PDPL guide for Egyptian logistics, courier and last-mile delivery apps. Driver tracking, recipient data, dashcams, address minimisation, partner couriers.
Yes, when proportionate to a legitimate purpose (safety, dispatch, fraud), with transparency and a clear policy. Always-on tracking off-shift is hard to justify.
Often they're separate controllers with their own purposes. Define this in writing — a controller-to-controller agreement, plus joint commitments on customer DSRs and breaches.
Yes, but minimise: aggregate to a coarse area (district/grid), drop the exact street/number after a defined retention period, and document the analytics purpose separately.
It's still personal data. Keep retention short, restrict access to claims/safety reviewers, and have a process to redact or delete on request.
All three. Their employment-law and contractor-law rights interact with PDPL data-subject rights. Treat their consent and access requests like any other data subject's, on top of labour-law obligations.