Table of Contents
- 1. What is the scope of this general privacy notice?
- 2. When is your personal data collected?
- 3. On what legal bases and for what purposes is your data processed?
- 4. How do we protect your data?
- 5. Who has access to your data and to whom is it transferred?
- 6. Is your data processed outside of the European Union?
- 7. What are your rights and how to exercise them?
- 8. How long do we keep your data?
- 9. Your use of our websites and our mobile applications
- 10. How can you keep informed about amendments made to this general privacy notice?
Interparking SA, the Interparking group companies and its affiliated companies (collectively known as “Interparking”) are sensitive to respecting the protection of your privacy. We strive to protect and process your personal data in strict compliance with the privacy protection legislation, in a completely transparent manner.
The purpose of this general privacy notice is to inform you fully on the subject. It explains how we collect, use and keep your personal data. In it we advise you about the importance that we place on the security of your data and we state in it how you can contact us regarding our personal data protection practices. We would encourage you to take the time to read this general privacy notice to familiarise yourself with our practices on the subject.
Our confidentiality processes may vary from one country to another to reflect local practices and requirements. This notice is about the data processing carried out by the Belgian company, Interparking SA.
1. What is the scope of this general privacy notice?
A. What do “personal data” and “processing” mean, who is the “data controller” and who is the preferred contact person or “DPO”?
A personal data is any information relating to an identified or identifiable natural person. It can, for example, be the name of a person, a photo, a telephone number, a code or an email address.
The processing is any operation on a personal data. The processing covers, inter alia, all aspects associated with the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of that data.
Interparking, whose head office is located at rue Brederode 9, 1000 Brussels, is the data controller of your personal data that it has. This means that we decide on the purposes and the means of processing that data and that we are your point of contact and that of the supervisory authorities for any matter relating to the use of such data.
We have appointed, as the sole point of contact within our company, a “Data Protection Officer” or “DPO” whose contact details are as follows:
Data Protection Officer
Rue Brederode 9
B. Who is affected?
Our general privacy notice affects all natural persons whose data is processed by Interparking in respect of the services that it provides. The “data subjects” are therefore the customers and users of Interparking’s services or its website.
C. What data is covered by this notice?
The data in this category is the personal data about you, i.e. the data that enables you to be identified either directly (data such as your name and surname enabling you to be identified immediately), or indirectly (data such as the registration number of your vehicle or a card number belonging to you that enables you to be identified indirectly).
When we interact with you, we may be required to collect different personal data depending on the products or services involved:
- Identification data (name, postal or email address, telephone number, vehicle registration number, etc.) is in particular collected to manage our subscription products, car park access, online car park bookings, the creation of customer accounts, the organising of marketing activities such as contests, etc.
- Data relating to your personal or professional life (personal status entitling you to a preferential tariff, status as a company employee, etc.) is, for example, requested when you create a customer account or in managing subscriptions signed up for by the company representatives who enter into contracts with us.
- Video images are recorded via the surveillance cameras and via the number plate recognition cameras which are placed in our installations particularly to enhance the security of the premises when you use our car parks.
- Financial data (information about payments or your bank details) is requested for the purposes of managing payments for our products and services.
- Data regarding connection (IP address, etc.) to our website is processed; for more information in this regard, please view our notice relating to cookies.
In some cases, the data is sent to us by an external source. This is the case when employers subscribe to products or services from which their employees benefit.
2. When is your personal data collected?
Some of your data can, inter alia, be collected by Interparking:
- when you become a customer via the subscription form or by opening an account;
- when you subscribe to our products or services online or on our mobile application;
- when you fill out the forms or contracts which we send you;
- when you use our services and products;
- when you subscribe to our newsletters or provide us with data to participate in a marketing activity;
- when you contact us via the various channels made available to you;
- when your data is published or passed on by authorised third parties (persons/entities that you have specially authorised, the Belgian Official Journal, etc.); or
- when you are filmed by our surveillance cameras or your vehicle is filmed by our number plate recognition cameras in our car parks.
3. On what legal bases and for what purposes is your data processed?
We process your personal data for various purposes. Each time that data is processed, only the data relevant to achieving the appropriate purpose is processed.
Generally, by way of examples, we use your personal data:
- when we have obtained your specific consent;
- To send you marketing communications concerning companies in our Group or concerning partner companies.
- for the performance of the contract
- entering into, managing and performing contracts forming part of Interparking’s range of products and services;
- in order to comply with any legal obligation to which we are subject, in particular:
- tax or accounting obligations;
- for reasons which constitute our legitimate interest, in which case we ensure that we maintain a proportionate balance between our legitimate interest and respecting your privacy:
- conducting marketing studies and promoting our products and services;
- preventing abuse and fraud;
- protecting company assets;
- monitoring whether the operations have been carried out correctly;
- surveillance and checking of our buildings and car parks;
- establishing, exercising, defending and preserving our rights or those of the persons/entities that we may represent, for example during disputes;
- looking for evidence allowing complaints to be managed (locating an unrecovered vehicle, for example).
4. How do we protect your data?
Access to your personal data is only authorised for people who need it to carry out their tasks. They are bound by strict professional secrecy and must comply with all of the technical and organisational requirements laid down to ensure the confidentiality of the personal data.
We have put in place technical resources and specialist teams that deal first and foremost with the protection of your personal data. We thus want to avoid unauthorised persons from having access to it, processing it, amending it or destroying it.
5. Who has access to your data and to whom is it transferred?
A. The likely recipients of data about you
Data about you may be passed on, where applicable, to other companies involved in providing services, to their representatives in Belgium, to their correspondents abroad, to your intermediary (employer, agent, etc.) or to a subcontractor. We pass on your data to service providers only if it is necessary for services to be offered on our behalf or to comply with legal requirements. We require, on each contract, that these service providers protect the confidentiality and the security of the personal information that they process on our behalf (see also point B below).
We may pass on certain personal information that we collect from the companies of the Interparking group or from affiliated companies in Europe to process the transactions and other services which you have used and in accordance with the terms of this privacy notice or in the manner indicated when the data is collected.
We do not sell the personal information that we collect about you and only disclose it in the circumstances described in this notice or in any other document which we will send to you when the data is collected. We only pass on your data for commercial use to third parties with your express prior consent, which can be withdrawn at any time.
We also pass on your data to other persons/entities if we are obliged to do so because of a contractual or legal obligation or if a legitimate interest justifies it (to defend our interests, for example).
B. Subcontractors on Interparking’s behalf
a) General comments
For some services, we use specialist partners in Belgium or abroad who act as processors and are contractually bound to us.
Interparking ensures that these “processors”:
- only have the data that they need to carry out their tasks and
- undertake, vis-à-vis Interparking, on the one hand, to process such data securely and confidentially and, on the other, only to use the data to perform their tasks.
b) Types of subcontractors
We use some specialist subcontractors, such as:
- intermediaries or partners with whom we work;
- IT service providers and other technical services;
- marketing offices.
6. Is your data processed outside of the European Union?
Our IT infrastructure is located on European territory.
We only pass on personal data outside of EU territory to one of our service providers located in the United States, for our mailing service and we have included contractual guarantees that the service provider in question undertakes to ensure adequate protection of the data which is sent to it.
Moreover, we would draw your attention to the fact that the use of email as a means of communication does not rule out the possibility that data may be transferred outside of European territory (some addresses used are provided by companies located and operating outside of such territory, mainly in the United States). We can neither verify nor guarantee that those companies comply with the principles stemming from data protection. These communications are however limited to what is necessary to perform the contract entered into with our customers. For our contacts who are involved on behalf of a legal entity, we consider that when they notify us of such an email address to contact them, they consent to such a transfer since it is inherent to its use.
7. What are your rights and how to exercise them?
A. Right of access
You have a right of access to your personal data. You can ask us:
- if we are processing your personal data or not;
- for what purposes we are processing it;
- what categories of data are processed;
- to what categories of recipients it is supplied;
- how long it is kept;
- for information regarding the rights that you can exercise (rectification, erasure, etc.) or about the possibility of lodging a complaint with the French Authority for the Protection of Privacy;
- the origin of the data processed.
B. Right to rectification
If you note that your data is inaccurate or incomplete, you can ask us to rectify it.
C. Right to erasure (“right to be forgotten”)
In some very specific cases, the legislation allows you to have your personal data erased.
This is the case in particular if:
- the data is no longer necessary in relation to the purposes for which we collected such data;
- the processing of your data is based exclusively on your consent and you decide to withdraw your consent;
- you object to your data being processed and we have no legitimate reasons that override yours;
Your right to be forgotten is not, however, absolute. We are entitled to continue to keep your data when keeping it is necessary, inter alia:
- to comply with a legal obligation;
- to establish, exercise or defend legal claims.
D. Right to restriction of processing
In some very specific cases, you can ask for the processing of your personal data to be restricted.
This is in particular the case when:
- you contest the accuracy of a personal data, for the time that enables us to verify the accuracy of it;
- although your data is no longer necessary for the pursuit of the purposes of the processing, you need it to establish, exercise or defend your legal claims.
The restriction of the processing will end in the following circumstances:
- you give us your agreement to it;
- the processing of your data is necessary to establish, exercise or defend legal claims;
- the processing is necessary to protect the rights of another natural person or legal entity;
- the processing is necessary for reasons of public interest.
E. Right to portability
In some cases provided by the regulation, you are entitled to have the personal data which you have provided to us:
- sent to you in a structured, commonly used and machine-readable format;
- sent directly by Interparking to another data controller, provided that it is technically possible.
In view of the processing actually carried out by Interparking, this possibility only exists in this instance for the processing for which Interparking asked for your consent or which is based on the performance of a contract entered into with you.
F. Right to object
When the processing of your personal data is based on a legitimate or general interest on our part, you are entitled to object to this at any time, for reasons relating to your particular situation.
However, your request will be disregarded if we consider that our legitimate interests should override yours in the particular instance or if the processing of your data is still necessary to establish, exercise or defend legal claims.
b) In respect of direct marketing
Interparking considers that it has a legitimate interest in promoting its goods and its services and, it is for this reason that it offers to send you marketing communications (such as promotional offers).
When contracts are entered into with Interparking, you can object to such communications from Interparking being sent to you via an opt-out box.
If you do not want us to contact you with commercial communications to promote our activities, you can, at any time, unsubscribe from them or object to your personal data being processed by or at the request of Interparking and Interparking cannot object to this.
G. Withdrawal of your consent
When the processing by Interparking is based on your consent, you can withdraw your consent at any time. This withdrawal will not jeopardise the legality of the processing of your personal data effected during the period before the withdrawal of your consent.
This is the case when you have expressly consented, via an opt-in box, to receive offers or communications by email concerning a range of products and services from companies that form part of the Interparking group and also from intermediaries or partners that you have used.
In such a case, it could be impossible for Interparking to achieve this goal and/or process your request for intervention.
H. Who do you contact?
In order to be sure of your identity, you will be asked to upload a scanned copy of your identity card.
You can also write to our Data Protection Officer at the address below providing a signed and dated application, accompanied by a copy of your identity card so that he/she can be sure of your identity. Please however note that using the online form guarantees your request being processed as quickly as possible.
Data Protection Officer
Rue Brederode 9
If you think that the processing of your personal data constitutes a violation of the privacy legislation, you also have the right to lodge a complaint with the supervisory authority.
8. How long do we keep your data?
The data processed is kept for the full duration of the contract, the legal limitation period and any other retention period which might be imposed by the applicable legislation and regulations.
9. Your use of our websites and our mobile applications
10. How can you keep informed about amendments made to this general privacy notice?
In a changing world where technologies are continually evolving, this general privacy notice may be subject to amendments. We would encourage you to view the latest online version of this declaration and we will advise you of any amendment via the website or through the other usual channels of communication.