures to address various other risks, such as protecting the Easybox parcels and infrastructure against theft, vandalism, or unauthorized access, ensuring the security and safety of individuals accessing the locations and surrounding areas, as well as supporting the investigation of disputes and incidents – signs are visibly placed at all monitored locations, informing you of the CCTV surveillance and this privacy notice.
The general basis for this type of processing is our legitimate interest in protecting our commercial activities, as we understand that this ensures that any measures taken balance our interests with your fundamental rights and freedoms.
Furthermore, in certain cases, we base the processing on legal provisions, such as the obligation to protect goods and valuables, which is required by the applicable legislation in this case, the obligation to report security breaches, etc.
How long do we keep your personal data?
As a general rule, we store your personal data for as long as your account exists on the SAMEDAY platform. You can request that we delete certain information or close your account at any time, and we will respond to these requests, except that we may retain certain information, including after your account has been closed, where required by applicable law or our legitimate interests.
If you do not yet have an account on the SAMEDAY platform, the general rule is that we store information about orders for 4 years from the date of completion of the order (i.e. the retention period). As in the previous situation, we may retain certain data after the expiry of this data, in accordance with applicable law or our legitimate interests, in particular to exercise the right to protection in the event of disputes regarding the services provided. For this purpose, your data is separated from the data of other customers, which we store as backup copies, encrypted and/or pseudonymized and can only be accessed in the event of a dispute. Immediately after the expiry of the retention period, SAMEDAY deletes your personal data and copies thereof from its system.
To whom we share your personal data
In certain cases, we may transfer or provide access to your personal data to the following categories of data subjects:
We may also disclose certain personal data to authorities if we have a legal obligation or if it is necessary to protect our legitimate interests.
In all cases, we ensure that private third parties and companies have access to your data in accordance with the laws on data protection and confidentiality of information, based on the contracts concluded with them.
Which countries have we transferred your personal data to?
We currently store and process your personal data in Romania.
However, from time to time, we may transfer certain of your personal data to organizations outside Romania. These organizations may be in the European Union or outside the Union, including countries that have not been recognized by the European Commission as having an adequate level of protection for personal data.
In the event that your personal data is transferred outside the European Union or the EEA, the transfer will be based on (a) a decision of the European Commission determining that the third country in question ensures an adequate level of protection, (b) binding corporate rules or (c) standard contractual clauses adopted by the European Commission. In addition, in the event that we find that one of these measures is not sufficient to ensure an adequate level of protection, we will adopt additional technical and/or organizational security measures on a case-by-case basis in accordance with the recommendations of the European Commission.
You can contact us at any time using the contact details provided above to learn more about the countries to which we transfer your data and the guarantees we make in relation to these transfers.
How we protect the security of your personal information
We are committed to ensuring the protection of personal data by implementing technical and organizational measures that comply with industry standards.
We store your personal data on secure servers using the most advanced encryption algorithms, ensuring storage redundancy.
We can also use the services of the payment service provider PayU for payments. All payment information is encrypted with SSL technology.
Despite the measures taken to protect your personal data, we warn you that the transmission of information over the Internet or other public networks in general is not secure and there is a risk that the data may be viewed and used by unauthorized third parties. We cannot be held responsible for vulnerabilities in systems that are not under our control.
What rights do you have?
The General Data Protection Regulation gives you a number of rights in relation to your personal data. You can request access to your data, correct errors in the files and/or object to the processing of your personal data. You can lodge a complaint with the competent supervisory authority or you have the right to seek legal action. If necessary, you also have the right to request the erasure of your personal data or the restriction of processing and data portability.
You can read more about each right in the table below.
To exercise your rights, you can contact us using the contact details listed above.
Please note the following if you wish to exercise these rights:
Identity. We take the confidentiality of any data that contains personal information seriously. Therefore, please send us your requests for such registration using the email address associated with your Sameday account. Otherwise, we reserve the right to verify your identity by requesting additional information to confirm it.
Fees. We do not charge a fee for exercising your rights in relation to your personal data, unless your request for access to information is unfounded, repetitive or excessive, in which case we will charge a proportionate and reasonable fee. We will inform you of the fees charged before responding to your request.
Response time. We will respond to all valid requests within a maximum of 30 days, unless it is particularly complex or if you have made multiple requests to us. In such cases, we will respond within a maximum of 60 days. We will notify you if we need more than 30 days to respond to your request. We may ask you to clarify the questions you have asked or the nature and content of the information you are seeking, so that we can expedite the response process by answering questions that require clarification.
Rights of Third Parties. We cannot comply with requests that may adversely affect the rights of other data subjects.
| Data subject rights | Description |
| Access | You can ask us
|
| Rectification | You can request the correction or completion of your incorrect or incomplete personal data.
We may attempt to verify the accuracy of the data before correcting it. |
| Deleting data | You can ask us to delete your personal data, but only if:
We are not obliged to comply with your request to erase your personal data if the processing of your personal data is necessary:
There are other circumstances in which we are not obliged to comply with your request to delete your data, although the above are the most likely circumstances in which we may refuse your request. Please note that before exercising this right, you must download your Sameday account and save all documents related to your orders, regardless of whether the billing was made to you or to another natural or legal person (for example: invoices, warranty certificates). If you do not do this before exercising your right to cancellation, you will lose these documents and Sameday will not be able to make them available to you, as the data is being deleted, i.e. deleting your Sameday account involves the deletion of all your data and related documents, which is an irreversible process. |
|
|
|
| Restriction of data processing | You may request that we restrict the processing of your personal data, but only if:
After you request a restriction, we may continue to use your personal information if:
|
| Data portability | You can ask us to provide you with personal data in a structured, commonly used and machine-readable format, or you can ask us to “transfer” it directly to another controller, but in each case only if:
|
| Excuses | You may object at any time, on grounds relating to your particular situation, to the processing of your personal data based on our legitimate interests if you believe that your fundamental rights and freedoms override this interest.
You may object at any time to the processing of your data for direct marketing purposes (including profiling) without giving reasons; in such case, we will stop the processing as soon as possible. |
| Making automated decisions | You may request not to be subject to decision-making based solely on automated processing, but only if:
This right does not apply if, in the case of a decision made after automated decision-making:
|
| Complaints | You have the right to lodge a complaint with a supervisory authority regarding the processing of your personal data. The contact details of the data protection supervisory authority are as follows:
National Data Protection and Freedom of Information Authority 1055 Budapest, Falk Miksa u. 9-11 Phone: +36 1 391 1400; E-mail: [email protected] |
Without prejudice to your right to contact the supervisory authority, please contact us in advance and we promise to make every effort to resolve any issues amicably.
You can contact Sameday’s Data Protection Officer at any time by sending your request in any of the following ways: