Privacy Policy

1. INTRODUCTION

parcelLab respects your privacy and is committed to protecting your Personal Data. This Privacy Policy explains how we handle your Personal Data, outlines your privacy rights, and describes how the applicable law protects you.

Please refer to the Glossary at the bottom of the Privacy Policy to understand the meaning of any defined terms used.

2. PURPOSE OF THIS POLICY

This Privacy Policy is intended to help you understand how parcelLab collects, uses and shares your Personal Data, and to support you in exercising the privacy rights available to you.

It applies to the Personal Data Processed by parcelLab in the context of direct business-to-business relationship with customers, as well as other individuals we interact with, including through our Website.

We encourage you to read this Privacy Policy alongside any other privacy or fair processing notice we may provide on specific occasions when we collect or Process Personal Data. This Privacy Policy supplements those notices and is not intended to override them.

3, WHO WE ARE

parcelLab comprises four legal entities: parcelLab GmbH, a company registered in Germany; parcelLab Ltd., a company registered in England and Wales; parcelLab Inc., a Delaware corporation; and parcelLab SAS, a company registered in France (together the “parcelLab Group”).

This Privacy Policy is issued on behalf of the parcelLab Group, so when we mention “parcelLab”, “we”, “us”, or “our”, we are referring to the relevant entity within the parcelLab Group that is responsible for Processing your Personal Data.

The Controller of your data when you purchase our Services will be the parcelLab Group entity named in your Order Form. For data collected through this Website, the Controller is parcelLab GmbH.

4. HOW TO CONTACT US

If you have any general questions or concerns about this Privacy Policy or our handling of your Personal Data, you can contact us at legal@parcellab.com.  

For issues or queries specifically relating to our Processing of your Personal Data in the EU, you may contact our external Data Protection Officer (DPO) at dataprotection@parcellab.com.

5. TYPES OF DATA WE COLLECT ABOUT YOU

We may collect, use, store, and transfer one or more  types of Personal Data about you, depending on the nature of your interaction with us.  We have grouped as follows:

(a) Identity Data – includes first name, last name, job title and company name.
(b) Contact Data – includes billing address, correspondence address, email address and telephone number.
(c) Technical Data – includes internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Website.
(d) Profile Data – includes your interests, preferences, feedback and survey responses.
(e) Usage Data – includes information about how you use our Services or Website.
(f) Marketing and Communications Data – includes your preferences in receiving marketing communications from us and third parties, and your communication preferences.

We do not collect any Special Categories of Personal Data about you. Additionally, we do not collect any information regarding criminal convictions or offences.

6. HOW YOUR PERSONAL DATA IS COLLECTED

We use various methods to collect Personal Data from and about you, including through the following:

  • Direct interactions – You may provide Personal Data to us by filling in forms or by corresponding with us by phone, email, or otherwise. This includes data you provide when you create an account, contact us, complete surveys, participate in events, engage with our customer service and support, or interact with us for business development purposes.
  • Automated technologies or interactions – We may collect Technical Data about your browsing actions and usage patterns as you interact with our Services or Website, but only where you have provided your consent. This data may be collected using cookies, pixel tags, server logs, and other similar technologies. For more details, please refer to our Cookie Policy.
  • Third parties or publicly available sources – We may receive Personal Data about you from external sources, such as business partners or services. This includes data obtained from publicly available and third-party databases or services, which we use to supplement the information we collect directly.

7. HOW WE USE YOUR PERSONAL DATA

Below, we outline the ways in which we use your Personal Data, along with the legal bases we rely on to do so. Please note that we may Process your Personal Data under more than one Lawful Basis, depending on the specific purpose for which it is being used. For more details about the Lawful Bases we rely on, please refer to the Glossary section.

Purpose of ProcessingType of Personal Data ProcessedLawful Basis for ProcessingDisclosure to Third Parties
To Provide the Services or Information Requested
Provide and manage access to the platform- Identity Data
- Contact Data
- Contractual- AWS
Enable integration with external APIs- Technical Data- Contractual- AWS
Manuage feature settings per customer- Profile Data- Legitimate interest (ensuring proper delivery of contracted services)- AWS
- User pilot
Management of implementation and onboarding- Contact Data-Legitimate Interest (enable effective coordination and onboarding of customers)- AWS
- PlanHat
- Notion
Manage login authentication and user permissions- Identity Data
- Contact Data
- Technical Data
- Contractual
- Legitimate Interest (user access management)
- AWS
- Microsoft
- Hotjar
Communicating with customers- Contact Data- Contractual- AWS
- Microsoft
- Teams
Understand customer satisfaction with the Service- Profile Data- Legitimate Interest (to improve customer support)- AWS
- Hotjar
- Zendesk
Investigate and resolve customer-reported issues- Identity Data
- Contact Data
- Consent- AWS
- HubSpot
- Salesforce
- Microsoft Teams
In-person event registration- Identity Data
- Contact Data
- Consent- AWS
- HubSpot
- Salesforce
- Microsoft Teams
- Livestorm
Newsletter sign-up- Contact Data- Consent- AWS
- Hotjar

Administrative Purposes
Maintain system logs for troubleshooting and security- Technical Data- Legitimate Interest (maintaining system integrity and security- AWS
Monitor Platform Usage- Usage Data- Legitimate Interest (to improve the Service and prevent misuse- AWS
- Matomo
- Storylane
Know the platform users and access rights- Identity Data
- Contact Data
- Contractual- AWS
Manage billing and invoicing of customers- Identity Data
- Contact Data
- Contractual- AWS
- Salesforce
- Maxio
Email validation- Contact Data- Legitimate Interest (maintaining clean, effective database)- AWS
Analyse ticket data- Identity Data - Legitimate Interest (improving support quality)- AWS
- OpenAI
- Jira
Record and document
customer meetings
- Identity Data
- Profile Data
- Legitimate Interest (keeping a record for follow-up)- AWS
- Gong
Review request (E.g. G2)- Identity Data
- Contact Data
- Legitimate Interest (building brand reputation through review)- AWS
- HubSpot
Video view tracking- Usage Data- Legitimate Interest (understanding engagement with video content)- AWS
- HubSpot

Marketing our Products and Services
Newsletters (customers)- Identity Data
- Contact Data
- Legitimate Interest (keeping customer informed)- AWS
- HubSpot
Lead or contact generation- Identity Data
- Contact Data
- Legitimate Interest (managing commercial relationships)- AWS
- Salesforce
- HubSpot
Prospecting / sales outreach (including from third parties)- Identity Data
- Contact Data
- Legitimate Interest (growing business with relevant contacts)- AWS
- Salesforce
- Gong
- HubSpot
CRM contact management- Identity Data
- Contact Data
- Legitimate Interest (managing business with contacts)- AWS
- Salesforce
- HubSpot


8. CHANGE OF PURPOSE

We will only use your Personal Data for the purposes for which it was collected, unless we reasonably determine that a different use is compatible. If we ever need to use your Personal Data for an unrelated purpose, we will notify you and explain the legal basis for doing so.

In limited cases, we may Process your Personal Data without your knowledge or consent, but only where required or permitted by law and always in accordance with our legal obligations and data protection responsibilities.

9. INTERNATIONAL TRANSFERS

We may transfer your Personal Data outside the European Economic Area (EEA) or the United Kingdom (UK), including within the parcelLab Group and to third-party service providers based in other countries.

Where such transfers are to countries that do not offer an adequate level of data protection under applicable laws, we implement appropriate safeguards, such as the European Commission’s Standard Contractual Clauses or other approved mechanisms, to ensure your data remains protected.

In cases where Personal Data is transferred within the parcelLab Group, such transfers are governed by an intra-company processing agreement that ensures compliance with applicable Data Protection Legislation.

10. DATA SECURITY

We have implemented appropriate technical and organisational security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed.

In addition, we limit access to your Personal Data to those employees, agents, contractors, and other third parties who have a business need to know. They will only Process your data on our instructions and are subject to a duty of confidentiality.

We have procedures in place to deal with any suspected Personal Data breach or incident and will notify you and any applicable regulator of a breach where we are legally required to do so.

11. DATA RETENTION

We retain your Personal Data only for as long as necessary to fulfil the purposes for which it was collected, provide our Services, comply with legal obligations, resolve disputes, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

To determine the appropriate retention period, we consider the type and sensitivity of the data, the purpose for Processing, potential risks, and legal requirements.

Where Personal Data is no longer needed, we will securely delete or anonymise it. In some cases, we may retain anonymised data for analytical or statistical purposes indefinitely.

12. YOUR LEGAL RIGHTS

You have the following rights in relation to your Personal Data, subject to certain conditions under applicable data protection laws:
(a) Access – You have the right to request information about how we Process your Personal Data and to access the Personal Data we hold about you.
(b) Correction – You may request the correction of inaccurate Personal Data we hold about you.
(c) Erasure – You may request deletion of your Personal Data where it is no longer necessary for the purposes for which it was collected, or where you have withdrawn consent or successfully objected to Processing, in accordance with applicable law.
(d) Restriction – You may request that we suspend the Processing of your Personal Data in certain circumstances. In such cases, we will only retain the data for the exercise or defence of legal claims.
(e) Portability – You may request to receive your Personal Data in a structured, commonly used, and machine-readable format, and to have that data transmitted to another party, where technically feasible.
(f) Object/Withdrawal of consent – You may object to the Processing of your Personal Data where we rely on legitimate interest or withdraw your consent at any time where Processing is based on consent.
 
13. THIRD PARTY WEBSITES

The Website and Services may contain links to third-party websites or applications, and other websites or applications may link to ours. These third-party services are not under our control, and we are not responsible for their content or privacy practices. We encourage you to review the privacy policies of any third-party websites of applications you visit or interact with.

14. CALIFORNIA CONSUMER PRIVACY ACT (CCPA)

We comply with the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act (CPRA), which serves as a leading standard for privacy protection in the United States. While this section addresses CCPA-specific requirements, our commitment to data privacy extends more broadly and reflects principles common to other U.S. state privacy laws as well.

In the past twelve (12) months, we may have collected the following categories of personal information, as defined under CCPA:

  • Identifiers (e.g., name, email address, IP address)
  • Commercial information (e.g., records or products or services)
  • Internet or electronic network activity (e.g., browsing history, usage data)
  • Inferences drawn from Personal Data to create profiles reflecting preferences or behaviour

We collect this information for the purposes described in Section 7 – “How we Use Your Personal Data”.

We do not sell your Personal Data for monetary consideration. However, we may share your information with third parties for specific operational or analytical purposes, which may be considered “sharing” under the CCPA. You have the right to opt out of the sharing of your Personal Data. You can exercise this right by contacting us.

As a California resident, you have the following rights under the CCPA, subject to certain exceptions:

(a) Right to Know – to request details about the personal information we collect, use, and share.
(b) Right to Delete – to request deletion of personal information we hold about you.
(c) Right to Correct – to request correction of inaccurate personal information.
(d) Right to Opt Out – of the sale or sharing of your personal information.
(e) Right to Non-Discrimination – for exercising your CCPA rights.

To exercise any of the rights described above, you may contact us by email at dataprotection@parcellab.com or by post to 75 State Street, Boston, MA 02109, USA.

15. COOKIES

For more information about the cookies we use, please refer to our Cookie Policy.

16. CHANGES TO OUR PRIVACY POLICY

We may update this Privacy Policy from time to time in our sole discretion. If we make any material changes, we will notify you in accordance with applicable legal requirements. By continuing to use our Website and Services after any updates take effect, you acknowledge and agree to the revised Privacy Policy.

This version was last updated on 19 May 2025. You can view previous versions of our Privacy Policy here.

17. GLOSSARY

  • Controller – means theparcelLab Group entity that determines the purpose and means of Processing your Personal Data.
  • Data Protection Legislation – means any applicable data privacy laws and regulations, including, but not limited to, the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK GDPR as incorporated into the Data Protection Act 2018, the California Consumer Privacy Act (CCPA), and any other applicable data protection laws in the jurisdiction where the Parties operate. 
  • Lawful Basis/Bases – means the legal grounds on which we are permitted to Process your personal data under Data Protection Legislation. These may include:
    • Consent – You have given clear permission for us to Process your Personal Data for a specific purpose.
    • Contractual – Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
    • Legitimate Interest – Processing is necessary for our (or a third party’s) legitimate business interests, provided your rights do not override those interests.
    • Legal Obligation – Processing is necessary to comply with a legal or regulatory obligation.
    • Order Form – means an executed document between you and parcelLab, detailing the Services purchased and governs the contractual relationship.
    • Personal Data – means any information about an individual from which that person can be identified. It does not include where the identity has been removed (i.e. anonymised data).
    • Process/Processing – means any operation or set of operations performed on Personal Data, whether or not by automated means. This includes collection, use, storage, disclosure, transfer, or deletion of Personal Data.
    • Service(s) – means all services provided by parcelLab in connection with your use of the parcelLab platform, including the platform itself, implementation, and the support services as specified in the applicable Order Form.
    • Website – means the parcelLab website accessible at www.parcellab.com and any other web pages operated by parcelLab where this Privacy Policy is posted.