iMile Delivery Services L.L.C.
6. “Personal Data Breach” a breach of security leading to the accidental or unlawful destruction, loss, alteration,
unauthorized disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed.
7. ‘Pseudonymisation’ the processing of Personal Data in such a manner that the Personal Data can no longer be
attributed to a specific Data Subject without the use of additional information, provided that such additional
information is kept separately and is subject to technical and organizational measures to ensure that the Personal
Data are not attributed to an identified or identifiable natural person.
4. Principles
iMile will process Personal Data in accordance with the principles set forth by GDPR for the lawful Processing of
Personal Data. Processing includes collection, organization, structuring, storage, alteration, consultation, use,
communication, combination, restriction, erasure, or destruction of Personal Data. Broadly, the principles are:
4.1 Fairness, Lawfulness, and Transparency: Personal Data may only be collected and processed for specified,
explicit and legitimate purposes in a fair and transparent manner and in compliance with the applicable law. The
Data Subject must be informed of how his/her Data is being handled. In general, Personal Data must be collected
directly from the individual concerned. When the Data is collected, the Data Subject must either be aware of, or
informed of a) the identity of the Data controller b) the purpose of Data Processing and c) third parties or
categories of third parties to whom the Data might be transmitted.
4.2 Purpose Limitation: Personal Data may only be collected and processed for the purpose that was defined
before the collection, limited to what is necessary in relation to the purposes for which they are processed and may
not be further processed in a way incompatible with those purposes. processing for archiving purposes as required
by the local laws shall not be considered to be incompatible with the initial purposes.
4.3 Data Minimization: Personal Data must be restricted to the adequate, necessary, and relevant extent to
achieve the purpose for its processing. Personal Data must not be collected in advance and stored for potential
future purposes unless the Data Subject has given consent or is required or permitted by national law.
4.4 Accuracy: Personal Data on file must be correct, complete, and – if necessary – kept up to date. Suitable steps
must be taken to ensure that inaccurate or incomplete Data are deleted, corrected, supplemented, or updated.
4.5 Storage Limitation and Deletion: Personal Data must be maintained in a manner only as long as this is
required to achieve the intended purposes of collection and processing. After the expiration of legal or business
process-related periods, Personal Data that is no longer needed must be securely deleted. Personal data may be
stored for longer periods insofar as the personal data will be processed solely for archiving purposes according to
the local laws subject to implementation of the appropriate technical and organizational measures required by
iMile to safeguard the rights and freedoms of individuals; and
4.6 Integrity and Confidentiality, Data Security: Personal Data must be processed in a manner that a) ensures
adequate security of the Data against unauthorized or unlawful processing and against accidental loss, destruction,
or damage; b) Data is stored securely using suitable, modern systems and software that is kept-up to date.