DTDC Singapore

Due to massive volume of calls DTDC Singapore is unable to respond to tracking inquiries over Phone. We will respond any tracking related inquiry only through emails. | We will respond any tracking related inquiry only through emails. Lodge your inquiry through "Track Your Shipment" page only. We apologize for any inconvenience.
Due to massive volume of calls DTDC Singapore is unable to respond to tracking inquiries over Phone. We will respond any tracking related inquiry only through emails. | We will respond any tracking related inquiry only through emails. Lodge your inquiry through "Track Your Shipment" page only. We apologize for any inconvenience.

DTDC Global Express Pte Ltd.

Website Privacy Policy

Personal Data Protection Act 2012 (Singapore)

About This Document: This Privacy Policy describes how DTDC Global Express PTE Ltd. (“DTDC”, “we”, “our”, or “us”) collects, uses, discloses, and protects your personal data in accordance with the Personal Data Protection Act 2012 (No. 26 of 2012) of Singapore, as amended from time to time (“PDPA”), and the accompanying advisory guidelines issued by the Personal Data Protection Commission (“PDPC”).

By accessing our website, mobile application, engaging our courier and logistics services, or making payments through our platform, you acknowledge that you have read and understood this Privacy Policy. Where you make payments through our platform, your payment data is securely processed by our payment processing partner, Stripe. Stripe processes this data as an independent data controller in accordance with its own privacy and data usage standards. Please refer to Stripe’s Privacy Policy (https://stripe.com/privacy) for full details.

Policy Information

Policy Title Website Privacy Policy
Issued by IT Department
Policy Owner DTDC Global Express PTE Ltd.
Published Date Not specified
Approver (s) Not specified

Revision Control

Version Date Authored By Verified By Approved By

Jump to a section

1. About This Policy

This Privacy Policy applies to all personal data collected by DTDC Global Express PTE Ltd. through our website at https://www.dtdc.sg/, our mobile application, customer service channels, physical service counters, and all associated services including domestic and international courier and logistics services offered in Singapore.

This policy covers all individuals whose personal data we process, including customers, recipients of deliveries, website visitors, registered account holders, prospective customers, and business partners (collectively “Data Subjects” or “you”).

Note on India-Singapore Operations: Where our business operations involve coordination with our parent company, affiliated entities, or logistics partners based in India, such cross-border transfers are carried out with appropriate contractual safeguards and in compliance with Section 26 of the PDPA. Please refer to Section 9 (International Data Transfers) for full details.

2. Who We Are

DTDC Global Express PTE Ltd. is a company incorporated in Singapore. We are a courier and express logistics company with roots in India, providing domestic Singapore delivery services, cross-border logistics, particularly between Singapore and India, and international courier solutions. We are the data controller of your personal data for the purposes of this Privacy Policy.

Entity Detail Information
Company Name DTDC Global Express PTE Ltd.
UEN / Registration No. 201119645E
Registered Address 101 Kitchener Road, #01-31 Jalan Besar Plaza, Singapore 208511
DPO Email dpo@dtdc.com
Customer Service +65- 62948098
PDPC Organisation Reference 201119645E
3. Personal Data We Collect

We collect only the minimum personal data necessary for the purposes described in this policy. The categories of personal data we may collect include:

3.1 Identity & Contact Information

  • Full name, NRIC / FIN / Passport number (where required for customs or regulatory compliance and in strictly in accordance with the PDPC Advisory Guidelines on NRIC Numbers)
  • Mailing address, delivery address, and billing address
  • Email address and telephone / mobile number
  • Date of birth (when required for age verification)
  • Company name and designation (for business accounts)
  • Government-issued identification documents, including Indian identity documents such as Aadhaar cards and Permanent Account Number (PAN) cards (where required for customs clearance, regulatory compliance, or verification purposes.)

3.2 Shipment & Delivery Information

  • Sender and recipient details (name, address, contact number)
  • Parcel contents description, declared value, weight, and dimensions
  • Tracking numbers and delivery history
  • Delivery instructions and special handling requirements
  • Proof of delivery records including signatures and photographs

3.3 Payment & Financial Information

  • Transaction reference numbers and payment history
  • Billing address associated with payment instruments
  • Invoice and receipt data

Note: Full card numbers, CVV codes, and bank account details are processed exclusively by our payment partner Stripe and are not stored on our servers. See Section 7.

3.4 Account & Profile Information

  • Username and encrypted passwords
  • Account preferences and notification settings
  • Loyalty programme details and redemption history

3.5 Technical & Usage Data

  • IP address, browser type, operating system, and device identifiers
  • Pages visited, click paths, session duration, and referral URLs
  • Geolocation data (with your consent, for real-time tracking features)
  • Cookie and tracking technology data (see Section 12)

3.6 Communications Data

  • Customer service correspondence (emails, live chat, call recordings)
  • Survey responses and feedback forms
  • Social media interactions with our official accounts

Sensitive Personal Data: We do not intentionally collect sensitive personal data such as race, religion, health, biometric data, or political opinions except where strictly required for customs clearance, regulatory compliance, or security screening of shipments, and only with your explicit consent or where permitted by law.

4. How We Collect Personal Data

We collect personal data through the following channels:

  • Directly from you: When you register an account, place a shipment order, request a quote, contact our customer service team, fill in forms on our website or app, or sign up for marketing communications.
  • Automatically: When you visit our website or use our app, we automatically collect technical and usage data through cookies, log files, and similar tracking technologies.
  • From third parties: We may receive your information from our logistics partners, customs authorities, corporate clients who book deliveries on your behalf, and public databases where necessary for identity verification or fraud prevention.
  • From our payment processor (Stripe): Stripe may share transaction status, risk signals, and tokenised payment data with us in connection with your payments. Stripe’s privacy policy is available at https://stripe.com/privacy.
  • From customs and regulatory bodies: For international shipments, we may receive or be required to provide data to Singapore Customs, the Indian customs authorities (where applicable), or other relevant government bodies.
5. Purposes of Collection & Use

Under Section 18 of the PDPA, we must only use personal data for purposes that a reasonable person would consider appropriate. We use your personal data for the following purposes:

Purpose Description
Service Delivery Processing, arranging, tracking and delivering courier shipments; communicating delivery status and updates to senders and recipients.
Account Management Creating and maintaining your customer account; verifying your identity; managing your preferences and subscription services.
Payment Processing Processing payments via Stripe; issuing invoices, receipts, and credit notes; managing refunds and disputes.
Customs & Regulatory Compliance Complying with Singapore Customs, MAS regulations, Anti-Money Laundering obligations, trade sanctions screening, and import/export documentation for India-Singapore corridors.
Customer Support Responding to queries, complaints, and claims; investigating lost or damaged shipments; managing returns.
Safety & Security Fraud detection, identity verification, prevention of illegal use of our services, and physical security at our premises.
Service Improvement Analysing usage patterns, conducting research and surveys, improving our platform, website, mobile app, and delivery network.
Marketing (Consent Required) Sending promotional communications, offers, newsletters, and service updates via email, SMS, or push notifications — only with your consent and subject to opt-out at any time.
Legal Compliance Complying with court orders, regulatory requests, or legal obligations under Singapore law or applicable foreign law.
Business Operations Internal audit, risk management, insurance, financial reporting, and corporate governance.
6. Legal Bases & Consent

The PDPA permits us to collect, use, and disclose personal data without consent in certain circumstances (the “deemed consent” and “legitimate interests” exceptions introduced under the 2020 PDPA amendments). Our legal bases for processing are:

  • Contractual necessity: To fulfil our courier service agreement with you when you place an order or engage our services.
  • Legal obligation: To comply with applicable Singapore laws including the PDPA, Income Tax Act, Companies Act, Customs Act, and applicable international trade regulations.
  • Legitimate interests: For fraud prevention, network security, improving our services, and business analytics, where our interests are not overridden by your privacy rights.
  • Consent: For direct marketing communications and optional data uses. You have the right to withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
  • Vital interests: In emergencies where processing is necessary to protect your vital interests or those of another person.

Deemed Consent (Section 15A PDPA): In some contexts, consent may be deemed where you have voluntarily provided your personal data, or where it is reasonably expected that you would consent given the circumstances. We exercise this exception responsibly and only where a reasonable person would expect their data to be used in that manner.

7. Payment Data & Stripe

We use Stripe, Inc. (“Stripe”) as our payment processing partner. Stripe is a PCI DSS Level 1 certified payment processor. When you make a payment on our platform, your payment card data is transmitted directly and securely to Stripe’s servers using Transport Layer Security (TLS) encryption. We do not store, process, or have access to your full card number, CVV, or expiry date.

7.1 Data Processed by Stripe on Our Behalf

  • Cardholder name and billing address
  • Payment card details (encrypted and tokenised by Stripe)
  • Transaction amount, currency, and timestamp
  • IP address and device fingerprint (for fraud detection)
  • Email address for payment confirmation and receipts

7.2 Our Use of Stripe Data

We receive from Stripe only a tokenised reference, transaction status, and risk signals. This data is used solely for: completing your transaction, issuing receipts and invoices, processing refunds, investigating payment disputes, and fraud prevention.

7.3 Stripe’s Privacy Policy

Stripe processes your payment data as an independent data controller for its own fraud prevention, compliance, and service improvement purposes, in addition to acting as our data processor. Stripe’s Privacy Policy is available at stripe.com/privacy and governs Stripe’s own use of your data. By making a payment through our platform, you agree to be bound by Stripe’s Privacy Policy in addition to this Privacy Policy.

PCI DSS Compliance: Our payment integration with Stripe is designed to minimise our PCI DSS scope. We do not transmit, store, or process raw payment card data on our own infrastructure. Stripe’s infrastructure holds PCI DSS Level 1 certification, the highest level of certification in the payment card industry.

7.4 Refunds and Chargebacks

If you request a refund or raise a chargeback with your bank, we may need to share shipment details, proof of delivery records, and correspondence with Stripe and your issuing bank to process or dispute such claims. This sharing is carried out on the basis of our contractual and legal obligations.

8. Disclosure to Third Parties

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. We may disclose your personal data to the following categories of recipients, strictly to the extent necessary for the purposes in Section 5:

Recipient Category Purpose / Basis
Stripe, Inc. Payment processing, fraud detection, and financial compliance (see Section 7)
Delivery & Logistics Partners Last-mile delivery, international freight forwarders, and hub partners (India, Singapore, and other jurisdictions) for completing shipment contracts
Singapore Customs & Government Agencies Mandatory reporting, customs declarations, import/export compliance, and regulatory obligations
India Customs & Regulatory Bodies Cross-border shipment compliance, e-way bills, and regulatory notifications for India-bound or India-origin shipments
IT Service Providers & Cloud Platforms Hosting, data storage, analytics, CRM, and technical support services
Professional Advisors Legal counsel, accountants, insurers, and auditors bound by professional secrecy obligations
Fraud Prevention & KYC Services Identity verification and anti-fraud screening in compliance with AML/CFT obligations
Marketing Service Providers Email delivery, push notification, and SMS services — only for communications you have consented to receive
Purchasers of Business Assets In the event of a merger, acquisition, or sale of assets, subject to equivalent privacy protections
Law Enforcement & Courts Where required by a court order, subpoena, regulatory demand, or applicable law in Singapore or another jurisdiction

All third-party service providers acting as data processors on our behalf are bound by contractual obligations, including appropriate data protection clauses, to ensure they handle your personal data only on our instructions and in accordance with applicable law.

9. International Data Transfers

As a courier company with operations and business relationships in multiple jurisdictions, including Singapore and India, we may transfer, store, process or disclose your personal data outside Singapore where necessary, to provide our services. This may include transfers to our affiliated entities, parent company, logistics partners, payment processors and certain technology vendors located in countries including, but not limited to, India. We share personal data strictly on a need-to-know basis and take reasonable steps to ensure that recipients are required to protect your personal data and use it only for the purposes for which it was disclosed. Pursuant to Section 26 of the PDPA, we will not transfer your personal data to a country or territory outside Singapore unless we have taken appropriate steps to ensure that the recipient provides a standard of protection comparable to that under the PDPA. These steps include:

  • Limiting access to personal data to authorized personnel and service providers who require the information to perform their duties.
  • Verifying that overseas recipients are subject to local laws that provide comparable protection, where applicable.
  • Implementing appropriate technical and organizational security measures to protect personal data against unauthorized access, use, disclosure, alteration, or loss.
  • In the case of transfers to India, our affiliated entities have adopted internal data protection policies aligned with both the PDPA and India’s Digital Personal Data Protection Act 2023 (DPDPA), providing dual-compliance assurances.
  • Transfers to Stripe are subject to Stripe’s Binding Corporate Rules and other security practices and its certifications under applicable international data transfer frameworks.

Where permitted under the PDPA, some international transfers may be made to comply with a legal obligation, or where you have expressly consented to the transfer, or where the transfer is necessary for the performance of a contract to which you are a party (such as international courier delivery).

10. Retention of Personal Data

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required or permitted by law. Our general retention guidelines are as follows:

Data Category Retention Period Basis
Customer account data Duration of account + 5 years after closure Limitation Act (Singapore); regulatory audits
Shipment & delivery records 7 years from delivery date Customs Act, Companies Act (Singapore)
Payment & invoicing records 7 years from transaction date Income Tax Act, GST Act (Singapore)
Customer service communications 3 years from last interaction Legitimate interests; dispute resolution
Marketing consent records Until consent withdrawal + 3 years PDPA Do Not Call provisions; DNC Registry
Website logs & analytics 13 months rolling Legitimate interests; service improvement
CCTV footage (if applicable) 30 days unless required for investigation Security; legitimate interests
KYC & identity verification 5 years from last transaction AML/CFT obligations; MAS guidelines

Upon expiry of the applicable retention period, personal data is securely deleted or anonymised in accordance with recognised industry standards. Anonymised data that cannot be re-identified may be retained indefinitely for statistical purposes.

11. Security of Personal Data

We implement and maintain reasonable and appropriate technical, organisational, and physical security measures to protect your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal, or destruction, as required under the PDPA.

11.1 Technical Measures

  • TLS/SSL encryption for all data transmitted between your browser or app and our servers.
  • AES-256 encryption for data at rest in our databases.
  • Multi-factor authentication (MFA) for administrative and privileged system access.
  • Role-based access control (RBAC) ensuring staff access only the data necessary for their role.
  • Regular penetration testing and vulnerability assessments by qualified third parties.
  • Web Application Firewall (WAF) and Distributed Denial of Service (DDoS) protection.

11.2 Organisational Measures

  • Mandatory annual data protection training for all staff handling personal data.
  • Documented data protection policies, procedures, and incident response plans.
  • Data Protection Officer appointed pursuant to the PDPA and PDPC guidelines.
  • Data Protection Impact Assessments (DPIAs) conducted for new high-risk processing activities.
  • Contractual data protection obligations imposed on all third-party processors.

11.3 Mandatory Data Breach Notification

In the event of a data breach that is likely to result in significant harm to individuals, we will notify the PDPC within 3 calendar days of becoming aware of the breach, and affected individuals within a reasonable time, in accordance with the mandatory breach notification obligations under Part VIA of the PDPA. We maintain an incident response team and documented breach response procedures to enable rapid containment and notification.

12. Cookies & Tracking Technologies

12.1 What are Cookies?

A cookie is a small file that can be placed on your device that allows us to recognise and remember you. It is sent to your browser and stored on your computer’s hard drive or tablet or mobile device.

Cookies help DTDC with the capability to personalize information for certain segments of its customer base. They are also used to allow us the opportunity to associate individual customers with their information profiles. For example, through the use of cookies, the DTDC website username can “remember and autofill” your user ID when user’s login their DTDC website Login username on the DTDC website from their computer.

12.2 What are there different types of cookies?

First-party and third-party cookies:

First-party cookies are placed on your device directly by us. For example, we use first-party cookies to adapt our website to your browser’s language preferences and to better understand your use of our website. Third-party cookies are placed on your device by our partners and service providers. For example, we use third-party cookies to measure user numbers on our website or to enable you to share content with others across social media platforms.

Session and persistent cookies:

Session cookies are cookies that only last until you close your browser. We use session cookies for a variety of reasons, including to learn more about your use of our website during one single browser session and to help you to use our website more efficiently. Persistent cookies have a longer lifespan and aren’t automatically deleted when you close your browser. These types of cookies are primarily used to help you quickly sign-in to our website again and for analytical purposes.

12.3 Types of Cookies Used

When you visit our website, some or all of the following types of cookies may be placed on your device:

Cookie type Description
Necessary cookies These cookies are strictly necessary to provide you with services available through our website and to use some of its features, such as access to secure areas
Functional cookies These cookies provides enhanced performance for some website resources and services, as well as adopt a higher level of personalization to the user experience in some cases.
Performance cookies These cookies provides quantitative measurements regarding our website and its resources and are used for purposes such as troubleshooting and analytics.
Marketing/Targeting cookies These cookies provides behavioural advertising and re-marketing of analytical data.

As the cookies and similar tracking technologies we use may change dynamically over time, maintaining a static list in this policy is impractical. For a comprehensive and up-to-date list of the specific cookies used on our website, including their providers, purposes and retention periods, please refer to the Cookie Preference Centre available on our website.

12.4 What do we use cookies for?

DTDC uses cookies to enhance the user experience in the following ways:

  1. Essential Website Operations: Ensuring secure logins, preventing fraudulent activity, and enabling core website functionality.
  2. User Experience Enhancement: Remembering preferences such as language settings and login credentials.
  3. Performance Monitoring: Analyzing how users interact with the website to improve speed, usability, and content relevance.
  4. Targeted Advertising: Showing relevant ads based on browsing behavior and past interactions with DTDC services.
  5. Social Media Integration: Allowing users to engage with social platforms directly from the website.

12.5 Managing Your Cookie Preferences

DTDC respects your privacy and offers the ability to customize cookie settings. You can:

  1. Accept all cookies for a seamless experience.
  2. Reject all non-essential cookies while retaining necessary ones.
  3. Customize cookie preferences through our Cookie Settings Panel, which allows granular control over cookie types.

12.6 To opt out of being tracked by Google Analytics across all websites visit:

http://tools.google.com/dlpage/gaoptout

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. Those cookies are likely to be analytical/performance cookies or targeting cookies.

12.7 Data Protection and Retention

DTDC complies with the PDPA 2012 and it subsidiary legislations ensuring:

  • Cookies do not collect sensitive personal data without explicit user consent.
  • Personal data collected via cookies is stored only for as long as necessary.
  • Users have the right to access, modify, or request deletion of their data in accordance with applicable privacy laws.

Our website and mobile application use cookies and similar tracking technologies to enhance your browsing experience, personalise content, analyse traffic, and enable certain functionality. We provide you with clear information and choice regarding cookies in accordance with PDPC guidelines.

Cookie Type Purpose Consent Required
Strictly Necessary Essential for website function, security, and session management. Cannot be disabled. No (necessary for service)
Performance / Analytics Google Analytics and similar tools to understand website usage and improve performance. Yes
Functional Remember your preferences, language settings, and login state. Yes
Marketing / Targeting Deliver relevant advertisements and measure campaign effectiveness. Yes
Stripe Cookies Stripe uses cookies for fraud prevention and ensuring secure payment sessions on our checkout pages. No (necessary for payment processing)

You may manage or withdraw your cookie preferences at any time using our Cookie Preference Centre accessible on our website footer, or by adjusting your browser settings. Please note that disabling certain cookies may affect the functionality of our website and services.

13. Third Party Links

The DTDC website may include links to third-party websites. When users navigate to such sites, only the information that they arrived from the DTDC website is shared with the third-party to monitor their web site traffic, but does not provide them with any information about the users of the DTDC website. DTDC is not responsible for the privacy policies of third-party websites, and users are encouraged to review those policies independently.

14. Your Rights Under the PDPA

The PDPA and its 2020 amendments grant you the following rights in relation to your personal data. We will respond to verified requests within 30 calendar days of receipt, or inform you of a longer timeframe if needed.

Right Description
Right of Access Request information about the personal data we hold about you and how it has been or may have been used or disclosed in the preceding one year.
Right of Correction Request that we correct any error or omission in your personal data that is in our possession or control. Corrections will be made within 30 days.
Right to Withdraw Consent Withdraw any consent you have previously given to us for collecting, using, or disclosing your personal data, subject to reasonable notice.
Right to Data Portability Under the PDPA’s data portability obligation, request that certain personal data be transmitted to another organisation in a commonly used machine-readable format (once the relevant provision of the PDPA are fully in force).
Right re: Automated Decisions Where we use automated decision-making that produces legal or similarly significant effects, request human review of such decisions.
Right to File a Complaint Lodge a complaint with our DPO or directly with the Personal Data Protection Commission (PDPC) if you believe we have violated the PDPA.

14.1 How to Exercise Your Rights

To exercise any of the above rights, please submit a written request to our Data Protection Officer at dpo@dtdc.com. We may request proof of your identity before processing your request. We will not charge a fee for access requests unless they are manifestly unfounded or excessive.

Exceptions: Please note that certain rights under the PDPA are subject to exceptions — for example, we may decline to provide access where it would reveal personal data of another individual, could interfere with law enforcement investigations, or where legal privilege applies. We will explain any such exceptions when responding to your request.

15. Do Not Call (DNC) Registry

Singapore’s Do Not Call (DNC) Registry provisions under Part IX of the PDPA regulate the sending of unsolicited telemarketing and promotional messages to Singapore telephone numbers. Where we conduct markting or promotional activities directed at these numbers, we comply with all applicable DNC requirements.

  • We will not send marketing or promotional messages to Singapore telephone numbers registered on the DNC Registry unless we have your clear and explicit written consent to do so.
  • Where required by law, we check Singapore telephone numbers against the relevant DNC Registry before sending marketing or promotional messages.
  • You may withdraw your consent for telemarketing at any time by contacting us at dpo@dtdc.com or by replying “STOP” to any marketing SMS.
  • Transactional or service-related messages, such as delivery notifications, tracking updates, and payment confirmations, and other messages are not subject to DNC Registry restrictions as they relate to ongoing service relationships. At present, we do not maintain the Singapore DNC Registry. The Registry is administered by the relevant Singapore authorities. However, where we send marketing or promotional communications to Singapore telephone numbers, we will take appropriate steps to ensure compliance with applicable DNC obligations.
16. Children’s Privacy

Our services are not directed at children under the age of 18. We do not knowingly collect personal data from individuals under 18 years of age without verifiable parental or guardian consent. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact our DPO immediately at dpo@dtdc.com and we will promptly delete such data.

In the event that a shipment is to be sent on behalf of a minor (e.g., a gift addressed to a child), the personal data of the recipient child is used solely for delivery purposes and is subject to the same protections as adult data under this policy.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing practices, technology, legal requirements, or business operations. When we make material changes to this policy, we will:

  • Update the “Last Updated” date at the top of this page
  • Post a prominent notice on our website homepage for a reasonable period
  • Where changes materially affect users’ rights, DTDC may provide notice to registered account holders through available communication channels, including email, push notifications, or other mechanisms implemented through our consent management and notification systems. Any such notification processes will be further developed and enhanced through future policy and operational updates, as applicable.
  • Where required by law, obtain your renewed consent before implementing changes that affect how we process your personal data

Your continued use of our services after any changes to this policy constitutes your acknowledgement of the modified Privacy Policy. Previous versions of the Privacy Policy are available upon written request to our DPO.

18. Complaints & Contact

If you have any questions, concerns, or complaints about this Privacy Policy or our handling of your personal data, we encourage you to contact our Data Protection Officer in the first instance. We take all privacy concerns seriously and will endeavour to resolve complaints promptly and fairly.

Data Protection Officer

DTDC Global Express PTE Ltd. — Singapore

Email (DPO): dpo@dtdc.com

General Support: css.sg@dtdc.com

Postal Address: 101 Kitchener Road, #01-31 Jalan Besar Plaza, Singapore 208511

PDPC: www.pdpc.gov.sg

If your concern is not resolved to your satisfaction, you have the right to lodge a complaint with the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg. You may also submit a complaint through the PDPC’s online complaints portal.

This Privacy Policy is governed by and construed in accordance with the laws of the Republic of Singapore.

© DTDC Global Express PTE Ltd. All rights reserved.