Data Protection Impact Assessment


WanbExpress is a company that provides cross-border logistics services to global cross-border e-commerce sellers. We have branches in Europe and North America. We are responsible for delivering Chinese goods and packages to Europe and North America. Our customer base is mainly distributed overseas and is adult. We are well aware of the sensitivity and importance of customer information during logistics transportation, especially delivery address information. To this end, we have established this data protection impact assessment to explain our commitment and measures to the confidentiality of carrier information to ensure that your information is protected at the highest level.

2. Purpose of data processing

(a) To enter into and perform an agreement When you work with us as a customer, the Company will process your personal data to further our agreement regarding the delivery of mail and/or parcels. For this purpose, we will process your contact details, such as your address, personal information, such as your name, and payment information, in accordance with the performance of the agreement with you.

(b) For business process execution and internal management We process your personal data in the course of conducting and organizing our business. This includes general management and asset management. The Company also processes your personal data for internal management purposes. We implement business control, manage, and use business partner and customer directories. In addition, we process your personal data for financial and accounting purposes, archiving and insurance purposes, legal and business consulting, and dispute resolution purposes. For example, your address and email address, personal information such as your name, tax number, correspondence with us, and data generated during the performance of the agreement between you and the Company. The above processing is necessary for the performance of our agreement with you or for the legitimate interests of the Company.

(c) For organizational analysis, development, and management reporting At the Company, we may process your personal data in the preparation and performance of management reports and analyses. For this purpose, we process your contact details, such as address and email address, personal information, such as your name, tax ID number, correspondence with us, and information you provide when responding to our surveys. The above processing is necessary for the legitimate interests of the Company.

(d) When you interact with the Company (online or offline) If you contact us, we will use your personal data to respond to and answer your questions. For this purpose, we process your name, contact details, your correspondence with us, your questions, and all other personal data necessary to answer your questions. If you contact us, your data will not be retained for longer than is necessary for the above purposes. The above processing is necessary to perform our agreement with you or for the legitimate interests of the Company. We only process data that is absolutely necessary to answer your questions.

(e) Compliance with laws In some cases, we process your personal data to comply with laws and regulations. For example, when there are obligations related to tax or business conduct or for safety or security purposes. In order to comply with relevant laws and regulations, we may need to disclose your personal data to government agencies or regulators. For this purpose, we process your contact details, such as your address and personal information, such as your name, payment information, residence, and tax details, as necessary to comply with the legal obligations to which the Company is subject.

3. Data Types

When we provide our services, we have a need to process personal data. We typically process the following personal data when you use our services or website:

  • Contact details
    This will include your name, address, e-mail address and phone number.
  • Financial and account information
    This will include your bank account number, payment and invoice status.
  • Identification information
    We use this to ensure that we can identify you, but we strive to be as privacy-invasive as possible.
  • Information in relation to the shipment
    This is typically track & trace information. For this, we will need you to log in using your email address and/or mobile phone number.
  • Other services and preferences
    When you order other services from us, give us a compliment, file a complaint or set your preferences,we also need to process the personal data. This is typically the personal data that you supply to us in the process.
  • Automatically generated information
    Some personal data just gets generated automatically, such as an IP address, MAC address, and browser type.

4. Data source

The data mainly comes from third-party cross-border e-commerce platforms. WanbExpress provides parcel delivery services for sellers on e-commerce platforms.’

5. Data Processing

The Company has implemented adequate safeguards, including technical, physical and organizational measures, to protect the confidentiality and security of personal data. When personal data is no longer necessary, it will be deleted or anonymized. Data subjects have the right to request access to, correction, and/or deletion of personal data and may have other rights.

6. Data security

Implement high-level data encryption technology to ensure the security of information during transmission and storage.
Adopt a strict access control system to authorize only necessary employees to access customer information when performing their duties.
Regularly review and update security policies to prevent potential information security threats.

7. Data Subject Rights

You have the right to query, correct or delete your logistics shipping address information. We provide convenient customer service channels to support your information management needs.
Your choice is important, but we may need to remind you that refusing to provide certain information may affect the integrity or efficiency of the service.
If the customer requests to delete the information, we will handle the subsequent service procedures with the customer, including but not limited to stopping the service, cleaning up the cooperation records, etc., while retaining the necessary information within the scope permitted by law.

8. Risk Assessment

After a comprehensive assessment and risk analysis of the company’s data processing activities, no significant data protection risks have been found in the current data processing. Our data processing activities comply with applicable data protection regulations, and necessary control measures have been taken to protect the security and confidentiality of personal data. We will continue to monitor and review our data processing practices to ensure that they continue to meet the highest standards of compliance and security.

9. Compliance

Our carrier information protection measures are fully in compliance with the requirements of relevant laws and regulations, such as the Cybersecurity Law and the Personal Information Protection Law. In the event of an incident that may affect the security of customer information, we will notify you promptly and take the necessary remedial measures in accordance with the law.

10. Control measures

We will retain your logistics and transportation address information within the scope permitted by laws and regulations and destroy the information in accordance with security standards after the information retention period expires, or you make a reasonable request to ensure that your information will not be abused.

11. Responsibility and Supervision

Customer address information encountered in logistics services is our most sensitive and important data asset. Any unauthorized disclosure will cause immeasurable damage to customer trust and the company’s reputation. Therefore, under no circumstances will the company’s employees disclose such information to any person or entity outside the company in any form (including but not limited to oral, written, electronic or other means). Once the act of leaking customer information is discovered, regardless of the severity of the circumstances, we will immediately initiate an internal investigation, report the case to the public security organs without delay if necessary, and pursue the legal responsibility of the persons involved. We will never tolerate it. The company reserves the right to monitor the behavior of employees in the process of processing, accessing and transmitting customer information. All access behaviors must be strictly authenticated, and any unauthorized use will be recorded and used as evidence. However, the company’s right to supervision shall not infringe on the private rights and interests of employees. The company will take technical and organizational measures, including but not limited to data encryption, access control, logging, etc. Employees must strictly abide by any regulations and requirements of the company on information security.

12. Approval and Update

The person who approves the DPIA (Data Protection Impact Assessment) is the head of IT R&D in the company, who is responsible for the protection of global package data and the development of data management plans. If there are major changes in the company’s data processing activities, such as the introduction of new data processing technologies, the collection of new types of personal data, or changes in data processing methods, Or if there are changes in applicable data protection regulations, especially those related to the processing of personal data, the company will update the DPIA once a year in accordance with the new regulatory requirements.