Privacy Policy

Last modified:  7th February 2024

Stuart ("we", "us", "our") is a group of companies specialising in on-demand logistics services. This privacy policy provides information about the personal data we process, as data controller, as well as about your rights and how to exercise them, and how to make complaints. We have tried to provide this information in as clear and transparent a manner as possible. If you would like more information about the data we process, the purposes for which it is processed and the retention periods, please contact us.

This policy was last updated on the 7th February 2024 and is regularly updated. Therefore, we invite you to consult it frequently.

Depending on your situation and the purpose of your visit to this site, the data we collect and the purposes for which we collect it may differ. We invite you to refer to the dedicated page by following the links below.

Are you a (click on the answer that applies to you) :


 🔽 Website visitor

What data do we collect and how will it be used?

We (and our partners) use cookies when you browse the Stuart website. For more information, you can read our Cookie Notice.

If you choose to "Contact Us", via the "Get in touch" form on our site, we collect your name, contact information and the city about which you would like information. We also ask you for additional information about your company's name, size and industry. The fields marked with an asterisk * are absolutely necessary for us to process your request. You may choose to provide us with additional optional personal data so that we can fulfil your request.

If you have started but not completed this online form, we may contact you again to help you complete your enquiry.

When you subscribe to our newsletter, we process the contact information you provide in order to send you the newsletter. You can unsubscribe from the newsletter at any time by using the link in the e-mail or by contacting us.

More information about this processing can be found in the table below. 

Lawful basis

The table below summarises the lawful bases Stuart relies upon to process your personal data.

Purposes

Lawful Bases

Cookies (unless strictly necessary)

Consent 

Direct Marketing

Consent

Contact Us

Legitimate Interests

Service Monitoring and Improvement 

Legitimate Interests

Retention of data

Legitimate Interests

Dispute Resolution

Legitimate Interests

 Categories of personal data collected

Category

Purposes

Source

Recipients

Retention period

Personal identifiers (such as your name)

  • Providing our services
  • Communicating with you
  • Error Reporting
  • You
  • Our service providers
  • Our service providers
  • Subsidiaries
  • Up to 3 years after the last contact*.

Contact details (such as your email address)

  • Communicating with you
  • Customer service
  • Marketing
  • You
  • Our service providers
  • Subsidiaries
  • Up to 3 years after the last contact*.

Login data (such as a unique identifier)

  • Improving our services
  • Marketing
  • Error Reporting
  • You
  • Our service providers
  • Our service providers
  • Our business partners
  • Subsidiaries
  • Up to 1 year from collection*.

*We may need to process this data for a longer period of time when required by law, to settle a dispute or to ensure the security of our systems.

Stuart does not sell your personal data to third parties.

How do we ensure the security of your data?

We put in place physical, electronic and organisational procedures to protect and secure all personal data we collect. This includes in particular:

  • Security measures to prevent the loss of or unauthorised access to your data;
  • Limiting access to your data to those who really need such access;
  • The commitment that our staff, our service providers and their staff are aware of their responsibilities and have signed appropriate contractual clauses;
  • Putting in place procedures to deal with potential breaches of information security, including procedures for notifying you of such breaches where we are required to do so;

If you feel that your privacy has been violated, please contact us immediately at dpo@stuart.com.

Where do we store your data?

Most of the personal data we collect is processed in our offices in Paris (France), Barcelona (Spain), London (UK), Warsaw (Poland) and Milan (Italy), and by some of our service providers.

We use third party providers to help us run our business, including hosting our application, communicating with you and processing payments.

In this context, it is sometimes necessary to share your data with these service providers to enable the proper functioning of the services. We will only share your data where strictly necessary and in accordance with the safeguards detailed in this privacy policy.

Where personal data is transferred to a third party outside the European Economic Area (EEA), we take the necessary steps to ensure that your privacy rights continue to be protected by using the safeguards provided for in the GDPR and in accordance with the recommendations of the supervisory authorities, reinforced by contractual and technical measures.

Where required by law, we share personal data with government authorities, including tax authorities and the police.

What are your rights?

Please note that, in accordance with the provisions of the General Data Protection Regulation (GDPR), some of these rights apply only in limited circumstances, which we will specify to you as appropriate.

Access

You have the right to access the information we hold about you.

This includes the right to request additional information from us regarding:

  • The categories of data we process;
  • The purposes of data processing ;
  • Categories of third parties to whom data may be disclosed;
  • The length of time the data will be retained (or the criteria used to determine this length) ;
  • Your other rights regarding our use of your data.
Once we are satisfied that you are the person to whom the data relates or their duly authorised representative, we will provide you with the information as soon as possible, provided that this does not prejudice the rights and freedoms of any other person (e.g. the right to privacy or the intellectual property rights of another person).

Rectification

You have the right to request the correction of any inaccurate personal data about you.

In certain circumstances (e.g. where personal data is required in connection with a criminal investigation) we will not be able to comply with your request.

Restriction

You have the right to limit the way we use your personal data.

This right is intended to apply in limited circumstances, for example where you challenge the accuracy of your personal data. In this case, you may request that we restrict the use of your data until we can verify their accuracy.

Opposition

You have the right to object to our continued use of your data where the processing is based on our legitimate interest.

To exercise this right you will need to provide Stuart with reasons relating to your particular circumstances justifying your objection. Stuart may continue to process the data, and therefore reject your request, if there are compelling legitimate grounds for the processing which override your interests and rights, or if the data is necessary for the establishment, exercise or defence of legal claims.

Portability

You have the right to request portability of your data to another service provider where the lawful basis for processing is your consent or the performance of a contract.

We will give you a copy of your data so that you can provide it to another service. If you request us to do so and it is technically possible, we will transfer the data directly to that other service provider on your behalf. We will not do this if it would result in the disclosure of personal data relating to a third party.

Right to erasure or "right to be forgotten”

You have the right to request your right to be forgotten by Stuart.

You may ask us to delete any personal data we hold about you, to the extent that it is no longer necessary for us to retain it in connection with your use of Stuart's services or if you expressly withdraw your consent (if this is the lawful basis for processing).

This right applies unless the data needs to be retained due to legal or regulatory requirements, for safety, security and fraud prevention purposes, or due to an account issue such as an unresolved claim or dispute

Automated decision making and profiling

For the purposes of the processing operations covered in this policy, we do not make any automated decisions about you, nor do we carry out any profiling

How to exercise your rights?

If you wish to exercise your rights, please submit your request via the form available here.

SRT GROUP
43-45 Avenue de Clichy
75017 Paris
France

We will reply as soon as possible and at the latest within one month from the date of receipt of a valid request. This period may be extended to two months if your request is particularly complex, in which case we will notify you.

How to make a complaint?

We are committed to working with you to resolve any issues you may have. If we are unable to address your concerns, you may make a complaint to the relevant data protection authority.

In the UK:

The Information Commissioner's Office via its website.

In France:

Commission Nationale de l'Informatique et des Libertés via its website.

In Spain:

Agencia Española de Protección de Datos via its website.

In Poland:

Bureau of the Inspector General for the Protection of Personal Data - GIODO via its website.

In Portugal:

The Comissão Nacional de Proteção de Dados via its website.

In Italy:

The Garante per la protezione dei dati personali via its website.

 🔽 Consignee of goods

What data do we collect and how will it be used?

In order to enable the delivery of goods, senders (application users, customers, you) may provide your name, first name, postal address, telephone number, signature and additional information necessary for the delivery (e.g. door code, floor number, etc.).

These details are necessary for us to track your parcel, its delivery and to handle any complaints.

We may also carry out customer satisfaction surveys. In this case, your data is used to improve your satisfaction and the quality of our services.

More information about this treatment can be found in the table below.

Lawful basis

The table below summarises the lawful bases Stuart relies upon to process your personal data.

Purposes

Lawful Bases

Ordering and Delivery*

Contractual Necessity 

Parcel Delivery

Legitimate Interests

Customer Surveys

Legitimate Interests

*Stuart relies on the contractual necessity where the delivery is to the individual who made the order. Otherwise, we rely on our legitimate interests.

Categories of personal data collected

Category

Purposes

Source

Recipients

Retention Period

Personal identifiers (such as your name)

  • Parcel tracking
  • Delivery
  • Customer Satisfaction survey
  • Complaints management
  • Users of the application
  • Customers
  • Our service providers
  • Couriers
  • Up to one year from delivery of the package*.

Contact details

(address, telephone number)

  • Parcel tracking
  • Delivery
  • Customer Satisfaction survey
  • Complaints management
  • Users of the application
  • Customers
  • Our service providers
  • Couriers
  • Up to one year from delivery of the package*.

We may need to process this data for a longer period of time when required by law or for the purpose of settling a dispute.

Stuart does not sell your personal data to third parties.

How do we ensure the security of your data?

We put in place physical, electronic and organisational procedures to protect and secure all personal data we collect. This includes in particular:

  • Security measures to prevent the loss of or unauthorised access to your data;
  • Limiting access to your data to those who really need such access;
  • The commitment that our staff, our service providers and their staff are aware of their responsibilities and have signed appropriate contractual clauses;
  • Putting in place procedures to deal with potential breaches of information security, including procedures for notifying you of such breaches where we are required to do so;

If you feel that your privacy has been violated, please contact us immediately at dpo@stuart.com.

Where do we store your data?

Most of the personal data we collect is processed in our offices in Paris (France), Barcelona (Spain), London (UK), Warsaw (Poland) and Milan (Italy), and by some of our service providers.

We use third party providers to help us run our business, including hosting our application, communicating with you and processing payments.

In this context, it is sometimes necessary to share your data with these service providers to enable the proper functioning of the services. We will only share your data where strictly necessary and in accordance with the safeguards detailed in this privacy policy.

Where personal data is transferred to a third party outside the European Economic Area (EEA), we take the necessary steps to ensure that your privacy rights continue to be protected by using the safeguards provided for in the GDPR and in accordance with the recommendations of the supervisory authorities, reinforced by contractual and technical measures.

Where required by law, we share personal data with government authorities, including tax authorities and the police.

What are your rights?

Please note that, in accordance with the provisions of the General Data Protection Regulation (GDPR), some of these rights apply only in limited circumstances, which we will specify to you as appropriate.

Access

You have the right to access the information we hold about you.

This includes the right to request additional information from us regarding:

  • The categories of data we process;
  • The purposes of data processing ;
  • Categories of third parties to whom data may be disclosed;
  • The length of time the data will be retained (or the criteria used to determine this length) ;
  • Your other rights regarding our use of your data.
Once we are satisfied that you are the person to whom the data relates or their duly authorised representative, we will provide you with the information as soon as possible, provided that this does not prejudice the rights and freedoms of any other person (e.g. the right to privacy or the intellectual property rights of another person).

Rectification

You have the right to request the correction of any inaccurate personal data about you.

In certain circumstances (e.g. where personal data is required in connection with a criminal investigation) we will not be able to comply with your request.

Restriction

You have the right to limit the way we use your personal data.

This right is intended to apply in limited circumstances, for example where you challenge the accuracy of your personal data. In this case, you may request that we restrict the use of your data until we can verify their accuracy.

Opposition

You have the right to object to our continued use of your data where the processing is based on our legitimate interest.

To exercise this right you will need to provide Stuart with reasons relating to your particular circumstances justifying your objection. Stuart may continue to process the data, and therefore reject your request, if there are compelling legitimate grounds for the processing which override your interests and rights, or if the data is necessary for the establishment, exercise or defence of legal claims.

Portability

You have the right to request portability of your data to another service provider where the lawful basis for processing is your consent or the performance of a contract.

We will give you a copy of your data so that you can provide it to another service. If you request us to do so and it is technically possible, we will transfer the data directly to that other service provider on your behalf. We will not do this if it would result in the disclosure of personal data relating to a third party.

Right to erasure or "right to be forgotten”

You have the right to request your right to be forgotten by Stuart.

You may ask us to delete any personal data we hold about you, to the extent that it is no longer necessary for us to retain it in connection with your use of Stuart's services or if you expressly withdraw your consent (if this is the lawful basis for processing).

This right applies unless the data needs to be retained due to legal or regulatory requirements, for safety, security and fraud prevention purposes, or due to an account issue such as an unresolved claim or dispute

Automated decision making and profiling

For the purposes of the processing operations covered in this policy, we do not make any automated decisions about you, nor do we carry out any profiling

How to exercise your rights?

If you wish to exercise your rights, submit your request via the form available here.

SRT GROUP
43-45 Avenue de Clichy
75017 Paris
France

We will reply as soon as possible and at the latest within one month from the date of receipt of a valid request. This period may be extended to two months if your request is particularly complex, in which case we will notify you.

How to make a complaint?

We are committed to working with you to resolve any issues you may have. If we are unable to address your concerns, you may make a complaint to the relevant data protection authority.

In the UK:

The Information Commissioner's Office via its website.

In France:

Commission Nationale de l'Informatique et des Libertés via its website.

In Spain:

Agencia Española de Protección de Datos via its website.

In Poland:

Bureau of the Inspector General for the Protection of Personal Data - GIODO via its website.

In Portugal:

The Comissão Nacional de Proteção de Dados via its website.

In Italy:

The Garante per la protezione dei dati personali via its website.

 🔽 Application user

What data do we collect and how will it be used?

If you decide to download and install our application, we will collect your personal data in order to provide you with our services. The data processed depends on the services you choose to use.

The use of your personal data is necessary to put you in contact with couriers and to ensure the smooth running of your delivery.

Payments

For online payments, we use a PCI-DSS certified provider. The PCI-DSS is an international security standard designed to ensure the confidentiality and integrity of cardholder data, thereby securing card data during transactions.

We do not have access to your credit card data for the purpose of this processing.

Customer service

When you call our customer service, we record your conversation for training and follow-up purposes. We will inform you of this and give you the opportunity not to be recorded.

The data collected will also be used to generate statistics to improve services, including reporting on problems you encounter to enable us to identify recurring problems.

Further information on this processing and the lawful bases that we rely on is given in the table below.

Legal basis

Purposes

Lawful Bases

Provision of the services (including managing your orders and the processing of payment data)

Contractual necessity

Location Services

Consent

Authentication

Legitimate Interests

Service monitoring and improvement 

Legitimate Interests

Retention of data

Legitimate Interests

Dispute Resolution

Legitimate Interests

Categories of data collected

Category

Purposes

Source

Recipients

Retention period

Personal identifiers (such as your name or username)

  • Account creation and management
  • Communications between you and the courier
  • For the management of your orders and your information
  • Improving our services

 

  • You
  • Stuart
  • Our service providers
  • Couriers
  • Up to 5 years after deactivation of the account*.

Contact details (such as your email address)

  • Account creation and management
  • Communications between you and the courier
  • For the management of your orders and your information
  • Improving our services
  • You
  • Stuart
  • Our service providers
  • Couriers
  • Up to 5 years after deactivation of the account*.



 

Financial information (e.g. credit card details and transaction details)

  • Payment
  • You
  • Our service providers
  • Our service providers

 

 

  • Billing
  • Stuart
  • Our service providers
  • Invoice data: 10 years from the end of the fiscal year*.

Your account history

  • Account creation and management
  • For the management of your orders and your information
  • Improving our services
  • You
  • Stuart
  • Our service providers

 

 

  • Up to 5 years after deactivation of the account*.



 

Location data (derived from your login data)

  • To automatically fill in your address when filling in forms
  • Our service providers
  • Stuart
  • Our service providers
  • 1 year from collection*.

Connection data (such as IP address)

  • Customer support
  • Report an error
  • Security of our systems
  • You
  • Our service providers
  • Stuart
  • Our service providers

  

  • 1 year from collection*.

*We may need to process this data for a longer period of time when required by law, for the purpose of settling a dispute or to ensure the security of our systems.

Stuart does not sell your personal data to third parties.

How do we ensure the security of your data?

We put in place physical, electronic and organisational procedures to protect and secure all personal data we collect. This includes in particular:

  • Security measures to prevent the loss of or unauthorised access to your data;
  • Limiting access to your data to those who really need such access;
  • The commitment that our staff, our service providers and their staff are aware of their responsibilities and have signed appropriate contractual clauses;
  • Putting in place procedures to deal with potential breaches of information security, including procedures for notifying you of such breaches where we are required to do so;

If you feel that your privacy has been violated, please contact us immediately at dpo@stuart.com.

Where do we store your data?

Most of the personal data we collect is processed in our offices in Paris (France), Barcelona (Spain), London (UK), Warsaw (Poland) and Milan (Italy), and by some of our service providers.

We use third party providers to help us run our business, including hosting our application, communicating with you and processing payments.

In this context, it is sometimes necessary to share your data with these service providers to enable the proper functioning of the services. We will only share your data where strictly necessary and in accordance with the safeguards detailed in this privacy policy.

Where personal data is transferred to a third party outside the European Economic Area (EEA), we take the necessary steps to ensure that your privacy rights continue to be protected by using the safeguards provided for in the GDPR and in accordance with the recommendations of the supervisory authorities, reinforced by contractual and technical measures.

Where required by law, we share personal data with government authorities, including tax authorities and the police.

What are your rights?

Please note that, in accordance with the provisions of the General Data Protection Regulation (GDPR), some of these rights apply only in limited circumstances, which we will specify to you as appropriate.

Access

You have the right to access the information we hold about you.

This includes the right to request additional information from us regarding:

  • The categories of data we process;
  • The purposes of data processing ;
  • Categories of third parties to whom data may be disclosed;
  • The length of time the data will be retained (or the criteria used to determine this length) ;
  • Your other rights regarding our use of your data.
Once we are satisfied that you are the person to whom the data relates or their duly authorised representative, we will provide you with the information as soon as possible, provided that this does not prejudice the rights and freedoms of any other person (e.g. the right to privacy or the intellectual property rights of another person).

Rectification

You have the right to request the correction of any inaccurate personal data about you.

In certain circumstances (e.g. where personal data is required in connection with a criminal investigation) we will not be able to comply with your request.

Restriction

You have the right to limit the way we use your personal data.

This right is intended to apply in limited circumstances, for example where you challenge the accuracy of your personal data. In this case, you may request that we restrict the use of your data until we can verify their accuracy.

Opposition

You have the right to object to our continued use of your data where the processing is based on our legitimate interest.

To exercise this right you will need to provide Stuart with reasons relating to your particular circumstances justifying your objection. Stuart may continue to process the data, and therefore reject your request, if there are compelling legitimate grounds for the processing which override your interests and rights, or if the data is necessary for the establishment, exercise or defence of legal claims.

Portability

You have the right to request portability of your data to another service provider where the lawful basis for processing is your consent or the performance of a contract.

We will give you a copy of your data so that you can provide it to another service. If you request us to do so and it is technically possible, we will transfer the data directly to that other service provider on your behalf. We will not do this if it would result in the disclosure of personal data relating to a third party.

Right to erasure or "right to be forgotten”

You have the right to request your right to be forgotten by Stuart.

You may ask us to delete any personal data we hold about you, to the extent that it is no longer necessary for us to retain it in connection with your use of Stuart's services or if you expressly withdraw your consent (if this is the lawful basis for processing).

This right applies unless the data needs to be retained due to legal or regulatory requirements, for safety, security and fraud prevention purposes, or due to an account issue such as an unresolved claim or dispute

Automated decision making and profiling

For the purposes of the processing operations covered in this policy, we do not make any automated decisions about you, nor do we carry out any profiling

How to exercise your rights?

If you wish to exercise your rights, submit your request via the form available here.

SRT GROUP
43-45 Avenue de Clichy
75017 Paris
France

We will reply as soon as possible and at the latest within one month from the date of receipt of a valid request. This period may be extended to two months if your request is particularly complex, in which case we will notify you.

How to make a complaint?

We are committed to working with you to resolve any issues you may have. If we are unable to address your concerns, you may make a complaint to the relevant data protection authority.

In the UK:

The Information Commissioner's Office via its website.

In France:

Commission Nationale de l'Informatique et des Libertés via its website.

In Spain:

Agencia Española de Protección de Datos via its website.

In Poland:

Bureau of the Inspector General for the Protection of Personal Data - GIODO via its website.

In Portugal:

The Comissão Nacional de Proteção de Dados via its website.

In Italy:

The Garante per la protezione dei dati personali via its website.

 🔽 Courier

What data do we collect and how will it be used?

When you choose to use Stuart to provide your delivery services, we need access to some of your personal data.

Integration

During your induction, we use this data to process your application, contact you, verify your identity and confirm your eligibility to work.

We keep this data even if the integration process is not completed, in order to improve our services and to prevent any further abusive or fraudulent applications.

Biometric data

As part of your application and in order to verify your identity and prevent fraud, we ask you to provide a copy of your identity papers. We also record a short video of your face. We use a specialised service provider to process your biometric data in the form of facial scans, which are then compared with your identity documents.

Deliveries

Once your application has been approved, you will be able to create an account on Stuart’s Courier Mobile App (CMA).

The CMA will be used to collect location data only when you set your status as available for deliveries. This collection of data will be used by us to assign deliveries, organize supply and demand and solve potential problems related to delivery routes. Clients and customers will also be able to follow the delivery. Lastly, we also keep a record of your deliveries, routes taken and contact with customers as part of the delivery tracking, fraud prevention and litigation management.

Your data may also be used to manage complaints from our customers or recipients of goods for our internal quality improvement process.

Throughout this processing, we collect login data in order to operate and improve our application and website. We use this data to develop statistics to improve our services.

Disabilities

Where applicable, Stuart uses information about your disabilities as required to ensure compliance with the law and make sure the appropriate adjustments are made. This helps us give you the right help and make our service better for you.

This data includes special category data including information about your health.

We only use the details you provide and make sure that this is only shared with the people who have a need to know. We don't share this data unless we are required to do so by law.

Direct Marketing

Where you have given your consent or where we are permitted to do so by law, we will contact you to let you know about Stuart’s products and services including those of our partners. 

In most cases, Stuart will contact you via email or in-app notifications. You will have the option to opt-out of such communications.

Please note that Stuart may also contact you with service messages, such as to inform you of updates to our terms and conditions or to notify you of incidents. These are not considered direct marketing and we are not able to offer an opt-out for such communications.

You can find more information on how we use your data in the tables below.

Lawful basis

The table below summarises the lawful bases Stuart relies upon to process your personal data.

Purposes

Lawful Bases

Provision of Services

Contractual Necessity

Processing your application to become a courier

Legitimate Interests

Identity Verification (biometric verification)

Explicit Consent

Service and professional vehicle monitoring (including location services in the CMA)

Legitimate Interest

Making reasonable adjustments for disabilities

Legal Obligation

Direct Marketing

Consent (or legitimate interests where we have a pre-existing relationship with you)

Retention of data

Legitimate Interests

Dispute Resolution

Legitimate Interests

Categories of data collected

Category

Purposes

Source

Recipients

Retention period

Personal identifiers (e.g. your name)

  • Account creation and management
  • Enabling a commercial relationship with customers
  • Verification of identity
  • Fraud prevention
  • Handling complaints from customers or recipients of goods
  • Direct marketing
  • You
  • Stuart
  • Our service providers
  • Subsidiaries
  • Customers
  • Up to 6 months for candidates after the last contact
  • Up to 5 years after termination of the account*.

Contact details (such as your email address)

  • To contact you
  • Enabling a commercial relationship with customers
  • Handling complaints from customers or recipients of goods
  • Direct marketing
  • You
  • Stuart
  • Our service providers
  • Our service providers
  • Subsidiaries
  • Customers
  • Up to 5 years after termination of the account*.

Identity documents (such as your passport or driving licence)

  • Verification of identity
  • To meet legal obligations
  • Fraud prevention
  • You
  • Our service providers
  • Subsidiaries
  • Up to 6 months for candidates after the last contact
  • Up to 5 years after termination of the account*.

Disability information

 

 

  • Making reasonable adjustments
  • You
  • Internal operational teams
  • Up to 1 year after termination of the account*.
  • Billing
  • You

  • Stuart
  • Our service providers
  • Up to 5 years after termination of the account*.

Financial information (such as bank details)

  • Billing
  • You
  • Stuart
  • Our service providers
  • Up to 5 years after termination of the account*.
  • Billing
  • You
  • Stuart
  • Our service providers
  • Invoices are kept for 10 years from the end of the tax year*.

Vehicle related data (type, usage indicators)

  • Organisation of deliveries
  • Follow-up of deliveries
  • Improvements to our services)
  • You
  • Our partners
  • Subsidiaries
  • Our service providers
  • Our partners
  • Up to 5 years after termination of the account*.

Connection data (such as IP address)

  • Follow-up of deliveries
  • Improving our services
  • Security of our systems
  • You
  • Our service providers
  • Subsidiaries
  • Our service providers
  • Up to 1 year after termination of the account*.

Delivery history

  • Billing
  • Follow-up of deliveries
  • Improving our services
  • Handling complaints from customers or recipients of goods
  • Fraud prevention
  • You
  • Stuart
  • Our service providers
  • Our service providers
  • Subsidiaries
  • Customers
  • Up to 5 years after termination of the account*.

Location data (such as GPS coordinates in the CMA)

  • Dispatching and follow-up of deliveries
  • Management of potential problems related to delivery routes
  • Visibility for Clients and end-customers
  • Fraud prevention and litigation/complaint management
  • You
  • Our service providers
  • Our service providers
  • Subsidiaries
  • Customers
  • Up to 3 months after the completion of the delivery*.

Biometric data (facial scans)

  • Identity verification and authentication
  • Fraud prevention
  • Our service providers
  • Our service providers
  • Deleted after verification

*Termination as defined in Article 14 of our General Terms and Conditions.

We may need to process this data for a longer period of time when required by law, to settle a dispute or to ensure the security of our systems.

Stuart does not sell your personal data to third parties. 

How do we ensure the security of your data?

We put in place physical, electronic and organisational procedures to protect and secure all personal data we collect. This includes in particular:

  • Security measures to prevent the loss of or unauthorised access to your data;
  • Limiting access to your data to those who really need such access;
  • The commitment that our staff, our service providers and their staff are aware of their responsibilities and have signed appropriate contractual clauses;
  • Putting in place procedures to deal with potential breaches of information security, including procedures for notifying you of such breaches where we are required to do so;

If you feel that your privacy has been violated, please contact us immediately at dpo@stuart.com.

Where do we store your data?

Most of the personal data we collect is processed in our offices in Paris (France), Barcelona (Spain), London (UK), Warsaw (Poland) and Milan (Italy), and by some of our service providers.

We use third party providers to help us run our business, including hosting our application, communicating with you and processing payments.

In this context, it is sometimes necessary to share your data with these service providers to enable the proper functioning of the services. We will only share your data where strictly necessary and in accordance with the safeguards detailed in this privacy policy.

Where personal data is transferred to a third party outside the European Economic Area (EEA), we take the necessary steps to ensure that your privacy rights continue to be protected by using the safeguards provided for in the GDPR and in accordance with the recommendations of the supervisory authorities, reinforced by contractual and technical measures.

Where required by law, we share personal data with government authorities, including tax authorities and the police.

What are your rights?

Please note that, in accordance with the provisions of the General Data Protection Regulation (GDPR), some of these rights apply only in limited circumstances, which we will specify to you as appropriate.

Access

You have the right to access the information we hold about you.

This includes the right to request additional information from us regarding:

  • The categories of data we process;
  • The purposes of data processing ;
  • Categories of third parties to whom data may be disclosed;
  • The length of time the data will be retained (or the criteria used to determine this length) ;
  • Your other rights regarding our use of your data.
Once we are satisfied that you are the person to whom the data relates or their duly authorised representative, we will provide you with the information as soon as possible, provided that this does not prejudice the rights and freedoms of any other person (e.g. the right to privacy or the intellectual property rights of another person).

Rectification

You have the right to request the correction of any inaccurate personal data about you.

In certain circumstances (e.g. where personal data is required in connection with a criminal investigation) we will not be able to comply with your request.

Restriction

You have the right to limit the way we use your personal data.

This right is intended to apply in limited circumstances, for example where you challenge the accuracy of your personal data. In this case, you may request that we restrict the use of your data until we can verify their accuracy.

Opposition

You have the right to object to our continued use of your data where the processing is based on our legitimate interest.

To exercise this right you will need to provide Stuart with reasons relating to your particular circumstances justifying your objection. Stuart may continue to process the data, and therefore reject your request, if there are compelling legitimate grounds for the processing which override your interests and rights, or if the data is necessary for the establishment, exercise or defence of legal claims.

Portability

You have the right to request portability of your data to another service provider where the lawful basis for processing is your consent or the performance of a contract.

We will give you a copy of your data so that you can provide it to another service. If you request us to do so and it is technically possible, we will transfer the data directly to that other service provider on your behalf. We will not do this if it would result in the disclosure of personal data relating to a third party.

Right to erasure or "right to be forgotten”

You have the right to request your right to be forgotten by Stuart.

You may ask us to delete any personal data we hold about you, to the extent that it is no longer necessary for us to retain it in connection with your use of Stuart's services or if you expressly withdraw your consent (if this is the lawful basis for processing).

This right applies unless the data needs to be retained due to legal or regulatory requirements, for safety, security and fraud prevention purposes, or due to an account issue such as an unresolved claim or dispute

Automated decision making and profiling

For the purposes of the processing operations covered in this policy, we do not make any automated decisions about you, nor do we carry out any profiling

How to exercise your rights?

If you wish to exercise your rights, please submit your request via the form available here.

SRT GROUP
43-45 Avenue de Clichy
75017 Paris
France

We will reply as soon as possible and at the latest within one month from the date of receipt of a valid request. This period may be extended to two months if your request is particularly complex, in which case we will notify you.

How to make a complaint?

We are committed to working with you to resolve any issues you may have. If we are unable to address your concerns, you may make a complaint to the relevant data protection authority.

In the UK:

The Information Commissioner's Office via its website.

In France:

Commission Nationale de l'Informatique et des Libertés via its website.

In Spain:

Agencia Española de Protección de Datos via its website.

In Poland:

Bureau of the Inspector General for the Protection of Personal Data - GIODO via its website.

In Portugal:

The Comissão Nacional de Proteção de Dados via its website.

In Italy:

The Garante per la protezione dei dati personali via its website.

 🔽 Candidate for employment

We use Lever, an online application provided by Lever Inc., to assist with Our recruitment process. Lever processes personal information as a data processor on Our behalf and is only entitled to process your personal data in accordance with Our instructions.

Where you apply for a job opening posted by Us, these Privacy Notice provisions will apply to Our processing of your personal information in addition to Our other Privacy Notice which has been provided to you separately or is available on Our Website.

Where you apply for a job opening via the application function on a job site or similar online service provider (“Partner”), you should note that the relevant Partner may retain your personal data and may also collect data from Us in respect of the progress of your application. Any use by the Partner of your data will be in accordance with the Partner’s Privacy Notice.

This notice is regularly updated so please make sure to check it from time to time.

What data do we collect and how will it be used?

Information we collect from You

In order to determine whether your application corresponds to the job position that we offer, we process information that you provide when you apply for a role. This includes information provided through an online job site, via email, in person at interviews and/or by any other method.

In particular, we collect the following data: name, geographic location, age, contact details, IP address, profession, gender, employment history, employment references, salary, CV, and any other personal details that you desire to communicate.

If you choose to apply without importing your CV, you may be asked to provide your professional experience, training, or academic background, as well as your certifications and skills (among others). In general, you will not be required to provide this information in order to apply. It is therefore up to you to choose whether you wish to communicate them or not.

If you contact us, we may keep a record of that correspondence.

A record of your progress through any hiring process that We may conduct will be kept. If you are chosen at the final stage of the process, we will collect some data to draft the hiring letter and the employment contract.

When you visit Lever’s Website, some data will be collected; including, but not limited to, traffic data, location data, weblogs and other communication data, the site that referred you to Lever’s Website and the resources that you access.

Stuart does not sell your personal data to third parties.

Information we collect from other sources

Lever provides Us with the facility to link the data you provide to Us, with other publicly available information about you that you have published on the Internet – this may include sources such as LinkedIn and other social media profiles, or websites.

Lever’s technology allows Us to search various databases, some publicly available and others not, which may include your personal data (include your CV or Resumé), to find possible candidates to fill Our job openings. Where We find you in this way, We will obtain your personal data from these sources.

We may receive your personal data from a third party who recommends you as a candidate for a specific job opening or for Our business more generally.

Lawful basis

This processing is, in part necessary for the execution of pre-contractual procedures, namely analyze your application and determine whether your profile fits the job position and if we wish to enter into an employment contract with you, and partly based on the legitimate interest of Stuart, when we keep your file to contact you again in the event of another opportunity.

Purposes of processing

We use information held about you in the following ways:

  • To consider your application in respect of a role for which you have applied.
  • To consider your application in respect of other roles.
  • To communicate with you in respect of the recruitment process.
  • To enhance any information that We receive from you with information obtained from third party data providers.
  • To find appropriate candidates to fill Our job openings.
  • To help Our service providers (such as Lever and its processors and data providers) and Partners (such as the job sites through which you may have applied) improve their services. 

Data retention

We keep your data for as long as necessary for the fulfillment of the purposes identified. 

If your application is successful and you join Stuart, your data will be kept for the duration of the employment contract and during the applicable limitation period, after which they will be deleted (5 years after your departure).

If your application is not successful, your data will be kept for a period of 2 years at the end of which they will be deleted.

We may further process this data where required by law, to settle a dispute or to ensure the security of our systems. 

Automated decision making/profiling

We may use Lever’s technology to select appropriate candidates for Us to consider based on criteria expressly identified by us, or typical in relation to the role for which you have applied. The process of finding suitable candidates can be automatic, however, any decision as to who We will engage to fill the job opening will be made by Our staff.

Disclosure of Your Information

As set out above, We pass your information to Our third party service providers, including Lever, who use it only in accordance with Our instructions and as otherwise required by law.

Where you have applied for a job opening through another service provider, and where you have consented to this disclosure, We will disclose to them certain personal data that We hold, including but not limited to information about your progress through Our hiring process for the applicable job opening, as well as tangible, intangible, visual, electronic, present, or future information that We hold about you, such as your name, contact details and other information involving analysis of data relating to you as an applicant for employment (collectively “Disposition Data”).The service provider shall be the data controller of this data and shall therefore be responsible for complying with all applicable law in respect of the use of that data following its transfer by Us.

How do we ensure the security of your data?

We put in place physical, electronic and organisational procedures to protect and secure all personal data we collect. This includes in particular:

  • Security measures to prevent the loss of or unauthorised access to your data;
  • Limiting access to your data to those who really need such access;
  • The commitment that our staff, our service providers and their staff are aware of their responsibilities and have signed appropriate contractual clauses;
  • Putting in place procedures to deal with potential breaches of information security, including procedures for notifying you of such breaches where we are required to do so;

If you feel that your privacy has been violated, please contact us immediately at dpo@stuart.com.

Where do we store your data?

Most of the personal data we collect is processed in our offices in Paris (France), Barcelona (Spain), London (UK), Warsaw (Poland) and Milan (Italy), and by some of our service providers.

We use third party providers to help us run our business, including hosting our application, communicating with you and processing payments.

In this context, it is sometimes necessary to share your data with these service providers to enable the proper functioning of the services. We will only share your data where strictly necessary and in accordance with the safeguards detailed in this privacy policy.

Where personal data is transferred to a third party outside the European Economic Area (EEA), we take the necessary steps to ensure that your privacy rights continue to be protected by using the safeguards provided for in the GDPR and in accordance with the recommendations of the supervisory authorities, reinforced by contractual and technical measures.

Where required by law, we share personal data with government authorities, including tax authorities and the police.

What are your rights?

Please note that, in accordance with the provisions of the General Data Protection Regulation (GDPR), some of these rights apply only in limited circumstances, which we will specify to you as appropriate.

Access

You have the right to access the information we hold about you.

This includes the right to request additional information from us regarding:

  • The categories of data we process;
  • The purposes of data processing ;
  • Categories of third parties to whom data may be disclosed;
  • The length of time the data will be retained (or the criteria used to determine this length) ;
  • Your other rights regarding our use of your data.
Once we are satisfied that you are the person to whom the data relates or their duly authorised representative, we will provide you with the information as soon as possible, provided that this does not prejudice the rights and freedoms of any other person (e.g. the right to privacy or the intellectual property rights of another person).

Rectification

You have the right to request the correction of any inaccurate personal data about you.

In certain circumstances (e.g. where personal data is required in connection with a criminal investigation) we will not be able to comply with your request.

Restriction

You have the right to limit the way we use your personal data.

This right is intended to apply in limited circumstances, for example where you challenge the accuracy of your personal data. In this case, you may request that we restrict the use of your data until we can verify their accuracy.

Opposition

You have the right to object to our continued use of your data where the processing is based on our legitimate interest.

To exercise this right you will need to provide Stuart with reasons relating to your particular circumstances justifying your objection. Stuart may continue to process the data, and therefore reject your request, if there are compelling legitimate grounds for the processing which override your interests and rights, or if the data is necessary for the establishment, exercise or defence of legal claims.

Portability

You have the right to request portability of your data to another service provider where the lawful basis for processing is your consent or the performance of a contract.

We will give you a copy of your data so that you can provide it to another service. If you request us to do so and it is technically possible, we will transfer the data directly to that other service provider on your behalf. We will not do this if it would result in the disclosure of personal data relating to a third party.

Right to erasure or "right to be forgotten”

You have the right to request your right to be forgotten by Stuart.

You may ask us to delete any personal data we hold about you, to the extent that it is no longer necessary for us to retain it in connection with your use of Stuart's services or if you expressly withdraw your consent (if this is the lawful basis for processing).

This right applies unless the data needs to be retained due to legal or regulatory requirements, for safety, security and fraud prevention purposes, or due to an account issue such as an unresolved claim or dispute

Automated decision making and profiling

For the purposes of the processing operations covered in this policy, we do not make any automated decisions about you, nor do we carry out any profiling

How to exercise your rights?

If you wish to exercise your rights, please submit your request via the form available here.

SRT GROUP
43-45 Avenue de Clichy
75017 Paris
France

We will reply as soon as possible and at the latest within one month from the date of receipt of a valid request. This period may be extended to two months if your request is particularly complex, in which case we will notify you.

How to make a complaint?

We are committed to working with you to resolve any issues you may have. If we are unable to address your concerns, you may make a complaint to the relevant data protection authority.

In the UK:

The Information Commissioner's Office via its website.

In France:

Commission Nationale de l'Informatique et des Libertés via its website.

In Spain:

Agencia Española de Protección de Datos via its website.

In Poland:

Bureau of the Inspector General for the Protection of Personal Data - GIODO via its website.

In Portugal:

The Comissão Nacional de Proteção de Dados via its website.

In Italy:

The Garante per la protezione dei dati personali via its website.  

 🔽 Supplier

What data do we collect and how will it be used?

To effectively manage relations with our suppliers and service providers, we will collect personal data related to your employees, workers or agents.

This data is necessary for us to select and contract with the selected service providers and suppliers, and to maintain and update our contractual library.

We may also need to process certain data for billing management purposes.

Legal basis

The table below summarises the legal basis on which Stuart processes your personal data.

Purposes

Lawful Basis

Negotiating and signing contracts with selected suppliers and service providers

Contractual Necessity

Identifying points of contact

Legitimate Interests

Categories of personal data collected

Category

Purposes

Source

Recipients

Retention Period

Personal identifiers (e.g. your name)

  • Selection of service providers and suppliers by the business lines
  • Review and analysis of the compliance of service providers and suppliers
  • Negotiation and signature of contracts with selected service providers and suppliers
  • Maintenance and regular updating of the contractual library
  • Invoicing and accounting management
  • You

  • IT
  • Financial
  • Legal
  • Procurement

  • Up to 3 years after the last contact*

We may need to process this data for a longer period when required by law, to settle a dispute or to ensure the security of our systems.

Stuart does not sell your personal data to third parties.

How do we ensure the security of your data?

We put in place physical, electronic and organisational procedures to protect and secure all personal data we collect. This includes in particular:

  • Security measures to prevent the loss of or unauthorised access to your data;
  • Limiting access to your data to those who really need such access;
  • The commitment that our staff, our service providers and their staff are aware of their responsibilities and have signed appropriate contractual clauses;
  • Putting in place procedures to deal with potential breaches of information security, including procedures for notifying you of such breaches where we are required to do so;

If you feel that your privacy has been violated, please contact us immediately at dpo@stuart.com.

Where do we store your data?

Most of the personal data we collect is processed in our offices in Paris (France), Barcelona (Spain), London (UK), Warsaw (Poland) and Milan (Italy), and by some of our service providers.

We use third party providers to help us run our business, including hosting our application, communicating with you and processing payments.

In this context, it is sometimes necessary to share your data with these service providers to enable the proper functioning of the services. We will only share your data where strictly necessary and in accordance with the safeguards detailed in this privacy policy.

Where personal data is transferred to a third party outside the European Economic Area (EEA), we take the necessary steps to ensure that your privacy rights continue to be protected by using the safeguards provided for in the GDPR and in accordance with the recommendations of the supervisory authorities, reinforced by contractual and technical measures.

Where required by law, we share personal data with government authorities, including tax authorities and the police.

What are your rights?

Please note that, in accordance with the provisions of the General Data Protection Regulation (GDPR), some of these rights apply only in limited circumstances, which we will specify to you as appropriate.

Access

You have the right to access the information we hold about you.

This includes the right to request additional information from us regarding:

  • The categories of data we process;
  • The purposes of data processing ;
  • Categories of third parties to whom data may be disclosed;
  • The length of time the data will be retained (or the criteria used to determine this length) ;
  • Your other rights regarding our use of your data.

Once we are satisfied that you are the person to whom the data relates or their duly authorised representative, we will provide you with the information as soon as possible, provided that this does not prejudice the rights and freedoms of any other person (e.g. the right to privacy or the intellectual property rights of another person).

Rectification

You have the right to request the correction of any inaccurate personal data about you.

In certain circumstances (e.g. where personal data is required in connection with a criminal investigation) we will not be able to comply with your request.

Restriction

You have the right to limit the way we use your personal data.

This right is intended to apply in limited circumstances, for example where you challenge the accuracy of your personal data. In this case, you may request that we restrict the use of your data until we can verify their accuracy.

Opposition

You have the right to object to our continued use of your data where the processing is based on our legitimate interest.

To exercise this right you will need to provide Stuart with reasons relating to your particular circumstances justifying your objection. Stuart may continue to process the data, and therefore reject your request, if there are compelling legitimate grounds for the processing which override your interests and rights, or if the data is necessary for the establishment, exercise or defence of legal claims.

Portability

You have the right to request portability of your data to another service provider where the lawful basis for processing is your consent or the performance of a contract.

We will give you a copy of your data so that you can provide it to another service. If you request us to do so and it is technically possible, we will transfer the data directly to that other service provider on your behalf. We will not do this if it would result in the disclosure of personal data relating to a third party.

Right to erasure or "right to be forgotten”

You have the right to request your right to be forgotten by Stuart.

You may ask us to delete any personal data we hold about you, to the extent that it is no longer necessary for us to retain it in connection with your use of Stuart's services or if you expressly withdraw your consent (if this is the lawful basis for processing).

This right applies unless the data needs to be retained due to legal or regulatory requirements, for safety, security and fraud prevention purposes, or due to an account issue such as an unresolved claim or dispute

Automated decision making and profiling

For the purposes of the processing operations covered in this policy, we do not make any automated decisions about you, nor do we carry out any profiling

How to exercise your rights?

If you wish to exercise your rights, please submit your request via the form available here.

SRT GROUP
43-45 Avenue de Clichy
75017 Paris
France

We will reply as soon as possible and at the latest within one month from the date of receipt of a valid request. This period may be extended to two months if your request is particularly complex, in which case we will notify you.

How to make a complaint?

We are committed to working with you to resolve any issues you may have. If we are unable to address your concerns, you may make a complaint to the relevant data protection authority.

In the UK:

The Information Commissioner's Office via its website.

In France:

Commission Nationale de l'Informatique et des Libertés via its website.

In Spain:

Agencia Española de Protección de Datos via its website.

In Poland:

Bureau of the Inspector General for the Protection of Personal Data - GIODO via its website.

In Portugal:

The Comissão Nacional de Proteção de Dados via its website.

In Italy:

The Garante per la protezione dei dati personali via its website.