TRACKING
GET A QUOTE

PRIVACY POLICY

At GOFO FRANCE and its subsidiaries (hereinafter collectively referred to as “GOFO”), we recognize the importance of protecting your personal data. We value the trust you place in us and are committed to handling your information responsibly, transparently, and in strict compliance with applicable laws and regulations.

This Privacy Policy describes how GOFO collects and processes your personal data when you interact with our services, including through:

  • our website: https://www.gofo.com/fr/,
  • our parcel delivery and courier services, the e-commerce platforms operated by GOFO’s customers,
  • the GOFO system,
  • as well as the dedicated GOFO COURIER mobile application
    (collectively, the “GOFO Services”).


By using the GOFO Services, you acknowledge and accept the data practices described in this Privacy Policy. For any questions regarding the collection or processing of your personal data, you may contact us at:

SAS GOFO FRANCE
Address: 10 Rue Eugène Pottier, 95670 Marly-la-Ville, France
Email: dpo@gofoexpress.com

1. Personal data processed

We collect certain personal data, understood as any information that directly or indirectly identifies an individual, or any other data to which the organization has or may have access.

Such data may include, without limitation: first and last name, address, date of birth, gender, nationality, telephone number, email address, banking and payment information, official identification documents (required notably for KYC due diligence, identity verification, or fraud prevention), technical data transmitted by devices used to access the GOFO Services, network connection data, marketing and communication preferences, usage and transaction data (e.g., searches, orders, claims, ads viewed, delivery addresses, location data), as well as any other information provided while using the GOFO Services.

You agree not to provide us with any false, inaccurate, or misleading data and to inform us of any changes to your information. GOFO reserves the right, at its sole discretion, to request additional documents to verify the accuracy of the information provided.

Personal data is generally provided voluntarily by you when interacting with the GOFO Services, including in the following cases:


  • When registering for and/or using the GOFO Services;
  • When submitting forms (including job applications via GOFOCAREER) related to our services, online or offline;
  • When entering into contracts or providing documents related to your interactions with GOFO;
  • When communicating with us (telephone calls, correspondence, videoconferences, social networks, emails, etc.), including with our customer service;
  • When browsing our website (cookies, trackers, and other similar technologies);
  • When using the GOFO COURIER mobile application linked to the GOFO System;
  • When performing transactions via the GOFO System;
  • When providing feedback or filing complaints;
  • When disclosing personal data for any other reason;
  • When interacting with a partner carrier responsible for executing the GOFO Services.


GOFO may also receive information about you from third parties, such as its customers or carriers (e.g., updated delivery addresses, proof of delivery by photograph or ID document).

Additional examples of information we may receive include:


  • Updated delivery address information collected from our carriers or third parties, used to confirm successful delivery;
  • Proof of delivery and receipt of your parcel, including photographs taken at the time of delivery representing you and/or your parcel alongside your official identification document.

2. Purposes and legal bases for processing

  1. The processing purpose corresponds to the objective pursued by the Data Controller. GOFO undertakes to process the personal data it collects or holds about you only for specific, explicit, and legitimate purposes, and not to process them in a manner incompatible with those purposes.

    The main legal bases for processing and their associated purposes are:

  • Performance of a contract with the data subject: delivery of products and services purchased by the User via e-commerce platforms operated by GOFO’s customers. We use your personal data to verify your identity for parcel handover, to communicate with you regarding the ordered services, and to notify you of the delivery status.
  • GOFO’s legitimate interests: ensuring the provision, support, and improvement of the GOFO Services. We use your data to ensure proper functioning of services, analyze performance, correct errors, and improve usability and efficiency.
  • Consent of the data subject: commercial prospecting and marketing. We may send you emails or other communications regarding GOFO Services of potential interest, facilitate your future shipments and deliveries, and provide promotional information and materials related to GOFO Services (and/or those of its affiliates or partners), including current or future services.
  • Compliance with legal and regulatory obligations: for example, handling disputes before competent courts, processing customs formalities, maintaining accounting records, or responding to rights requests.

3. Cookies and trackers

To enable our systems to recognize your browser or device and to provide and improve the GOFO Services, we use cookies and similar identifiers.

You may manage cookies directly through your browser settings. The “Help” function of most browsers explains how to configure your browser to refuse cookies, be notified of each new cookie, or disable all cookies.

However, if you disable all cookies, neither we nor third parties will be able to transfer cookies to your device. As a result, certain preferences will need to be re-entered at each visit, and some features or services may no longer function properly.

4. Data recipients

When GOFO acts as data controller

Personal data you provide may be shared with the following categories of recipients, strictly as necessary to achieve the purposes for which the data was collected:

Internal recipients within GOFO:

  • GOFO departments, services, and operational units duly authorized to process such data;
  • GOFO subsidiaries, where access is required in connection with their respective functions.

External recipients, outside the GOFO perimeter:

  • Authorized technical service providers and their subcontractors, solely within the scope of the services entrusted to them;
  • Business partners, subject to appropriate contractual safeguards;
  • Contracting parties, beneficiaries of services, authorized agents, or any third party designated by the data subject or users of GOFO products and/or services, where communication is necessary to fulfill contractual obligations;
  • Public authorities, court officials, legal advisors, or administrative and judicial authorities, where disclosure is required by law or regulation, pursuant to a binding request, as part of GOFO’s legal obligations, or for the protection and defense of its rights and legitimate interests;
  • Mediators and supervisory or regulatory authorities legally entitled to receive such information;
  • Audit bodies, including statutory auditors, external auditors, or customs authorities.

When GOFO acts as processor, within the meaning of the GDPR

GOFO undertakes to comply with all legal, regulatory, and contractual obligations imposed by the relevant Data Controller. In this context, personal data may only be disclosed to:

  • Recipients expressly designated by the data controller;
  • Duly authorized or approved subprocessors;
  • Public authorities, court officials, legal advisors, administrative and judicial authorities, in accordance with applicable laws or regulations, or in response to enforceable requests, where such disclosure is required to enable GOFO to meet its legal obligations or defend its legitimate interests;
  • Mediators and supervisory or regulatory authorities legally empowered to access such data;
  • Audit bodies, including statutory auditors, external auditors, customs authorities, and foreign postal administrations, where such access is required for control, compliance, or operational purposes.

5. Data retention periods

The retention period of your personal data depends on the nature of the data and the specific purposes for which they are processed. Where data is collected for multiple purposes, it will be retained for the longest period necessary to achieve all relevant purposes. GOFO commits to retaining personal data only as long as necessary for the provision of relevant products and services and in compliance with applicable legal and regulatory obligations.

The main retention periods are as follows:

1. Customer management and GOFO products/services:

  • Account creation and subscription: retained for 3 years from the last login or account deletion, provided no active service remains.
  • Delivery preference management: retained for 5 years from the last update or modification.
  • Duration of contractual relationship: retained for the entire contractual period between the data subject and GOFO.

2. Commercial prospecting:

  • Retained for 3 years from the last contact with the prospect, or until consent is withdrawn.

3. Customer service call recordings:

  • Retained for 6 months from the date of recording.

4. Fraud and cybercrime detection, prevention, and mitigation:

  • Retained for 12 months from the fraud alert record date.

5. Rights requests (e.g., access, rectification, deletion):

  • Retained for 5 years from the date of processing, except ID documents, which are retained for 1 year.

6. Accounting and financial record-keeping:

  • Retained for 10 years from the end of the relevant fiscal year.

6. Data security

GOFO implements technical and organizational measures, along with appropriate rules and procedures, to protect your personal data against unauthorized access, misuse, disclosure, loss, or destruction. To ensure the confidentiality of your data, GOFO also applies industry-standard safeguards such as firewalls and secure passwords.

However, it is the User’s responsibility to ensure that the mobile device they use is properly secured and protected against malware such as trojans, computer viruses, or worms. The User understands that, in the absence of appropriate security measures (e.g., secure browser settings, updated antivirus software, personal firewall, avoiding the installation of software from untrusted sources), there is a risk that data and passwords used to access their information could be discovered by unauthorized third parties.

GOFO applies industry-standard security measures, including the establishment of reasonable system standards and the use of security technologies to protect personal information against unauthorized access, use, or alteration, thereby preventing data damage or loss. GOFO’s network services use encryption technologies such as Transport Layer Security (TLS) and similar protocols, and provide browsing services via HTTPS to secure data transmission. We also use encryption and isolation technologies to store and protect personal data, as well as various data-masking techniques, such as content substitution and SHA256, to enhance personal information security during use, including during consultation and analysis.

GOFO exercises strict control over data access rights and implements multi-factor authentication techniques to protect personal data and prevent any unauthorized use. We use automated security code checks and log analysis technologies to perform personal data security audits. We also regulate the storage and use of personal data by establishing a data classification and qualification system, data security management specifications, and data security development specifications. Comprehensive control is exercised over data through confidentiality agreements, as well as monitoring and auditing mechanisms. GOFO has established a Data Security Committee, supported by a dedicated information protection department and an incident response organization, to promote and ensure the security of personal data.

In the event of a security incident involving personal data, GOFO will inform the User in a timely manner, in compliance with applicable legal and regulatory requirements, regarding the general situation of the incident, its potential impact on security, corrective measures implemented or planned, recommendations to prevent and reduce risks, and possible remedial actions. At the same time, GOFO will promptly notify the User of specific circumstances of the incident by email, letter, telephone, or urgent notice. If individual notification of multiple users proves difficult, GOFO will adopt a reasonable and secure method to disseminate the information. GOFO will also report the handling of security incidents to the competent authorities in accordance with applicable laws and regulations.

If the User has any questions concerning the protection of their personal data, or if they discover that their personal data has been compromised, including their account or password, they must immediately contact GOFO through the channels specified in this Privacy Policy so that appropriate measures can be taken.

7. Rights of data subjects

In accordance with applicable data protection regulations, GOFO ensures that each individual receives clear and transparent information about the processing of their personal data as well as the rights they may exercise.

Under applicable law, you have the following rights regarding your personal data:

Right of access:

You may request access to your personal data that we hold. This includes the right to obtain the following information:

  • Categories of data processed;
  • Purposes of the processing;
  • Recipients or categories of recipients to whom your data has been disclosed;
  • Retention period of your data.

GOFO undertakes to provide this information in an understandable format or in line with your request, subject to technical constraints.

Right to rectification:

You may request the correction of inaccurate or incomplete personal data concerning you.

Right to object:

You may object at any time to the processing of your personal data on grounds relating to your particular situation, where processing is based on our legitimate interests, unless our legitimate interests override yours or where processing is necessary for the establishment, exercise, or defense of legal claims.

You also have the right to object at any time to the processing of your personal data for direct marketing purposes, including profiling. In this case, we will cease such processing.

Right to erasure (“right to be forgotten”):

You may request the deletion of your personal data, provided that retention is not required for:

  • Compliance with a legal obligation;
  • Performance of a contract with you;
  • Establishment, exercise, or defense of legal claims;
  • Archival, historical, or scientific purposes.

Right to restriction of processing:

You may request the suspension of processing of your personal data if:

  • You contest the accuracy of the data;
  • You object to the processing of your data.

Right to data portability:

You may request the transfer of your personal data in a structured, commonly used, and machine-readable format, allowing you to retain or transmit it to another controller. This right is subject to the condition that its exercise does not adversely affect the rights and freedoms of third parties.

Rights relating to automated decision-making:

You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or significantly affects you in a similar way. If you believe you have been subject to such a decision and disagree with the outcome, you may contact us to request a review of the decision.

Right to provide post-mortem instructions:

You may provide instructions regarding the fate of your personal data after your death.

Right to withdraw consent:

Where processing is based on your consent, you may withdraw your consent at any time, enabling you to modify or withdraw your consent to direct marketing activities.

8. Exercising your rights

If you wish to exercise your rights regarding your personal data, please follow the procedure below:

a) Submission of requests

Requests may be submitted:

  • By email to: dpo@gofoexpress.com
  • By post to the GOFO headquarters: 10 Rue Eugène Pottier, 95670 Marly-la-Ville, France


In accordance with Article 12 of the GDPR, you must provide proof of identity by any means when exercising your rights. If you act on behalf of a third party, you must provide a notarized power of attorney or a simple proxy signed before two witnesses, as applicable. In addition, you must present your original identification document for visual verification by the recipient of the request.

If, after contacting us, you believe your personal data rights have not been respected, you have the right to lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL) at the following address:

3 Place de Fontenoy – TSA 80715 – 75334 Paris Cedex 07, France
Tel: +33 1 53 73 22 22

b) Processing deadlines

GOFO has a maximum of twenty (20) calendar days, from the date of receipt of your request, to notify you via the same channel used for submission of its acceptance or refusal.
If accepted, GOFO has an additional fifteen (15) calendar days from the notification date to make the necessary changes. The above deadlines may be extended once, for an equivalent period, provided a valid justification is given.

c) Refusal of requests

GOFO may refuse access, rectification, erasure, or objection requests in the following cases:

  • The User is not the owner of the personal data, or the legal representative is not duly authorized;
  • The User’s personal data is not found in our database;
  • There is a legal impediment or a ruling by a competent authority limiting access, rectification, erasure, or objection.

In all such cases, GOFO will inform the User or their legal representative, as appropriate, of the reasons for its decision, via the same channel used for the request, providing relevant justifications where applicable. GOFO guarantees that personal and/or sensitive data will be stored in the corresponding databases and processed with the necessary security measures, in compliance with applicable legal provisions. The User is responsible for the accuracy of the data provided. GOFO also reserves the right to amend or update this Privacy Policy at any time due to legal reforms, internal policy changes, or requirements related to the provision of our services or products. Such modifications will be made available in this Privacy Policy

9. Effective date

This Privacy Policy is effective as of september 29, 2025.

GOFO Logo

@GOFO. All Rights Reserved.

Linkedin Youtube
Linkedin Youtube

@GOFO. All Rights Reserved.

GOFO Logo
NOTRE SOLUTION
QUI NOUS SOMMES
SALLE DE PRESSE
DEVENEZ DSP
CARRIÈRE
NOUS CONTACTER
SUIVI
offre
Linkedin Youtube
GOFO US
GOFO FR
GOFO NL
GOFO IT
GOFO Logo
OUR SOLUTION
WHO WE ARE
NEWSROOM
BECOME A DSP
CAREER
CONTACT US
TRACKING
GET A QUOTE
Linkedin Youtube
GOFO US
GOFO FR
GOFO NL
GOFO IT