1. Introduction
At YSOMA Logistics Ltd, a franchisee of DPDgroup UK Limited (DPD UK), we are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), EU General Data Protection Regulation (EU GDPR), Data Protection Act 2018, and DPD UK’s privacy policies, as outlined at https://www.dpd.co.uk/dpo-privacy-notice-1.jsp. This Privacy Notice explains how we collect, use, share, and protect your personal information when you use our website (www.ysoma.com), engage our parcel delivery services, or interact with us as a customer, supplier, consignee, or member of the public.
2. Data Controller
Sophisticated security devices to prevent unauthorised access.
Third-party suppliers, including GoDaddy and DPD UK, are contractually obligated to maintain equivalent protections. We have procedures to address suspected data breaches, notifying you and regulators when required.ethwick, West Midlands, B66 1BY (ICO Ref: Z6834529), for activities such as parcel tracking and centralised data management. For details on DPD UK’s data practices, see their privacy notice at https://www.dpd.co.uk/dpo-privacy-notice-1.jsp. If you are a consignee, we recommend reviewing the privacy notice of the customer (the company or individual you ordered goods from) for additional information.
3. Personal Data We Collect
We collect personal data to provide our parcel delivery services and operate our website, including:
- Customers (those with a contract for parcel delivery): Name, address, email, phone number, payment details, and shipping preferences.
- Consignees (recipients of parcels): Name, address, email, phone number, and delivery instructions.
- General Public: Data collected incidentally, such as CCTV footage from delivery vehicles (used for insurance and security) or inquiries submitted via our website.
- Website Users: Usage data (e.g., IP address, browser information, cookies) collected by our website hosting provider, GoDaddy, on our behalf for analytics and functionality. We do not directly collect website data.
We do not knowingly collect personal data from children under 16 without parental consent.
4. How We Use Your Personal Data
We process personal data for the following purposes and legal bases under UK/EU GDPR:
- To provide parcel delivery services (e.g., delivering parcels, arranging collections): Necessary for contract performance (Article 6(1)(b)).
- To manage customer accounts and payments: Necessary for contract performance (Article 6(1)(b)).
- To communicate delivery updates (e.g., tracking notifications): Necessary for contract performance or legitimate interests (Article 6(1)(f)).
- To improve services (e.g., via website analytics through GoDaddy): Legitimate interests (Article 6(1)(f)), unless you object.
- For marketing (e.g., promotional emails): Consent (Article 6(1)(a)), where you have opted in.
- To comply with legal obligations (e.g., tax or customs requirements): Legal obligation (Article 6(1)(c)).
- For security and insurance (e.g., vehicle CCTV footage): Legitimate interests (Article 6(1)(f)).
Our processing activities are aligned with DPD UK’s policies.
5. Cookies and Tracking Technologies
Our website, hosted by GoDaddy, uses cookies to enhance functionality and analyze usage. Categories include:
- Essential Cookies: Required for website operation (no consent needed).
- Analytics Cookies: To track site performance via GoDaddy’s tools (consent required).
- Marketing Cookies: For targeted advertising, if applicable (consent required).
You can manage cookie preferences via our cookie consent banner. For details, see GoDaddy’s privacy policy at https://www.godaddy.com/legal/agreements/privacy-policy or contact us.
6. Data Sharing
We share personal data with:
- DPDgroup UK Limited: As required by our franchise agreement, we collect and share customer and consignee data (e.g., names, addresses, tracking details) with DPD UK for operational purposes (e.g., parcel tracking, customer service), acting as joint controllers where applicable.
- Third-Party Service Providers: GoDaddy (website hosting and analytics), payment processors, or IT providers, acting as data processors under strict contracts ensuring GDPR compliance.
- Authorities: When required by law (e.g., HMRC, customs).
- Other DPD Group Entities: For group reporting or system maintenance, with safeguards like Standard Contractual Clauses for transfers outside the UK/EU.
All third parties are bound by contractual obligations to protect your data and use it only for specified purposes.
7. International Data Transfers
If data is transferred outside the UK/EU (e.g., to DPD Group entities or GoDaddy’s servers in the US), we ensure protections via:
- Adequacy decisions by the European Commission or UK government.
- Standard Contractual Clauses or Binding Corporate Rules.
For more information, contact our Data Protection Officer.
8. Data Retention
We retain personal data only as long as necessary:
- Shipping Data: Up to 7 years to comply with tax and legal obligations.
- Website Usage Data: 12 months for analytics (via GoDaddy), then anonymized.
- CCTV Footage: 30 days, unless needed for insurance or legal claims.
Data is securely deleted or anonymized when no longer needed, per DPD UK’s retention policies.
9. Your Data Protection Rights
Under UK/EU GDPR, you have the following rights:
- Right to be Informed: Access this Privacy Notice for clear information.
- Right of Access: Request copies of your personal data.
- Right to Rectification: Correct inaccurate or incomplete data.
- Right to Erasure: Request deletion in certain cases (e.g., when data is no longer needed).
- Right to Restrict Processing: Limit how we use your data in specific circumstances.
- Right to Data Portability: Receive your data in a machine-readable format.
- Right to Object: Object to processing based on legitimate interests (e.g., marketing).
- Right to Withdraw Consent: For consent-based processing (e.g., marketing).
To exercise these rights, contact us at dpo@ysoma.com or Tel: +44 7570 808 808. We may verify your identity for security. You can also lodge a complaint with the UK Information Commissioner’s Office (ICO):
- Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
- Helpline: 0303 123 1113
- Website: www.ico.org.uk
10. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption and secure servers (PCI-compliant, HTTPS platform via GoDaddy).
- Access controls limiting data to authorized personnel.
- Sophisticated security devices to prevent unauthorized access.
Third-party suppliers, including GoDaddy and DPD UK, are contractually obligated to maintain equivalent protections. We have procedures to address suspected data breaches, notifying you and regulators when required.
11. Vehicle CCTV Recordings
Our delivery vehicles use CCTV for insurance and security purposes, capturing footage inside and outside the vehicle. If you have concerns (e.g., request to censor a face or license plate), contact our Data Protection Officer.
12. Third-Party Links
Our website may link to third-party sites (e.g., DPD UK’s tracking portal). These sites have their own privacy policies, and we are not responsible for their practices.
13. Updates to This Privacy Notice
We may update this Privacy Notice to reflect changes in our practices or legal requirements. Updates will be posted on our website, and significant changes may be notified by email. This notice was last updated on 26 April 2025.
14. Contact Us
For questions, requests, or complaints about data protection, contact our Data Protection Officer:
- Email: dpo@ysoma.com
- Access controls limiting data to authorised personnel. ham, TW13 7EA
Alternatively, contact DPD UK’s DPO at dpo@dpdgroup.co.uk or Data Protection Officer, Legal Office, DPDgroup UK Limited, Roebuck Lane, Smethwick, B66 1BY. For parcel or delivery queries, contact our Customer Services Team at www.dpd.co.uk as the Data Protection Team cannot assist with these.
15. Franchise-Specific Information
As a DPD franchisee, we adhere to DPD UK’s data protection standards, ensuring consistent handling of personal data across the DPD network. Per our franchise agreement, we collect personal data (e.g., customer and consignee details) and share it with DPD UK as requested for operational purposes (e.g., parcel tracking via MyDPD, customer support), acting as joint controllers where applicable. For further details on DPD UK’s practices, see https://www.dpd.co.uk/dpo-privacy-notice-1.jsp.whose
16. Disclaimer
YSOMA Logistics Ltd, a family-run limited company, is committed to protecting your personal data in accordance with the UK GDPR, Data Protection Act 2018, and DPD UK’s privacy policies. We diligently strive to align with DPD’s data protection standards and ensure the accuracy and security of our services and website(www.ysoma.com). However, unintentional errors may occasionally occur. To the fullest extent permitted by law, YSOMA Logistics Ltd shall not be liable for any indirect, incidental, or consequential damages arising from such unintentional errors or omissions in our data processing or website operations, except where such liability cannotbe excluded under applicable law (e.g., for GDPR breaches or consumer rights violations). If you have concerns about your data or our services, please contact us at dpo@ysoma.com or our operational address located at 3 Forest Road, Feltham, TW137EA, to resolve issues promptly. We aim to address any errors in good faith to avoid disputes.
,
For any enquiries please contact us at: dpo@ysoma.com or ysoma@ysoma.com,