Skip to main content

Privacy policy

Send

Privacy Policy

Last updated March '26

The protection of your personal data is very important to us. This notice explains how and why we use personal data in connection with our services. This notice also provides contact information and important information about your data protection rights. 

Who we are and how to contact us:

We are InPost UK Limited (company number 08090698). We are responsible for deciding how and why we use the personal data collected in connection with our services and products. InPost UK Limited is part of the wider InPost Group which includes the following companies operating in the UK:

  • InPost UK Limited
  • InPost Distribution Limited (and subsidiaries)
  • Jones, Yarrell & Co. Limited
  • Yodel Delivery Network Limited
  • InPost Response Limited
  • InPost Northern Ireland Limited

In certain cases, other companies within the InPost group may act as data controllers for their own activities. For example, InPost Distribution Limited (company number 01430241) is the data controller for services provided under InPost Newstrade in the UK and is responsible for the personal data it collects and uses in connection with those services.

If you have any questions about this privacy notice or our use of personal data, or if you want to exercise your data protection rights please contact our Data Protection Team at [email protected]

What personal data do we collect from and about you?

Users:

When you use or interact with our services and products through our website or app, you may be asked to provide us with certain information to create an account or to make use of our offerings. This information may include, for example:

  • your name;
  • your mobile number;
  • billing address, delivery address and email address;
  • parcel details (e.g. parcel ID, contents and value, order number); and
  • bank account and payment card details (which will be processed by our third-party payment processor).

We need this information in order to provide our services to you. If you don’t provide it, you may not be able to use our services.

We also:

  • collect details of your marketing preferences (including website and app settings);
  • record purchases and order history;
  • collect details of your usage of InPost services (e.g. recent activity, frequency);
  • collect and act upon information within any correspondence you send to us or otherwise given where you get in touch with us;
  • assign tracking references to orders placed via our services;
  • collect device information (where permitted); and
  • analyse how our website and app are used.

Using our services via third parties and other InPost group entities:

Where you use our services through a third party (e.g. making a return through your favourite retailer, or selling a parcel through your favourite marketplace), that third party may also provide us with information such as your name, address, contact number and email address for delivery purposes.

We may receive personal data from other companies within our Group, including Yodel Delivery Network Limited, where required to provide our services. This includes name, contact details, delivery address(es) and instructions, and parcel identifiers and delivery history, to facilitate delivery services, improve customer support and enhance user experience across our group services.

Parcel recipients:

If you are a recipient of a parcel sent via our service, we may receive your name, address, contact number and email address from the sender for delivery purposes.

CCTV monitoring at our lockers:

We may operate CCTV cameras at our locker sites which means your image may be captured when you deposit or collect a parcel from our lockers. Where deployed, CCTV cameras are positioned to capture the length of the locker and the immediate area in front. We use both overhead and front-facing camera angles to monitor site security and assist with investigations, where needed. Please note that CCTV cameras are not guaranteed to be deployed or operational at all locations or at all times.

CCTV footage may be used:

  • To detect, prevent or investigate theft, vandalism or unauthorised access;
  • To assist with health and safety and security incident reviews and investigations; and
  • In some cases, to support investigations relating to customer queries, complaints and parcel claims.

CCTV recordings from our lockers are stored until the system reaches capacity and automatically overwrites the footage. This is usually between 30-40 days, but the exact period may be shorter (for example, around 10 days at busier lockers) or longer (e.g. 60 days) depending on usage levels and location of each locker. Footage is beyond recovery once it is permanently overwritten, unless it has been retained for a specific purpose (such as where it is required for an investigation, claim or to comply with legal obligations).

If you wish to exercise your rights under data protection law in relation to our CCTV recordings (e.g. access to the footage which identifies you), please contact us at [email protected]. Please note that we may first require proof of identity and sufficient detail to locate the relevant footage. Requests will be considered in line with applicable data protection laws and our internal policies.

British Sign Language (BSL) interpretation service

Where you choose to use our British Sign Language (BSL) interpretation service when contacting our Customer Care team, we will facilitate a live video call between you and our external BSL interpretation service provider.

During the call, the interpreter will translate between BSL and spoken English to enable effective communication between you and our customer care agent. The interpreter will relay your messages to our agent and interpret our agent’s responses back to you.

You are not required to share your name or contact details with the external provider in order to initiate the service. However, during the call, our customer care agent may request your name, contact details and parcel reference number where necessary for data protection purposes. The interpreter will process any personal data or other information that you choose to share during the conversation.

Video calls provided by the interpretation service are not recorded by the external provider. Our customer care agent may make written notes of the interaction in line with our usual customer service practices.

Why do we use your personal data and what is our lawful basis for doing so?

Under data protection law we must tell you why we use your personal data and identify a lawful basis for using your personal data.

Necessary for performance of a contract:

  • We primarily use personal data in order to provide our services to you. This may include (as service, website and app functionality change from time to time):
  • to register you as new customer or recognise you as a returning customer in our app or website;
  • to process orders placed through our app or website;
  • to deliver parcels sent by you or to you;
  • to send you messages by email, SMS, or push notification via the app in relation to: the delivery of a parcel; parcel status updates; locker locations; payment invoices and parcel collection receipts; and other essential, service-related matters;
  • to take payments and process refunds (where applicable);
  • to handle and resolve customer service complaints and enquiries submitted to us via email, webchat, telephone or post; and
  • to provide accessible customer care services, including facilitating British Sign Language (BSL) interpretation via a live video link with an external interpretation service provider, where this is required to enable you to communicate with our customer care agents in connection with the services we provide to you.

Where applicable, we use your data for the above purposes in order to fulfil our obligations under our contract with you.

Data received from Yodel by InPost

To provide certain delivery options and locker services, InPost UK may receive personal data (such as your name, contact details, parcel identifiers and delivery information) from Yodel Delivery Network Limited, where necessary to fulfil the services you request (such as divert- to-locker delivery options), provide you with updates and tracking information, and support customer enquiries. Our processing is based on contractual necessity. You can read more about Yodel by InPost's own services and data processing by visiting their privacy notice.

Our legitimate interests, or those of a third party:

We may use your personal data where needed for purposes which are in our or a third party’s legitimate interests. When relying on this basis, we consider our legitimate interests and the potential impact on your rights and interests and weigh these up. 

If you are the recipient of a parcel but you are not a website or app user or you do not otherwise have a contract with us directly, then we rely on legitimate interests for use of your personal data for the purposes of fulfilling the sender’s delivery contract.  It’s in your interests to receive your parcel, and it is in both our and the parcel sender’s interests for us to use your data to deliver it to you.

We also rely on legitimate interests for use of your personal data for the following purposes:

  • where we do not have a contract with you, to respond to enquiries, communications and complaints which you send us (or are sent on your behalf by an authorised representative, as applicable)
  • to provide customer services. Please note we may record inbound and outbound calls to/from our Customer Service Centre for training and quality assurance purposes. You will be informed of this at the beginning of the call;
  • to provide accessible customer support and respond to enquiries where you use our British Sign Language (BSL) interpretation service and you do not have a direct contract with us;
  • to communicate with you, where necessary, to deliver essential service messages;
  • to administer our app and website and to maintain customer records;
  • to identify audiences for our advertising who are likely to be interested in our products;
  • We may use limited information about how, where and when you use our locker services, for example, whether you have used them within the last 12 months, to create audience segments to help us understand which customers may be interested in our services. Where these insights are used to send direct marketing communications, we will only send those communications to you if and when you have previously given your consent; We may also display generic, non‑personalised offers, promotions and banners in our mobile app, which do not involve profiling or tracking;
  • to advertise on social media platforms (e.g. Meta, TikTok) based on information they already hold about their users and aggregated audience characteristics. You can control what ads you see by changing your settings on these platforms;
  • To interact with you on our social media channels, where you engage with us;
  • To administer your entry into prize draws and competitions (e.g., through our mobile app or website) that you choose to enter or are entered into automatically by using our services, including selecting and contacting winners, and delivering prizes;
  • To send feedback surveys to help us improve our products and services, including via TrustPilot;
  • for fraud investigation, detection and prevention, and to detect misuse of services;
  • for account verification and security purposes;
  • to better understand how our app and website are used for product and business development purposes so we can develop the best product we can;
  • to operate and maintain CCTV at our locker sites to ensure the security of our property, prevent and detect crime, support the safety of our service users and personnel, assist with incident investigation and resolution, and to investigate and resolve parcel claims;
  • to capture general crowd and event footage at events we host or attend, where individuals are not the primary focus, for inclusion in our promotional, marketing or social media materials;
  • to exercise or defend our legal rights, including in connection with complaints, disputes or legal proceedings; and
  • to the extent necessary for the purpose of the administration of a sale or possible sale of our business, assets or the restructuring of our business.

 

Consent:

Sometimes we may ask for your consent to use your personal data for a particular purpose. Where we ask for consent you will have the right to change your mind at any time. You can usually do this by changing the settings on your app, or by following the unsubscribe links found in certain of our emails. You can also contact our Marketing Preferences Team at [email protected].  

We ask for your consent:

  • to send you marketing messages by push notifications, email and/or SMS. You can unsubscribe from email or SMS marketing by using the unsubscribe link within the content of the message. You can update all marketing consents at any time via the ‘settings’ option within the InPost UK mobile app;
  • Where you have consented to receive direct marketing from us, we may occasionally send you marketing communications as part of joint initiatives led by InPost and delivered in collaboration with carefully selected partners. These are InPost marketing communications, not third‑party marketing, and we do not share your personal data with partners;
  • to use non-essential cookies on our website. You can change your cookie preferences at any time via the preference management tool option on the website;
  • to use your location data, which is relevant for certain features of our app, such as alerting you to nearby locker locations. If you consent to this, you can modify your settings on the app or your device anytime to switch this off (although if you do, that particular feature may not be available to you);
  • where you choose to personally participate in filming or photography taken at events we host orattend, for inclusion in our promotional, marketing or social media materials;
  • to use tracking technologies;

 

To comply with our legal obligations:

In certain circumstances, we may be obliged to process your personal data in order to comply with our legal obligations. This might include, but is not limited to, processing required for tax and accounting purposes; assistance of law enforcement; and to enable us to fulfil our compliance and other obligations under relevant legislation or regulation, for example, to handle and resolve data subject rights requests submitted by you or on your behalf by an authorised third party under data protection legislation.

Who do we share your personal data with?

We use the following types of service providers in connection with our services and products who may have access to your personal data in order to provide their services:

  • InPost group companies;
  • transport companies and couriers;
  • providers of “Pick-up-drop-off” or “PUDO” shops where you might send or receive a parcel;
  • payment and refund processors;
  • company insurers;
  • IT solutions providers;
  • customer helpline and external customer services providers, including interpretation services;
  • marketing providers (where applicable);
  • providers of services which are complementary to our own (e.g. loyalty programme or enhanced tracking providers);
  • professional services providers (e.g., accountants, external lawyers).

We share personal data within the InPost group of companies where necessary for operational purposes.

We share personal data with marketing providers, to make our marketing activities more efficient.  For example, by identifying potential customers who “look like” our existing customer base.  Where we share your data with marketing providers, we will always look to minimise the data shared and where practicable, anonymise reference to you specifically.  Where you wish to opt-out of our use of your personal data in this way, you can do so by contacting our Marketing Preferences Team at [email protected].

We will share personal data with potential buyers, group companies and/or business partners where necessary for a reorganisation, restructuring, merger, sale or transfer of assets involving InPost or our app. 

We will share personal data where necessary to establish, exercise or defend our legal rights.  We will share personal data where required by the courts, regulators or law and to report suspected fraudulent or other unlawful activity to law enforcement agencies.

We may also disclose personal data to competent authorities (for example, law enforcement agencies) where they formally request it for their own statutory purposes. In these cases, we will only disclose personal data where we are legally permitted or required to do so, and we will ensure that any disclosure is necessary, proportionate and limited to what is required for a specific and explicit purpose set out in law.

 

International transfers

From time to time, we may transfer your personal data to members of the InPost Group or to third parties based outside the UK.  Their processing of your personal data will therefore involve a transfer of data outside the UK. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring that either:

  • we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data (for example, those in the European Economic Area); or
  • where we transfer personal data to certain service providers located in other countries, (i) we will assess whether that country offers protections for personal data which are essentially equivalent to those offered in the UK; and (ii) we will use specific contractual terms to give personal data appropriate safeguards.

 

How long do we hold your personal data for?

We retain your personal data for as long as we have a lawful reason to do so, which includes providing our services to you, complying with legal and regulatory obligations, and resolving disputes and enforcing agreements.

Typically, we will store your personal data for no longer than the limitation period of any claims for the provision of services by us, which is generally 6 years.

In determining how long to hold your personal data we will consider legal and regulatory requirements and also whether it is necessary for us to keep it to achieve the purposes we've described in this policy. Where it is no longer necessary for us to keep it, we'll delete it or we'll anonymise it so that you cannot be identified from it.  

Your data protection rights

If we hold your personal data, you have the following rights:

  • to be informed about how we use your personal data (which is what this notice is for);
  • to access a copy of the personal data we hold about you;
  • to require us to correct any inaccuracies in your personal data;
  • where we have sought your consent, to withdraw your consent at any time (although please note that this relates solely to data processing that we perform based on your prior consent);
  • to ask us not to process your personal data for direct marketing purposes.
  • to restrict our use of your personal data;
  • to object to our use of personal data;
  • to require us to provide a copy of your personal data to others; and
  • to require us to erase your personal data.
  • to not be subject to a decision based solely on automated processing.

There are exceptions to the rights of individuals in relation to their personal data and, in certain circumstances, your rights may be limited. The Information Commissioner’s Office provides more information about data protection rights. If we receive a request from you to exercise your rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data remains protected.

If you wish to exercise any of your rights, please contact our Data Protection Team at [email protected]. Alternatively, you can contact our Data Protection Team at Verdant, 2 Redheughs Rigg, South Gyle, Edinburgh, EH12 9DQ.

You also have the right to lodge a complaint with the Information Commissioner’s Office (which is the UK’s data protection regulator) about our use of your personal data. For more information, please visit the ICO's website. We ask that in the first instance you contact us so that we can try to address your concerns directly.

Updates to this privacy notice

We may update this privacy notice from time to time to make sure it is up to date. When we do, we will revise the “last updated” date at the top of the notice. We suggest you check this notice from time to time so that you know our latest privacy practices.