Data Handling & GDPR
Learn about the processes we have in place and how your data is handled.
Committed to responsible & secure data protection
UK Postbox is committed to securely handling, storing and disposing of all customer data, as well as being clear on how we achieve this, and what happens to your data throughout the entire process. We have distinct policies for both the physical and digital handling of mail that detail the actions we’re taking, as well as our GDPR statement.
Because we know that our personal and business customers use our service in varying ways, we’ve created the below flow to illustrate what’s happening to your data and mail items throughout the lifecycle of UK Postbox.
1. Creating your account
When signing up to our service, we’re required by law to collect sufficient evidence to confirm your identity. This process, named Know Your Customer (KYC), requires you to upload some of your personal documents and data such as a passport, driving license or identity card. We request this information solely for the purpose of confirming your identity, and we will securely store the records needed for us to comply with legal requirements in our cloud storage solution. All customer information is processed and handled in compliance with the General Data Protection Regulatory (GDPR), and we only request information that is necessary to create your account.
2. Our secure mailing facility
Once you’ve signed up, the first touchpoint with your physical mail items is when something arrives for you at your UK Postbox address. All mail is delivered to our secure mail sorting facility, which is protected by CCTV, locks and alarm systems, reinforced fencing and gated access. A security cleared team member must accompany all site visitors, and public access to the site is not permitted. A trained member of staff will receive all mail delivered by pre-approved couriers before being deposited in our mailroom, ready for processing.
3. Physical & digital processing of your mail
Members of our mail processing team will then upload a scan of the outside contents of mail items before assigning a unique barcode and sending a notification to your account. Alternatively, if you’ve set up an automatic workflow and request mail is open and scanned upon receival, the mail contents will be viewable from your account.
Once your mail has been digitised, the scanned image is stored in the Azure UK South Data Center, a secure cloud platform provided by Microsoft. Using our online mail management platform, iPostalMail, individuals can request certain actions for their mail items which will be carried out by a member of the team. Until you let us know what to do next, we’ll store your physical mail items within our secure facility.
4. Online mail management
Our online mail management platform has been developed using secure coding techniques, and your account is protected through a variety of security practices we have implemented. Access to your account is limited by authentication and session expiry, and individuals have the option to add Two-Factor authentication for an additional level of protection. Using this platform, you can request different actions for your mail items such as forwarding, storing or destroying.
What happens to your data next depends on the actions you take from your account, and we’ve provided examples below to demonstrate how your data is affected:
The envelope is opened and the contents are scanned into a PDF document, which is sent to your account and stored in the cloud. Our team will only open mail when requested, and treat each item with the utmost confidentiality. We’ll return the physical item to safe storage after uploading your scan.
The envelope is opened and the contents are scanned into a PDF document, which is sent to your account and stored in the cloud. Our team will only open mail when requested, and treat each item with the utmost confidentiality. We’ll return the physical item to safe storage after uploading your scan.
Once you have scanned the pages of a letter, you can store it digitally in our platform. This means that you then have the option for the physical item to be destroyed, leaving only the digital version accessible through your account with us. All files are stored in our secure cloud provider Microsoft Azure.
If you don’t want to forward or destroy your original offline mail items, you can physically store them at our secure facility for later action. Storing physical items is a chargeable service depending on your plan, and we have several physical security measures in place to restrict access.
We shred elements of your items that are deemed confidential but process the remaining contents and packaging for recycling. We do not hold any record of the physical item following this action.
Request that we destroy your physical mail item in a secure way. All mail items are shredded on-site by Restore Datashred, and we will keep no physical copy of the item.
If you contact us within our platform, you’ll enter an instant messaging conversation with a member of our team. All chats are logged for reference at a later date, but will only be used in relation to resolving a problem with your account.
Upload a document or PDF that you’d like us to send on your behalf, and we’ll handle the printing, packaging and posting of the mail item. This request will be treated with utmost confidentiality by a trained member of staff, and a digital copy of the item will be stored securely.
Integrating your account with popular workflow and cloud storage solutions such as Google Drive and Microsoft OneDrive means that you approve the transfer of data from our servers to your internal data providers. We will hold a digital copy of the item unless you request that it is destroyed, however we have no control of the data once it has been passed to your internal storage solutions.
When fulfilling orders on your behalf, a trained member of the dropshipping & fulfilment team will have to view and process customer information in order to fulfil the order. We do not retain or store your customer data on our servers, and only access this information when a fulfilment has been requested from your account.
Contacting us
If you have any questions, would like to make a request, or need to contact us in relation to data handling and GDPR, contact our Data Protection Officer by emailing compliance@ukpostbox.com.
UK Postbox Ltd, 13 Freeland Park, Wareham Road, Lytchett Matravers, Poole, Dorset, BH16 6FH, United Kingdom
Registered in England and Wales Company Number: 06723381
Our MLR registration no is XLML00000192390
We are registered with the Information Commissioners (ICO) and our registration no is ZA038907.