Charter of Obligations to the Customer

Each moving shipment (either FedEx or TNT network) is accompanied by a courier accompanying note (SY.DE.TA.) where the User - Sender, who has the full responsibility of compiling the correct data, clearly states the full details of the same, the Recipient, the date and time of receipt, as well as the services the User - Sender wishes. The preparation of the SY.DE.TA. and the acceptance of the shipment by the Company certifies the drawing up of an individual contract between the user of the services and FedEx Express Greece and proves the acceptance of the general terms of acceptance of the shipment by the parties involved. The main issues defined through the individual contract are the following:

• unacceptable items and items that are prohibited for carriage under international, national and European Conventions;
• the right of the company to refuse to accept items to be handled if the Sender refuses to have them inspected by a representative of the company;
• the conditions of insurance of the postal item and the amounts thereof;
• the compensation for delays, loss and damage to objects and the time limits within which the user may claim it, at least in accordance with the relevant legislation;
• cases where the postal operator is not liable;
• the way in which unclaimed postal items are handled; and
• the dispute resolution process between business and user.

By entrusting the handling of the User - Sender's shipment to FedEx Express Greece, the User - Sender accepts the FedEx Express Terms and Conditions of Carriage for Europe, as applicable from time to time, both for the same and in the User - Sender's capacity as the representative of the principal, owner or holder of the goods to be transported.

The above also applies in cases where the Company undertakes the handling of bulk shipments where the shipment in transit is accompanied by a simplified SY.DE.TA.

Unless otherwise agreed, FedEx Express Greece is obliged to deliver the item to the address of the Recipient or to a third party at that address in the absence of the Recipient. Upon delivery, the Recipient shall clearly indicate the Recipient's name, the date and time of receipt, and sign the proof of receipt–delivery, or sign electronically on the device used for the collection of shipment receipt and delivery data (details).

The liability of FedEx Express Greece for the transported shipments ceases at the moment of delivery of the respective shipment to the Recipient or to any third party at the declared address, in case of the absence of the Recipient. The signature of the Recipient or any third person as described above, with the indication of the delivery details on the copy of the SY.DE.TA. is clear proof of the correctness of the delivery.

All shipments handled by the Company are tracked and traced electronically at all stages of their transport through the ESPETA system (track and trace system). Fedex Express Greece retains transport information through the ESPETA system as well as a record of the SY.DE.TA. in electronic or paper format for six months from the date of commencement of the shipment.

FedEx Express Greece makes every effort to deliver the shipment in accordance with the normal handling schedules of the service offered. FedEx Express Greece shall not be liable for any direct or consequential loss caused by any delays, other than as set out in the FedEx Express Terms and Conditions of Carriage for Europe, as detailed below. FedEx Express Greece is able to promptly inform the Sender and the Recipient of the status of the shipment, provided that they communicate the waybill number (SY.DE.TA.). In detail, the Terms and Conditions of carriage are as follows:

FedEx Express Terms and Conditions of Carriage for Europe

FedEx Express and its network of stores are required to treat customers with respect during their interactions with them in accordance with the FedEx Code of Conduct. Customer complaints about inappropriate or rude behaviour, poor service can be reported in writing by sending a letter to the Company's address or by sending an email to the email address: greece@fedex.com, or as otherwise provided under Customer Service.

The customer service department is responsible for informing customers about any question or the progress of a shipment or a compensation or even the operation of the company and/or its stores or any issue or complaint concerning its service by registering customer complaints at the telephone numbers specified in Address/Contact Details above as well as by email at the email address: greece@fedex.com

In any case, the Company shall respond to a customer's request immediately and within 21 days at the latest. For the proper service of customers and the resolution of any disputes and after the customer is unable to resolve his/her problem definitively, FedEx Express Greece establishes, upon request, a Dispute Resolution Committee which consists of the respective heads of the following Directorates: Security, Customer Service and Legal Service and by a consumer representative with the right to be represented, if desired, by the user concerned. FedEx Express will inform the user of the time and place of the meetings and of his/her right to submit a written memorandum if he/she is unable to attend. For more information on the operation of the Dispute Resolution Committee, users can contact the Customer Service department at the telephone numbers specified in Direction/Contact Details above.

For people with special needs, every effort has been made to provide better access to the Company's premises, with provision for the movement of people with mobility impairments at the Company's registered office and its branches throughout Greece, where there are access ramps and lifts.

FedEx Express Greece maintains its equipment and facilities in good condition, repairing and restoring any damage or anomalies that affect the good service to customers. In cases of damage, anomalies or external adverse interventions that require the shutdown of a store offering postal services, FedEx Express Greece shall repair the damage immediately, acting in accordance with the applicable laws, regulations and security provisions.

As part of the continuous modernisation of its operation, FedEx Express Greece has planned and implements a wide-ranging electronic training program for all its staff, regardless of their level of hierarchy and position. The training program which has been designed and implemented, provides for the training of all staff in order to better serve the User of our services, in an effort to provide the best experience during their use. The issues include safety, hygiene, fire safety, personal data and many other issues that arise during the provision of services.

FedEx Express Greece believes that the protection of customers' personal data is of paramount importance. For this reason, it takes appropriate measures to protect the personal data it processes and to ensure that the processing of personal data is always carried out in accordance with the obligations imposed by the applicable legal framework and in particular the EU Regulation 2016/679, both by the Company itself and by third parties that process personal data on its behalf. The Company applies appropriate technical and organisational measures to ensure the secure processing of personal data and to prevent accidental loss or destruction and unauthorised and/or unlawful access, use, modification or disclosure of personal data. In any case, the way the internet works and the fact that it is free to anyone does not allow to provide guarantees that unauthorised third parties will never be able to breach the technical and organisational measures in place, gaining access and possibly making use of personal data for unauthorised and/or improper purposes. For more information on this you can read the Privacy Statement - Global Privacy Policy (Appendix A of this document) and the GDPR Guide | Guidelines on the Privacy Principles (Appendix B of this document).

In addition, the confidentiality of postal services and correspondence is inviolable. This can only be lifted if there are special reasons, as described in more detail below. The Company maintains specific mechanisms and internal procedures for the lifting of confidentiality. The Company has selected carefully and well-trained staff, modern and efficient system of postal network organisation, computerisation, and takes measures to prevent any possible violation of this policy while fully informing users about the due diligence to be exercised when sending postal items. The Postal Services Confidentiality Policy, which has been developed and implemented by the Company, has been approved by a relevant approval decision of the Communications Confidentiality Authority (CCA).

The Company provides courier services for domestic and international postal items (within the European Union and worldwide).

Annex C and D of this document is a Description of the Services Provided (July 2014 and TNT and FedEx Network Price Lists).

General information, communication channels and available technology (CRM) to support customers/consumers

The following channels are available for a customer to submit a query, complaint or claim or to raise any kind of questions to the Company's representatives

CONTACT CHANNEL (from & to customers)

Contact Numbers: (+30) 2108905868 for the TNT network & (+30) 2108905900 for the FedEx network

Available Technology: The modern technology provided by Five9 is used to ensure easy access to customer service representatives as well as self-service for specific types of simple queries. Our platforms provide all the necessary data that can be used to evaluate customer satisfaction and ensure continuous improvement and quality.

Email: greece@fedex.com

Available Technology: The modern technology provided by Salesforce is used to ensure easy access to customer service representatives. Our platforms provide all the necessary data that can be used to evaluate customer satisfaction and ensure continuous improvement and quality.

Customer/Consumer Support Chat

Contact points: For each Network, the chat can be reached via the website of each network (TNT/FedEx) by selecting the support pages.

Available Technology: The modern technology provided by Salesforce is used to ensure easy access to customer service representatives. Our platforms provide all the necessary data that can be used to evaluate customer satisfaction and ensure continuous improvement and quality.

Electronic forms: For each Network, the electronic forms are accessible through the website of the respective network (TNT Express/FedEx), by selecting the support pages.

Available Technology: The above technology is applicable.

Complaint Management Technology

TNT network: Salesforce

FedEx Network: Pegasystems

Shipment Tracking and Tracing Technology: TNT network: Salesforce, FedEx Network: Enterprise Operational Portal (eOps) 

The Enterprise Operational Portal (eOps) is FedEx's primary internal system for tracking shipments. It is used extensively within the organisation, primarily by the Customer Service, Customs Clearance and Operations Departments. The system provides information for both FedEx and TNT shipments. The system offers: 

• Information on the exact location and status of shipments. 
• Detailed visualisation of the route of a shipment, from its creation to its delivery. 
• Support in the analysis and investigation of problematic cases. 

eOps consists of two main parts: 

1. Shipment Information 
2. Status and Route Information 

1. Shipment Information 

It includes important data about the shipment, such as: 

• General information 
  • Sent on 
  • Estimated delivery date 
  • Description of shipment content 
  • Declared values 
• Origin & Destination 
  • Country, city, address of origin
  • Country, city, address of delivery
  • Origin and delivery station codes
• Sender & recipient details 
  • Name / Surname of the company 
  • Address, country, city 
  • Contact details
• Shipment Details 
  • Service product 
  • Weight, dimensions, number of packages 
  • Shipping account / Billing method 
  • Special shipment handling services 

2. Status and Route Information  

It includes important data about the stages of the route and the status of the shipment, such as: 

• Scanning Code 
• Scan Date  
• Scanning Station 
• Scanning System/Equipment 
• Status / Comments 

Complaints about the Shipments

The time limits for submitting complaints about shipments are those set out in accordance with section 23.1 (23.1 Providing Claim Notice) of the Company's Terms and Conditions of Carriage below:

23.1    Providing a Claim Notice. 

All claims must be notified to FedEx within the following time limits:

a. Claims for damage (visible or hidden), delay (including tampering claims) or lack of contents within 21 days after delivery of the shipment. Receipt of the Shipment by the Recipient without such notice of damage on the delivery receipt constitutes prima facie evidence that the Shipment was delivered in good condition.

b. All other claims, including claims for loss, non-delivery or misdelivery, within nine months after delivery of the Shipment to FedEx.

All such claims must be notified either at the time of delivery on the applicable delivery record, via the website  or by contacting FedEx Customer Service.

After the complaint is submitted, the customer service team may take the following actions:

Complaint procedure for delays (TNT & FedEx Network): 

If the shipment has already been delivered, the customer service representative examines the history of the shipment by searching the internal tracking systems and informs the customer about the reasons for the delay. 

If the shipment is still in transit, the customer service representative shall review the history of the shipment by searching the internal tracking systems and inform the customer of the reasons for the delay. If the customer expresses the need for action or further information, the customer service representative can further escalate the situation by creating a case in the support team, also providing the case number to the customer. The case holder becomes responsible for keeping the customer informed about the progress of the shipment until delivery.

In the event that the customer requests a credit note for the transfer costs due to delay, Section 19 of the Company's Terms and Conditions of Transfer should be applied. If a shipment is not eligible for a refund guarantee under the Company's Terms and Conditions of Carriage further alternative commercial arrangements may be considered based on the overall cooperation and relationship with the customer.

Compensation Procedure (TNT & FedEx Network): 

1. Anyone named on the air waybill can make a claim (sender, recipient or third party if named on the air waybill). For both networks, we provide the claimant with a case number that can be used by the customer to request further information on progress.
2. Following submission of the complaint, the Customer Service team may conduct the appropriate investigations. The steps of the process are as follows
3. We gather all the necessary investigation information to validate the claim and record it within the existing case scenario. Examples:
   • The claim must have been reported within the appropriate time limits in accordance with section 23 of the Company's Terms and Conditions of Transfer. If it is outside the appropriate time limits, we may reject the complaint without further investigation.
   • The number of packages and weight should be available.
   • We must have the content type
   • The customer must have kept the packaging (for photos and inspection).
   • The customer will be asked if the damage is visible or hidden.
   • A description of the packaging (internal and external) should be provided.
   • The extent of the damage should be specified and described.
   • It should be specified whether the item is new or used and what the cost of the item is.
   • The proof of delivery will be checked to confirm whether the recipient has declared damage upon delivery of the shipment.
   • Photos are collected showing the outer and inner packaging / damage to the outer packaging and damage to the contents.
   • It is determined whether the system tracking records indicate any damage and the conditions under which it occurred.
   • If there is no damage reported in the system, the delivery station is asked to comment on the status of the shipment on arrival at the destination and during delivery.

When the required investigations are completed, the Company will take the following actions:

• For the TNT Network: The claimant should complete the form via the link https://tnt-insuranceclaims.my.salesforce-sites.com/Csuser.
• For the FedEx Network: The claimant should complete the attached handwritten form (Annex E to this document) (English version also available)

The claims administrator will then review the form, check whether the insurance option has been selected and the results of the investigation and respond to the customer accordingly, applying the Montreal Convention for a shipment transported by air to any leg of the transport or the CMR Convention for a shipment transported by road only when required (and not insured). The claim may be rejected on the following grounds:

Lost Shipment Procedure (TNT & FedEx Network): 

1. Anyone named on the air waybill can make a claim (sender, recipient or third party if named on the air waybill). For both networks, we provide the claimant with a case number that can be used by the customer to request further information on progress.
2. Following submission of the complaint, the Customer Service team may conduct the appropriate investigations. The steps of the process are as follows
   • We gather all the necessary investigation information to validate the claim and record it within the existing case scenario. Examples:
   • We are making enquiries with the delivery stations to confirm that the shipment has not been delivered
   • Ask for a full internal and external description of the shipment, as well as a packing list and, if available, ask the sender to send photos of the shipment.
   • We check our internal over-goods systems (systems in which all unidentified shipments are stored with images) against the description and try to possibly track the shipment.
   • If a Shipment cannot be located within our freight transport systems, additional searches may be conducted across all stations and hubs involved.
   • If the search results in finding the freight, we notify the customer and coordinate the delivery of the freight and keep the case open until the freight is delivered. If the searches do not lead to the recovery of the freight, the following steps should be taken
     • For the TNT Network: The claimant should complete the form via the link https://tnt-insuranceclaims.my.salesforce-sites.com/Csuser.
     • For the FedEx Network: The claimant should complete the attached handwritten form (Annex E to this document) (English version also available)

The claims administrator will then review the form, check whether the insurance option has been selected and the results of the investigation and respond to the customer accordingly, applying the Montreal Convention for a shipment transported by air to any leg of the transport or the CMR Convention for a shipment transported by road only when required (and not insured). The claim may be rejected on the following grounds:

Rejections for complaints/claims related to the shipment

The grounds for rejecting a claim include, but are not limited to:

• Time limit for notification of a claim that has elapsed.
• Improper packaging (for damaged shipment).
• Prohibited Items. 
• Goods or packages that are not available for inspection.
•  Lack of documentation.
• No mishandling by FedEx Express Greece.
• Acts of officials (customs, police, government or airport officials, etc.).
• Issues Force Majeure.

Complaint not related to a Shipment

Customers, in addition to complaining about a delayed shipment or a service failure in the transportation of their shipment, may express dissatisfaction in areas such as, among others:

• Employee behaviour (for example: rudeness, driving safety issues, damage caused to property, etc.)
• Accessibility – Communication channels available (e.g. the customer cannot contact the relevant department)
• Lack of recall
• Recurring operational issues
• Poor handling of claims/compensation

Procedure related to complaints not related to Shipments:

1. We create a case that is referred to as a "complaint" in the respective TNT/FedEx Networks systems, recording the contact details of the claimant/customer (full name, telephone number and email address) and the preferred method of contact.
2. We record the customer's complaint and requirements, also explaining who will respond to the customer.
3. We conduct research if required, also agreeing with the client contact to follow up and establish a service level agreement.
4. We assign the case to the appropriate team to investigate it.

The postal undertaking shall keep documents or electronic records (contracts, other correspondence) for as long as the contract with the user is in force and for an additional six (6) months after its expiry. Where, following termination of the contract, a dispute resolution request or complaint submitted by the user against the postal undertaking remains pending before the Hellenic Telecommunications and Post Commission (EETT) or any other public or judicial authority, the postal undertaking shall be required to retain the above documents/records until completion of the hearing procedure before the EETT or until the first hearing of the case before a court. In the event that the user files a complaint or brings proceedings before the courts, the user shall have access to any existing conversations lawfully recorded with the user’s consent, upon submission of a relevant request to the postal undertaking.

FedEx Express Greece complies with the provisions of the relevant regulatory framework for the provision of postal services, as well as any other provision relevant to the provision of its services.

Introduction

Policy Overview

FedEx Corporation (together with its subsidiaries and affiliated companies, “FedEx”) recognizes the importance of having effective privacy protections in place and is committed to compliance with applicable data privacy laws, regulations, internal policies and standards. These protections form the foundation of a trustworthy company, are necessary to maintain the confidence of customers and employees and ensure the company’s own compliance with such local laws. This Global Privacy Policy (“Policy”) is based on globally accepted, basic principles on data protection.

Scope

This Policy applies worldwide to all employees and companies of FedEx. Individual operating companies may not adopt policies inconsistent with this Policy. Supplemental data Protection requirements for individual operating companies, regions or countries may be created with the approval of the Global Chief Compliance and Governance Officer (“GCCGO”).

Application of Local Laws

Each operating company of FedEx is responsible for compliance with this Policy. If there is reason to believe that local law requirements or other legal obligations contradict the duties under this Policy, the relevant operating company must inform the GCCGO. In the event of conflicts between applicable local laws, rules or regulations and the Policy, FedEx will work to find a practical solution that reconciles these requirements.

Definitions

Personal Data — Any information that can directly or indirectly be used to identify a natural person, whether that individual is an employee, a customer or employee of a customer, a vendor or employee of a vendor, a job applicant or any other third party.

Examples:

• Names
• Government-issued identification numbers (social security and driver’s license numbers, etc.)
• Addresses
• Phone numbers
• Email addresses
• Photos

Processing — Any operation performed on Personal Data, with or without the use of automated systems, such as to collect, store, organize, retain, archive, record, view, modify, adapt, alter, query, use, retrieve, forward, transmit or combine data. This also includes disposing of, deleting, erasing, destroying or blocking data.

Examples:

• Storing information in databases
• Viewing information stored on another computer
• Transferring information from one database to another

Notes:

Data that has been anonymized such that individuals cannot be identified does not constitute Personal Data.

The transportation of physical media (documents, computers, etc.) containing Personal Data does not constitute Processing of that Personal Data.

Data Protection Principles

Personal Data will be collected, recorded and used in a proper and professional manner, whether the Personal Data is on paper, in computer records or recorded by any other means.

FedEx is accountable for and must be able to demonstrate compliance with the following principles of data protection.

1. Fair and Lawful. When Processing Personal Data, the rights of the individual related to their Personal Data must be protected. Personal Data must be collected and Processed fairly and lawfully.
2. Purpose Specification. Personal Data can be used or Processed only for the purpose defined at the time of collection and shall not be further used or Processed in any manner incompatible with that purpose. Personal Data may not be collected and stored for potential future use unless allowed by local law.
3. Collection Limitation. FedEx only collects Personal Data necessary to meet the specified purpose at the time of collection and only to the extent allowed by local law.
4. Deletion. Personal Data no longer needed for the purpose specified at the time of collection shall be deleted according to applicable retention schedules unless it is subject to an exception from the Legal Department.
5. Data Quality. Personal Data should be accurate, and if necessary, kept up to date.
6. Security Safeguards. Personal Data must be protected using technical, managerial and physical security measures against risk of loss or unauthorized access, destruction, use, modification or disclosure.
7. Transparency. Individuals must be notified at the time of collection how their Personal Data is being used or Processed. They must be aware of who is collecting the Personal Data, the purpose for the
   Processing of the Personal Data and if third parties will Process the Personal Data, that adequate safeguards are in place. All such notices must be approved by the Legal Department.
8. Individual Participation. To the extent required by local law, individuals have a right to access their Personal Data and, where appropriate, to correct or delete it and exercise any other right provided by local law.

Security and Access

Personal Data is classified as confidential. Any unauthorized Processing of such data by employees is prohibited. Any Processing undertaken by an employee that is not part of his or her legitimate duties is prohibited. Employees may have access to Personal Data only as is appropriate for the type and scope of the task in question. This requires the definition and separation, as well as implementation, of roles and responsibilities.

Employees are prohibited from using Personal Data outside of the scope of their employment at FedEx, to disclose it to unauthorized persons or to make it available in any other way outside the permitted business use. Supervisors must inform their employees at the start of the employment relationship about the obligation to protect Personal Data. This obligation shall remain in force even after employment has ended.

Personal Data must be safeguarded from unauthorized access and unlawful Processing or disclosure. This applies regardless of whether data is Processed electronically or in paper form. Before the introduction of new methods of data Processing, a privacy impact assessment should be performed for new IT systems, which may lead to implementing technical and organizational measures to protect Personal Data.

Employees are expected to follow FedEx Information Security Standards, which can be found by searching keyword “standards.” Note that Information Security classifies all data as Sensitive, Internal or Public. Depending on its classification, Personal Data must be protected in accordance with the applicable Information Security Standards.

In the event of suspicious activity, suspected cyberattack, suspected security incident, or possible breach of Personal Data, all FedEx employees must notify Information Security immediately via the Incident Notification Website, keyword “incident” or call 901/224- 2021 or 901/224-2022 to report the incident.

Special Circumstances

Data Transferring or Processing by Third Parties

Personal Data may not be transferred to a country outside the country of origin unless the transfer has been approved by the Legal Department, who will ensure an adequate level of data protection or suitable safeguards are in place. If a vendor or third party is engaged to Process Personal Data, a data transfer agreement must be in place with that external provider. An external provider can Process Personal Data only in accordance with instructions from FedEx.

Processing of Special Categories of Personal Data

Special categories of Personal Data that are highly sensitive can be Processed only under certain conditions. These categories include an individual’s racial and ethnic origin, political beliefs, religious or philosophical beliefs, union membership or the health and sexual life of the data subject. Under local law(s), further data categories may necessitate special treatment. Personal Data

that relates to a crime can often be Processed under special requirements of local law. Leave requests, that include special categories of data, will be handled by local Human Resources and Legal Departments.

If there are plans to implement a new system, procedure or Process that includes Personal Data in a special category, the GCCGO must be informed in advance.

Telecommunications and Internet

Telephone equipment, email addresses, intranet and Internet, along with internal social networks are provided primarily for work-related assignments. They can be used within the applicable legal regulations and internal policies. In the event of limited acceptable usage for private purposes, the local laws on secrecy of telecommunications and any local telecommunication laws must be observed.

Communication and Responsibilities

All Employees are responsible for:

• Reading and complying with this Policy and related policies, along with related documents/guidelines that may be developed and maintained to implement the requirements of this Policy.
• Reporting violations of this Policy.

Management is additionally responsible for:

• Ensuring all reporting personnel understand the requirements of this Policy.
• Ensuring appropriate safeguards are in place to protect Personal Data.
• Providing all necessary training and/or guidance to assist with the implementation process, and for monitoring compliance with this Policy.

Related Policies

• Code of Business Conduct and Ethics
• Information Security Standards
• Your company’s Use of Computer Resources Policy
• Your company’s Pre-employment Screening Policy
• Your company’s Recruitment Policy
• Your company’s Data Retention and Destruction Schedules
• Keyword “incident”

Anti-Retaliation Policy

FedEx prohibits any form of retaliation for reporting in good faith a suspected violation of this Policy.

Policy Custodian

Global Chief Compliance & Governance Officer

Adoption Date

This Policy was adopted effective May 1, 2018.

GDPR Guide | Guidelines on the Privacy Principles | Version 2.0 Last updated: 17 March 2021

Purpose of the Guidelines

FedEx often needs to process personal data. Personal data (data) is any information relating to an individual. ‘Processing’ is any use of personal data, such as access, transfer, share, collect, store, alter, disclose, restrict and erase. Any data processing activity is subject to the General Data Protection Regulation (GDPR) and any applicable local privacy law.

These Guidelines on the Privacy Principles highlight FedEx’s obligations to process data in a responsible way and in accordance with the legitimate business purposes (article 5 Binding Corporate Rules (BCRs)), the principles (article 5 GDPR) and the lawfulness (article 6 GDPR). The privacy principles below should lie at the heart of your approach to processing data.

Lawfulness, fairness and transparency

• Establish a lawful basis under GDPR for any data processing activity. The most important for FedEx:
  CONSENT - Clear consent of the individual to process his/her data for a specific purpose, e.g. profiling customers for marketing purposes. Many people think that consent is the key basis for data processing. However, consent is rather cumbersome and often does not work well.
  CONTRACT - Processing is necessary for a contract (e.g. contact details in an employment contract) you have with the individual or because the individual asked you to take specific steps before entering into a contract
  LEGAL OBLIGATION - Processing is necessary to comply with the law, e.g. sharing personal data with tax authorities or storing personal data for administration purposes
  LEGITIMATE INTERESTS - Processing is necessary for FedEx’ legitimate interests or a third party, unless such interests are overridden by the individual’s privacy rights. Examples where this basis might apply are: fraud prevention, CCTV, network security etc.
• Ensure that you don’t do anything with the data in breach of any other laws
• Use personal data in a fair way. Do not process the data in a way that is unduly detrimental, unexpected or misleading to the individuals concerned
• Be clear, open and honest with people from the start about how you will use data

Purpose limitation

• You must be clear about what your purposes for processing are from the start
• You need to record your purposes as part of your documentation obligations. Please refer to applicable FedEx privacy notice before the processing takes place.
• You are not allowed to further process the data in a way that is incompatible with the original purposes. Example: it is not allowed to use employee data for marketing purposes

Data minimization

You need to ensure the data you’re processing is:

• Adequate – sufficient to properly fulfil your stated purpose
• Relevant – has a rational link to that purpose
• Limited to what is necessary – you do not hold more than you need for that purpose

This principle relates to privacy by default and privacy by design. Since the law is not specific on what data categories you can use, you have to make a decision yourself.

Accuracy

• You should take all reasonable steps to ensure the data you hold is not incorrect or misleading
• You may need to keep the personal data updated, although this will depend on what you are using it for
• If you discover that data is incorrect or misleading, take reasonable steps to correct or erase as soon as possible

Storage limitation

• You must not keep personal data for longer than you need it. So, you need to be able to justify how long you keep personal data and in accordance with FedEx’s retention schedules.
• If you want to engage a vendor that will process data on our behalf, such as cloud storage provider, make sure that the vendor adheres to the relevant retention periods

Integrity and confidentiality (security)

• Implement appropriate technical or organizational measures to secure the data and keep them confidential
• You are only allowed to have access to or use the data if needed for your activities (need-to-know)

Other topics

Please immediately contact euprivacy@fedex.com or Legal in case of:

• Questions regarding individual’s requests
• Start system/project/tool or other initiative which includes use of personal data or FedEx systems
• Processing activities which are likely to result in high risks, especially processing of special categories. A Data Protection Impact Assessment (DPIA) might be required
• Engaging a vendor where data processing plays a role. A Data Processing Agreement (DPA) might be required
• of personal data
• These guidelines are limited to data protection matters. Please consult with LR/works councils, HR or other departments where required

DOCUMENT PROPERTIES

DOCUMENT TITLE: Guidelines on the Privacy Principles

IDENTITY OF OWNER(S): Sebastiaan Teekman

APPROVAL: EU data protection manager

EFFECTIVE DATE: 17 March 2021

REVISIONS: 17 March 2021 – completely rewritten

CONTACT: euprivacy@fedex.com

FedEx

Shipping Rates & Tariffs | FedEx Greece

TNT

Fuel Surcharges | How To Ship | TNT Greece

Contact | FedEx Greece