About Sameday
Choose a language
About Sameday
Choose a language
We consider ensuring the right to data protection as a core commitment of Sameday, which is why we will devote all necessary resources and efforts to process your data in full compliance with Regulation (EU) 2016/679 (the “General Data Protection Regulation” or “GDPR”), as well as any other applicable legislation. One of the core principles of this legal framework is transparency, which is why we have prepared this document to inform you about how we collect, use, transfer and protect your personal data when you interact with us in relation to our products and services, including through our website.
We reserve the right to periodically update and amend this Privacy Policy to reflect any changes in the way we process your personal data or any changes in legal requirements. In the event of such a change, we will post the amended version of the Privacy Policy on our website, therefore we ask you to periodically check the contents of this Privacy Policy.
Sameday is the trading name of Delivery Solutions Ltd., UIC: 206957949, a legal entity, with its registered office in Sofia, Mladost district, 7th Kilometer residential district, 143 Tsarigradsko Shose Blvd., 4th floor (hereinafter “Sameday” or “we”). For the purposes of data protection legislation, we are a controller when we process personal data collected directly from you, and a processor of the controller when we process personal data collected by another controller.
We typically collect your personal information directly from you, so you control the type of information you provide to us. For example, we receive information from you in the following cases:
On our website, we may store and collect information through cookies and similar technologies in accordance with our Cookie Policy.
We do not collect or process sensitive data included in the special categories of personal data defined by the General Data Protection Regulation.
We also do not collect or process data from minors under the age of 16. Any person who provides us with personal data directly or through the sender declares on their own responsibility that they are at least 16 years old and can give valid consent to the collection and processing of their data.
We will use your personal data for the following purposes:
1. Providing Sameday services for your benefit
This general objective may include the following:
The processing of your data for these purposes is generally necessary for the conclusion and performance of a contract for courier services. Also, certain processing subordinate to these purposes is required by applicable law, including tax and accounting law.
2. Improving our services
We always strive to offer you the best experience when purchasing services through an online platform. To this end, we may invite you to complete satisfaction surveys after completing an order or conduct market research and studies directly or with the help of partners.
We will also record conversations conducted through the chatbot available on the Sameday.ro website. These activities are based on our legitimate interest in conducting our business, always taking care that your fundamental rights and freedoms are not affected.
3. Communications
To keep you informed about the status of your deliveries, we may send you delivery details or access codes to delivery lockers via electronic communication channels (email/SMS, telephone). We always ensure that this processing is carried out in accordance with your rights and freedoms.
When you interact with our representatives by phone, these calls will be recorded in order to analyze the quality of our services and your level of satisfaction with a view to their improvement. You will be informed of this before the conversation begins and if you continue the conversation, we will assume that you have consented to the recording of the call. In case you do not agree to the recording of the call, you can contact us through the other dedicated channels listed in the Contacts section, including online support via chat.
You can withdraw your consent at any time during the conversation or afterwards. However, the withdrawal of consent will not affect processing already carried out on the basis of your consent or the recording already made. However, the deletion of personal data recorded in this way may be refused on the basis of a legitimate interest or legal obligation.
Furthermore, in order to avoid multiple information about the recording of the call and multiple requests for your consent for this processing (“information fatigue”/“consent fatigue”), for calls made at intervals of less than 24 hours, we will consider that the information about the recording of the call and the request for consent made during the first call are valid for all subsequent calls during this period. You can at any time request us, through the means specified below, to stop the processing of your personal data for information purposes, and we will fulfill your request as soon as possible. Withdrawing your consent will result in the inability to provide information on the status of the services offered.
Sameday may process your personal data to provide you with newsletters and relevant commercial communications about its services. These communications are sent via electronic channels, such as email or SMS. The company ensures that this processing complies with applicable law, including Regulation (EU) 2016/679 (GDPR), and requires your consent where necessary. If you agree to receive marketing information or other marketing communications from Sameday, they will process your personal data based on your explicit consent. You can opt out of receiving these communications at any time by using the “Unsubscribe” option included in the marketing information.
4. To protect our legitimate interests
There may be situations where we will use or share information to protect our rights and business. This may include:
The basis for this type of processing is our legitimate interest in protecting our business, ensuring that the measures taken provide a balance between our interests and your fundamental rights and freedoms. In certain cases, we base our processing on legal provisions, such as the obligation to ensure the security of goods and valuables in accordance with applicable law in this area, the obligation to notify security breaches and the like.
As a general rule, we will retain your personal data for as long as you have an account on the Sameday platform. You may request that we delete certain information or close your account at any time, and we will comply with such requests, provided that we will retain certain information even after the account is closed if required by applicable law or our legitimate interests.
If you do not have an account on the Sameday platform, the general rule is to store information related to orders placed for a period of 5 years, starting from January 1 of the year following the completion of the order (“Retention Period”). Similar to the previous situation, we may retain certain data after the expiry of this period, in accordance with applicable law or our legitimate interests, in particular to exercise the right of defense in the event of a dispute related to the services provided. For this purpose, the data will be stored separately from the data of other customers, and will be archived, encrypted and/or pseudonymized and will only be accessible in the event of a dispute. Immediately after the expiry of the Retention Period, Sameday will delete your personal data and all copies thereof from its systems.
Where appropriate, we may transfer or provide access to certain of your personal data to the following categories of recipients:
If we are legally obliged to do so, or if it is necessary to protect a legitimate interest, we may also disclose certain personal data to government authorities. We ensure that access to your data by third parties – private legal entities, is carried out in accordance with the legal provisions on data protection and confidentiality of information, based on contracts concluded with them.
We currently store and process your personal data in Bulgaria. However, at some point we may transfer certain of your personal data to entities located outside Bulgaria. These entities may be located in or outside the European Union, including in countries that are not recognized by the European Commission as providing an adequate level of protection for personal data.
In the event that your personal data is transferred outside the European Union or the European Economic Area, the transfer will be carried out (a) on the basis of a decision of the European Commission that the relevant third country ensures an adequate level of protection, (b) on the basis of binding corporate rules or (c) on the basis of standard contractual clauses adopted by the European Commission. Furthermore, if we consider that any of these measures is not sufficient to ensure an adequate level of protection, we will adopt additional technical and/or organizational security measures in accordance with the recommendations of the European Commission.
You can contact us at any time using the contact details provided to obtain more information about the countries to which we transfer your data, how and what protection measures we have implemented in relation to these transfers.
We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures in accordance with industry standards. We store your personal data on secure servers, using modern encryption algorithms and providing backup copies.
We may also use PayU services for payment processing. All payment information is encrypted using SSL technology.
Despite the measures taken to protect your personal data, we would like to draw your attention to the fact that the transmission of information over the Internet or other public networks is not completely secure, and there is a risk that the data may be viewed and used by unauthorized third parties. We cannot be held responsible for such vulnerabilities of systems that are not under our control.
The General Data Protection Regulation recognises a number of rights in relation to your personal data. You can request access to your data, correct errors in our records and/or object to the processing of your personal data. You can also exercise your right to lodge a complaint with the competent supervisory authority or to take legal action. Where appropriate, you may also have the right to request the erasure of your personal data, the right to restriction of the processing of your personal data and the right to data portability.
More information about each of these rights can be found in the table below.
How to exercise your rights
To exercise your rights, you can contact us using the contact details provided. Please note the following if you wish to exercise these rights:
1. Identification
We take the privacy of all records containing personal data seriously. For this reason, we ask that you submit your requests regarding these records using the email address associated with your Sameday account. Otherwise, we reserve the right to verify your identity by requesting additional information in order to verify your identity.
2. Fees
We will not charge you a fee for exercising any rights in relation to your personal data unless your request for access to information is unfounded, repetitive or excessive, in which case we will charge a fee that is reasonable in such circumstances. We will notify you of any applicable fees before we process your request.
3. Response time
We aim to respond to every valid request within a maximum of one month, unless it is particularly complex or if you have made multiple requests. In such a case, we will respond within a maximum of two months. We will let you know if we need more than one month. We may ask you if you can provide us with additional information to help us act more quickly and reduce the response time.
4. Rights of third parties
We are not obliged to comply with a request if it would adversely affect the rights and freedoms of other data subjects.
You can ask us:
You may ask us to correct or supplement your personal data that is inaccurate or incomplete. We may attempt to verify the accuracy of the data before correcting it.
You can ask us to delete your personal data, but only if:
We are not obliged to comply with your request to delete your personal data if the processing is necessary for:
There are other circumstances in which we are not required to comply with your request to delete data, although the above are the most likely cases in which we may refuse this request.
Please note that before exercising this right, you must download and save all documents related to orders placed through Sameday from your account, whether the billing was made to you or to another natural or legal person (e.g.: invoices, warranty certificates). If you do not take this step before exercising your right to deletion, you will lose all these documents and Sameday will not be able to re-provide them, as the data and account deletion process is irreversible.
You can ask us to restrict the processing of your personal data, but only if:
We may continue to use your personal data after a request for restriction if:
You can ask us to provide you with your personal data in a structured, commonly used and machine-readable format or request that it be transferred directly to another data controller, but only if:
You may object at any time, on grounds relating to your particular situation, to the processing of your personal data which is based on our legitimate interest, if you consider that your rights and freedoms override this interest.
You can also object to the processing of your data for direct marketing purposes (including profiling) at any time without giving a reason, in which case we will stop such processing as soon as possible.
You may request not to be subject to a decision based solely on automated processing, but only if that decision:
This right does not apply if the decision made through automated decision-making:
You have the right to lodge a complaint with the supervisory authority regarding the processing of your personal data. In Bulgaria, the contact details of the data protection authority are as follows:
Personal Data Protection Commission:
Address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.
GPS coordinates: N 42.668839 E 23.377495
E-mail: [email protected]
Website: www.cpdp.bg
Without prejudice to your right to contact the supervisory authority at any time, please contact us in advance and we promise you that we will do our best to resolve any issues amicably.
You can contact Sameday’s Data Protection Officer at any time by submitting your request in any of the following ways:
Increase or decrease font size 100%