Personally Identifiable Information (PII) in Convey
Convey is committed to protecting the information of our customers and their consumers, along with meeting all contractual (Data Processing Agreements or DPAs) and regulatory requirements (CCPA and GDPR), and as such implements a number of controls and processes which make up our Security Program (SP).
A critical component of our SP is the limiting the scope, permitted uses and retention period of the Personally Identifiable Information (PII) that Convey stores and processes to only what is required to provide our services to our customers and their consumers.
In the context of this summary, the PII is defined as:
- A person’s name
- Any address information that is more precise than a city, postal code, state or province code and country code
- A phone number
- An email address
In order to be compliant with the requirements listed above, Convey implements the following Shipment PII Removal process:
- PII is removed from shipments and alerts (emails and text messages) 90 days after delivery or last tracking event, whichever comes first
- Once PII has been removed from a shipment the shipment becomes locked (read-only)
- Information such as carrier, tracking number, city, postal code and state or province code and evidence of alerts having been sent is retained
- Customer feedback suggestion text and note messages on the shipment details page will be removed in the event that they contain PII
Examples of Locked Shipments in the Convey App:
Shipments Page
Shipment Details Page
Customer Feedback Suggestion Text After Removal
To ensure the reliability, integrity and evidence of compliance of this process it is mandatory, non-configurable and applies uniformly to all shipments processed by Convey.