FedEx Privacy Notice
Your trust matters to us. That is why we protect your information and use it responsibly, while continuing to deliver the excellent service you expect from FedEx. We are committed to protecting your privacy and the security of your personal data. We have created this Privacy Notice to explain how FedEx collects and uses personal data.
FEDEX PRIVACY NOTICE
Your trust matters to us. That is why we protect your information and use it responsibly, while continuing to deliver the excellent services you expect from FedEx and its operating groups, subsidiaries and divisions (hereafter “FedEx”). At FedEx, we are committed to protecting your privacy and the security of information that can directly or indirectly be used to identify a natural person (hereafter “Personal Data”). FedEx has created this privacy notice (hereafter “Privacy Notice”) to explain how FedEx collects and uses Personal Data.
When this Privacy Notice mentions “FedEx”, “we”, “us”, or “our”, FedEx is referring to the FedEx company that is deciding on the purposes and means of the processing of your Personal Data under this Privacy Notice.
When you are using our services in Europe, your Personal Data is controlled by FedEx Express International B.V., having its headquarters in Hoofddorp, The Netherlands. When you are using our services globally, your Personal Data is controlled by FedEx Corporation, having its headquarters in Memphis, Tennessee.
FedEx Express International B.V.
Attn: Legal Department Taurusavenue 111
2132 LS Hoofddorp The Netherlands
Attn: Legal Department - Compliance
1000 Ridgeway Loop Road, Ste 600
Memphis, TN 38120 United States of America E: email@example.com
Use the following link for your data subject requests: https://app.onetrust.com/app/#/webform/c121cce6-6cfb-4c3d-9b61-334f56a01b5f
This Privacy Notice answers the following questions:
1. Does this Privacy Notice apply to you?
This Privacy Notice applies to you if you are a customer of FedEx, a recipient of a package delivered by FedEx, a supplier of FedEx, or if you contact FedEx, for instance, by visiting www.fedex.com including any (sub)pages and mobile apps (hereafter “Websites”), using social media or if you receive emails from FedEx.
Our Websites are for a general audience and not aimed at children. In principle, we do not collect Personal Data from children under age 16. If you are under the age of 16 and you want to use our services, please rely on a parent or guardian to assist you.
If a child under the age of 16 may have disclosed Personal Data to us, the parent or guardian can contact us at firstname.lastname@example.org and we will remove Personal Data if required.
2. What Personal Data does FedEx collect?
In the course of its business activities and providing the services, FedEx will need to process Personal Data. Without your Personal Data, we will not be able to provide you with the requested services. As a rule, the Personal Data that you provide directly or indirectly to FedEx when using our services and visiting our Websites are:
- Contact information.
This will include your name, address, e-mail address and phone number;
- Financial information.
This will include your bank account number, payment status, and invoices;
- Identification information.
This will include your driver’s license number. If you don’t have a driver’s license, another identification method will be used that ensures us that we can identify you, but is the least privacy invasive as possible;
- Account information.
This will include log-in details, including your email address, and other information provided through your account;
- Information related to shipment and services.
This will include shipment tracking number, shipment routing information, location data, status of a shipment, delivery location, packaging type, number of pieces, weight, picture of the parcel, and customs information;
- User and preference information.
This will include – as applicable – shipping amounts, complaints, history of purchases and related commercial activities, communication, survey information, and shopping preferences.
- Automatically generated information.
This will include IP address, unique device or user ID, system and browser type, date and time stamps, referring website address, content and pages you accessed on our Websites or mobile apps, dates, times and locations actions take place, websites you visit (if you connect to our in-store wireless services), click-stream information and device location (if you turn on the feature in the mobile app).
4. Why does FedEx process Personal Data?
Personal Data shall be collected, used, stored or otherwise processed when necessary within the framework of responsible, efficient and effective business management of FedEx. FedEx processes Personal Data based on applicable legal ground(s). The legal ground is often intrinsically linked to the business purpose. This means, for example, that the performance of an agreement can be both a legal ground and a business purpose for FedEx.
Therefore, we will first clarify the legal ground(s) on which FedEx processes your Personal Data and, subsequently, the business purpose(s) that we use your Personal Data for:
In general, FedEx processes your Personal Data based on one of the following legal grounds:
- The processing is necessary to perform an agreement between you and FedEx,
- The processing is necessary for us to comply with our legal obligations,
- The processing is necessary to protect your vital interests or of other individuals,
- The processing is necessary for the legitimate interests of FedEx, except where such interests are overridden by your interests or fundamental rights and freedoms, or
- Where appropriate and required, we will ask for your consent.
FedEx shall only collect, use or otherwise process Personal Data if the processing falls within the scope of one (or more) of the legitimate business purposes listed below:
- Product development, research and improvement of FedEx products and/or services. FedEx processes Personal Data as necessary for the development and improvement of FedEx products and/or services, research and development (e.g. analyse information related to the shipment and services to improve our services).
- Performing agreements. This includes shipping services, tracking FedEx services, communication with individuals and other parties regarding services, responding to requests for (further) information, dispute resolution and preparing agreements (e.g. link the shipment tracking number to your account to enable you to follow your shipment).
- Relationship management and marketing for commercial activities. In general, FedEx processes Personal Data as necessary for the development and improvement of FedEx products and/or services, account management, client services and the performance of (targeted) marketing activities in order to establish a relationship with a client and/or maintaining as well as extending a relationship with a client, business partner or supplier and for performing analyses with respect to Personal Data for statistical and scientific purposes (e.g. deliver advertising, communications and content from us on our sites and those of third parties more specific to your interests).
- Business process execution, internal management and management reporting. This includes addressing activities such as managing company assets, conducting internal audits and investigations, finance and accounting, implementing business controls, provision of central processing facilities for efficiency purposes, managing mergers, acquisitions and divestitures and Processing Personal Data for management reporting and analysis (e.g. conduct investigations into shipping accounts to detect fraud).
- Safety and security. Personal Data shall be included in the processing for activities such as those involving safety and health, the protection of FedEx and customer, supplier or business partner assets and the authentication of customer, supplier or business partner status and access rights (e.g. provide a safe and secure services for online and offline transactions).
- Protecting the vital interests of individuals. This includes processing data when necessary to protect your vital interests or of other individuals (e.g. for urgent medical reasons).
Compliance with legal obligations. This addresses the processing of Personal Data as necessary for compliance with laws, regulations and sector specific guidelines to which FedEx is subject (e.g. matching names of clients, suppliers and business partners against denied parties’ lists).
5. Who has access to your Personal Data?
- With its affiliates, operating groups, subsidiaries and divisions, or with third parties if such is necessary for the purposes as listed above. If appropriate, FedEx will require third parties to conduct activities in a
- manner consistent with FedEx policies and guidelines in relation to data protection.
- With data processors, i.e. parties processing Personal Data on our behalf. In such cases, these third parties only use your Personal Data for the purposes described above and only in accordance with our instructions. FedEx will only use processors which provide sufficient guarantees to implement appropriate technical and organizational measures and ensure the protection of the rights of data subjects.
- With its employees if and to the extent necessary for the performance of their tasks. In such a case, access will be granted only if and to the extent necessary for the purposes described above and only if the employee is bound by confidentiality.
- If and when required to do so by law, court order, or other legal process, for example, with law enforcement agencies or other governmental agencies, to establish or exercise our legal rights or in connection with a corporate transaction, such as a divesture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.
6. How long will FedEx process your Personal Data?
We will retain your Personal Data no longer than necessary for the purpose(s) for which we process your Personal Data. After the retention period we will delete or anonymize your Personal Data, unless we need to retain certain of your Personal Data for another purpose. We will only do so if we have a legal ground to retain your Personal Data. We will also ensure that Personal Data are only accessible for that other purpose.
For example, we need your Personal Data to perform the customs clearance process. Customs laws dictate that we have to retain/store - certain of - those Personal Data. Generally, this period varies from 3 to 7 years, depending on the applicable country and customs laws. In those cases, we will only store the Personal Data necessary to meet our legal obligations.
Please contact us using the contact details above if you have questions about specific retention periods.
7. What measures does FedEx take to protect your Personal Data?
- Your Personal Data is protected against unauthorized access;
- The confidentiality of your Personal Data is assured;
- The integrity and availability of your Personal Data will be maintained;
- Personnel is trained in information security requirements; and
- Actual or suspected data breaches are reported in accordance with applicable law.
8. Where does FedEx store or transfer your Personal Data?
Due to the nature of our business and the services we provide to our clients, FedEx may need to transfer your Personal Data to locations outside the country where you reside. In any case where we transfer Personal Data, FedEx shall ensure that such a transfer is subject to appropriate safeguards. For the European Economic Area, such transfers to third parties (outside the European Economic Area) will be governed by a contract based on the model contractual clauses for data transfers approved by the European Commission or other appropriate safeguards. For more detailed information about these safeguards, please contact email@example.com.
9. What rights can you exercise in relation to your Personal Data?
Based on the law applicable to the use of your Personal Data, you may have rights that you can exercise in relation to your Personal Data. Note that in some cases we are not required to – fully – comply with your request, as such rights may be conditional or because we have to balance your rights against our rights and obligations to
process your Personal Data and to protect the rights and freedoms of others. A number of the rights you have in relation to your Personal Data, as applicable in the European Economic Area, are explained below:
Right of access
You are entitled to a copy of the Personal Data we hold about you and to learn details about how we use it. Your Personal Data will usually be provided to you digitally. We may require you to prove your identity before providing the requested information.
Right to rectification
We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you believe this is not the case, you have the right to request that any incomplete or inaccurate Personal Data that we process about you is amended.
Right to erasure
You have the right to ask us to erase your Personal Data, for example where the Personal Data we collected is no longer necessary for the original purpose, where Personal Data has become obsolete or where you withdraw your consent. However, this will need to be balanced against other factors. For example, we may not be able comply with your request due to certain legal or regulatory obligations.
Right to restriction of processing
You are entitled to ask us to (temporarily) stop using your Personal Data, for example where you think that the Personal Data we hold about you may be inaccurate or where you think that we no longer need to use your Personal Data.
Right to data portability
You may have the right to ask that we transfer Personal Data that you have provided to us to a third party of your choice. This right can only be exercised when you have provided the Personal Data to us, and when we are processing that data by automated means on the basis of your consent or in order to perform our obligations under a contract with you.
Right to object
You have the right to object to processing which is based on our legitimate interests. In case of the processing of Personal Data for marketing purposes, you have the right to object at any time. When you ask us to stop using your Personal Data for marketing purposes, FedEx will immediately cease to use your Personal Data. For other purposes based on our legitimate interests, we will no longer process the Personal Data on that basis when you file an objection based on your grounds relating to your particular situation, unless we have a compelling legitimate ground for the processing. Note, however, that we may not be able to provide certain services or benefits if we are unable to process the necessary Personal Data for that purpose.
Rights relating to automated decision-making
You have the right not to be subjected to automated decision-making, including profiling, which produces legal effect for you or has a similar significant effect. If you have been subject to an automated decision and do not agree with the outcome, you can contact us using the details below and ask us to review the decision.
Right to withdraw consent
We may ask for your consent to process your Personal Data in specific cases. When we do this, you have the right to withdraw your consent at any time. FedEx will stop the further processing as soon as possible after the withdrawal of your consent. However, this does not affect the lawfulness of the processing before consent was withdrawn.
Please use the contact details above for your data subject requests. You can manage your accounts with FedEx through the following.
- Opt out for marketing purposes: Visit https://app.onetrust.com/app/#/webform/c121cce6-6cfb-4c3d-9b61-334f56a01b5f.
- Emails: For your email preferences, visit the Email Preference Center.
10. What if you have other questions or complaints?
You also have the right to lodge a complaint with the competent (local) data protection authority in the jurisdiction where you work, where you live or where an alleged infringement takes place. As a rule, the lead supervisory authority for FedEx in the European Economic Area is the Dutch Data Protection Authority (Dutch DPA), unless the alleged infringement is purely a local matter. A listing of the European Data Protection Authorities can be found here.
11. Will there be updates to this Privacy Notice?
(c) 2019 FedEx