Privacy policy

Information obligation of the Controller for the service of

browsing, installing and using the www.parkdots.com website, the ParkDots web and mobile applications pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “the Regulation”) in accordance with Section 19 of Act No. 18/2018 Coll. on the protection of personal data (hereinafter referred to as “the Act”)

General Information

ParkDots s.r.o.
Pribinova 40
811 09 Bratislava
Registration No.: 55 477 232

(hereinafter referred to as “the Controller” or “the Company”)

Data subjects may file their comments and requests concerning the processing of personal data to the Controller at the single contact point, which is the following correspondence address:

ParkDots s.r.o., Pribinova 40, 811 09 Bratislava, or by email to: support@parkdots.com.

The responsible person on behalf of the operator is Michal Bróska.
Email contact: michal.broska@parkdots.com.

Information on the processing of personal data pursuant to Article 13 and Article 14 of the GDPR is provided to data subjects by the Controller through this Privacy Policy;

The Controller has adopted a security policy to ensure compliance with the GDPR and to demonstrate responsible compliance with the basic principles of personal data processing pursuant to Article 5(1) and (2) of the GDPR.

ParkDots s.r.o. is the Controller of your personal data and is committed to protecting and respecting your privacy and personal integrity when using mobile and web applications (collectively also referred to as “the services”). This privacy policy will help you understand what personal data we collect, why it is collected, and how we use it. It explains how you can exercise your rights when you show us confidence by allowing us to process your personal data. We ask that you read this Privacy Policy carefully and familiarize yourself with its contents. In case of any questions, you can contact us using the contact details provided in the heading of this document.

Please note that our services may contain links to services where the controller is a third party and for which we are in the position of a Processor (see below) with regard to the environment of the mobile and web applications. If you click on the link relating to the service under the previous sentence, you should be aware that they have their own privacy policies and that we do not take any responsibility for how they process your personal data. Therefore, make sure that you read their privacy policy before providing them with your personal data.

We offer our services only to persons over 18 years of age. We do not provide services to persons under the age of 18 nor do we seek to obtain personal data from them.

Definitions

Controller – any natural or legal person who, alone or together with others, determines the purpose of the processing and processes personal data on its own behalf.

Processor – any natural or legal person who processes personal data on behalf of the Controller on the basis of a mandate or contract concluded with the Controller.

Data Protection Officer – the person who is authorised by the Controller to perform tasks under the Regulation and the Personal Data Protection Act.

Data subject – any natural person whose personal data are processed.

Personal data – any data or information relating to an identified or identifiable natural person; an identifiable natural person is a person who can be identified directly or indirectly, in particular on the basis of an identifier of general application, another identifier such as a name, an identification number, location data, an on-line identifier, or on the basis of one or more of the characteristics or factors which constitute his or her physical, physiological, genetic, mental, economic, cultural or social identity.

Recipient – natural or legal person, public authority, agency or other body to which personal data is provided or made available, including a Processor.

Purpose of processing – a clearly pre-defined or statutory intention of processing personal data which is linked to a particular activity.

Processing of personal data – any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, recording, organising, adaptation or alteration, search, browsing, use, restriction, provision, disclosure, cross-border transfer, storage, erasure or destruction, whether or not carried out by automated, partially automated or non-automated means of processing.

Consent of the data subject – any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, expresses agreement to the processing of personal data relating to him or her.

Scope of personal data processing

In general, we only record personal data that you disclose when using the services in the context of a login or registration. Personal data is data that contains information about personal or material circumstances. When you log in to our website as a user, all you have to do is entering your e-mail address and, if applicable, your login and password. The password is stored in encrypted form, which never allows the actual password to be deduced.

In connection with the implementation of the contract concluded (license) and the scope of services offered, in particular but not exclusively, in relation to services where the Company is in the position of the Processor, we may require additional data to be made available (as specified below under the Purpose of the Processing) for the purpose of activating the requested service.

The Controller shall process this data in a confidential manner and in accordance with the legal provisions on data protection. It will not disclose such information to third parties without your consent, unless necessary for the performance and fulfilment of the contract, for the processing of your request or for the provision of support, or in the case of legal authorisation.

Purpose of Personal Data Processing

We process your personal data as part of our duties as a service provider. When processing personal data by the office, you are the data subject, i.e., the person whose personal data are processed.

The processing of personal data in the conditions of the Controller is generally carried out mainly on the following legal basis:

1. performance of the contract or within pre-contractual relations at the request of the data subject,

2. compliance with legal obligations under special regulations,

3. with the consent of the data subject,

4. on the basis of a legitimate interest.

1. Performance of contractual and pre-contractual obligations (Article 6(1)(b) of the GDPR), which includes in particular:

• Identify a free parking space or car park
• Navigate to a free parking space

The following personal data shall be collected:

Login and password

• application and obtaining authorisation for temporary parking in the municipality
• register your payment card with TATRA BANKA a.s.

The following personal data shall be collected:
Login and password
e-mail address
telephone number
forename and surname
residence (street, register number, street number, apartment number, postal code, city and country)
vehicle registration number
payment card number, expiration date and CVV code

• allows you to pay parking fees other than via the payment gateway of TATRA BANKA a.s.
• ParkDots Go activation

The following personal data shall be collected:
Login and password
e-mail address
telephone number
forename and surname
residence (street, register number, street number, apartment number, postal code, city and country)
vehicle registration number
payment card number, expiration date and CVV code
location data regarding the location of the User or his or her mobile or other device on which the ParkDots web application is running or the ParkDots mobile application is installed

Retention period

The data subject acknowledges that all data provided for the purposes of personal data processing by the Controller, which the Controller processes on the legal basis of Article 6(1)(b) of the GDPR, shall be stored for the duration of the contractual relationship / valid registration. Upon expiry of the period under the previous sentence (cancellation of registration), if there is no other purpose of processing, the data shall be irretrievably destroyed.

• record of contracts

The following personal data shall be collected:
Data from the license agreement

The legal basis for the processing of personal data shall be a contract with the data subject within the meaning of Article 6(1)(b) of the Regulation. The data subject shall provide personal data; in the event he or she fails to do so, it is not possible to conclude the contract.

Retention period

The data subject acknowledges that all data provided for the purposes of personal data processing by the Controller, which the Controller processes on the legal basis of Article 6(1)(b) of the GDPR, shall be stored for the duration of the contract.

2. Compliance with legal obligations (Article 6(1)(c) of the GDPR); which includes in particular:

• Bookkeeping;
• Performance of the employer’s obligations under the Labour Code and special laws;
• Compliance with tax and levy obligations;
• Processing of requests of data subjects according to GDPR;
• The use of e-mailbox in accordance with the so-called e-Governance Act;
• Handling consumer complaints.
• Administration of the registry
• Demonstrating, exercising or defending legal claims (legal agenda), which includes in particular:
• Registration of terminated contracts until the time bar of the related legal claims;
• Registration of issued authorisations;
• Scanning, copying of official documents necessary for the exercise of legal claims;
• Keeping an agenda for litigation, administrative proceedings, criminal proceedings;
• The retention of legal documentation demonstrating compliance with administrative and legal obligations, if it contains personal data;
• Providing co-operation to public authorities;
• Providing data to lawyers, auditors and other advisers defending legal claims;
• Out-of-court recovery of our due receivables.

The following personal data shall be collected:
telephone number
forename and surname
residence (street, register number, street number, apartment number, postal code, city and country)
vehicle registration number 

The purpose of processing personal data in the handling of complaints from data subjects is the Complaints agenda. The legal basis is the Act No. 9/2010 Coll. on complaints, as amended. The circle of data subjects shall be natural persons – the clients of the Controller – and other natural persons whose personal data is necessary for handling the complaint. The provision of personal data is a legal obligation of the data subject. The retention period for personal data is 5 years. The recipients of personal data may be the courts or external business partner for which part of the service is performed (e.g. municipalities, towns).

The purpose of the litigation agenda is to deal with the infringement and litigation related agenda in accordance with specific laws, in particular Act No. 160/2015 Coll. – Civil Dispute Code, as amended, Act No. 301/2005 Coll. – Criminal Procedure Code, as amended, and Act No. 162/2015 Coll. – Administrative Procedure Code, as amended. The data subjects are natural persons and other persons. The provision of personal data is a legal obligation of the data subject. The recipients of personal data are Slovenská pošta, a. s., (Slovak Postal Service), law enforcement agencies, courts, Office for Personal Data Protection of the Slovak Republic. The retention period is 10 years.

In case you are a debtor of the Company, your personal data shall be processed for the purpose of out-of-court recovery of the due receivable. The legal basis for this processing is either the exercise of the Company’s right against you arising from the performance agreed between you and the Company within the contractual relationship, i.e., Article 6(1)(b) of the Regulation or the protection of the legally protected interests of the Company, i.e., Article 6(1)(f) of the Regulation.

Retention period

The data subject acknowledges that all data provided for the purposes of personal data processing by the Controller, which the Controller processes on the legal basis of Article 6(1)(b) of the GDPR, shall be stored for a maximum of 10 years (in accordance with the principle of data minimisation / per purpose). Upon expiry of the period under the previous sentence, if there is no other purpose of processing, the data shall be irretrievably destroyed.

3. Raising awareness and building relationships with customers and potential customers (marketing and PR purposes) (Article 6(1)(a) of the GDPR), which includes in particular:

• Targeting and personalising the content of our advertising in an on-line environment;
• Running the profiles set up on the social network Facebook and Instagram;
• Electronic communication that has the nature of direct marketing with existing customers or potential customers who give consent;
• Publication of promotional photographs capturing the data subjects who have given us consent to the processing of personal data, e.g., on social networks;

The following personal data shall be collected:
Login
E-mail contact
Forename and surname
Photo of the data subject, if applicable

Processing of personal data for the purposeof direct marketing (whether by e-mail marketing or telemarketing) of a natural or legal person who is not a customer of the Company, therefore, they are not in a contractual relationship with our Company.   The legal basis for the processing of personal data is Article 1(b) of the Regulation, i.e., your consent.

Retention period

The data subject acknowledges that all data provided for the purposes of personal data processing by the Controller, which the Controller processes on the legal basis of Article 6(1)(a) of the GDPR, shall be stored only for the duration of the consent granted. The data subject acknowledges that the withdrawal of consent for the processing of personal data does not affect the processing prior to such withdrawal (for more information, see Rights of the Data Subject).

4. Protection and ensuring of IT security of the service (Article 6(1)(f) of the GDPR), which includes in particular:

• Protection against unauthorised access to and misuse of data that is processed in the on-line environment of an application of the Controller

The following personal data shall be collected:
IP address
URL of the website referring to the Controller’s service
Date and time of access
Type of service activated
Time and frequency of the active service

If an error occurs during the use of the Controller’s services, which will have to be rectified by the Provider, the Controller may also collect other data for this purpose and only for the time necessary (e.g., login of the data subject / user). Such data shall never be stored together with other processed data for purposes other than the security purposes of the Controller.

Retention period

The data subject acknowledges that all data provided for the purposes of personal data processing by the Controller, which the Controller processes on the legal basis of Article 6(1)(f) of the GDPR, shall be stored only for the duration of the session, for a maximum of 30 days, if this is necessary for the purposes of monitoring compliance with the conditions of use of the Controller’s services.

4. Raising awareness and building relationships with customers (marketing and PR purposes) (Article 6(1)(a) of the GDPR), which includes in particular:

• Conducting customer satisfaction surveys;
• Electronic communication that has the nature of direct marketing with existing customers
• Effective and fast communication with customers for the purpose of increasing customer comfort;

The following personal data shall be collected:
Login
E-mail contact 

Processing of personal data for the purpose of direct marketing of a natural person who is already a customer of the Company, i.e., who has already purchased goods or services from us and can objectively expect the Company to send him or her news about goods or services that the Company provides or on bonuses in the procurement of these goods and services. The legal basis for the processing of personal data is Article 1(f) of the Regulation, i.e., a legitimate interest.

We perform email marketing and telemarketing for the purpose of offering our goods and services and related marketing communication.  If you do not give us your consent and you are our customer, we can send you business notifications (or call you as part of telemarketing) without you giving us your consent. In any case, you can simply prohibit such marketing communication from our side by sending us a completed contact form (request the exercise of the rights of the data subject) or by directly contacting our First Contact Point at: support@parkdots.com

Retention period

The data subject acknowledges that all data provided for the purposes of personal data processing by the Controller, which the Controller processes on the legal basis of Article 6(1)(f) of the GDPR, shall be stored only for the duration of the contractual relationship of the Controller with the data subject, provided that the data subject does not object to the processing of data for the stated purpose (for more information, see Rights of the Data Subject).

Business partners

In case you are a business partner or employee of a business partner of the Company, the purpose of processing your personal data is the regular registration and use of basic contact details and your job function for the needs of communication and handling of work matters and fulfilment of obligations arising from existing contractual relationships, or the performance of activities related to pre-contractual relationships. The legal basis for this processing is Article 6(1)(b) of the Regulation. The legal basis may also be the preponderance of legally protected interests of the Company pursuant to Article 6(1)(f) of the Regulation and the specific provision of Article 78(3) of Act No. 18/2018 Coll. on the protection of personal data and on amendments to certain acts supplementing the Regulation in the territory of the Slovak Republic. The purpose of processing your personal data is also management of relations with customers and business partners, development of products, services and business activities, communication with the Company, provision of feedback, and supplier satisfaction surveys. The legal basis for this processing is the preponderance  of legally protected interests of the Company pursuant to in Article 6(1)(f) of the Regulation. In the event that a financial settlement occurs on the basis of existing legal relationships, we also process your personal data for the purpose of issuing an accounting and tax documents due to the fulfilment of a legal obligation under Act No. 431/2002 Coll. on accounting and  on amendments to certain acts and provisions of Article 6(1)(c) of the Regulation.

In the event that you are a party to any contract or agreement concluded with our Company, we process your data to the extent necessary for the preparation, negotiation, amendments, registration of contractual legal relations, including the preparation and registration of powers of attorney. We process this data on the basis of the provisions of Article 6(1)(b) of the Regulation in connection with Article 78(3) of Act No. 18/2018 Coll. on the protection of personal data and  on amendments to certain acts.

ParkDots s.r.o. as a Processor in the provision of the permits.parkdots.com services

Due to business connections and cooperation, we process your personal data in an on-line application and for the purposes of the permits.parkdots.com service with cities and municipalities through which you, as the data subject, can actively use the “Parking Cards” service. For the service according to the previous sentence, ParkDots s.r.o. is in the position of the Processor who processes your personal data on behalf and on the basis of the Controller’s authorisation.

You can become familiar with the personal data processing policy of the Controller applied when providing the permits.parkdots.com services.

For the Controller:

• The capital Bratislava: https://bratislava.sk/sk/ochrana-osobnych-udajov
• City of Košice: https://www.kosice.sk/mesto/ochrana-osobnych-udajov
• City of Žilina: https://zilina.sk/ochrana-osobnych-udajov/
• City of Dolný Kubín: https://gdpr.somi.sk/index.php?id=42
• City of Topoľčany: https://www.parkujto.sk/privacy-policy/
• City of Nové Zámky: https://www.novezamky.sk/informovanie-o-ochrane-osobnych-udajov/ds-1700/archiv=0
• City of Čadca: https://www.mestocadca.sk/informacia-o-spracovani-osobnych-udajov.html
• City of Ilava: https://www.ilava.sk/sk/gdpr/statement/
• City of Bojnice: https://gdpr.somi.sk/index.php?id=213
• City of Ružomberok: https://www.ruzomberok.sk/urad/prehlasenie-o-ochrane-osobnych-udajov/
• City of Trenčianske Teplice: https://www.teplice.sk/ochrana-osobnych-udajov.html
• City of Šamorín: https://samorin.sk/wp-content/uploads/2018/07/ochrana.pdf
• City of Sliač: https://www.sliac.sk/ochrana-osobnych-udajov/
• City of Dunajská Streda: https://dunstreda.sk/ochrana-osobnych-udajov

The following personal information is collected in the Processor’s application permits.parkdots.com:

e-mail address, password, telephone number, forename and surname, date of birth and birth number (personal ID number); address of residence (street, register number, street number, apartment number, postal code, city and country) and other data contained in the identity card; vehicle registration number and other data contained in the vehicle registration certificate, masked number of the payment card, i.e., the first and the last four digits,

location data on the User’s location or his or her mobile or other device on which the ParkDots web application is run or the ParkDots mobile application is installed if it is necessary for the proper functioning of ParkDots; other data contained in the identity card, vehicle registration certificate, severe disabled person’s card (ŤZP), operating lease agreement or other documents that the User is obliged to submit in accordance with the generally binding legal regulations of the relevant municipality for the purpose of obtaining a parking permit.

To whom we can provide your personal data (recipients of the personal data)

Your personal data may be provided to the following categories of recipients of the personal data:

Lawyers (law firms) and executors.

Like any business entity, our Company is interested in being paid for its services properly and on time. As part of the debt collection agenda, your identification data listed on the customer contract, acceptance protocols and invoices can be made available to lawyers and consequently to executors. We note that both lawyers and executors are bound by a legal obligation of professional secrecy under the laws governing their activities. If there is a need to provide your personal data to lawyers in our use of legal services, lawyers shall process personal data as independent controllers. The same shall apply also for the executors.

Accountants, tax advisors and auditors of our Company.

As part of accounting and in connection with the obligation to audit our Company, we pass on invoices to external entities; for this reason, the personal data provided on the invoices may be passed on to this group of recipients. In exceptional cases, customer contracts may also be submitted to these entities as part of the inspection in order to check the amount and correctness of invoicing; in that case, the data on our contract will also be made available to them.

Service suppliers (processors).

Like almost every Company, we provide some services to customers through our subcontractors, who have the legal status of processors in the processing of personal data. The reason is not only to reduce costs and thus final prices for our customers, but also to improve the speed and quality of our services. All information provided to our Processors is provided only to the extent necessary and relates exclusively to the provision of services to the relevant customers for the purpose of ensuring the proper performance of our contract with the customer. Our processors mainly include providers of cloud services (virtual data storage), providers of GPS monitoring services, providers of accounting and administrative services. If you are interested, we will be happy to provide you with an up-to-date list of our processors upon request.

Our employees and business partners with whom we cooperate in providing our services

We also make your personal data available to our employees and internal collaborators who have been instructed pursuant to Article 29 of the GDPR for the purpose of secure and lawful processing of your personal data. We also bound them with confidentiality about your personal data pursuant to Article 79 of Act No. 18/2018 Coll. on the protection of personal data and on the amendment of certain acts. This circle of recipients processes personal data within the provision of our services and various administrative and technical support for the provision of our services.

Social network controllers and remarketing system providers

Rights of data subjects in the processing of personal data

Our Company cares about the protection of your personal data and therefore we strive to secure them through individual, modern technical and organizational security measures, as well as through the possibility to exercise your rights of the data subject under theRegulation at any time through a written and personally signed request which clearly states your identity and the right that you are asking to exercise.

In accordance with Articles 15 to 22 of the Regulation and Section 19 to 29 of Act No. 18/2018 Coll., the following rights of data subjects are generally applicable:

• the right to obtain confirmation as to whether or not personal data are being processed,
• the right of access to personal data,
• the right to rectification of personal data,
• the right to erasure of personal data,
• the right to restrict the processing of personal data,
• the right to the transfer of personal data,
• the right to object to the processing of personal data,
• the right not to exercise decision-making based on automated individual decision-making, including profiling.

The rights in question may be exercised by the data subject:

• in writing by delivery of the request, in person or by postal service, to the address of the Company’s registered office,
• electronically at the e-mail address: support@parkdots.com,
• by phone at telephone number: +421 2 49239 111,

The Request for the Exercise of the Data Subject Rights can be downloaded here: https://parkdots.com/privacy/request/en

This procedure is without prejudice to your right to withdraw the consent given to the processing of personal data, which you can always withdraw as easily as you have given it to us.

Any request for the exercise of the right of the data subject that will be delivered to us will be individually and competently assessed and we will always inform you of the result within one month of receipt of your request.

The execution of the data subject’s request shall be dealt with free of charge. If your request is manifestly unfounded or disproportionate, in particular because it is repeated, as well as a repeated request for copies of the personal data processed, we shall be entitled to charge a reasonable fee which takes into account the administrative costs associated with the provision of the requested information.

If the data subject considers that his or her rights have been infringed in the processing of the personal data by the Controller, he or she shall have the right to file a complaint or a request for initiating proceedings with the Office for Personal Data Protection of the Slovak Republic in accordance with Act No. 18/2018 Coll.

Final Provisions

The Company has created this Privacy Policy in order to enhance sufficient transparency, legal certainty and clarification of the basic rules that the Company as the operator of the ParkDots service observes when protecting the privacy and personal data of the data subjects.