Why parcelLab?
Discover why parcelLab is the go-to post-purchase partner for top retailers across the globe
Privacy Policy
1. INTRODUCTION
parcelLab respects your privacy and is committed to protecting your Personal Data. This Privacy Policy explains how we handle your Personal Data, outlines your privacy rights, and describes how the applicable law protects you.
Please refer to the Glossary at the bottom of the Privacy Policy to understand the meaning of any defined terms used.
2. PURPOSE OF THIS POLICY
This Privacy Policy is intended to help you understand how parcelLab collects, uses and shares your Personal Data, and to support you in exercising the privacy rights available to you.
It applies to the Personal Data Processed by parcelLab in the context of direct business-to-business relationship with customers, as well as other individuals we interact with, including through our Website.
We encourage you to read this Privacy Policy alongside any other privacy or fair processing notice we may provide on specific occasions when we collect or Process Personal Data. This Privacy Policy supplements those notices and is not intended to override them.
3, WHO WE ARE
parcelLab comprises four legal entities: parcelLab GmbH, a company registered in Germany; parcelLab Ltd., a company registered in England and Wales; parcelLab Inc., a Delaware corporation; and parcelLab SAS, a company registered in France (together the “parcelLab Group”).
This Privacy Policy is issued on behalf of the parcelLab Group, so when we mention “parcelLab”, “we”, “us”, or “our”, we are referring to the relevant entity within the parcelLab Group that is responsible for Processing your Personal Data.
The Controller of your data when you purchase our Services will be the parcelLab Group entity named in your Order Form. For data collected through this Website, the Controller is parcelLab GmbH.
4. HOW TO CONTACT US
If you have any general questions or concerns about this Privacy Policy or our handling of your Personal Data, you can contact us at legal@parcellab.com.
For issues or queries specifically relating to our Processing of your Personal Data in the EU, you may contact our external Data Protection Officer (DPO) at dataprotection@parcellab.com.
5. TYPES OF DATA WE COLLECT ABOUT YOU
We may collect, use, store, and transfer one or more types of Personal Data about you, depending on the nature of your interaction with us. We have grouped as follows:
(a) Identity Data – includes first name, last name, job title and company name.
(b) Contact Data – includes billing address, correspondence address, email address and telephone number.
(c) Technical Data – includes internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Website.
(d) Profile Data – includes your interests, preferences, feedback and survey responses.
(e) Usage Data – includes information about how you use our Services or Website.
(f) Marketing and Communications Data – includes your preferences in receiving marketing communications from us and third parties, and your communication preferences.
We do not collect any Special Categories of Personal Data about you. Additionally, we do not collect any information regarding criminal convictions or offences.
6. HOW YOUR PERSONAL DATA IS COLLECTED
We use various methods to collect Personal Data from and about you, including through the following:
- Direct interactions – You may provide Personal Data to us by filling in forms or by corresponding with us by phone, email, or otherwise. This includes data you provide when you create an account, contact us, complete surveys, participate in events, engage with our customer service and support, or interact with us for business development purposes.
- Automated technologies or interactions – We may collect Technical Data about your browsing actions and usage patterns as you interact with our Services or Website, but only where you have provided your consent. This data may be collected using cookies, pixel tags, server logs, and other similar technologies. For more details, please refer to our Cookie Policy.
- Third parties or publicly available sources – We may receive Personal Data about you from external sources, such as business partners or services. This includes data obtained from publicly available and third-party databases or services, which we use to supplement the information we collect directly.
7. HOW WE USE YOUR PERSONAL DATA
Below, we outline the ways in which we use your Personal Data, along with the legal bases we rely on to do so. Please note that we may Process your Personal Data under more than one Lawful Basis, depending on the specific purpose for which it is being used. For more details about the Lawful Bases we rely on, please refer to the Glossary section.
| Purpose of Processing | Type of Personal Data Processed | Lawful Basis for Processing | Disclosure to Third Parties |
|---|---|---|---|
| To Provide the Services or Information Requested | |||
| Provide and manage access to the platform | - Identity Data - Contact Data | - Contractual | - AWS |
| Enable integration with external APIs | - Technical Data | - Contractual | - AWS |
| Manuage feature settings per customer | - Profile Data | - Legitimate interest (ensuring proper delivery of contracted services) | - AWS - User pilot |
| Management of implementation and onboarding | - Contact Data | -Legitimate Interest (enable effective coordination and onboarding of customers) | - AWS - PlanHat - Notion |
| Manage login authentication and user permissions | - Identity Data - Contact Data - Technical Data | - Contractual - Legitimate Interest (user access management) | - AWS - Microsoft - Hotjar |
| Communicating with customers | - Contact Data | - Contractual | - AWS - Microsoft - Teams |
| Understand customer satisfaction with the Service | - Profile Data | - Legitimate Interest (to improve customer support) | - AWS - Hotjar - Zendesk |
| Investigate and resolve customer-reported issues | - Identity Data - Contact Data | - Consent | - AWS - HubSpot - Salesforce - Microsoft Teams |
| In-person event registration | - Identity Data - Contact Data | - Consent | - AWS - HubSpot - Salesforce - Microsoft Teams - Livestorm |
| Newsletter sign-up | - Contact Data | - Consent | - AWS - Hotjar |
| Administrative Purposes | |||
|---|---|---|---|
| Maintain system logs for troubleshooting and security | - Technical Data | - Legitimate Interest (maintaining system integrity and security | - AWS |
| Monitor Platform Usage | - Usage Data | - Legitimate Interest (to improve the Service and prevent misuse | - AWS - Matomo - Storylane |
| Know the platform users and access rights | - Identity Data - Contact Data | - Contractual | - AWS |
| Manage billing and invoicing of customers | - Identity Data - Contact Data | - Contractual | - AWS - Salesforce - Maxio |
| Email validation | - Contact Data | - Legitimate Interest (maintaining clean, effective database) | - AWS |
| Analyse ticket data | - Identity Data | - Legitimate Interest (improving support quality) | - AWS - OpenAI - Jira |
| Record and document customer meetings | - Identity Data - Profile Data | - Legitimate Interest (keeping a record for follow-up) | - AWS - Gong |
| Review request (E.g. G2) | - Identity Data - Contact Data | - Legitimate Interest (building brand reputation through review) | - AWS - HubSpot |
| Video view tracking | - Usage Data | - Legitimate Interest (understanding engagement with video content) | - AWS - HubSpot |
| Marketing our Products and Services | |||
|---|---|---|---|
| Newsletters (customers) | - Identity Data - Contact Data | - Legitimate Interest (keeping customer informed) | - AWS - HubSpot |
| Lead or contact generation | - Identity Data - Contact Data | - Legitimate Interest (managing commercial relationships) | - AWS - Salesforce - HubSpot |
| Prospecting / sales outreach (including from third parties) | - Identity Data - Contact Data | - Legitimate Interest (growing business with relevant contacts) | - AWS - Salesforce - Gong - HubSpot |
| CRM contact management | - Identity Data - Contact Data | - Legitimate Interest (managing business with contacts) | - AWS - Salesforce - HubSpot |
8. CHANGE OF PURPOSE
We will only use your Personal Data for the purposes for which it was collected, unless we reasonably determine that a different use is compatible. If we ever need to use your Personal Data for an unrelated purpose, we will notify you and explain the legal basis for doing so.
In limited cases, we may Process your Personal Data without your knowledge or consent, but only where required or permitted by law and always in accordance with our legal obligations and data protection responsibilities.
9. INTERNATIONAL TRANSFERS
We may transfer your Personal Data outside the European Economic Area (EEA) or the United Kingdom (UK), including within the parcelLab Group and to third-party service providers based in other countries.
Where such transfers are to countries that do not offer an adequate level of data protection under applicable laws, we implement appropriate safeguards, such as the European Commission’s Standard Contractual Clauses or other approved mechanisms, to ensure your data remains protected.
In cases where Personal Data is transferred within the parcelLab Group, such transfers are governed by an intra-company processing agreement that ensures compliance with applicable Data Protection Legislation.
10. DATA SECURITY
We have implemented appropriate technical and organisational security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed.
In addition, we limit access to your Personal Data to those employees, agents, contractors, and other third parties who have a business need to know. They will only Process your data on our instructions and are subject to a duty of confidentiality.
We have procedures in place to deal with any suspected Personal Data breach or incident and will notify you and any applicable regulator of a breach where we are legally required to do so.
11. DATA RETENTION
We retain your Personal Data only for as long as necessary to fulfil the purposes for which it was collected, provide our Services, comply with legal obligations, resolve disputes, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.
To determine the appropriate retention period, we consider the type and sensitivity of the data, the purpose for Processing, potential risks, and legal requirements.
Where Personal Data is no longer needed, we will securely delete or anonymise it. In some cases, we may retain anonymised data for analytical or statistical purposes indefinitely.
12. YOUR LEGAL RIGHTS
You have the following rights in relation to your Personal Data, subject to certain conditions under applicable data protection laws:
(a) Access – You have the right to request information about how we Process your Personal Data and to access the Personal Data we hold about you.
(b) Correction – You may request the correction of inaccurate Personal Data we hold about you.
(c) Erasure – You may request deletion of your Personal Data where it is no longer necessary for the purposes for which it was collected, or where you have withdrawn consent or successfully objected to Processing, in accordance with applicable law.
(d) Restriction – You may request that we suspend the Processing of your Personal Data in certain circumstances. In such cases, we will only retain the data for the exercise or defence of legal claims.
(e) Portability – You may request to receive your Personal Data in a structured, commonly used, and machine-readable format, and to have that data transmitted to another party, where technically feasible.
(f) Object/Withdrawal of consent – You may object to the Processing of your Personal Data where we rely on legitimate interest or withdraw your consent at any time where Processing is based on consent.
13. THIRD PARTY WEBSITES
The Website and Services may contain links to third-party websites or applications, and other websites or applications may link to ours. These third-party services are not under our control, and we are not responsible for their content or privacy practices. We encourage you to review the privacy policies of any third-party websites of applications you visit or interact with.
14. CALIFORNIA CONSUMER PRIVACY ACT (CCPA)
We comply with the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act (CPRA), which serves as a leading standard for privacy protection in the United States. While this section addresses CCPA-specific requirements, our commitment to data privacy extends more broadly and reflects principles common to other U.S. state privacy laws as well.
In the past twelve (12) months, we may have collected the following categories of personal information, as defined under CCPA:
- Identifiers (e.g., name, email address, IP address)
- Commercial information (e.g., records or products or services)
- Internet or electronic network activity (e.g., browsing history, usage data)
- Inferences drawn from Personal Data to create profiles reflecting preferences or behaviour
We collect this information for the purposes described in Section 7 – “How we Use Your Personal Data”.
We do not sell your Personal Data for monetary consideration. However, we may share your information with third parties for specific operational or analytical purposes, which may be considered “sharing” under the CCPA. You have the right to opt out of the sharing of your Personal Data. You can exercise this right by contacting us.
As a California resident, you have the following rights under the CCPA, subject to certain exceptions:
(a) Right to Know – to request details about the personal information we collect, use, and share.
(b) Right to Delete – to request deletion of personal information we hold about you.
(c) Right to Correct – to request correction of inaccurate personal information.
(d) Right to Opt Out – of the sale or sharing of your personal information.
(e) Right to Non-Discrimination – for exercising your CCPA rights.
To exercise any of the rights described above, you may contact us by email at dataprotection@parcellab.com or by post to 75 State Street, Boston, MA 02109, USA.
15. COOKIES
For more information about the cookies we use, please refer to our Cookie Policy.
16. CHANGES TO OUR PRIVACY POLICY
We may update this Privacy Policy from time to time in our sole discretion. If we make any material changes, we will notify you in accordance with applicable legal requirements. By continuing to use our Website and Services after any updates take effect, you acknowledge and agree to the revised Privacy Policy.
This version was last updated on 19 May 2025. You can view previous versions of our Privacy Policy here.
17. GLOSSARY
- Controller – means theparcelLab Group entity that determines the purpose and means of Processing your Personal Data.
- Data Protection Legislation – means any applicable data privacy laws and regulations, including, but not limited to, the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK GDPR as incorporated into the Data Protection Act 2018, the California Consumer Privacy Act (CCPA), and any other applicable data protection laws in the jurisdiction where the Parties operate.
- Lawful Basis/Bases – means the legal grounds on which we are permitted to Process your personal data under Data Protection Legislation. These may include:
- Consent – You have given clear permission for us to Process your Personal Data for a specific purpose.
- Contractual – Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
- Legitimate Interest – Processing is necessary for our (or a third party’s) legitimate business interests, provided your rights do not override those interests.
- Legal Obligation – Processing is necessary to comply with a legal or regulatory obligation.
- Order Form – means an executed document between you and parcelLab, detailing the Services purchased and governs the contractual relationship.
- Personal Data – means any information about an individual from which that person can be identified. It does not include where the identity has been removed (i.e. anonymised data).
- Process/Processing – means any operation or set of operations performed on Personal Data, whether or not by automated means. This includes collection, use, storage, disclosure, transfer, or deletion of Personal Data.
- Service(s) – means all services provided by parcelLab in connection with your use of the parcelLab platform, including the platform itself, implementation, and the support services as specified in the applicable Order Form.
- Website – means the parcelLab website accessible at www.parcellab.com and any other web pages operated by parcelLab where this Privacy Policy is posted.