Privacy Notice Social media
Below, we explain how your personal data is processed when you interact with our social media profiles — including what data is processed, for what purposes, and what rights you have.

Privacy Notice – Facebook / Instagram
1. WHO IS THE CONTROLLER OF YOUR DATA?
Locker InPost Italia s.r.l., with its registered office at Viale Cassala 30, 20143 Milan, Italy (hereinafter "InPost"), is the controller of the personal data of users of the fanpages operated by InPost on the Facebook and Instagram platforms and on Messenger.
Independently of the above, the Facebook and Instagram platform is operated by Meta Platforms Ireland Limited, which — as a separate controller or joint controller — also processes the data of users who use its functionalities. Meta’s data processing rules can be found at:
https://www.facebook.com/about/privacy/update
How to contact us
For matters relating to the processing of your personal data, you can contact us:
- by email: [email protected]
- by post: Viale Cassala 30, 20143 Milan, Italy
Locker InPost Italia S.r.l. has appointed a Data Protection Officer (DPO) pursuant to Arts. 37, 38 and 39 of the GDPR. The DPO can be contacted by email at: [email protected].
2. WHAT DATA DO WE PROCESS?
We process data relating to persons who interact with our profile, in particular by:
- following or liking our fanpage;
- adding comments under our posts or replying to comments;
- reacting to posts or comments (e.g. “Like”, other reactions);
- sending messages via Messenger;
- sharing our posts;
- participating in competitions organised by InPost through the platform.
Depending on the type of interaction, we process the following categories of data: first and last name or the username visible on the profile, image (if included in the profile photo or content), the content of comments and messages, and other information visible on your public profile.
We also process aggregated, anonymised statistics on user activity on our fanpage, generated by Meta’s tools. More information about page insights can be found here:
https://www.facebook.com/legal/terms/information_about_page_insights_data
Voluntary provision of data
Using the InPost profile and interacting with it is voluntary. If you decide to be active — for example, if you leave a comment or send a message — you will provide us with data that we will process. Failure to provide personal data does not affect your ability to browse the content we publish, but may prevent you from using certain features, such as commenting.
3. FOR WHAT PURPOSE AND ON WHAT LEGAL BASIS DO WE PROCESS YOUR DATA?
InPost processes the personal data of users on the basis of the legitimate interest of the controller (Art. 6(1)(f) GDPR) for the following purposes:
- managing the profile and communicating with users — responding to comments and messages, moderating content;
- informing users about the activities, offering, services and events of InPost;
- analysing viewership and engagement statistics — for the purpose of optimising communications;
- organising competitions and promotional activities — where these are run through the platform;
- establishing, pursuing or defending against potential claims.
If you see an InPost advert on the Meta platform, this occurs on the basis of your consent given to Meta for the display of personalised adverts — based on your activity on our website (collected via Facebook Pixel, on the basis of your cookie consent) or other data you have shared within the Meta ecosystem. More information can be found in our Cookie Policy:
4. TO WHOM MAY WE DISCLOSE YOUR DATA?
User data may be shared with entities providing InPost with services related to the management of social media (e.g. communications or advertising agencies) — solely on the basis of a data processing agreement and strictly to the extent necessary to perform the tasks assigned.
The content of comments is publicly accessible to other users of the platform. Data may also be accessible to Meta Platforms Ireland Limited as the platform controller.
5. IS DATA TRANSFERRED OUTSIDE THE EEA?
InPost does not independently transfer user profile data outside the European Economic Area (EEA). Meta Platforms Ireland Limited may, however, transfer data to third countries — in particular to the USA — on the basis of mechanisms provided for in the GDPR (including Standard Contractual Clauses). Details of such transfers can be found in Meta’s privacy policy:
https://www.facebook.com/about/privacy/update
Automated decision-making
To the extent that InPost acts as the controller of your data in connection with managing the profile, we do not apply automated decision-making that would produce legal effects or similarly significantly affect you.
6. HOW LONG DO WE RETAIN YOUR DATA?
We process data for as long as our profile exists, unless beforehand:
- you raise a valid objection to the processing,
- the purposes for which the data was being processed cease to apply.
The content of comments is retained until it is deleted — either by you or by us in the course of moderation. You may unfollow the profile at any time directly on the platform. Independently of our retention periods, Meta applies its own data retention rules.
Your rights
In connection with the processing of your personal data by InPost, you have the following rights:
- the right of access to your data and to receive a copy thereof;
- the right to rectification of data that is incorrect or incomplete;
- the right to erasure of data in the cases specified in the GDPR;
- the right to restriction of processing;
- the right to object to the processing of data based on the legitimate interest of the controller, including processing for the purposes of direct marketing.
To exercise the above rights, please contact us or the Data Protection Officer — contact details can be found above.
You also have the right to lodge a complaint with a supervisory authority.
Joint controllership – InPost and Meta Platforms Ireland Limited
Basis and scope of joint controllership
InPost and Meta Platforms Ireland Limited are joint controllers of personal data to the extent that both process the data of users visiting the InPost fanpage for the purpose of generating platform statistics. The joint controllership arises from the shared purposes and shared means of processing data in this area.
The statistics provided to InPost are in anonymised form — they do not contain data that would allow a user to be directly identified. However, the process of generating those statistics is based on Meta’s prior collection of personal data from platform users.
The detailed rules governing joint controllership are set out in the Page Controller Addendum available at:
https://www.facebook.com/legal/terms/page_controller_addendum
Division of responsibilities
Meta Platforms Ireland Limited is responsible for:
- ensuring a legal basis for the processing of data for the purposes of platform statistics;
- fulfilling the rights of individuals whose data is stored by Meta;
- reporting personal data security breaches to the relevant supervisory authority and notifying the individuals affected by the incident;
- applying appropriate technical and organisational measures to ensure the security of the data processed.
InPost is responsible for:
- ensuring a legal basis for the processing of data to the extent that it acts as controller;
- fulfilling the information obligation towards users in respect of the processing purposes pursued by InPost;
- ensuring that the user has the opportunity to object to the processing of their data for statistical purposes.
The lead supervisory authority for the joint controllership is the Irish Data Protection Commission, irrespective of Art. 55(2) GDPR. The full arrangements between the joint controllers and Meta’s data processing rules are available at:
- Joint controller arrangements
- Meta Privacy Policy
- Information about Page Insights
Privacy Notice – TikTok
1. WHO IS THE CONTROLLER OF YOUR DATA?
Locker InPost Italia s.r.l. with its registered office at Viale Cassala 30, 20143 Milan, Italy (hereinafter "InPost"), operates an official profile on the TikTok platform and is the controller of the personal data of users who interact with that profile.
The TikTok platform is operated by TikTok Technology Limited with its registered office at 2 Cardiff Lane Grand Canal Dock, Dublin 2, D02 E395, Ireland (hereinafter: TikTok Ireland) — which is a separate controller of the data of persons using the functionalities of the service. TikTok’s data processing rules:
https://www.tiktok.com/legal/page/eea/privacy-policy/pl
How to contact us
For matters relating to the processing of your personal data, you can contact us:
- by email: [email protected]
- by post: Viale Cassala 30, 20143 Milan, Italy
Locker InPost Italia S.r.l. has appointed a Data Protection Officer (DPO) pursuant to Arts. 37, 38 and 39 of the GDPR. The DPO can be contacted by email at: [email protected].
2. WHAT DATA DO WE PROCESS?
We process the data of users who are active on our profile, in particular those who:
- have followed our profile;
- have published a comment under our content;
- have reacted to content (e.g. “Like”, “Save”, “Share”);
- have contacted us via direct message;
- have taken part in a competition organised by InPost.
The data processed includes: first and last name or the username visible on the profile, image (where publicly available), the content of comments and messages, and other information shared on the public profile.
Voluntary provision of data
Using the InPost profile and interacting with it is voluntary. If you decide to be active — for example, if you leave a comment or send a message — you will provide us with data that we will process. Failure to provide personal data does not affect your ability to browse the content we publish, but may prevent you from using certain features, such as commenting.
3. FOR WHAT PURPOSE AND ON WHAT LEGAL BASIS DO WE PROCESS YOUR DATA?
The legal basis for processing is the legitimate interest of InPost (Art. 6(1)(f) GDPR). We process data for the following purposes:
- managing the profile and ongoing communication with users — responding to comments and messages, moderating content;
- presenting InPost’s activities, product and service offering, and informing users of events;
- analysing reach and engagement for the purpose of optimising InPost’s published content;
- organising competitions or promotional activities carried out through the platform;
- establishing, pursuing or defending against claims that may arise from use of the profile.
4. TO WHOM MAY WE DISCLOSE YOUR DATA?
User data may be shared with agencies and entities working with InPost on social media management, acting solely on the basis of data processing agreements and on InPost’s instructions.
The content of comments is publicly visible to other users of the platform. Data may also be accessible to TikTok Technology Limited as the platform controller.
5. IS DATA TRANSFERRED OUTSIDE THE EEA?
InPost does not independently transfer user profile data outside the European Economic Area. TikTok Technology Limited may, however, transfer data to third countries, including China, on the basis of mechanisms compliant with the GDPR — in particular Standard Contractual Clauses approved by the European Commission. Detailed information on transfers:
https://www.tiktok.com/legal/page/eea/privacy-policy/pl
Automated decision-making
To the extent that InPost acts as the controller of your data in connection with managing the profile, we do not apply automated decision-making that would produce legal effects or similarly significantly affect you.
6. HOW LONG DO WE RETAIN YOUR DATA?
We process data for as long as our profile is active on the TikTok platform, unless beforehand:
- you raise a valid objection to the processing,
- the purposes for which the data was being processed cease to apply.
Comments are retained until they are deleted. You can unfollow the profile or remove your reactions at any time directly on the platform. TikTok Technology Limited applies its own independent data retention rules.
Your rights
In connection with the processing of your personal data by InPost, you have the following rights:
- the right of access to your data and to receive a copy thereof;
- the right to rectification of data that is incorrect or incomplete;
- the right to erasure of data in the cases specified in the GDPR;
- the right to restriction of processing;
- the right to object to the processing of data based on the legitimate interest of the controller, including processing for the purposes of direct marketing.
To exercise the above rights, please contact us or the Data Protection Officer — contact details can be found above.
You also have the right to lodge a complaint with a supervisory authority.
Joint controllership – InPost and TikTok Technology Limited
Basis and scope of joint controllership
InPost uses the TikTok Pixel tool placed on its website. Consequently, in respect of the data processed through that tool, InPost and TikTok Technology Limited act as joint controllers of personal data — meaning they jointly determine the purposes and means of processing. The scope of joint controllership covers activities related to statistics and the optimisation of InPost’s marketing campaigns on the TikTok platform.
The detailed rules governing joint controllership are available at:
https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms
Division of responsibilities
TikTok Technology Limited is responsible for:
- ensuring a legal basis for the processing of data for the purposes of platform statistics and operation;
- fulfilling the rights of individuals whose data is stored by TikTok;
- reporting security incidents to the relevant supervisory authority and notifying affected individuals, to the extent of TikTok’s obligations;
- maintaining an appropriate level of technical and organisational security for the data processed.
InPost is responsible for:
- ensuring a legal basis for the processing of data to the extent that InPost acts as controller;
- fulfilling the information obligation towards users regarding the processing purposes on InPost’s side;
- correctly configuring TikTok tools within InPost’s infrastructure to guarantee the security of user data.
The lead supervisory authority for the joint controllership is the Irish Data Protection Commission. The full rules governing data processing by TikTok are available at:
https://www.tiktok.com/legal/page/eea/privacy-policy/pl
Privacy Notice – YouTube
1. WHO IS THE CONTROLLER OF YOUR DATA?
Locker InPost Italia s.r.l. with its registered office at Viale Cassala 30, 20143 Milan, Italy (hereinafter "InPost"), operates an official channel on the YouTube platform and is the controller of the personal data of users who interact with that channel.
The YouTube platform is operated by Google Ireland Limited with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland — which is a separate, independent controller of the data of persons using the functionalities of the service. Google’s data processing rules:
https://policies.google.com/privacy?hl=pl&gl=pl
How to contact us
For matters relating to the processing of your personal data, you can contact us:
- by email: [email protected]
- by post: Viale Cassala 30, 20143 Milan, Italy
Locker InPost Italia S.r.l. has appointed a Data Protection Officer (DPO) pursuant to Arts. 37, 38 and 39 of the GDPR. The DPO can be contacted by email at: [email protected].
2. WHAT DATA DO WE PROCESS?
We process the data of users who are active on our YouTube channel, in particular those who:
- have subscribed to the channel;
- have published a comment under a video;
- have reacted to content (“Like”, “Dislike”, “Share”);
- have sent a direct message;
- have taken part in a competition organised by InPost through the channel.
Depending on the type of interaction, we process: first and last name or the username visible on the Google/YouTube account, the image contained in the profile photo, the content of comments and messages, and other information publicly shared by the user on their profile.
Voluntary provision of data
Using the InPost profile and interacting with it is voluntary. If you decide to be active — for example, if you leave a comment or send a message — you will provide us with data that we will process. Failure to provide personal data does not affect your ability to browse the content we publish, but may prevent you from using certain features, such as commenting.
3. FOR WHAT PURPOSE AND ON WHAT LEGAL BASIS DO WE PROCESS YOUR DATA?
The legal basis for processing is the legitimate interest of InPost (Art. 6(1)(f) GDPR). We process data for the following purposes:
- managing the channel and communicating with viewers — responding to comments and messages, moderating content;
- informing users about InPost’s activities, products, services, campaigns and events;
- analysing viewership and engagement statistics in order to improve video content and communications;
- organising competitions or audience engagement activities — where these are run through the channel;
- establishing, pursuing or defending against potential claims related to the operation of the channel.
4. TO WHOM MAY WE DISCLOSE YOUR DATA?
User data may be shared with entities working with InPost on content production and channel management (e.g. creative or social media agencies). These entities process data solely on InPost’s behalf and on the basis of appropriate data processing agreements.
The content of comments is publicly visible to other users of the platform. Data is also accessible to Google Ireland Limited as the controller of the YouTube platform.
5. IS DATA TRANSFERRED OUTSIDE THE EEA?
InPost does not independently transfer user channel data outside the European Economic Area. Google Ireland Limited may, however, transfer data to third countries, including the USA, on the basis of mechanisms compliant with the GDPR. Detailed information on the transfer mechanisms applied:
https://policies.google.com/privacy/frameworks?hl=pl&gl=pl
Automated decision-making
To the extent that InPost acts as the controller of your data in connection with managing the profile, we do not apply automated decision-making that would produce legal effects or similarly significantly affect you.
6. HOW LONG DO WE RETAIN YOUR DATA?
We process data for as long as our channel is active on the YouTube platform, unless beforehand:
- you raise a valid objection to the processing,
- the purposes for which the data was being processed cease to apply.
Comments are retained until they are deleted by the user or by InPost in the course of moderation. You may cancel your subscription and withdraw your reactions directly on the platform at any time. Google Ireland Limited applies its own independent rules on data retention.
Your rights
In connection with the processing of your personal data by InPost, you have the following rights:
- the right of access to your data and to receive a copy thereof;
- the right to rectification of data that is incorrect or incomplete;
- the right to erasure of data in the cases specified in the GDPR;
- the right to restriction of processing;
- the right to object to the processing of data based on the legitimate interest of the controller, including processing for the purposes of direct marketing.
To exercise the above rights, please contact us or the Data Protection Officer — contact details can be found above.
You also have the right to lodge a complaint with a supervisory authority.