TRACKING
GET A QUOTE

PRIVACY POLICY

1. INTRODUCTION

We are pleased that you have come to us and are interested in our company, products and services. Your trust is important to us. We are committed to protecting your privacy and the security of information that can directly or indirectly be used to identify a natural person (hereinafter “Personal Data”) during the processing throughout the entire business process. We have created this Privacy Statement to explain how we collect and use your Personal Data. 

Last updated: November 26, 2025.

When this Privacy Statement mentions “the Company”, “we”, “us”, it is referring to the company that decides on the purposes and means of the processing of your Personal Data under this Privacy Statement. 

Data Controller Information:
GOFO Italia S.R.L
Via Juan Manuel Fangio, 11, 20045 Lainate MI Arese 1 – Comparto D Innova Business Park
cs@mail.gofoexpress.it 

The Company has appointed a Data Protection Officer. You can contact our DPO at dpo@gofoexpress.com.

2. DOES THIS PRIVACY STATEMENT APPLY TO YOU?

This Privacy Statement applies to you if you are a customer of the Company or if you contact us, for instance, by visiting https://www.gofo.com/it/ including any pages and mobile apps (hereafter “Websites”), or if you receive emails from us.

Our Websites, products and services are for a general audience and not aimed at children. In principle, we do not collect Personal Data from children under age 18.  If you are under 14 years of age, you are requested not to provide any Personal Data. If you are under the age of 18 and you want to use our services, please rely on a parent or guardian to assist you.

If a child under the age of 18 may have disclosed Personal Data to us, the parent or guardian can contact us, and we will remove Personal Data if required.

3. WHAT PERSONAL DATA DO WE COLLECT?

During its business activities and providing the services, the Company will need to process your Personal Data. Without your Personal Data, we will not be able to provide you with the requested services. As a rule, the Personal Data that you provide directly or indirectly to the Company when using our services and visiting our Websites are:

  • Contact Information. This includes your name, address, email address and telephone number;
  • Financial Information. This includes your bank account number, payment status and invoices;
  • Identification Information.This may include your ID number, password number or driver’s license number if necessary, which ensures that we can identify you properly;
  • Account Information. This includes login information, including your user name, email address, telephone and other information provided through your account;
  • Shipper’s Information. This includes shipper’s name, address, email address and telephone number;
  • Recipient’s Information. This includes recipient’s name, address, email address and telephone number;
  • User Data and Preferences. This includes, where applicable, shipment volumes, complaints, transaction history and related commercial activity, communications, survey information, and your preferences.
  • Automatically generated information. This includes IP address, unique device or user ID, system and browser type, date and time stamp, referring website address, content and pages you accessed on our websites or mobile applications, date, time, and location actions. 

 

In addition to the above categories of Personal Data, depending on your interaction with us, we may collect other types of information that may or may not contain Personal Data. Such information related to shipments and services may include shipment tracking number, shipment routing information, location data, status of a shipment, delivery location, packaging type, number of pieces, weight, prices, picture of the parcel, proof of delivery and customs information. If we become aware that personal data of a child under the age of 18 have been collected without the consent of the parent or legal guardian, we will promptly delete such data.

The Company does not intentionally collect or process special categories of personal data as defined in Article 9 GDPR (e.g., health data, political opinions, biometric data, etc.).

4. HOW DO WE COLLECT PERSONAL DATA?

The Company collects Personal Data when it is provided by the shipper or our contractual customer, or by a visitor to our website. If you are the shipper or our contractual customer, then we receive your Personal Data directly from you. Examples of situations where the Company collects Personal Data directly are:

  • The name, address, and phone number of a person tendering the shipment are listed as the shipper.
  • The name, address, identity information, payment card information, and account number of a person who opens the Company shipping account, namely our contractual customer.

 

If the shipper or our contractual customer provides Personal Data of others, then we receive that Personal Data indirectly. Examples of situations where the Company collects Personal Data indirectly are:

  • The name, address, and phone number of the recipient of the shipment.
  • The name, address, phone number, email address, identifying information of the shipper or account holder’s director or representatives. 
  • The actual shipper’s name and address when the shipper places an order with an online market platform and the Company delivers the parcel to the address you provide.

 

When the Company receives Personal Data indirectly, we rely on the provider of the Personal Data for the accuracy of the information and that the provider has the authority to provide that information to GOFO.

5. FOR WHICH PURPOSES AND ON WHAT GROUNDS DO WE PROCESS YOUR PERSONAL DATA?

Personal Data shall be collected, used, stored, or otherwise processed when only necessary, within the framework of responsible, efficient and effective business management of GOFO. The Company processes Personal Data based on applicable legal grounds. The legal ground is often intrinsically linked to the business purpose. This means, for example, that the performance of an agreement can be both a legal ground and a business purpose for GOFO. Therefore, we will first clarify the legal ground on which the Company processes your Personal Data and, subsequently, the business purpose that we use your Personal Data for.

In general, the Company processes your personal data on one of the following legal grounds:

  • The processing is necessary to fulfill an agreement,
  • The processing is necessary for us to comply with our legal obligations,
  • The processing is necessary to protect your vital interests or those of another person,
  • The processing is necessary for GOFO’s legitimate interests, unless those interests are overridden by your interests or fundamental rights and freedoms, or
  • where appropriate and necessary, we will ask for your consent.


The Company collects, uses or processes personal data only where the processing falls within the scope of one (or more) of the legitimate business purposes listed below: 

  • Performing agreements. This includes delivery services, tracking services, communication with our contractual customer, shipper and other parties regarding services, responding to requests for further information, dispute resolution and preparing agreements.
  • Product development, research and improvement of products and/or services. the Company processes Personal Data as necessary for the development and improvement of products and/or services, research and development (e.g., analyze information related to the delivery and services to improve our services).
  • Relationship management and marketing for commercial activities. In general, the Company processes Personal Data as necessary for the development and improvement of products and/or services, account management, customer services and the performance of targeted marketing activities in order to establish a relationship with a customer and/or maintaining as well as extending a relationship with a customer or business partner and for performing analyses with respect to Personal Data for statistical purposes (e.g., send advertising, communications and content more specific to your interests to you). 
  • Business process execution, internal management, and management reporting. This includes addressing activities such as managing company assets, conducting internal audits and investigations, finance and accounting, implementing business controls, providing central processing facilities for efficiency purposes, managing mergers, acquisitions, and divestitures, and Processing Personal Data for management reporting and analysis.
  • Security and Protection. The processing of data for processes such as those related to safety, protecting the Company and its customers, or business partners, and authenticating the status and access rights (e.g,. providing secure services for online and offline transactions) of customers or business partners.
  • Protecting the vital interests of individuals. This includes processing data when necessary to protect your vital interests or those of other individuals (e.g., for urgent safety reasons).
  • Compliance with legal obligations. This addresses the processing of Personal Data as necessary for compliance with laws and regulations to which the Company is subject (e.g., checking the names of customers and business partners against blacklists to avoid conflicts of interest, compliance with trade regulations, anti-money laundering and anti-corruption regulations and other policies, procedures and regulations).
  • Where processing is based on our legitimate interests, we will conduct a balancing test to ensure that your rights and freedoms are not overridden.

6. HOW DO WE USE COOKIES?

When you visit our websites, we use cookies and similar technologies to make our websites work properly, to analyze how they are used, and—if you agree—to personalize content and advertising. Your cookie preferences and consent records are securely stored as proof of compliance.

In accordance with the Italian Data Protection Code or Legislative Decree No. 196 of June 30, 2003 and the General Data Protection Regulation (GDPR), we will only place non-essential cookies (such as analytics or marketing cookies) after you have given your explicit consent through our cookie banner.

Our cookie banner allows you to:

  • Accept all cookies,
  • Reject non-essential cookies, or
  • Manage your preferences per category (e.g., functional, analytical, marketing).

The types of cookies we use include:

  • Strictly necessary cookies – required for the proper functioning of the website and therefore do not require consent.
  • Analytical cookies – help us understand how visitors use our site so we can improve functionality and user experience. These are placed only with your consent.
  • Marketing and tracking cookies – used to personalise content and ads and to measure the effectiveness of our marketing campaigns. These are also placed only with your consent.

For each cookie category, our Cookie Notice provides detailed information on:

  • The purpose of each cookie;
  • The provider (first or third party);
  • The lifespan or storage duration of the cookie; and
  • Whether data are shared with third parties and, if so, to which countries and under what safeguards (e.g., Standard Contractual Clauses).

You can change or withdraw your consent at any time by adjusting your cookie settings via the cookie banner or through your browser settings.

For more detailed information, please review our Cookie Notice.

7. HOW DO WE SHARE YOUR PERSONAL DATA?

The Company shares your Personal Data with third parties in the following circumstances:

  • Share your personal data within our affiliates, operating groups, subsidiaries and divisions if such is necessary for the purposes as listed above.
  • Our employees are authorized to access personal data only to the extent necessary to serve the applicable purpose and to perform their jobs.
  • Share your personal data with data processors such as vendors or service providers processing Personal Data on our behalf. In such cases, these third parties only use your Personal Data for the purposes described above and only in accordance with our instructions. When these third parties are given access to your personal data, we will take the required contractual, technical and organizational measures to ensure that your personal data are only processed to the extent that such processing is secured. The following third parties have access to your personal data, where relevant, for the provisioning of their products or services to us:
    • Customs agency to perform customs formalities and declaration of your shipment.
    • Last-mile delivery service provider to deliver the shipment to the destination you are expecting. 
    • IT services provider who develops, maintains our Websites and certain software.
    • Cloud services provider: We may store data on servers operated by a cloud service provider to us. Regardless of where you use our online services or provide data to us, the data may be transferred to and maintained on servers located outside the country in which the data was collected. 
    • Law enforcement, regulators and other parties for legal reasons: We may also disclose your personal data to third parties as required by law, or if we reasonably believe that such action is necessary (a) to comply with a subpoena or other legal proceedings, legal actions or government agency requests; (b) when we believe in good faith that a disclosure is necessary to comply with the law and the reasonable requests of law enforcement; (c) to protect and exercise our legal claims, rights and property; (d) to protect your rights, property or personal safety or that of others; and (e) to investigate fraud.

 

Some of the third parties with whom we share your personal data are located within the European Economic Area (EEA). Where we engage third parties located outside the EEA, we ensure that such transfers are carried out in compliance with applicable data protection laws.

In particular:

  • Personal data transferred to countries for which the European Commission has adopted an adequacy decision (such as the United Kingdom, Switzerland or Canada) are protected under that decision, which confirms that these countries ensure an adequate level of data protection.
  • For transfers to other countries without an adequacy decision, the Company applies appropriate safeguards in accordance with Article 46 GDPR, including the use of the European Commission’s Standard Contractual Clauses (SCCs) or other legally recognized transfer mechanisms.
  • In exceptional cases, and only where permitted by law, transfers may take place under the specific derogations of Article 49 GDPR (for example, where the transfer is necessary for the performance of a contract concluded with you or for the establishment, exercise or defense of legal claims).

 

You may request further information about the international transfers of your personal data, including a copy of the relevant safeguards, by contacting our Data Protection Officer via dpo@gofoexpress.com.

8. HOW IS YOUR PERSONAL DATA SECURED?

We have taken adequate safeguards to ensure the confidentiality and security of your personal data. We have implemented appropriate technical, physical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access as well as all other forms of unlawful processing (including, but not limited to, unnecessary collection) or further processing, including protecting your Personal Data against unauthorized access, maintaining the confidentiality, integrity and availability of your Personal data, and training personnel on information security requirements.

However, no security measure can guarantee against compromise. You also have an important role in protecting your Personal Data. You should not share your username and password with anyone, and you should not re-use passwords across more than one website. If you have a reason to believe that your Personal Data has been compromised, please contact us.

9. HOW LONG IS YOUR PERSONAL DATA RETAINED?

Except as otherwise permitted or required by applicable law or regulation, we will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, as required to satisfy any legal, accounting, or reporting obligations, or as necessary to resolve disputes. To determine the appropriate retention period for personal data, we consider applicable legal requirements, the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes we process your personal data for, and whether we can achieve those purposes through other means. 

Under some circumstances, we may anonymize your personal data so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent. 

Customer account data are retained for the duration of the contract plus 10 years in accordance with Art. 2946 of the Italian Civil Code.

10. WHERE DO WE STORE OR TRANSFER YOUR PERSONAL DATA?

Generally, the Personal Data with respect to you legally collected by the Company will be stored in EU member states.

Due to the nature of our business and the services we provide to you, the Company may need to transfer your Personal Data to its affiliates or subsidiaries located in other countries or regions in order to perform the agreements with you or achieve the purposes provided in this Statement. In any case where we transfer Personal Data, we shall ensure that such transfers are subject to appropriate safeguards not lower than the level of protection required by applicable data protection laws in the EU and the Italy. Before cross-border transmission or remote access, we will complete the necessary procedures in accordance with the relevant personal data protection laws and regulations.

11. WHAT RIGHTS CAN YOU EXERCISE IN RELATION TO YOUR PERSONAL DATA?

Based on the law applicable to the use of your Personal Data, you may have rights that you can exercise in relation to your Personal Data. Note that in some cases we are not required to completely comply with your request, as such rights may be conditional or because we have to balance your rights against our rights and obligations to process your Personal Data and to protect the rights and freedoms of others. A number of the rights you have in relation to your Personal Data, as applicable in the European Economic Area, the State of California, or other US or international geographic jurisdictions, are explained below:

Right of access

You may be entitled to a copy of the Personal Data we hold about you and to learn details about how we use it. Your Personal Data will usually be provided to you digitally. We may require you to prove your identity before providing the requested information.

Right to rectification

We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you believe this is not the case, you may have the right to request that any incomplete or inaccurate Personal Data that we process about you is amended.

Right to erasure

You may have the right to ask us to erase your Personal Data, for example where the Personal Data we collected is no longer necessary for the original purpose, where Personal Data has become obsolete or where you withdraw your consent (if we are processing your Personal Data based on consent). However, this will need to be balanced against other factors. For example, we may not be able to comply with your request due to certain legal or regulatory obligations.

Right to restriction of processing

You may be entitled to ask us to (temporarily) stop using your Personal Data, for example, where you think that the Personal Data, we hold about you may be inaccurate or where you think that we no longer need to use your Personal Data.

Right to data portability

You may have the right to ask that we transfer Personal Data that you have provided to us to a third party of your choice. This right can only be exercised when you have provided the Personal Data to us, and when we are processing that data by automated means on the basis of your consent or in order to fulfil our obligations under a contract with you.

Right to object

You may have the right to object to processing which is based on our legitimate interests. In the processing of Personal Data for marketing purposes, you have the right to object at any time. When you ask us to stop using your Personal Data for marketing purposes, the Company will immediately cease to use your Personal Data. For other purposes based on our legitimate interests, we will no longer process the Personal Data on that basis when you file an objection based on your grounds relating to your situation, unless we have a compelling legitimate ground for the processing. Note, however, that we may not be able to provide certain services or benefits if we are unable to process the necessary Personal Data for that purpose.

Rights relating to automated decision-making

The Company may use automated processing techniques, including profiling, in limited circumstances for two main purposes:

(1) Marketing and Service Personalization
The Company analyses certain aspects of your interaction with our Websites, emails, and services — such as browsing activity, clicks, purchase history, shipment patterns, and preferences — to better understand your interests.

This profiling helps us:

  • Provide more relevant and tailored content, offers, and advertisements;
  • Improve our websites and service experience; and
  • Measure and optimise the effectiveness of our marketing activities.

The logic used in this profiling is based on observable patterns of behaviour and aggregated analytics data. These activities do not produce legal effects or similarly significantly affect you within the meaning of Article 22 GDPR.

You can object at any time to this type of profiling or direct marketing by contacting our Data Protection Officer via dpo@gofoexpress.com or by adjusting your cookie and marketing settings. If you object, we will immediately stop using your personal data for these purposes.

(2) Fraud Prevention and Risk Management
The Company may also use automated systems and scoring models to help detect and prevent fraudulent activities or misuse of our services. For example, automated systems may analyze shipment information, account activity, and transaction patterns to identify irregularities that could indicate fraud or security risks.

Such automated processing is carried out to protect our legitimate interests (Article 6(1)(f) GDPR) and to comply with our legal obligations regarding fraud prevention, customs, and anti-money laundering.

In these cases, automated tools may flag transactions or require manual review by authorized Company staff. We do not take any decisions solely based on automated processing that would produce legal effects concerning you or similarly significantly affect you without human involvement.

You have the right to:

  • Request human intervention in any decision that involves automated processing;
  • Express your point of view and contest the decision; and
  • Obtain an explanation of the logic involved in such automated processing.

You may have the right not to be subjected to automated decision-making, including profiling, which produces legal effect for you or has a similar significant effect.

To exercise these rights or obtain further information about our profiling practices, please contact our Data Protection Officer at dpo@gofoexpress.com.

Right to withdraw consent

We may ask for your consent to process your Personal Data in specific cases. When we do this, you have the right to withdraw your consent at any time. The Company will stop further processing as soon as possible after the withdrawal of your consent. However, this does not affect the lawfulness of the processing before consent was withdrawn.

We will respond to your request within one month, as required under Article 12(3) GDPR.
You have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) if you believe that your data are processed in violation of the GDPR.

Garante per la protezione dei dati personali
Adress: Piazza Venezia 11 – 00187 Roma (Italia)
Tel: +39 06.696771
Email: protocollo@gpdp.it

12. CALIFORNIA CONSUMERS

If you are a California resident, you can make certain requests regarding your Personal Data. We will fulfil each of these requests per the requirements of California law.

  • You can request access to a copy of the Personal Data we have about you, including a list of categories of your Personal Data that we have shared with another company for a business purpose.
  • You can request that we delete your Personal Data.
  • You can request that we stop selling your Personal Data. 

 

More information on each of these requests is below.

Request access to Personal Data

If you make this request, which we also refer to as a Request to Access Information, we will return to you (to the extent required by law):

  • The categories of Personal Data we have collected about you.
  • The categories of sources from which we collect your Personal Data.
  • The business or commercial purpose for collecting or selling your Personal Data.
  • The categories of third parties with whom we share Personal Data.
  • The specific pieces of Personal Data we have collected about you.
  • A list of categories of Personal Data that we have disclosed for a business purpose, along with the category of any other company we shared with.

You can ask us to provide you with this information up to two times in a rolling twelve-month period. When you make this request, the information provided may be limited to the Personal Data we collected about you in the previous 12 months.

Delete the Personal Data

You have the right to ask that we delete your Personal Data. Once we receive a request, we will delete the Personal Data (to the extent required by law) we hold about you as of the date of your request from our records and direct any service providers to do the same. In some cases, deletion may be accomplished through de-identification of the information. Choosing to delete your Personal Data may impact your ability to use our websites and online features, including closure of your online account.

No Discrimination

We will not discriminate against you for exercising your rights. This generally means we will not deny you using our services, or provide a different level or quality of our services. Please know, if you ask us to delete your information, it may impact your experience with us, and you may not be able to participate in certain services that require the use of your Personal Data to function.

Shine the light law

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal data (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided at the top of this Privacy Statement.

13. WHAT IF YOU HAVE OTHER QUESTIONS OR COMPLAINTS?

Questions or complaints regarding the processing of your Personal Data can be directed to the Company by using the contact information as provided at the top of this Privacy Statement.

You also have the right to lodge a complaint with the competent data protection authority in the jurisdiction where you work, where you live, or where an alleged infringement takes place.

14. HOW WILL THIS PRIVACY STATEMENT BE UPDATED?

The Company may update this Privacy Statement from time to time. If an amendment has a serious impact, the Company will endeavor to inform you about such amendments actively. The Company will publish an up-to-date Privacy Statement on the Websites at all times, indicating the latest amendments.

@GOFO. All Rights Reserved.

Linkedin Youtube
Linkedin Youtube

@GOFO. All Rights Reserved.

logo
LA NOSTRA SOLUZIONE
CHI SIAMO
NOTIZIE
DIVENTA UN DSP
CARRIERA
CONTATTI
TRACCIA
PREVENTIVO
Linkedin Youtube
GOFO US
GOFO FR
GOFO NL
GOFO IT
logo
OUR SOLUTION
WHO WE ARE
NEWSROOM
BECOME A DSP
CAREER
CONTACT US
TRACKING
GET A QUOTE
Linkedin Youtube
GOFO US
GOFO FR
GOFO NL
GOFO IT