Shipping love
and memories in a click.

Privacy Policy

This document outlines worldBOX Policy to help ensure that we comply with the Data Protection Acts.

Policy Statement

Everyone has rights with regards to how their personal information is handled. During the course of worldBOX day to day delivery activities we may collect, store and process personal information about customers, clients, service providers and staff and recognize the need to treat this data in an appropriate and lawful manner. worldBOX is committed to complying with its obligations in respect of all personal data it handles.

The types of personal data that worldBOX may be required to handle includes details of current, past and prospective Customers, Clients, Suppliers and Staff and others that communicates with. The information, which may be held on electronic systems, is subject to certain legal safeguards specified in the Data Protection Acts 1988–2003 (‘the Acts’) and other regulations. The Acts impose restrictions on how worldBOX, in the way personal data and sensitive personal data are collect, accessed, used and disclosed and how long the data is to be retained.

In accordance with the Acts, the designated Company ‘Data Controller’ within worldBOX is responsible for all aspects of the Data Protection Policy and implementation of the same.

Purpose and Scope of this Policy

This policy is a statement of worldBOX is commitment to protect the rights and privacy of individuals in accordance with Protection Acts. This policy sets out worldBOX’s rules on data protection and the legal conditions that must be satisfied in relation to the collection, obtaining, handling, processing, storage, transportation and destruction of personal and sensitive information.

If an employee considers that the policy has not been followed in respect of personal data about Customers or themselves or others they should raise the matter with the ‘Data Controller’.

Definition of Data Protection Principles

We shall perform our responsibilities under the Data Protection Acts in accordance with the following Data Principles.

Anyone processing personal data must comply with the eight enforceable principles of good practice. These provide that personal data must be:

  1. Obtain and process information fairly
    We shall obtain and process your personal data fairly and in accordance with statutory and other legal obligations.
  2. Keep it only for one or more specified, explicit and lawful purposes
    We shall keep your personal data for purposes that are specific, lawful and clearly stated. Your personal data will only be processed in a manner compatible for these purposes specifically permitted by the Acts.
  3. Use and disclosed only in ways compatible with these purposes
    We shall use and disclose your personal data only in circumstances that are necessary for the purposes for which we collected the data.
  4. Keep it safe and secure
    • We shall take appropriate security measure against unauthorized access to, or alternation, disclosure or destruction of your personal data and against its accidental loss or destruction
    • Information which is stored electronically on worldBOX secure HQ System, such as Name, Address, Phone or Mobile Number
    • Employees (Data Users) whose work involves using personal data, have a duty to protect information they handle by following worldBOX data protection security policies at all times
    • The Acts require worldBOX to put in place procedures and technologies to maintain the security of all personal data
    • Customer and Clients Personal data to be retained for 1 year (period of time) then thereafter to be erased
    • ISO 27001 – compliance is required to all Policies, with regards to IS027001, including the IT Security Policy documents
  5. Keep it accurate, complete and up-to-date
    • We adopt procedures that ensure high levels of data accuracy, completeness and that your data is up-to-date
    • Examples of relevant changes to data would include a “Change of Address”
    • Inaccurate or out-of-date data should be destroyed
  6. Ensure it is adequate, relevant and not excessive
    We shall only hold your personal data to the extent that it is adequate, relevant and not excessive and for the purposes for which it was collected in the first place
  7. Retain for no longer than is necessary for the purposes or purposes for which it was collected
    We have a retention policy for your personal data, we retain your personal data for a 12 month period of time in order to protect its legitimate interests i.e. Delivery records and traceability of same delivery. This also facilitates requests and traceability for delivery confirmation if required.
  8. Provided to Data Subjects as requested. Give a copy of his/her personal data to that individual, on request
    • We adopt procedures to ensure that data subjects can exercise their rights under the Data Protection legislation to access their data
    • Requests can be made for access to data held about them by the Data Controller
    • Requests to have inaccurate data amended

Overall responsibility for ensuring compliance with Data Protection Acts rests with the Data Protection Controller for the Company, who co-ordinates the provision of support and advice throughout the Company to ensure comply with the legislation.

Procedures and Guidelines

worldBOX are firmly committed to ensure personal privacy and compliance with the Data Protection Acts, including its best practice guidelines and procedures in relation to all aspects of Data Protection.

Retention Policy

worldBOX will retain your personal data for a 12 months period of time, in order to protect its legitimate interests i.e. Deliveries records and traceability of delivery. After 12 months period, the personal data will be destroyed. We are committed to best practice in handling the Customers personal data.

If you click to agree “Retain my details”, on worldBox website, we will retain your personal data for a 12 month period after which time your records will be deleted.

Policy Review

worldBOX will continue to review the effectiveness of this policy to ensure it is achieving its stated objectives on at least an annual basis and more frequently if required taking into account changes in the law and organizational or security changes.

We have taken all reasonable precautions to comply with all conventions, directives and legislation relating to the protection of personal data including if practicable encryption of the personal data to ensure the safety of the personal data in the event of loss or undeliverable items.