General Personal Data Protection Policy

By providing smart machines processing traditional mail and software dedicated to digital communications management or aimed at facilitating parcel processing, Neopost handles large quantities of confidential information on a daily basis. Protecting them has always been of very high concern for the Group, whether they belong to our employees, direct or indirect customers. Aware of the consequences of a security failure in its operations, Neopost is committed to safeguarding the confidentiality, integrity and availability of all physical and electronic information assets to ensure that regulatory, operational and contractual requirements are fulfilled. 

Our reputation and ongoing relationships with our employees and customers are among our most valuable assets. By complying with this policy in our daily business, we will all contribute to maintaining Neopost’s good name and its good relationship with its customers and other stakeholders.

On May 25, 2018, in a continued effort for transparency in its practices, Neopost updated its General Data Protection Policy, providing more details of the different categories of personal data collected and how the data is used, shared and protected. 

Key changes in the Policy are: 

  • A consolidated General Data Protection Policy for all Neopost websites and apps with key principles. 
  • Compliance with the requirements under the new EU General Data Protection Regulation (GDPR), coming into effect on May 25, 2018.
  • An updated Privacy and Cookies Policy allowing Site visitors and customers to understand what information is being collected and for what purpose.
  • Details on cookies we use, making it easier for Site visitors and customers to manage and control the information we or our partners may collect to provide our services.

Principles

Neopost implemented a strong Data Protection Policy based on the following principles: 

  1. Personal data shall be processed in accordance with the six principles set out in the GDPR, as well as with the practices and procedures of the Neopost Group.
  2. Each Neopost Entity shall have a Data Protection Coordinator (DPC) whose role is to ensure compliance with the GDPR, this policy and any relevant Neopost procedures and practices. Specific responsibilities include maintaining a register of Personal data processing, assessing the current knowledge of data protection within the company and ensuring that appropriate training on data protection is provided to company staff.
  3. Any personal data breach shall be immediately reported, and all staff shall co-operate with the DPC in the investigation and management of that breach, including the limitation of impact for the data subject.
  4. Each Neopost Entity shall require from its partners and subcontractors to act only upon instructions from Neopost and to comply with obligations equivalent to those imposed on Neopost relating to personal data protection.
  5. Neopost shall prevent loss, misuse and data corruption, or theft of Personal data by limiting the access to personal data only to entrusted parties and protecting information processing facilities.

Compliance with this Policy is mandatory. This applies to all the Neopost and Neopost subsidiaries employees, including temporary employees, contractors, visitors and partners with temporary, limited or unlimited access to our information technology systems. Neopost management has the responsibility to implement this Policy statement and its objectives, and provide adequate resources to ensure compliance with best in class practices. 

This policy will be reviewed on a regular basis.

 

Last revision date: 25 May 2018