This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

Bringme Box protects privacy, anticipating GDPR

15 May 2018

The new privacy laws move private parcel delivery at work to the top of the agenda. Today, private parcels are delivered to the office in almost all companies. To comply with the European privacy regulation, organizations must do their utmost to secure their workers’ privacy.

That also applies to having all of those private parcels delivered. But what’s the point of introducing draconian measures to safeguard your workers’ data if the private parcels at the reception desk expose those same workers’ private lives for all to see?

+750 - Number of companies with access to the Bringme network.

98% - Number of companies that allow having private parcels delivered to the box.

+250,000 - Number of employees with access to a Bringme Box.

Number of private parcels per Bringme user: 2 per month

Number of returns per employee: 11% of purchases

“The first pair of maternity trousers I ordered was delivered in a parcel that said “pregnancy fashion”: of course my colleagues knew all about it straightaway.” Employee X

How can a private parcel violate my workers’ privacy?


Delivery of private parcels to the reception desk or the mailroom puts private purchases on display for other employees. This can lead to them catching an unwanted glimpse of workers’ private lives. Indeed, the way a parcel is packaged often allows you to deduce what’s in it. And depending on the parcel’s shape, its branding, or the frequency of deliveries, this information will be more or less sensitive. Just think of deliveries from expensive shops—or cheap ones, for that matter—or deliveries of alcohol and of healthcare products. This leads to value judgments from colleagues.

Also, employers are obligated to do their utmost to safeguard their employees’ privacy.


• Receiving workers’ private parcels automatically and discreetly.

• Preventing that parcels in the workplace provide an insight into employees’ purchasing behaviour.

• Ensuring the confidentiality of employees’ mail is guaranteed.

• Avoiding that visitors or colleagues can get a glimpse of workers’ private deliveries.


By mentioning “Bringme” when they order online from e-tailers, employees clearly indicate they want their parcel delivered to them personally in the Bringme Box, and not to the company’s reception desk. That way, their privacy enjoys maximum protection.

Implementation of the GDPR

Bringme also made an effort to fulfill the GDPR obligations and to provide optimum protection for its users’ personal data. The GDPR implementation project was a challenging example of cross -departmental collaboration: Legal, ICT, Product/Software, Marketing and HR worked hand-in-glove to come up with a structural solution. That has given Bringme a 360-degree overview of all personal data which are or can be processed within the organization, permitting it to guarantee users that their personal data are being processed safely and with respect for their privacy. Content-wise, Bringme had already made a great deal of headway in protecting these personal data before the GDPR.

It’s now no longer enough for Bringme to “simply” adhere to the principles however; it must also be able to demonstrate that it does so, by means of documents, reports, etc.

Is the GDPR an all-round blessing?

Bringme believes GDPR will do a better job of protecting the privacy of its users and all EU citizens, and that this is a positive development. For some aspects, however, the (administrative) scale is tipping too far and GDPR is not taking the needs of operational management into account. For example, professional contact data (such as a professional email address) is considered the same as private contact data, resulting in more rigorous consent rules for this data as well (with a required proof of explicit consent), in a way that does not mesh with how trade is done. It would have been better to create a presumption of consent in a B2B-context, which the addressee could have then individually or generally opted out of.

To find out more about Bringme and how we can help with GDPR compliance,
Contact Michail Smirnov:
T: 020 3411 41044

Print this page | E-mail this page


Article image Why the Law Says You Need a Nappy Bin Disposal Service

At home, parents are used to disposing of their babies’ used nappies the same way they do any other domestic waste - bagging it up and sticking it in the rubbish for general collection.Full Story...

Article image Hats off to apprentices of the future

Thirty-six school children from West London graduated from the world’s first Junior Engineering Engagement Programme (J.E.E.P), which first started in January 2018.Full Story...

Companies sign up to employ ex-offenders

Carel Group acquires 100% of Hygromatik GMBH

Catering assistant included on BBC 100 Women list