Privacy policy

GLS WorkSmart V3 mobile application

Last Updated: March 10, 2026

1. Introduction and scope

This Privacy Policy applies specifically to the mobile application “GLS WorkSmart V3” (package name: com.gls.worksmart) (the “Application”).

The Application is operated by GLS Logistics Systems Canada Ltd (“GLS”, “we”, “us”, or “our”).

GLS WorkSmart V3 is an internal operational application intended exclusively for authorized GLS employees and contractors for the purpose of performing parcel delivery and logistics functions.

This Policy describes how personal information is collected, used, disclosed, retained, and protected in connection with the Application, in accordance with:

  • The Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Québec’s Act respecting the protection of personal information in the private sector (Law 25)
  • Any other applicable data protection legislation

This Policy applies only to the Application and does not replace GLS’ general corporate privacy policy.

2. Person in charge of the protection of personal information

In accordance with Québec Law 25, GLS Logistics Systems Canada Ltd. has designated a Person in Charge of the Protection of Personal Information.

This function may be exercised by the Chief Privacy Officer or another designated officer.

Contact details:

GLS Logistics Systems Canada Ltd
Attn: Person in Charge of Personal Information Protection
10500 Av. Ryan, Dorval, QC H9P 2T7
Email: privacy@gls-canada.com

3. Categories of personal information collected

In connection with the Application, GLS may collect the following categories of personal information:

3.1 Employee account information

  • Name
  • Employee ID
  • Username
  • Authentication credentials
  • Role or assignment information

3.2 Device and technical information

  • Device type and model
  • Operating system version
  • Application version
  • Device identifiers required for authentication
  • Network and connectivity information
  • System logs and diagnostic data

3.3 Location data

  • GPS location during active delivery operations
  • Periodic location updates while logged in and performing assigned duties

Location data is not collected when the user is logged out of the Application.

3.4 Parcel and operational data

  • Consignee name
  • Delivery address
  • Parcel identifiers
  • Scan event data
  • Time stamps of operational activities

3.5 Proof of delivery data

  • Digital signature of recipient
  • Photographs captured via the device camera
  • Delivery confirmation information

3.6 Diagnostic and security data

  • Crash logs
  • Error reports
  • Performance analytics
  • Security event logs

The Application is not intended for public or consumer use.

4. Purposes of collection and use

Personal information collected through the Application is used for the following purposes:

  • Authenticating authorized users
  • Performing parcel delivery and logistics operations
  • Recording proof of delivery
  • Enabling real-time parcel tracking
  • Supporting operational oversight and reporting
  • Ensuring system security and fraud prevention
  • Meeting legal and regulatory obligations

Personal information is collected only for purposes that are serious and legitimate, consistent with Law 25 requirements.

5. Legal basis for processing

Where required under applicable law, GLS processes personal information on the basis of:

  • Performance of employment or contractor agreements
  • Legitimate business interests
  • Compliance with legal obligations
  • Consent, where required (including device-level permissions for camera and location access)

Consent may be withdrawn subject to legal or operational limitations.

6. Technological features allowing identification, profiling or localization

The Application includes technological features that allow:

  • Localization of users during delivery operations
  • Monitoring of operational performance
  • Recording of digital proof of delivery

The Application does not use automated decision-making systems that produce legal effects or similarly significant effects on employees.

If such systems are introduced in the future, GLS will provide appropriate notice and required disclosures.

7. Disclosure of personal information

Personal information may be disclosed to:

  • GLS affiliates and subsidiaries involved in parcel operations
  • Third-party service providers (e.g., hosting providers, IT support providers) bound by written data protection agreements
  • Government authorities or regulatory bodies where required by law

GLS does not sell personal information.

Where personal information is communicated outside Québec or Canada, GLS conducts a privacy impact assessment in accordance with Law 25 and implements contractual safeguards to ensure adequate protection.

8. Retention and Destruction

Personal information is retained only as long as necessary to:

  • Fulfill operational purposes
  • Comply with legal or regulatory requirements
  • Meet contractual obligations

When retention is no longer required, personal information is securely destroyed or anonymized in accordance with GLS internal retention schedules.

9. Security safeguards

GLS implements appropriate administrative, technical, and physical safeguards, including:

  • Secure authentication mechanisms
  • Encryption of data in transit
  • Role-based access controls
  • Monitoring and logging of system access

Despite these measures, no system can guarantee absolute security.

10. Confidentiality incidents

In the event of a confidentiality incident involving personal information that presents a risk of serious injury, GLS will:

  • Take reasonable steps to reduce the risk of harm
  • Notify affected individuals where required
  • Notify the Commission d’accès à l’information du Québec where required
  • Maintain a register of confidentiality incidents as required by Law 25

11. Rights of individuals

Subject to applicable legislation, individuals may have the right to:

  • Access their personal information
  • Request correction of inaccurate or incomplete information
  • Withdraw consent where applicable
  • Request cessation of dissemination
  • Request de-indexation or re-indexation where applicable
  • File a complaint with the Commission d’accès à l’information du Québec

Requests must be submitted in writing using the contact details provided above.

GLS may require proof of identity before responding.

12. Privacy impact assessments

GLS conducts privacy impact assessments where required by applicable legislation, including when:

  • Implementing new technological systems
  • Transferring personal information outside Québec
  • Introducing systems involving sensitive personal information

13. Changes to this policy

GLS may update this Policy from time to time.

Any updates will be effective upon publication at the designated Application privacy policy URL.