TNT privacy notice

Your trust matters to us. That is why we protect your information and use it responsibly, while continuing to deliver the excellent services you expect from FedEx and its operating groups, subsidiaries and divisions, including any TNT company (hereafter “FedEx”). At FedEx, we are committed to protecting your privacy and the security of information that can directly or indirectly be used to identify a natural person (hereafter “Personal Data”). FedEx has created this privacy notice (hereafter “Privacy Notice”) to explain how FedEx collects and uses Personal Data.

Last update: September 2023

When this Privacy Notice mentions “FedEx”, “we”, “us”, or “our”, FedEx is referring to the FedEx company that is deciding on the purposes and means of the processing of your Personal Data under this Privacy Notice. As all TNT companies are now part of FedEx, the Personal Data collected via any TNT domain, such as www.tnt.com, fall within the scope of this Privacy Notice. 

When you are using our services in Europe, your Personal Data is controlled by FedEx Express International B.V., having its headquarters in Hoofddorp, The Netherlands. When you are using our services globally, your Personal Data is controlled by FedEx Corporation, having its headquarters in Memphis, Tennessee. 
 

Contact information

FedEx Express International B.V.
Attn: Legal Department
Taurusavenue 111
2132 LS Hoofddorp
The Netherlands
E: dataprotection@tnt.com

FedEx Corporation
Attn: Legal Department - Compliance
1000 Ridgeway Loop Road, Ste 600
Memphis, TN 38120
United States of America
E: dataprivacy@fedex.com

Overview

This Privacy Notice answers the following questions:

1. Does this Privacy Notice apply to you?

This Privacy Notice applies to you if you are a customer of TNT, a recipient of a package delivered by TNT, a supplier of TNT, or if you contact TNT, for instance, by visiting our websites such www.tnt.com including any (sub)pages and mobile apps (hereafter “Websites”), using social media or if you receive emails from TNT.  Our Websites are for a general audience and not aimed at children. In principle, we do not collect Personal Data from children under age 16. If you are under the age of 16 and you want to use our services, please rely on a parent or guardian to assist you.  If a child under the age of 16 may have disclosed Personal Data to us, the parent or guardian can contact us at dataprotection@tnt.com and we will remove Personal Data if required.

2. What Personal Data does TNT collect?

In the course of its business activities and providing the services, TNT will need to process Personal Data. Without your Personal Data, we will not be able to provide you with the requested services. As a rule, the Personal Data that you provide directly or indirectly to TNT when using our services and visiting our Websites are:

  • Contact information
    This will include your name, address, e-mail address and phone number;

  • Financial information
    This will include your bank account number, payment status, and invoices;

  • Identification information
    This will include your driver’s license number. If you don’t have a driver’s license, another identification method will be used that ensures us that we can identify you, but is the least privacy invasive as possible; 

  • Account information
    This will include log-in details, including your email address, and other information provided through your account;

  • Information related to shipment and services
    This will include shipment tracking number, shipment routing information, location data, status of a shipment, delivery location, packaging type, number of pieces, weight, picture of the parcel, and customs information; 

  • User and preference information
    This will include – as applicable – shipping amounts, complaints, history of purchases and related commercial activities, communication, survey information, and shopping preferences.

  • Automatically generated information
    This will include IP address, unique device or user ID, system and browser type, date and time stamps, referring website address, content and pages you accessed on our Websites or mobile apps, dates, times and locations actions take place, websites you visit (if you connect to our in-store wireless services), click-stream information and device location (if you turn on the feature in the mobile app).

3. Does TNT use cookies?

Yes, TNT uses cookies and similar technologies on its Websites. Through these cookies, TNT automatically obtains Personal Data as listed above when you visit our Websites. To learn more about the cookies and similar technologies, please consult our cookie notice.

4. Why does TNT process Personal Data?

Personal Data shall be collected, used, stored or otherwise processed when necessary within the framework of responsible, efficient and effective business management of TNT. TNT processes Personal Data based on applicable legal ground(s). The legal ground is often intrinsically linked to the business purpose. This means, for example, that the performance of an agreement can be both a legal ground and a business purpose for TNT. Therefore, we will first clarify the legal ground(s) on which TNT processes your Personal Data and, subsequently, the business purpose(s) that we use your Personal Data for:

Legal Grounds

In general, TNT processes your Personal Data based on one of the following legal grounds:

  • The processing is necessary to perform an agreement between you and TNT,
  • The processing is necessary for us to comply with our legal obligations,
  • The processing is necessary to protect your vital interests or of other individuals,
  • The processing is necessary for the legitimate interests of TNT, except where such interests are overridden by your interests or fundamental rights and freedoms, or
  • Where appropriate and required, we will ask for your consent. 

Business Purposes

TNT shall only collect, use or otherwise process Personal Data if the processing falls within the scope of one (or more) of the legitimate business purposes listed below: 

  • Product development, research and improvement of TNT products and/or services. TNT processes Personal Data as necessary for the development and improvement of TNT products and/or services, research and development (e.g. analyse information related to the shipment and services to improve our services).  
  • Performing agreements. This includes shipping services, tracking TNT services, communication with individuals and other parties regarding services, responding to requests for (further) information, dispute resolution and preparing agreements (e.g. link the shipment tracking number to your account to enable you to follow your shipment).
  • Relationship management and marketing for commercial activities. In general, TNT processes Personal Data as necessary for the development and improvement of TNT products and/or services, account management, client services and the performance of (targeted) marketing activities in order to establish a relationship with a client and/or maintaining as well as extending a relationship with a client, business partner or supplier and for performing analyses with respect to Personal Data for statistical and scientific purposes (e.g. deliver advertising, communications and content from us on our sites and those of third parties more specific to your interests).
  • Business process execution, internal management and management reporting. This includes addressing activities such as managing company assets, conducting internal audits and investigations, finance and accounting, implementing business controls, provision of central processing facilities for efficiency purposes, managing mergers, acquisitions and divestitures and Processing Personal Data for management reporting and analysis (e.g. conduct investigations into shipping accounts to detect fraud).
  • Safety and security. Personal Data shall be included in the processing for activities such as those involving safety and health, the protection of TNT and customer, supplier or business partner assets and the authentication of customer, supplier or business partner status and access rights (e.g. provide a safe and secure services for online and offline transactions).
  • Protecting the vital interests of individuals. This includes processing data when necessary to protect your vital interests or of other individuals (e.g. for urgent medical reasons).
  • Compliance with legal obligations. This addresses the processing of Personal Data as necessary for compliance with laws, regulations and sector specific guidelines to which TNT is subject (e.g. matching names of clients, suppliers and business partners against denied parties’ lists).

5. Who has access to your Personal Data? 

As a rule, TNT shares your Personal Data with third parties in the following circumstances:

  • With its affiliates, operating groups, subsidiaries and divisions, or with third parties if such is necessary for the purposes as listed above. If appropriate, TNT will require third parties to conduct activities in a manner consistent with TNT policies and guidelines in relation to data protection. 
  • With data processors, i.e. parties processing Personal Data on our behalf. In such cases, these third parties only use your Personal Data for the purposes described above and only in accordance with our instructions. TNT will only use processors which provide sufficient guarantees to implement appropriate technical and organizational measures and ensure the protection of the rights of data subjects.
  • With its employees if and to the extent necessary for the performance of their tasks. In such a case, access will be granted only if and to the extent necessary for the purposes described above and only if the employee is bound by confidentiality. 
  • If and when required to do so by law, court order, or other legal process, for example, with law enforcement agencies or other governmental agencies, to establish or exercise our legal rights or in connection with a corporate transaction, such as a divesture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.

6. How long will TNT process your Personal Data? 

We will retain your Personal Data no longer than necessary for the purpose(s) for which we process your Personal Data. After the retention period we will delete or anonymize your Personal Data, unless we need to retain certain of your Personal Data for another purpose. We will only do so if we have a legal ground to retain your Personal Data. We will also ensure that Personal Data are only accessible for that other purpose. 



For example, we need your Personal Data to perform the customs clearance process. Customs laws dictate that we have to retain/store - certain of - those Personal Data. Generally, this period varies from 3 to 7 years, depending on the applicable country and customs laws. In those cases, we will only store the Personal Data necessary to meet our legal obligations.

Please contact us using the contact details above if you have questions about specific retention periods.

7. What measures does TNT take to protect your Personal Data?

TNT has taken appropriate technical and organizational measures to protect your Personal Data against accidental or unlawful processing, including by ensuring that:

  • Your Personal Data is protected against unauthorized access;
  • The confidentiality of your Personal Data is assured;
  • The integrity and availability of your Personal Data will be maintained;
  • Personnel is trained in information security requirements; and
  • Actual or suspected data breaches are reported in accordance with applicable law.

8. Where does TNT store or transfer your Personal Data? 

Due to the nature of our business and the services we provide to our clients, TNT may need to transfer your Personal Data to locations outside the country where you reside. In any case where we transfer Personal Data, TNT shall ensure that such a transfer is subject to appropriate safeguards. For the European Economic Area, such transfers to third parties (outside the European Economic Area) will be governed by a contract based on the model contractual clauses for data transfers approved by the European Commission or other appropriate safeguards. For more detailed information about these safeguards, please contact dataprotection@tnt.com.

9. What rights can you exercise in relation to your Personal Data? 

Based on the law applicable to the use of your Personal Data, you may have rights that you can exercise in relation to your Personal Data. Note that in some cases we are not required to – fully – comply with your request, as such rights may be conditional or because we have to balance your rights against our rights and obligations to process your Personal Data and to protect the rights and freedoms of others. A number of the rights you have in relation to your Personal Data, as applicable in the European Economic Area, are explained below:

Right of access
You are entitled to a copy of the Personal Data we hold about you and to learn details about how we use it. Your Personal Data will usually be provided to you digitally. We may require you to prove your identity before providing the requested information. 

Right to rectification
We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you believe this is not the case, you have the right to request that any incomplete or inaccurate Personal Data that we process about you is amended. 

Right to erasure
You have the right to ask us to erase your Personal Data, for example where the Personal Data we collected is no longer necessary for the original purpose, where Personal Data has become obsolete or where you withdraw your consent. However, this will need to be balanced against other factors. For example, we may not be able comply with your request due to certain legal or regulatory obligations. 

Right to restriction of processing
You are entitled to ask us to (temporarily) stop using your Personal Data, for example where you think that the Personal Data we hold about you may be inaccurate or where you think that we no longer need to use your Personal Data. 

Right to data portability
You may have the right to ask that we transfer Personal Data that you have provided to us to a third party of your choice. This right can only be exercised when you have provided the Personal Data to us, and when we are processing that data by automated means on the basis of your consent or in order to perform our obligations under a contract with you. 

Right to object
You have the right to object to processing which is based on our legitimate interests. In case of the processing of Personal Data for marketing purposes, you have the right to object at any time. When you ask us to stop using your Personal Data for marketing purposes, TNT will immediately cease to use your Personal Data. For other purposes based on our legitimate interests, we will no longer process the Personal Data on that basis when you file an objection based on your grounds relating to your particular situation, unless we have a compelling legitimate ground for the processing. Note, however, that we may not be able to provide certain services or benefits if we are unable to process the necessary Personal Data for that purpose.

Rights relating to automated decision-making
You have the right not to be subjected to automated decision-making, including profiling, which produces legal effect for you or has a similar significant effect. If you have been subject to an automated decision and do not agree with the outcome, you can contact us using the details below and ask us to review the decision.

Right to withdraw consent
We may ask for your consent to process your Personal Data in specific cases. When we do this, you have the right to withdraw your consent at any time. TNT will stop the further processing as soon as possible after the withdrawal of your consent. However, this does not affect the lawfulness of the processing before consent was withdrawn. 

10.  What if I have other questions or complaints?

Questions or complaints regarding the processing of your Personal Data can be directed to TNT by using the contact information as provided at the top of this Privacy Notice.  You also have the right to lodge a complaint with the competent (local) data protection authority in the jurisdiction where you work, where you live or where an alleged infringement takes place. As a rule, the lead supervisory authority for TNT in the European Economic Area is the Dutch Data Protection Authority (Dutch DPA), unless the alleged infringement is purely a local matter. A listing of the European Data Protection Authorities can be found here.

11.  Will there be updates to this Privacy Notice?

TNT may update this Privacy Notice from time to time. If an amendment will have a serious impact, TNT will endeavor to actively inform you about such amendments. TNT will publish an up-to-date Privacy Notice on the Websites at all times indicating the latest amendments. 

Additional information for Korea - Korea Privacy Policy (TNT)

(concerning Customer's Personal Information)

1.  General provisions

Federal Express Korea LLC (Federal Express Korea Limited) (the “Company”) actively protect the personal information of customers (“Customers”) and comply with all relevant laws, including the Personal Information Protection Act etc. The Company's Privacy Policy contains the following information.

2.  Principles and methods of collecting personal information

(1) In order to provide services, the Company collects personal information necessary only for the following purposes and only to the extent permitted by law, through the website, phone, fax, email, written form, consultation, face-to-face application, or receipt from delegation companies. The items of personal information collected and the purpose of collection and use are set forth herein.: 

(2) In the event the   purpose of processing personal information changes, we will take necessary measures, such as obtaining separate consent in accordance with Article 18 of the Personal Information Protection Act. 

(3) You have the right to refuse consent to the collection and use of personal information, and there is no disadvantage if you refuse the consent. However, if you refuse the consent to the mandatory consent items, you may not be able to use the service, or there may be restrictions on the provision of services that the Company offers, depending on the purpose of service use.

3.  Personal information collection items and the purpose of processing them

The items of personal information collected by the Company and the purpose of use are as follows:

(1) Verification of TNT service availability and related activities 

  • Items to be collected - [Mandatory]: Name, email address, phone number, company name, estimated monthly shipment volume, required TNT service type, and any additional information you provide.
  • Purpose of collection and use: Verification of TNT service availability and related activities (issuance of User ID and customer number, registration, etc.).

(2) Provision of Service 

A. Customer registration

  • Items to be collected - Individual Customers 
    • [Mandatory]: contact person name (Korean, English), email, phone number (home/company, mobile phone), address (city, province, country, zip code)(“address”)(Korean, English), credit card information (card company name, card type, card number, expiration date), FedEx.com, TNT.com User ID (“User ID”), Customer account number
    • [Optional]: Company fax number
       
  • Items to be collected – Corporate Customers 
    • [Mandatory]: name of the person in charge (Korean, English), company email, company name (Korean, English), business registration number, phone number (company, mobile phone), CEO name, company address (Korean, English), postal code, credit card information (card company name, card type, card number, expiration date);(for those business customers who pay for the service with credit card), User ID, Customer account number 
    • [Optional]: Company fax number
       
  • Purpose of collection and use: user identification, age verification, Customer account number and User ID creation, service provision, notice related to shipment delivery and transportation tracking information, proof of delivery, etc.

B. Express shipment delivery/reservation

  • Items to be collected - Individual Customers 
    • [Mandatory]: Customer account number, Air Waybill number, name (sender, recipient), phone number (home/company, mobile phone) address, email, destination country  
  • Items to be collected - Corporate Customers 
    • [Mandatory]: Customer number, Air Waybill number, name (sender, recipient), phone number (company, mobile phone) email, address, destination country
  • Purpose of collection and use: user identification, cargo delivery, provision of additional services, payment and settlement of charges, billing, debt collection, notice related to shipment delivery /transportation tracking information, proof of delivery 

 

C. Shipping and transportation information

  • Items to be collected - Individual Customers
    • [Mandatory]: Customer account number, Air Waybill number, name (consultation client), name (sender, recipient), bill number, phone number (home/company, mobile phone), email, address
  • Items to be collected - Corporate Customers
    • [Mandatory]: Customer account number, company name, Air Waybill number, name (consultation client), name (sender, recipient), bill number, phone number (company, mobile phone), email, address
  • Purpose of collection and use: user identification, express shipment (import/export) reservation and notice related to delivery, transportation and delivery of express shipment, quotes, costs (fare, customs duty, tax, customs clearance fee), delivery of settlement notices

D. Additional transportation (quick) service (when requested by the user)

  • Items to be collected [Mandatory]: Air Waybill number, name (recipient), phone number (home/company, mobile phone), address 
  • Purpose of collection and use: user identification, provision of shipment transportation service (by quick service), delivery of notices.

E. Customs clearance (import customs clearance)

  • Items to be collected - Individual Customers
    • [Mandatory]: Personal customs clearance code or unique identification information (passport number or foreigner registration number) or date of birth (list clearance), name (recipient), address, mobile phone number, email, bank account information for a tax refund in case of cancellation (account holder, bank, account number) 
  • Items to be collected - Corporate Customers
    • [Mandatory]: busine customs clearance code, business registration number, name (recipient), address, mobile phone number, email, bank account information for a tax refund in case of cancellation (account holder, bank, account number)
  • Purpose of collection and use: user identification, import shipment customs clearance, shipment delivery, customs payment, tax refund processing in case of refund or cancellation, delivery of notices.

F. Customs clearance (export customs clearance)

  • Items to be collected [Mandatory]: name (sender, recipient), phone number (home/company, mobile phone), address, email, recipient passport number or tax number (if necessary for local customs import clearance procedures)
  • Purpose of collection and use: customer identification, export shipment customs clearance, cargo delivery, cargo accident handling and compensation, delivery of notices

G. Transportation charge, additional service charge 

  • Items to be collected [Mandatory]: name (sender), Customer account number, Air Waybill number, address, email, phone number(home/company, mobile phone), account information for payment/cancellation/refund (credit card information, bank account information)
  • Purpose of collection and use: customer identification, information and notification for fare and fee payment/cancellation/refund, issuance of bills, cash receipts, and tax invoices, credit information inquiry (inquiry of Customer default information to credit inquiry companies or credit information collection agencies in relation to maintaining the establishment of commercial transactions according to service provision)

H. Cash receipts

  • Items to be collected [Mandatory]: Customer account number, Air Waybill number, name or company name, email, mobile phone number, business registration number
  • Items to be collected [Optional]: phone number(home/company)
  • Purpose of collection and use: issuance of transaction evidence

I. Tax bill

  • Items to be collected - Individual Customers
    • [Mandatory]: Customer account number, Air Waybill number or invoice number, email, national registration number (the national registration number is collected as mandated by Section 32(1) of Value-Added Tax Act)
    • [Optional] name, address, phone number (home/company, mobile phone)
  • Items to be collected - Corporate Customers
    • [Mandatory]: Customer Account number, company name, business registration number, Air Waybill number or invoice number, email
    • [Optional]: company name, name of CEO, name of a person in charge, phone number (company, mobile phone), address, business category and item 
  • Purpose of collection and use: Imposition, reduction and collection of various taxes (such as value-added tax) and issuance of transaction evidence.

J. Accident handling

  • Items to be collected [Mandatory]: Customer account number, name (consultation client), Air Waybill number, name (sender, recipient), phone number (home/company, mobile phone), email, address, bank account information (account holder, bank name, bank account number)
  • Purpose of collection and use: user identification, shipment claim handling, checking transaction and delivery information, contact for fact-checking, fee payment/cancellation/refund processing, information on processing details

K. Customer inquiry (general consultation)

  • Items to be collected - Individual Customers
    • [Mandatory]: name (Customer), mobile phone number
    • [Optional]: Customer account number, phone number (home/company), address, email, country (shipment destination)
  • Items to be collected - Corporate Customers
    • [Mandatory]: company name, name (sender, recipient), phone number (company, mobile phone), address, email, country (shipment destination) 
  • Purpose of collection and use: user identification, shipment tracking information, guidance on processing quotes and consultations.

L. FedEx Customer Voice

  • Items to be collected 
    • [Mandatory]: name, email, phone number (home/company, mobile phone), country, type and content of inquiry
    • [Optional]company name, postal code, Air Waybill number
  • Purpose of collection and use: identification of the Customer Voice user, handling of complaints, information on processing details

(3) Other 

A. Participation in seminars and events

  • Items to be collected
    • [Mandatory]: name, email, mobile phone number
    • [Optional]: Customer account number, address, business registration number, phone number (home/office), fax number
  • Purpose of collection and use: invitations to seminars and events, My FedEx Rewards (MFR) promotion

B. Sending FedEx newsletters

  • Items to be collected 
    • [Mandatory]: email
    • [Optional]: mobile phone number
  • Purpose of collection and use: notice and announcement related to service information, reception of advertisements for commercial purposes, provision of company news

C. Sending and managing rewards

  • Items to be collected [Mandatory]: Customer account number, name (customer), mobile phone number, email, address
  • Purpose of collection and use: event reward delivery.

D. Records automatically created during service use

  • Items to be collected 
    • [Mandatory]: service use time, service use record, fraudulent use record, login information (IP address)
    • [Optional]: cookies
  • Purpose of collection and use: preservation of service use records, website analysis, statistical uses, usage information analysis, marketing, marketing research.

F. Items to be collected: Items stated in paragraph 2, paragraphs (3)(A), (2)(B), and 2(C) above

  • Purpose of collection and use: Various events using phone, SMS, email, and mail, provision of product information, provision of service-related information and company news, invitations or ticket issuance related to events organized or sponsored by the company, provision of information on other useful services, conducting marketing-related events, market research, and consulting.

4.  Personal information processing and retention period

(1) Unless the Company has an obligation to preserve your personal information in accordance with relevant laws and regulations, each collected item in paragraphs 3.-(1) will be retained and used for 3 months after the items are collected, while those collected items in paragraphs 3.-(2) and 3.-(3) will be retained until you choose to withdraw your membership. However, information related to reservations and inquiries will be kept for a period of 3 years from the completion of the reservation or the processing of the inquiry, while automatically generated records will be retained and used for 2 years from their date of collection. 

(2) On the other hand, if it is necessary to preserve personal information in accordance with relevant laws and regulations, such as the Customs Act, Framework Act on National Taxes, Commercial Act, Protection of Communications Secrets Act, the Act on Consumer Protection in Electronic Commerce, etc., and the Credit Information Use and Protection Act, the Company retains customer information for the period set by the relevant laws and regulations, in principle. In this case, the Company uses the information only for the purpose of preservation. The grounds for preservation, the items to be preserved, and the preservation period are as follows:

Grounds for preservation

Items to be preserved

Preservation period

Commercial Act

Commercial ledgers and material  documents and slips related to business

10 years – material documents / 5 years - slips

Framework Act on National taxes, , Corporate Tax Act, Value- Added Tax Act, etc.

Ledgers, tax invoices or receipts, and supporting documents related to transactions

5 years

Customs Act

Records on the service provision of express import/export customs clearance

 

5 years

 

 

Act on Consumer Protection in Electronic Commerce, etc.

Records on contract or subscription withdrawal, etc.

5 years

Act on Consumer Protection in Electronic Commerce, etc.

Records on payment and supply of goods, etc.

5 years

Act on Consumer Protection in Electronic Commerce, etc.

Records on consumer complaints or dispute handling

3 years

Act on Consumer Protection in Electronic Commerce, etc.

Records on display or advertising

6 months

Credit Information Use and Protection Act

Records on the collection/processing and use of credit information

3 years

Protection of Communications Secrets Act

Service use records, cookies, login information (IP address)

2 years

Act on Promotion of Information and Communications Network Utilization and Information Protection

The fact of consent to receive advertisements for commercial purposes and the date of consent

When membership is withdrawn or consent is withdrawn

5.  Destruction of personal information

(1) The Company shall destroy the personal information without delay when the personal information becomes unnecessary, such as the expiration of the personal information retention period and the achievement of the purpose of processing.

(2) When destroying personal information, the company shall take measures to prevent it from being restored or reproduced, through economically reasonable and technically feasible methods, as follows:

  • Electronic files in which personal information is recorded must be permanently deleted using irreversible technical methods.
  • In addition, in the case of records, printed materials, written materials, and other recording media, they should be shredded or incinerated.

(3) The Company selects the personal information that requires destruction and destroys the personal information with the approval of the company’s personal information protection manager. If the processing/retention period of personal information has expired, but personal information is kept for reasons such as those in Paragraph 4, Subparagraph 1 above, the personal information and personal information files should be stored and managed separately from other personal information to the extent technically possible.

6.  Provision of personal information to third parties (domestic)

The Company may provide all or part of the following customer information to third parties in the course of transactions with the Customer. In addition, if provided in accordance with the relevant laws, personal information may be provided without the Customer's separate consent. The current delegation status of the processing of personal information for persons located abroad is as in Paragraph 8.

Recipient
 (contact information)

Purpose of using the personal information of the recipient

Items of personal information provided

Personal information retention and use period of the recipient

National Tax Service (126)

Imposition, reduction, and collection of various taxes, such as value-added tax

(For both corporate customers and individual customers) the tracking number or shipment bill number, name, e-mail address, phone number (home/company, mobile phone)

 

(Individual customer) Resident registration number (The resident registration number is collected and used only when necessary pursuant to the law. Value-added Tax Act Article 32 Paragraph 1))

 

(Corporate customers) Name of representative or business, business registration number, business type, category, item

 

Until the legal retention period

Korea Customs Service (1577-8577)

Customs charge and collection, and cargo management

Personal or corporate customs clearance code (however, if there is no customs clearance or it has not been submitted, an alien registration number or passport number is provided in lieu pursuant to paragraph 4), date of birth, name (recipient), address, phone number(home/company, mobile phone), e-mail, bank account information in case of a duty drawback when there is a breach of contract (account holder name, bank name, account number)

Same as above

7.  Delegation status of personal information processing (domestic)

In order to provide smooth and efficient service, personal information processing tasks are delegated as follows: The current delegation status of the processing of personal information for persons located abroad is as in Paragraph 8.

(1) Delegation of processing of general personal information

Contents of delegated works

Contracted company

Delegation period

Customs clearance service

Star Customs Broker Company,

Wooil Customs Clearance Service Co.

Until the end of the delegation contract

Printing and sending customer invoices

Postopia Co., Ltd

Until the end of the delegation contract

Debt collection

NICE Credit Information Service Co., Ltd.

Until the end of the delegation contract

Credit assessment for the purpose of maintaining and establishing transactional relationships (checking default information)

NICE Information Co., Ltd.

Until the end of the delegation contract

Provision of electronic financial transaction services (credit card payment, etc.)

Korea Payment Networks Ltd

Until the end of the delegation contract

Dangerous goods packaging

DGR Service Co., Ltd.

Until the end of the delegation contract

Convenience store cargo delivery and information service

7-Eleven, GS Retail

Until the end of the delegation contract

Quick service

BC Top Co,. Ltd., MyungSung Quick, Daemyung Quick Service

 

Until the end of the delegation contract

(2) Delegation for marketing purposes

Contents of delegated works (change)

Delegatee

Delegation period

Direct mail (DM)/email DM management

Anyffice Ltd.

Until the end of the delegation contract

Marketing-related event management

Humming IMC Co., Ltd., KODMA Inc.

ACOZ Co., Ltd.

Until the end of the delegation contract

Mobile message delivery service

SureM, Happy Talk

Until the end of the delegation contract

Market research, consulting

Kantar Korea

Until the end of the delegation contract

(3) Management and supervision of trustee

In accordance with Article 26 of the Personal Information Protection Act, when concluding a delegation contract, the Company specifies the prohibition of the processing of personal information for purposes other than for delegated services, technical and administrative protection measures, restrictions on re-delegation, management and supervision of the trustee, and matters related to liability such as compensation for damages, etc. in a document such as a contract, and supervises whether the trustee handles personal information safely. When concluding the delegation contract with the trustee, the Company will make reasonable efforts to ensure that the trustee complies with laws and regulations related to personal information protection in the contract.

8.  Overseas transfer of collected personal information (delegation of personal information processing to a foreign third party)

The Company may provide personal information to overseas third parties as described in Paragraph (1) below only when necessary, such as overseas delivery and customer management. 

In addition, the Company may delegate the processing of the Customer's personal information to an external professional company as described in Paragraph (2) below only when necessary, such as providing company services, and promotion and marketing. The trustee entrusted with the processing of personal information shall manage the information according to the purpose of delegation. If the contents of the delegated works or the trustee are changed, the change will be notified in a timely manner through this Privacy Policy or individually notified by email, written notice, telephone, SMS, etc.

(1) Provision of personal information to third parties (overseas)

Recipient (contact information): Federal Express Corporation headquarters and affiliates in each country (https://www.fedex.com/en-us/trust-center.html) (dataprivacy@fedex.com).

Country where the recipient is located: US ( 942 South Shady Grove Road, Memphis, Tennessee 38120,US)  For affiliates in other countries and contact point, please check ((https://www.fedex.com/global/choose-location.html?location=home for a list of recipients, countries, and contact information).

Purpose of using the personal information of recipients: overseas delivery and customer management.

Items of personal information to be transferred: name (Korean, English), company name, phone number (home/company, mobile phone), fax number, address, Customer account number, business registration number, invoice/Air Waybill number (including related information), email, credit card information (card company name, card type, card number, expiry date, installment information), bank account number, User ID, name of CEO, (Korean, English).

Timing and method of transfer of personal information: if necessary, from time to time through an information and communication network.

Retention and use period of personal information of recipients: Up to 3 years from the last use of the service (when delivery is completed in the case of delivery information).

(2) Delegation of the processing of personal information (overseas)

The Company re-entrusts the following personal information processing tasks to external third-party companies through the Federal Express Corporation headquarters and affiliates in each country. If there are changes to the subcontracted trustee or the details of the re-entrusted work, we will notify you through this processing policy.

All or part of the personal information collected by the Company may be transferred to overseas affiliates or overseas trustee listed below for delegation management in order to provide services and enhance customer convenience. In accordance with Article 26 of the Personal Information Protection Act, when concluding the delegation contract, the Company specifies the prohibition of the processing of personal information for purposes other than for delegated works, technical and administrative protection measures, restrictions on re-delegation, management, and supervision of the trustees, and matters related to liability, such as compensation for damages, etc. in a document such as a contract, and supervises whether the trustee manages the personal information safely. When concluding the delegation contract with the trustees, the Company will make reasonable efforts to ensure that the trustees complies with laws and regulations related to personal information protection in the contract.

Trustee (contact information): Federal Express Corporation headquarters and affiliates in each country (https://www.fedex.com/en-us/trust-center.html) (dataprivacy@fedex.com).

Country where the trustee is located: US (942 South Shady Grove Road, Memphis, Tennessee 38120,US).  For affiliates in other countries and contact point, please check ((https://www.fedex.com/global/choose-location.html?location=home for a list of recipients, countries, and contact information).

Purpose of using the personal information: Complaint handling, inquiry handling, fee payment (including invoices and bills), and processing of customer numbers (for accounting and billing purposes), management of marketing and related events, and market research.

Items of personal information to be transferred: name (Korean, English), company name, phone number (home/company, mobile phone), fax number, address, Customer account number, business registration number, invoice/Air Waybill number (including related information), email, credit card information (card company name, card type, card number, expiry date, installment information), bank account number, User ID, name of CEO, (Korean, English).

Timing and method of transfer of personal information: if necessary, from time to time through an information and communication network.

Retention and use period of personal information of recipients: until termination of delegation contract

Subcontracted trustee (Contact): CapGemini (dpocapgemini.global@capgemini.com)

Countries where the subcontracted trustee is located

  • China (28F, SML Center, No. 610, Xujiahui Road, Shanghai 200025, China)
  • India (No. 14, Rajiv Gandhi Infotech Park, Hinjawadi Phase-III, MIDC-SEZ, Village Man, Taluka Mulshi, Pune-411 057, Maharashtra, India)

Delegated works: complaint handling, inquiry handling, fee payment (including invoices and bills).

Purpose of use by the person to whom personal information is transferred: performance of delegated works.

Items of personal information to be transferred: name (Korean, English), company name, phone number (home/company, mobile phone), fax number, address, postal code, Customer account number, business registration number, invoice/Air Waybill number (including related information), email address, card information (payment amount, credit card company, credit card type, credit card number, expiry date, installment information).

Timing and method of transfer of personal information: if necessary, from time to time through an information and communication network.

Retention and use period of personal information of transferee: until termination of redelegation contract.

 

 

Subcontracted trustee (contact): Accenture (dataprivacyofficer@accenture.com).

Countries where the subcontracted trustee is located

  • China (21F West Tower, World Financial Center, No.1 East 3rd Ring Middle Road, Chaoyang District, Beijing, 100020, China)
  • India (Prestige Technopolis, 1/8, Dr.MH Maregowda Road, Audugodi, Bengaluru, Karnataka, 560029, India)

Delegated works: processing of Customer numbers (for accounting and billing purposes).

Purpose of use by the person to whom personal information is transferred: performance of delegated works.

Items of personal information to be transferred: name (Korean, English), company name, phone number (home/company, mobile phone), fax number (company, home), address, bank account number, User ID, Customer account number, business registration number, name of CEO, name of a person in charge (Korean, English), fax number, email address.

Timing and method of transfer of personal information: if necessary, from time to time through an information and communication network.

Retention and use period of personal information of transferee: until termination of redelegation contract.

Subcontracted trustee (contact): Epsilon Data Management, LLC (https://www.epsilon.com/us/consumer-information).

Countries where the subcontracted trustee is located: US (4401 Regent Boulevard, Irving, Texas 75063-2404, US).

Delegated work: management of marketing-related events.

Purpose of use by the person to whom personal information is transferred: performance of delegated works.

Items of personal information to be transferred: Name(Korean, English), company name, phone number(home/company, mobile phone), address, email address, Customer account number.

Timing and method of transfer of personal information: if necessary, from time to time through an information and communication network.

Retention and use period of personal information of transferee: until termination of redelegation contract.

Subcontracted trustee (contact): Salesforce.com Inc. (dszola@salesforce.com)

Countries where the subcontracted trustee is located: US (Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, US).

Delegated work: management of marketing-related events.

Purpose of use by the person to whom personal information is transferred: performance of delegated works.

Items of personal information to be transferred: Name(Korean, English), company name, phone number(home/company, mobile phone), address, email address, Customer account number.

Timing and method of transfer of personal information: if necessary, from time to time through an information and communication network.

Retention and use period of personal information of transferee: until termination of redelegation contract.

Subcontracted trustee (contact): Carlton One Engagement Corporation (privacy@carltonone.com).

Countries where the subcontracted trustee is located: Canada (60 Columbia Way, 9th Floor, Markham, ON L3R 0C9, Canada)).

Delegated work: management of marketing-related events.

Purpose of use by the person to whom personal information is transferred: performance of delegated works.

Items of personal information to be transferred: Name(Korean, English), company name, phone number(home/company, mobile phone), address, email address, Customer account number.

Timing and method of transfer of personal information: if necessary, from time to time through an information and communication network.

Retention and use period of personal information of transferee: until termination of redelegation contract.

Subcontracted trustee (contact): Publicis Worldwide (Hong Kong) Limited trading as Epsilon Hong Kong (DPOfficer@epsilon.com).

Countries where the subcontracted trustee is located: Hong Kong (Suites 3301-4, 33rd Floor, AIA Kowloon Tower, 100 How Ming Street, Kwun Tong, Kowloon, Hong Kong SAR China).

Delegated work: management of marketing-related events.

Purpose of use by the person to whom personal information is transferred: performance of delegated works.

Items of personal information to be transferred: Name(Korean, English), company name, phone number(home/company, mobile phone), address, email address, Customer account number.

Timing and method of transfer of personal information: if necessary, from time to time through an information and communication network.

Retention and use period of personal information of transferee: until termination of redelegation contract.

You may refuse the provision of general personal information as stated above to oversee third party. In case you refuse to agree, you may contact our customer service center (02-3496-7777). However, in case you refuge to agree, we may not be able to conclude or maintain a contract and receive the benefits provided by the Company.

9.  Customer rights and obligations and how to exercise them

(1) As a subject of information, a Customer may request (i) access to their personal information, (ii) correction or deletion of their personal information, and (iii) suspension of processing of their personal information. The legal representative of a child under the age of 14 may make the above request on behalf of the child.

(2) The exercise of rights can be done by a Customer in accordance with Article 41, Paragraph 1 of the Enforcement Decree of the Personal Information Protection Act, through written communication, email, facsimile (FAX), and the company will promptly take action on this.

(3) The exercise of rights can also be carried out through a legal representative of a Customer or a delegated person. In this case, you must submit a power of attorney in accordance with the format in Attachment 11 of the Enforcement Rule on the Methods of Personal Information Processing.

(4) Requests for viewing personal information and requesting a halt to processing may be limited in accordance with Article 35, Paragraph 4 and Article 37, Paragraph 2 of the Personal Information Protection Act.

(5) Requests for correction and deletion of personal information may not be possible when such information is specified as subject to collection by other laws.

(6) When receiving the above requests, the Company verifies whether the request was made by the Customer themselves or their legitimate representative. The Company may reject the request if there is a reason prescribed by law or a legitimate reason equivalent thereto.

10.  Measures to ensure the safety of personal information

(1) Administrative measures to protect personal information

(a) The Company appoints a Chief Privacy Officer (CPO) for the lawful processing of personal information, and establishes and implements an internal management plan for this purpose.

(b) The Company establishes and implements a personal information protection training plan for its employees and trustees who directly process personal information.

(c) The Company conducts regular self-audits to check the protection of personal information according to the internal management plan. 

(2) Technical measures to protect personal information 

(a) The Company controls access to personal information, and restricts and manages access rights.

(b) The Company records the management of access rights to personal information and keeps the records for a certain period of time.

(c) The Company installs and operates an intrusion prevention system to block unauthorized access to personal information. In addition, it applies secure access methods such as virtual private networks (VPNs) to control external access.

(d) The Company establishes and applies password creation rules so that Customers can set and use safe passwords. If the Customer has set a password to access certain parts of the Company's website, the Customer is responsible for keeping the password confidential and not disclosing it to others.

(e) The Company takes encryption measures required by relevant laws and regulations when sending, receiving and storing personal information, including sensitive information and unique identification information.

(f) The Company installs programs for fixing security vulnerabilities of software, such as operating systems, and periodically updates them.

(g) The Company keeps the access records of the personal information processing system safe for a period of time.

(3) Physical measures to protect personal information

The Company implements measures to prevent physical access, such as access control and locking devices, for the safe storage of personal information in the form of documents.

11.  Links to other websites

The Company may provide links to other websites that are not controlled by the Company. The Company assumes no responsibility for such websites. If the Customer leaves the company website, the Company is not responsible for the protection and privacy of the information provided by the Customer. The Customer should carefully review the privacy regulations applicable to those websites. When a link is provided, we will make every reasonable effort to inform the Customer that they are going from our website to another site.

12.  Installation, Operation, and Refusal of Devices Automatically Collecting Personal Information

(1) The Company uses cookies for certain websites of the Company, including but not limited to session cookies, persistent cookies, and web beacons. Cookies are files that store information about a Customer visiting the Company's website on the computer used by them, and inform the Company of the information. Cookies allow the Company to better understand the Customer's website preferences, tailor the website to their preferences, and measure website usage.

(2) When a Customer accesses the Company website, the Company analyzes the frequency of access or visit time, tracks the Customer's traces, identifies event participation information and the number of visits, and uses cookies to provide targeted marketing or personalized services.

(3) Customers have the option to allow cookies or not. Customers can adjust their browser settings to accept all cookies, receive notifications when cookies are downloaded, or refuse all cookies. However, if a Customer refuses to allow cookies, there may be difficulties in using services.

(4) Examples of allowing/rejecting cookies:

  • Internet Explorer (in the case of Internet Explorer 11 for Windows 10): In Internet Explorer, select the Tools button, then select Internet Options. Select the Personal Information tab, select Advanced under Settings, then select Block or Allow Cookies.
  • Chrome: In Chrome, click the ⋮ button (Chrome customization and control) in the upper right corner, then click Settings. - Click Show Advanced Settings at the bottom of the Settings page and click Content Settings in the Personal Information section. - In the Cookies section, select the check box for blocking third-party cookies and site data.

13.  Matters Regarding the Collection, Use and Refusal of Behavioural Information

(1) The Company collects and uses behavioral information to provide customers with optimized personalized services, benefits, online personalized advertisements, and the like during the service usage process.

(2) The Company collects behavioral information as follows:

Items of collected behavioral information

Method of collecting behavioral information

Purpose of collecting behavioral information

Retention, use period, and subsequent information processing method

User's service usage timestamp, service usage records, records of improper use, login information (IP address).

Automatically collected when users visit/run the website and app.

Preservation of service usage records, website performance analysis, statistical analysis of user usage, usage information analysis, marketing research.

Destruction after 2 years from the date of collection.

14.  Additional Use and Provision

(1) In accordance with Article 15, Paragraph 3, and Article 17, Paragraph 4 of the Personal Information Protection Act, the Company may use and provide personal information without the Customer's consent, considering the matters specified in Article 14-2 of the Enforcement Decree of the Personal Information Protection Act.

(2) Accordingly, the Company has considered the following matters in order to use and provide personal information without the Customer's consent:

  • Whether the additional use or provision of personal information is relevant to the original collection purpose.
  • Whether there is predictability in the additional use or provision of personal information, based on the circumstances of collection or processing practices of personal information.
  • Whether the additional use or provision of personal information unduly infringes upon the customer's interests.
  • Whether measures necessary for ensuring security, such as pseudonymization or encryption, have been taken.

15.  Remedies for infringement of rights

Customers can apply for dispute resolution or consultation with the Personal Information Dispute Mediation Committee and the Korea Internet & Security Agency in order to receive relief from personal information infringement.

In addition, for reporting and consultation of other personal information infringement, contact the Personal Information Dispute Mediation Committee, Information Protection Mark Certification Committee, Advanced Crime Investigation Division of the Supreme Prosecutors' Office, or Cyber Terror Response Center of the National Police Agency.

1) Personal Information Dispute Mediation Committee: (without area code) 1833-6972 (www.kopico.go.kr)

(2) Personal Information Infringement Report Center: (without area code) 118 (privacy.kisa.or.kr)

(3) Supreme Prosecutors' Office: (without area code) 1301 (www.spo.go.kr)

(4) National Police Agency: (without area code) 182 (ecrm.cyber.go.kr)

16.  Personal information protection and customer complaint handling department

The Company's customer service department listens to Customers' opinions on personal information protection and handles complaints related to personal information. The national manager of the customer service department is designated as the responsible person. Customers can report all complaints related to personal information protection that occur while using the Company's services to the person in charge of handling inquiries and complaints related to customer personal information below or to the customer service department.

Personal Information Protection Officer (Privacy Officer)
Name: Seung Woo Hong
Director, Korea Customer Service Team
Phone: 02-3496-7777
Email: krcsl@fedex.com

Personal Information Protection Manager (Privacy Manager)
Manager, Korea Customer Service Team
Phone: 02-3496-7777
Email: krcsl@fedex.com

17.  Amendments to this Privacy Policy

If the Company revises this Privacy Policy, it will notify the contents of the revision and the time of enforcement through this website in a timely manner.

Privacy Policy enforcement date: February 9, 2024
Privacy Policy change notice date: February 2, 2024

Privacy Policy enforcement date: September 2, 2019
Privacy Policy change notice data: August 30, 2019

Privacy Policy enforcement date: February 28, 2018
Privacy Policy change notice date: February 22, 2018

Privacy Policy enforcement date: Novemebr 17, 2017
Privacy Policy change notice date: October 26, 2017

By visiting and using this site, you consent to the placing of cookies by TNT and its partners. Find out more