Service & Payment

Privacy Policy

To the privacy policy Germany

Data protection declaration of ParkRaum-Management PRM Switzerland AG

1 General information

ParkRaum-Management PRM Switzerland AG (hereinafter referred to as "PRM", "we" or "us") processes personal data concerning you or other persons in different ways for different purposes.

"Personal data" is all information that relates to an identified or identifiable natural person.

"Processing" means any handling of personal data, regardless of the means and procedures used, in particular the collection, storage, retention, use, modification, disclosure, archiving, deletion or destruction of data.

This privacy policy relates to the processing of data in the following cases:

  • When visiting the website www.prm-parking.com
  • When using the parks operated by us
  • When purchasing our services
  • If there is another contractual relationship with us
  • If you contact us by e-mail, letter, etc.
  • With regard to all other data processing related to our offers

This privacy policy is based on the Swiss Data Protection Act (DPA). In certain cases, the European General Data Protection Regulation (GDPR) may also be applicable. If the privacy policy refers to "personal data", this also includes "personal data" within the meaning of the GDPR. The applicability of the GDPR depends on the individual case.

2 Person responsible for data processing

The controller for data processing in accordance with this privacy policy is

ParkRaum Management PRM Switzerland AG
Ifangstrasse 6
CH-8952 Schlieren

Switzerland
Phone: +49 (0)9131 826003-10
E-Mail: datenschutz@prm-parking.com

3 Name and address of the data protection officer

The protection of your personal data is very important to us. In order to express this importance, we have commissioned a consultancy firm specializing in data protection and data security to take on these central issues. We are advised by:

actago GmbH
Weidenstrasse 66
D-94405 Landau an der Isar
Germany
Phone: +49 (0)9951 99990-20
E-mail: datenschutz@actago.de
Internet: www.actago.de

4 What personal data we process

We process different categories of personal data depending on the occasion and purpose. The most important categories are listed below, although the list is not exhaustive.

In the case of contractual partners who are companies, we process less personal data because the applicable data protection law only covers data of natural persons. However, we do process the data of the respective contact persons (e.g. first name, surname, professional details, etc.).

Much of the data mentioned in this section is provided by you (e.g. via forms, in the context of communication with us, in connection with contracts, when using the website, etc.). Subject to individual cases, you are not obliged to do so.

When concluding contracts or claiming services, you must also provide us with data within the scope of the contractual obligation in accordance with the relevant contract, in particular master data and contract data.

4.1 Data when using a parking facility

We collect this data by means of:

  • The data provided for the creation of the contract
  • Of the control plate entered
  • Image recordings, evaluation of license plate data

The provision of your personal data is voluntary. The recording of images and license plate data will be pointed out at the entrance in accordance with legal requirements.

4.2 Master data

Master data is the basic data that we need to process our business relationships or for marketing and advertising purposes and that relates directly to your person and characteristics. For example, we process the following master data:

  • Title, surname and first name, gender
  • Control plate
  • Address, contact details
  • Language settings
  • For contact persons of companies also relations to the company

4.3 Contract data

Contract data is information that is processed in connection with the conclusion or execution of the contract. For example, we process the following contract data:

  • Date, application process, data regarding the type and duration of the conditions of the contract, data on contract termination
  • Contact details
  • Information on the use of services
  • Information on payments, payment methods, invoices, claims, contacts with customer service, complaints, defects, returns, evaluations, complaints, feedback, etc.

4.4 Communication data

Communication data is data that arises in connection with our communication with you:

  • Name and contact details such as address, e-mail, telephone number
  • Content of the correspondence
  • Information on type, time and possibly place of communication

4.5 Technical data

Technical data is collected in connection with the use of our website. This includes, among other things

  • IP address of the end device and device ID
  • Information about your device, the operating system of your end device or language settings
  • Details of the internet provider
  • Content accessed or logs in which the use of our systems is recorded
  • Date and time of access to the website and its approximate location

An individual code can be assigned to the accessing end device. This code is stored for a certain period of time, often only during the visit.

4.6 Behavioral and preference data

In order to tailor our offers and services in the best possible way, we try to better align our services with our contractual partners. To this end, we collect data on your behavior, in particular data on the use of our website. This may be collected on the basis of technical data. We can also evaluate other interactions with us as behavioral data or link them to other data.

Preference data tells us what your needs are likely to be and which services are most likely to meet your interests.

4.7 Other data

We may also process data in other situations. For example, data may be collected in legal proceedings which may also relate to you.

5 For what purposes we process your personal data

5.1 Control plate registration

In order to safeguard our contractual interests, to prevent fraud and to enforce our contractual and hiring conditions, as well as to fulfill our contractual obligations to you, control plates are recorded at each of our parking facilities.

Detection can be targeted using portable devices or automated detection systems. If vehicle license plates are automatically recorded in a parking facility, this is clearly indicated at all entrances. Automatically recorded data will be deleted immediately after leaving the parking facility, unless there is a specific reason for longer storage, i.e. in particular if the records are required to investigate specific criminal offenses or to enforce our contractual rights and obligations. In these cases, we collect further data from the responsible public authorities.

5.2 Processing of personal data for the provision of contractual services

We collect and process inventory data (e.g. license plate, names and addresses as well as contact data of users) and contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services. We only collect data that is necessary for the conclusion or performance of the contract and use it exclusively for these purposes. We also collect data required for the assertion of contractual claims or in relation to the settlement of claims within the scope of a contractual relationship from third parties, possibly debt collection agencies.

If necessary, we will transfer your personal data to CRIF AG, Hagenholzstrasse 81, 8050 Zurich, to determine your current postal address. Further information on the activities of CRIF GmbH can be found in their information sheet or online at https://www.crif.de/datenschutz/eingesehen.

The deletion of the data takes place after the expiry of statutory warranty periods, the necessity of the retention of the data is regularly reviewed; in the case of statutory archiving obligations, the deletion takes place after their expiry, unless there is a specific reason for further retention. Information in any customer account remains until it is deleted.

5.3 Monitoring of parking areas under our management for compliance with the contractual usage rules, including enforcement of usage fees for parking violations

  • Storage period: 10 years, beginning with the end of the year of the business transaction, 30 years for titles
  • Data recipients: Only service providers (processors)
  • Data types and source (in the case of data collection from third parties): Vehicle data and owner data from the local district authorities (surname, first name/company name, religious and artist name, address, type, manufacturer and type of vehicle, time of allocation or issue of the license plate to the owner, vehicle registration number)
  • Third country transfer (outside the EU/EEA): No

5.4 Provision of contractual deliveries and services or the establishment of a pre-contractual relationship of trust in this context and the exercise and fulfillment of rights and obligations arising from these legal relationships

  • Storage period: 10 years, starting at the end of the year of the last business transaction
  • Data recipients: Only service providers (processors)
  • Data types and source (for data collection from third parties): None
  • Third country transfer (outside the EU/EEA): No

5.5 Processing your inquiries via e.g. contact form and e-mail

  • Storage period: 3 years, beginning with the end of the year of the request, unless further contact, transaction or breach of contract has occurred in the meantime or the information is part of a legal relationship with the data subject or their employer or longer storage is required in individual cases for reasons of legal enforcement
  • Data recipients: Only service providers (processors)
  • Data types and source (for data collection from third parties): None
  • Third country transfer (outside the EU/EEA): No

5.6 Sending you information about our services that you have requested or are interested in, including personalization, tailoring to your interests

  • Storage period: 3 years, starting from the end of the year of the request, unless further contact or transactions have been made in the meantime or the information is part of a legal relationship with the data subject or their employer
  • Data recipients: Only service providers (processors)
  • Data types and source (for data collection from third parties): None
  • Third country transfer (outside the EU/EEA): No

5.7 Sending newsletters (outside the membership relationship or a contractual relationship)

  • Storage period: Until withdrawal of consent to the newsletter or until objection (including implementation period of maximum 14 days)
  • Data recipients: Only service providers (processors)
  • Data types and source (for data collection from third parties): None
  • Third country transfer (outside the EU/EEA): No

5.8 Implementation of warranty and guarantee obligations

  • Storage period: 10 years, beginning with the end of the year of the business transaction, unless further contact or transactions are made in the meantime or longer storage is required in individual cases for reasons of legal enforcement
  • Data recipients: Only service providers (processors)
  • Data types and source (for data collection from third parties): None
  • Third country transfer (outside the EU/EEA): No

5.9 Monitoring compliance with legal regulations and data security

  • Storage period: 10 years, starting at the end of the year in which the processing operation took place
  • Data recipients: Only service providers (processors)
  • Data types and source (for data collection from third parties): None
  • Third country transfer (outside the EU/EEA): No

5.10 Legal defense and enforcement of rights

Our company aims to protect itself from unjustified claims through legal defense. We also enforce claims and rights to which we are entitled.
For this purpose, it is necessary to process personal data.
This consists of the legally relevant data of the persons concerned.

The purpose of processing your personal data in the context of legal defense and enforcement is the defense against unjustified claims and the legal enforcement of claims and rights.

Your personal data will be deleted as soon as it is no longer required for the purpose for which it was collected.

The processing of your personal data in the context of legal defense and law enforcement is absolutely necessary for legal defense and law enforcement. Consequently, there is no possibility for you to object.

5.11 Direct marketing

Our company processes personal data such as address and name in order to send you advertising by post and thereby increase sales of goods or services.

The purpose of processing your personal data in the context of direct marketing by post is to promote the sale of goods or services.

Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected; this is the case in particular upon receipt of the objection.

You can object to the processing of your personal data in the context of direct marketing by post at any time for the future.

6 Use of online tracking and online advertising techniques

Various technologies are used on our website with which we and third parties engaged by us can recognize you when you use our website and, in some cases, track you across several visitors.

6.1 Use of cookies and similar technologies

We use third-party services for our website in order to measure and improve the user-friendliness of the website and online advertising campaigns. For this purpose, third-party components are integrated into the website, which in turn can set cookies.

When we track you or use similar technologies, it is basically so that we can distinguish between your accesses and accesses by other users, so that we can ensure the functionality of the website and carry out statistical evaluations. This does not reveal your identity.

The technologies used are designed in such a way that you are recognized as an individual visitor each time you visit a page, for example by our server assigning you or your browser a specific identification number "cookie".

Cookies are small text files that are stored on the device you are using.
These can be divided into the following categories:

Necessary cookies: These are required for the functionality and operation of the website

Performance cookies: These cookies collect information about the use of a website and enable analysis

Functional cookies: Functional cookies can enable advanced features and can display personalized content

Marketing cookies: Marketing cookies help us and our advertising partners to target you on our websites and on third-party websites with advertisements for products or services that may be of interest to you, or to display our advertisements when you use our website after visiting our website

We use cookies in particular for the following purposes:

  • Personalization of content
  • Display of personalized web ads and offers
  • Displaying advertisements on third-party websites and measuring their success, i.e. whether they respond to these advertisements (remarketing)
  • Saving settings between your visits
  • Determining whether and how we can improve our website
  • Collecting statistical data on the number of users and their usage habits and improving the speed of the website's performance and speed
  • We may process your contact details to target you with advertising on third-party platforms

In addition, similar technologies such as pixel tags or fingerprints can be used to store data in the browser. Pixel tags are small, usually invisible images or program codes that are loaded by a server and thereby transmit certain information to the server operator, e.g. whether and when the website was visited. Fingerprints are information that is collected when you visit our website via the configuration of your end device or your browser and that make your end device distinguishable from other devices.

6.2 Deactivation of cookies and similar technologies

When you visit our website, you have the option of deactivating certain categories of cookies. You can configure your browser settings to block certain cookies and similar technologies or to delete existing cookies and other data stored in your browser. You can also add software to your browser that blocks tracking by certain third parties. You can find out more about this in the help pages of your browser. Please note that our website may no longer be fully available if you block cookies and similar technologies.

6.3 Cookies from partners and third parties on our website

We use third-party services to measure and improve the user-friendliness of the website and online advertising campaigns. Third-party providers may also be located outside Switzerland and the EU/EEA, provided that the protection of your personal data is ensured in an appropriate manner.

The following third-party applications are used on our website:

  • Google Analytics: Analysis of the surfing behavior of our users
  • Google Maps: Display and integration of map material on the website
  • Google Web Fonts: Uniform representation of fonts
  • Google Tag Manager: Analysis of the surfing behavior of our users
  • Leadinfo: Recognizing visits from companies to our website based on IP addresses and displaying publicly available information about them
  • Provenexpert: Display and integration of reviews on the website
  • io: Creation of landing pages and lead generation
  • Hubspot: Analysis and marketing
  • New Relic: Analysis of the surfing behavior of our users

7 Use of payment providers in order processing ("payment services")

7.1 Description of data processing

If there is an obligation to provide us with your payment data (e.g. account number for direct debit authorization) after the conclusion of a fee-based contract for parking services, this data is required for payment processing.

For modern, uncomplicated and secure payment processing, we offer our customers various payment options for which we use banks and credit institutions as well as other payment service providers (hereinafter jointly referred to as "payment service providers").

Payment transactions via common means of payment (e.g. Visa/MasterCard) are made exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

With encrypted communication, the payment data you transmit to us cannot be read by third parties.

If you have opted for the payment services of a specific payment service provider as a payment option, the payment service provider will provide its services on the basis of a contract concluded between you and the payment service provider on the basis of the payment service provider's applicable terms and conditions of business and use. The data processing carried out by these providers is their responsibility and we have no influence on this. Accordingly, we must refer to the respective payment service provider in the event of the assertion of data subject rights in this context. If necessary, the payment service provider will ask you for additional consent, e.g. to carry out an identity or credit check. The personal data processed by payment service providers generally includes first and last name, address, date of birth, gender, email address, IP address, telephone number as well as the data required to process the payment in connection with the order, such as the number of items, item number, invoice amount and taxes as a percentage, or the bank data required to carry out the transaction, such as account numbers or credit card numbers, passwords, TANs and checksums as well as the contract, total and recipient-related details.

The payment service provider processes this data for the purpose of offering the respective payment method and any necessary identity and/or credit checks, payment administration and fraud prevention.

7.2 Purpose of data processing

Your data will be transmitted to the payment service providers we use in order to fulfill the contract concluded with us and for the purpose of effective and timely processing of online payment transactions, unless we ask you for your consent. You have the option of withdrawing your consent to data processing by payment providers at any time with effect for the future. A revocation does not affect the effectiveness of data processing operations in the past.

7.3 Datatrans (Planet)

For our online store, we use the payment system gateway "Datatrans" of Planet Payment Group Holdings Limited, IDA Business Park, Dangan, Galway H91A06C, Ireland, as well as acquiring services provided via this gateway for the processing, handling and settlement of cashless payments for products and services via our web store of the company Planet Merchant Services SAS, 1 Terrasse Bellini, Puteaux, 9299, Paris La Défense Cedex, France, which is registered as a payment institution with the Autorité de Contrôle Prudentiel et de Résolution (registration no: 83991), Planet Merchant Services SAS, 1 Terrasse Bellini, Puteaux, 92919, Paris La Défense Cedex, France by means of the payment methods we accept (Mastercard/Maestro, Visa, Twint). Planet Payment Group Holdings Limited and Planet Merchant Services SAS are hereinafter referred to as "Planet".

Planet assumes a dual role as controller and (sub)processor for data processing activities.

The gateway is used to process technically required data for a real-time transfer of payment transaction data between a payment channel and Planet, which is required for payment transactions. We have concluded an order processing agreement with Planet for this purpose.

As the controller, Planet uses your transmitted data to fulfill regulatory obligations and for the purpose of processing the payment transaction. The transaction is carried out exclusively in the relationship between the user and the source website by debiting the means of payment deposited with Planet. If you have therefore opted for a payment method offered via Planet, the information provided during the ordering process will be passed on to Planet via the gateway in addition to the information about your order and the information required depending on the payment method (e.g. name, address, e-mail address, customer number, order number, banking institution, account number, bank code, credit card number if applicable, credit card expiry date, credit card verification number (CVC), invoice amount, currency and transaction number, date and time of the transaction, location, name of the provider). The data is passed on exclusively for the purpose of payment processing with Planet and only to the extent that it is necessary for this purpose. Without the transmission of your personal data, we cannot process a payment via Planet. The use of Planet as part of the acquiring services is based on Planet's applicable terms and conditions of use and business. We have no influence on this.

 

8 Disclosure of personal data

In connection with our processing of personal data, we also disclose this data to other recipients.

We pass on the personal data required for their respective services to the service providers commissioned by us for this purpose. This applies in particular to IT service providers, but also to analysis service providers, debt collection service providers, credit agencies, etc.

Insofar as service providers process personal data as processors, they are obliged to process personal data exclusively in accordance with our instructions and to take measures to ensure data security.

Data may also be disclosed to other recipients, e.g. courts, lawyers and authorities in the context of proceedings and statutory information and cooperation obligations, to buyers of companies and assets, to financing companies in the case of securitization and to debt collection companies.

In individual cases, we may also pass on personal data to other third parties for their own purposes, e.g. if you have given us your consent to do so or if we are legally obliged or entitled to do so.

9 Transfer of personal data abroad

Recipients of data are not only located in Switzerland. This applies in particular to certain service providers. These may also be located outside the EEA and Switzerland, in particular in the USA, UK, but also in other countries.

For example, we may transfer data to authorities and other persons abroad if we are legally obliged to do so. Not all of these countries currently guarantee a level of data protection equivalent to Swiss law. We compensate for this low level of protection through appropriate contracts, in particular the standard contractual clauses issued by the European Commission and recognized by the Swiss Federal Data Protection and Information Commissioner (FDPIC).

You can find more information on this at: https://www.edoeb.admin.ch/edoeb/de/home/datenschutz/arbeit_wirtschaft/datenuebermittlung_ausland.html

In certain cases, we may transfer data in accordance with data protection regulations even without such contracts, e.g. if you have consented to the corresponding disclosure or if the disclosure is necessary for the performance of a contract, for the establishment, exercise or enforcement of legal claims or for overriding public interests.

10 Duration of processing

We process and store your personal data as long as it is necessary for the purpose of processing (in the case of contracts, generally for the duration of the contractual relationship), as long as we have a legitimate interest in storing it (e.g. law enforcement, archiving and ensuring IT security) and as long as data is subject to a statutory retention obligation (e.g. a ten-year retention period applies to certain data).

If there are no legal or contractual obligations to the contrary, we will destroy or anonymize your data at the end of the storage or processing period as part of our normal processes.

11 How do we protect your data?

We take appropriate security measures to protect the confidentiality, integrity and availability of your personal data, to protect it against unauthorized or unlawful processing and to counteract the risks of loss, unintentional modification, unwanted disclosure or unauthorized access. However, security risks cannot generally be completely ruled out.

12 Your rights

You have certain rights under applicable data protection law to obtain further information about our data processing and to influence it. These are in particular the following rights:

  • Right to information: You can request further information about our data processing. We are at your disposal for this purpose. You can also submit a request for information if you would like further information and a copy of your data.
  • Objection and deletion: You can object to our data processing and also request that we delete your personal data at any time if we are not obliged to continue processing or retaining this data and if it is not necessary to process the employment relationship.
  • Correction: You can correct or complete incorrect or incomplete personal data or have it supplemented by a note of dispute.
  • Transfer: You also have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format or to have it transferred to a third party, provided that the corresponding data processing is based on your consent or is necessary for the performance of the contract.
  • Revocation: If we process data on the basis of your consent, you can revoke your consent at any time. The revocation is only valid for the future and we reserve the right to continue processing data on another basis in the event of revocation.

Please note that these rights are subject to legal requirements and restrictions and are therefore not always fully available. In particular, we must continue to process and store your personal data for contract processing and to protect our own legitimate interests.

To the extent permitted by law, we can therefore also reject a request from a data subject in whole or in part.

You are free to lodge a complaint against our processing of your data with the competent supervisory authority. The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

Federal Data Protection and Information Commissioner
Feldeggweg 1
CH - 3003 Berne
Telephone: 058 4624395
Internet: https://www.edoeb.admin.ch/edoeb/de/home.html