HomeKnowledge base › Courier services and delivery data
Logistics

Courier services: destroying delivery data

Parcel labels, proof of delivery slips and delivery lists of a courier service ready for confidential destruction

A courier service processes the data of every recipient and sender. Name and address on the parcel label, a phone number for the delivery appointment, a signature on the proof of delivery, return addresses, route lists and the routing data of your couriers. A small part falls under the tax retention obligation, the largest part should be kept as briefly as possible. This guide shows, by part, what you keep, when it may go and how to destroy it confidentially.

The short answer runs as follows. Delivery and address data you keep no longer than necessary for the delivery and its settlement. The invoicing falls separately under the tax seven years. Proofs of delivery serve as evidence until the job is settled. What may go disappears confidentially and with a certificate.

Two frameworks, proof of delivery and the GDPR

At a courier service two interests run together. You want to be able to demonstrate that a parcel was delivered, so you keep a proof of delivery with a signature or photo as evidence. At the same time the GDPR applies, which requires not keeping personal data longer than necessary. The evidential interest sets how long you reasonably keep a proof of delivery, the GDPR sets that you may not leave the rest standing forever.

So treat the data per type. A parcel label with a name and address has a different status than an invoice or a courier's route list. If you make that distinction, you keep exactly what is needed and clear out the rest on time. That way you keep small the mountain of address data you would otherwise build up unnoticed.

Retention periods by part

The period differs per type of data. The overview below gives the main line. Count the tax period from the end of the financial year and the other periods from the moment the delivery has been settled.

PartStarting pointPeriod
Invoicing and administrationTax retention obligation7 years
Proofs of delivery and signaturesEvidence of deliveryuntil settlement
Recipient delivery and address dataAs limited as possiblegone after settlement
Parcel labels and return addressesPurpose-boundright after processing
Courier route and trip dataPurpose-bound, partly taxas briefly as possible
Correspondence and draftsNo retention obligationclear out at once

Use this as a guideline, not a substitute for your own agreements with clients. When in doubt, consult your privacy adviser. The tax side is in how long you must keep documents and the full list by type in the GDPR retention periods cheatsheet.

Proofs of delivery and signatures

A proof of delivery with a signature or delivery photo is your evidence that a parcel was delivered. That evidence has value until the job is settled and the period for complaints or claims has passed. As long as a recipient can assert that a parcel did not arrive, you want to be able to show the evidence. After that the purpose lapses and the proof of delivery belongs with the data that may go.

Mind the link with the administration. If a proof of delivery is attached to an invoice or forms part of the bookkeeping, it follows the tax period of seven years. If it stands alone, the settlement of the job is decisive. Never keep a signature or delivery photo longer than one of these grounds justifies.

Limiting delivery, address and return data

Parcel labels, return stickers and delivery lists contain the recipient's name, address and often a phone number or order number. Those are personal data, even if it is only a sticker. A misprint, a cancelled label or a return address you print therefore does not belong in the paper bin but in the confidential volume. A single label seems harmless, but a full bin forms an address file that on the street is a data breach.

Collect single labels, print lists and return documents in a sealed container, separate from ordinary waste. Clear them out as soon as the delivery has been settled. That way you avoid managing a stock of address data for which you no longer have a purpose.

Route and trip data of your couriers

Besides recipient data you also process data on your own couriers. Route lists, routing data, GPS and telematics data and scan data per stop are personal data of the driver. They belong to running the business, but storage limitation applies here too. Keep them for as long as you need them for planning, checks or a tax ground, then clear them out in a structured way. How to handle this fleet data is set out in driver data and the GDPR in your fleet.

How to handle it in 6 steps

  1. Split the data into administration, proofs of delivery, address data and courier data.
  2. Limit address data to what you need for the delivery.
  3. Keep proofs of delivery until the job is settled or the tax period.
  4. Clear out labels and return documents as soon as the delivery is done.
  5. Collect what may go in sealed containers, not in the paper bin.
  6. Have it destroyed confidentially with a certificate and record it in your register.

Destroy confidentially with a certificate

Delivery data is destroyed confidentially, because it contains the name, address and contact details of your recipients. The paper, the labels and any data carriers travel sealed and stay that way until destruction, so the chain is closed. An old scanner, a handheld terminal or a backup with delivery data belongs with it too. Documents with a CMR or transport character follow the same line, as described in destroying transport documents after retention and the broader overview logistics and transport, waybills and CMR.

Afterwards you receive a certificate of destruction with the date, quantity and level. That certificate is your proof towards the GDPR that you acted carefully. We collect within 20 km of Amsterdam with no call-out charge, work nationwide through pooled collection rounds and charge a fixed price per box or roll container. Drop-off on site is not possible; it works by appointment through collection.

Delivery data to be destroyed?

Tell us what you have and you get a fixed price. We collect it sealed, destroy it at the right DIN level and you receive a certificate for your GDPR file. No call-out charge within 20 km of Amsterdam.

Request a quote

Common mistakes

  • Keeping address data forever. After settlement the ground lapses.
  • Throwing labels and return stickers in the paper bin. Those belong in the confidential volume.
  • Keeping proofs of delivery too long. After the complaints period they have no purpose.
  • Forgetting courier data. Route and trip data also fall under the GDPR.
  • Keeping no proof. Without a certificate you cannot demonstrate the destruction.

Frequently asked questions

How long may a courier service keep delivery and address data?

No longer than necessary for the delivery and its settlement. Once the parcel has been delivered and no complaint or follow-up question is in play, the ground lapses and you clear out the address data. The invoicing falls separately under the seven-year tax retention obligation.

How long do I keep proof of delivery and signatures?

A proof of delivery with a signature serves as evidence of delivery and you keep it until the job is settled and the complaints period has passed. If the proof is attached to the invoice, the tax period applies. After that it has no further purpose.

Do parcel labels and return addresses fall under the GDPR?

Yes. A parcel label contains the recipient's name, address and often a phone number or order number, and those are personal data. Single labels, return stickers and misprints do not belong in the paper bin but in the confidential volume.

How do I destroy delivery data in line with the GDPR?

Confidentially and with a certificate of destruction. Paper, labels and data carriers travel sealed and the destruction is recorded in the record of processing.

Conclusion

A courier service works with the address, contact and evidential data of every recipient, between an evidential interest and the GDPR. Keep proofs of delivery until settlement, keep the administration seven years and limit address data to what the delivery requires. Labels, return documents and courier data you clear out as soon as the purpose has passed. What may go you have destroyed confidentially with a certificate as proof. That way you meet both interests and protect your recipients' data.

Read also: coach companies: destroying passenger data, car body repair: destroying customer data, petrol stations: destroying customer data and the GDPR retention periods cheatsheet.


Have delivery data collected? Request a quote via desnipperaar.nl. Within a few minutes you have a fixed price, including a certificate as proof.