Driver & Courier Privacy Policy (Independent Contractors)
Last updated June 2026
InPost Delivery Network Limited
Please read this privacy policy carefully. It explains what personal information we collect about you when you use the InPost Driver and Courier App and ICRA (the 'Apps'), why we collect it, what we do with it, and your rights under data protection law.
The collection and use of your personal information is necessary for the Apps to work properly. Some data, particularly your location and delivery scan data, is required to allocate deliveries to you and to confirm that deliveries have been made. Without this processing, the Apps cannot function and we would be unable to pay you for services provided to InPost.
1. WHO WE ARE
The Apps are operated by InPost Delivery Network Limited ('InPost', 'we', 'us', 'our'), with company number 5200072 and registered office Moray House, 23-35 Great Titchfield Street, London, United Kingdom, W1W 7PA.
We are the data controller for the personal data processed through the Apps. This means we are responsible for deciding how and why your personal data is used. Specifically, we are a "Data Controller" for the purposes of the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018 (the "Act" and "UK GDPR" respectively, and together the "Data Protection Legislation"). Where our activities fall within the scope of the EU General Data Protection Regulations 2016/679 (“EU GDPR”), we will also comply with its requirements.
We are registered with the Information Commissioner's Office (ICO) under registration number Z8874457.
If you have any questions about this policy or how we use your personal data, please contact our Data Protection Team:
- Email: [email protected]
- Post: Data Protection Team, InPost Delivery Network Limited, Verdant 2 Redheughs Rigg, South Gyle, Edinburgh, Scotland, EH12 9DQ
You have the right to complain to the Information Commissioner's Office (ICO): www.ico.org.uk / 0303 123 1113, the UK supervisory authority for data protection issues, or other competent supervisory authority of an EU member state if the Apps are downloaded outside the UK, about how we use your personal information for the operation of the Apps.
2. THIS POLICY
This policy applies to your use of the Apps once you have downloaded them onto your mobile device. It should be read together with the Apps Terms and Conditions of Use (‘T&Cs’). This policy covers independent contractor couriers and drivers.
Changes to this policy
We review this policy regularly. If we make material changes, we will notify you by email, push notification, or an in-App message before the changes take effect. The current version of this policy will always be available within the App and on our website. The date this policy was last updated is shown at the top of this page.
3. THE PERSONAL DATA WE COLLECT
When you register for and use the Apps, we collect the following categories of personal data:
3.1 Identity and Contact Data
- Your name and profile photograph.
- Your contact details, including email address and phone number.
3.2 Device and Technical Data
- The type of mobile device you use, its unique device identifier (such as IMEI number or MAC address), your mobile operating system, and App version.
- IP address and network/connectivity information.
3.3 Login and Security Data
- Your username, encrypted password, and App authentication records.
- Log-in timestamps and session data.
3.4 Location Data
- Your real-time GPS location while you are logged in and active in a delivery session.
- GPS coordinates recorded at the point of delivery, collection, or a delivery exception event.
For full details of when and how location tracking operates, see Section 6 (Driver and Courier Monitoring).
3.5 Delivery and Scan Data
- Parcel barcode scan records, including timestamps and location of each scan event.
- Delivery confirmation data: recipient signatures or PIN confirmations, delivery photographs (including images of delivery locations and 'safe place' images), and non-delivery records.
- Collection, return, and exception records.
3.6 Performance Data
- Delivery performance metrics derived from your activity, including on-time delivery rates, scan compliance rates, exception rates, redelivery rates and other operational performance indicators.
- Records of delivery rounds and tours assigned to you and completed by you.
3.7 Vehicle Data
- Your vehicle registration number.
- Mileage data, where collected for payment or operational purposes.
3.8 Financial Data
- Bank account details and payment records, for the purpose of paying you for services provided and maintaining financial records for accounting and audit purposes.
3.9 Usage and Analytics Data
- Details of how you use the App: login attempts, features accessed, navigation events, error logs, and analytics data.
3.10 Communications Data
- Records of communications between you and InPost through the App or associated channels.
3.11 Special Category Data
We do not intentionally collect special category personal data (such as health, racial or ethnic origin, biometric, political, religious, trade union, or criminal conviction data) through the Apps. If you voluntarily share health-related information with us (for example, in connection with an accident or absence), we will process it only to the extent necessary, on the basis of your explicit consent or to comply with legal obligations, and will store it separately with enhanced access controls.
4. HOW WE USE YOUR PERSONAL DATA AND OUR LAWFUL BASES
We only process your personal data where we have a valid lawful basis under UK GDPR Article 6. The table below sets out our key processing purposes and the lawful basis we rely on for each.
Where we rely on legitimate interests as our lawful basis, we have assessed that our interests are not overridden by your privacy rights. You can request a summary of our Legitimate Interests Assessment for any specific processing by contacting us as set out in Section 1.
5. YOUR ELECTRONIC ID PHOTOGRAPH
Your profile in the App includes your photograph (Electronic ID Picture). We may share this photograph in the following circumstances:
- With a customer or parcel recipient, to confirm your identity when making a delivery (lawful basis: performance of contract).
- With the police or other law enforcement authorities, where disclosure is required by law, or where we consider it necessary and proportionate for the prevention or detection of crime or other legitimate purposes, in accordance with applicable data protection law (lawful basis: legal obligation (where legally necessary), otherwise the lawful basis will be legitimate interests).
- With InPost security personnel, where there is a genuine safety or security reason (lawful basis: legitimate interests).
We will not share your photograph for any other purpose without informing you first.
6. DRIVER AND COURIER MONITORING, TECHNOLOGY, AND PROFILING
6.1 GPS and Location Tracking
The App tracks your GPS location while you are logged in and active during a delivery session. We use location data to: allocate and sequence deliveries; confirm the GPS coordinates of delivery and collection events including scans; provide navigation; calculate mileage where relevant to your payment; and investigate delivery queries or complaints.
Location tracking is active only while you are logged in and conducting an active delivery round. We do not track your location when you are not logged in to the App.
6.2 Delivery Scanning and Proof of Delivery
When you scan a parcel barcode or record a delivery event (including capturing a proof of delivery image, recipient signature, or PIN confirmation), that data is transmitted to our systems in real time. This data is used to update our parcel tracking systems and may be shared with the relevant retailer or sender and with the parcel recipient for delivery confirmation purposes.
Delivery photographs may capture images of private residential properties and their surrounding areas. These images are shared with customers and recipients for delivery confirmation only and are not used for any other purpose.
6.3 Performance Monitoring
We collect and analyse data about your delivery performance, including on-time delivery rates, scan compliance, geo-codes, exception rates, and customer feedback
where attributable to specific delivery activity. We use this data to manage the quality of our delivery network and to discuss delivery performance with you where relevant.
6.4 Automated Processing and Profiling
We use automated systems to support delivery tour allocation and to capture operational performance data. This processing may involve profiling, that is, the automated analysis of delivery data to evaluate aspects of operational performance.
No decisions that produce legal or similarly significant effects on you are made solely by automated means. Any decisions that may affect your engagement with InPost are reviewed and made by a member of our team, taking into account relevant information beyond automated outputs.
6.5 Handheld Scanning Devices
Where InPost provides or specifies handheld scanning devices (separate from your mobile phone), data generated by those devices — including scan events, device identifiers, and timestamps — will be processed by us for operational and security purposes on the basis of performance of contract and legitimate interests.
7. SHARING YOUR PERSONAL DATA
We may share your personal data with the following categories of third parties:
7.1 Within the InPost Group
- Other members of the InPost group of companies, for administration, reporting, and operational support purposes.
7.2 Retailers and Senders
- Retailers and other clients who have contracted with InPost for parcel delivery services, to the extent necessary to confirm delivery status. This will typically include delivery scan data, proof of delivery images, and delivery timestamps. It will not include your personal contact details or financial information.
7.3 Technology and IT Service Providers
- Technology service providers who support the operation of the Apps and associated infrastructure, including cloud hosting providers, analytics providers, and App development partners.
- IT contractors who assist with the operation, maintenance, and security of the Apps.
7.4 Payment Service Providers
- Third-party payment processors or payroll providers engaged to calculate and make payments to you for services delivered, where applicable.
7.5 Regulatory Authorities and Law Enforcement
- The police or other law enforcement agencies and competent authorities, where disclosure is required by law, or where we receive a valid request and consider disclosure to be necessary and proportionate for a specific purpose, such as the prevention or detection of crime, in accordance with applicable data protection law.
- HMRC and other regulatory or governmental agencies, where required by law.
- The ICO or other data protection supervisory authorities.
7.6 Background Checking
Background checking providers (such as Zellis or similar providers), to carry out pre-engagement and ongoing checks necessary to verify your identity, eligibility to work, and suitability to provide delivery services on our behalf.
These checks may include verification of your name, address and address history, right to work in the UK, and driving licence status where relevant to your role.
We share only the personal data necessary for these purposes, and such checks are carried out to enable us to meet our legal obligations, comply with regulatory requirements, and protect the safety, security, and integrity of our operations.
7.7 Corporate Transactions
- In the event of a merger, acquisition, or sale of part or all of InPost's business or assets, your personal data may be shared with the prospective buyer or seller. We will notify you if such a transfer occurs.
7.8 Professional Advisers
- Lawyers, auditors, insurers, and other professional advisers, where necessary for the performance of their services.
All third parties we share your data with are required to implement appropriate technical and organisational security measures, and to process your data only for the purposes we specify. Where they process your data on our behalf as data processors, we have appropriate data processing agreements in place and require them to process your personal data only in accordance with our written instructions.
8. INTERNATIONAL TRANSFERS
Some of the third-party service providers we use are based outside the United Kingdom. Where we transfer your personal data outside the UK, we ensure it receives an equivalent level of protection by using one or more of the following safeguards:
- UK Adequacy Regulations: where the destination country has been recognised by the UK Government as providing an adequate level of protection for personal data.
- UK International Data Transfer Agreement (IDTA): contractual clauses approved by the ICO, which require the recipient to protect your data to UK GDPR standards.
- Other appropriate safeguards as permitted under UK GDPR Chapter V.
For further details about the specific safeguards in place for any international transfer, please contact us as set out in Section 1.
9. YOUR DATA PROTECTION RIGHTS
Under UK data protection law, you have the following rights in relation to your personal data. We will respond to any valid request within one calendar month of receipt. For complex or multiple requests, we may extend this period by a further two months — we will notify you if we need to do so.
To exercise any of these rights, contact us using the details in Section 1. We may ask you to verify your identity before we act on your request.
If you are unhappy with our response to a rights request, or with how we use your personal data, we would welcome the opportunity to address your concerns first. You also have the right to complain to the Information Commissioner's Office (ICO) at
www.ico.org.uk, by calling 0303 123 1113, or by writing to Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
10. YOUR RESPONSIBILITIES WHEN HANDLING RECIPIENT DATA
When using the Apps to provide delivery services, you will have access to the personal data of parcel recipients, including names, addresses, contact telephone numbers, delivery instructions, and in some cases safe place images relating to their properties.
You must:
- Handle recipient personal data only for the purpose of carrying out the delivery and in accordance with your data processing obligations and confidentiality obligations under your service agreement with InPost.
- Not use, copy, access or disclose recipient data for any other purpose.
- Keep recipient data confidential at all times and not share it with any third party not involved in making the delivery.
- Notify our Data Protection Team immediately (using the contact details in Section 1) if you become aware of any actual or suspected unauthorised access to, disclosure of, or loss of recipient personal data.
- If you lose your device while it contains recipient data, contact your allocated service centre manager and our Data Protection Team immediately.
InPost will report any personal data breach affecting recipient data to the ICO where legally required to do so and, where appropriate, will notify affected recipients.
11. DATA SECURITY
We take the security of your personal data seriously. We use appropriate technical and organisational security measures to protect your data against accidental loss, unauthorised access, use, alteration, or disclosure.
These measures include:
- Encryption of data in transit and at rest.
- Access controls ensuring that only authorised personnel can access personal data.
- Regular security testing of our systems and Apps.
- Processes for detecting, reporting, and investigating potential data breaches.
You are responsible for keeping your App login credentials (username and password) confidential. Your password must be unique and complex. If you suspect your credentials have been compromised, change your password immediately and notify us.
Where we are legally required to do so, we will notify you and the ICO of any personal data breach affecting your data.
12. DATA RETENTION
We keep your personal data for as long as necessary for the purposes set out in this policy. The following table shows our standard retention periods. These may be extended where necessary to comply with a legal obligation, defend or bring legal claims, or resolve a regulatory matter.
Data Category Retention Period
To request deletion of your data or for further information about our retention practices, contact us using the details in Section 1.
13. COOKIES AND SIMILAR TECHNOLOGIES
The Apps do not use browser cookies. Instead, they use strictly necessary on-device (local) storage to enable core App functionality, such as keeping you signed in securely, maintaining your session, and supporting essential operational features.
Because this on-device storage is strictly necessary for the Apps to operate, it does not require consent under the Privacy and Electronic Communications Regulations 2003 (PECR).
For detailed information about which technologies we use, their purposes, and how to manage your preferences, please see our Cookie Policy.
14. CHANGES TO THIS POLICY
We review this policy regularly to keep it accurate and up to date. If we make material changes, we will notify you in advance by email, push notification, or an in-App message before the changes take effect. Your continued use of the Apps after the effective date of any change means you have acknowledged the updated policy.
The current version of this policy is always available within the App and on our website.
Policy version: 1.1 | Last updated: June 2026