1. Data Controller

The data controller of this Service is an individual operator.

• Data Controller: Individual operator of the ManageParcels platform
• Country of operation: Germany
• Contact email: sutoncallebnert@proton.me

No personal identification details of the operator are published for privacy reasons. All GDPR-related requests may be submitted via email.

2. Data We Collect

2.1. Data provided for account creation

User accounts are created manually by the administrator. The following data may be stored:

• Username (required)
• Password (required; stored in a secured, non-plain-text form)
• Full name (optional)
• Email address (optional)

Users may request changes to their data by contacting the administrator.

2.2. Automatically collected data

When accessing the platform, the Service may automatically collect:

• IP address
• Browser and device information
• Timestamps of access
• System and activity logs (e.g., login attempts, parcel operations, status changes)
• Session cookies (strictly necessary for authentication and security)

The Service does not use advertising cookies or analytics tracking.

2.3. Uploaded files

Users or administrators may upload files or documents necessary for parcel handling or logistics.

These may include:

• photos,
• documents,
• receipts,
• or other operational attachments.

Uploaded files are stored on the platform's servers solely for operational purposes.

3. Purpose of Processing

Data is processed for the following purposes:

• Providing access to the ManageParcels platform
• Managing parcels, shipments, and logistics operations
• Ensuring account security and authentication
• Operating logs for fraud prevention and auditing
• Delivering email notifications for logistics purposes (for logistic-role users)
• Maintaining the stability and integrity of the Service

Processing is based on legitimate interest and operational necessity.

4. Data Storage Location

All data is hosted on servers located in Lithuania, operated by Time4VPS.

5. Data Sharing

We do not sell or rent personal data.

Data may be shared only with:

• Hosting provider (Time4VPS) — for storage and system operation
• Email service providers — for logistics-related notifications
• Law enforcement only when legally required

No other third-party access is permitted.

6. Data Access

Users can view only their own data and their own shipments.

Logistic users receive email notifications related only to their tasks.

Administrators may access all accounts for operational and security reasons.

7. Retention

Data is retained for as long as the user account remains active.

Logs may be retained for a limited period for security, compliance, and operational integrity.

Users may request deletion at any time.

8. User Rights (GDPR)

Users may request:

• Access to their personal data
• Correction of inaccurate data
• Deletion ("right to be forgotten")
• Restriction of processing
• Data export
• Objection to certain processing

Requests may be sent to: sutoncallebnert@proton.me

9. Cookies

The Service uses only strictly necessary session cookies for:

• Authentication
• Security
• Session management

No third-party or marketing cookies are used.

10. Security

Reasonable technical and organizational security measures are implemented, including:

• Secure, non-plain-text password storage
• Server-side firewalls and access controls
• Role-based permission separation
• Activity logging
• Limited data access per user role