Data protection policy

Data Protection Policy

1. General

  1. ParkTrade Europe AB, a limited liability company incorporated under the laws of Sweden with reg. no. 556673-0551, (”ParkTrade”, ”we”, ”our”, or ”us”) is the data processor with regard to the processing of personal data in connection with the provision of our services as available from time to time (the ”Services”). Unless otherwise stated herein, each client contracted by ParkTrade or any of its affiliates, e.g. a municipality, a private parking company or a local authority, (the (“Client”) is the data controller with regard to the processing of personal data in connection with the customers of the Client’s (“Customers”) use of the Services.
  2. This privacy notice (the “Notice”) describes the processing of personal data carried out when Customers use the Services or otherwise interact with us.
  3. Unless otherwise set out herein, terms used in this Notice shall have the same meaning as given to them in Regulation (EU) 2016/679 (the “GDPR”).

2. Categories of personal data

  1. For the purposes of this Notice, ParkTrade processes the following categories of personal data: (i) name (e.g. of the registered keeper of a vehicle), (ii) address (e.g. of the registered keeper of a vehicle), (iii) email address, (iv) payment card details, (v) vehicle model and registration number, (vi) information on actual or suspected traffic offences (including photos), and (vii) fine amounts.
  2. In addition to the categories of personal data set out above, we may also process other types of personal data upon providing customer support services. What categories of personal data are processed for the purposes thereof depend on the subject matter of each support errand.

3. Processing of personal data

Within the scope of the provision of the Services, we process personal data for the following purposes:

3.1. To provide our Services to our Clients and to Customers

  1. We process personal data in order to provide our Services to our Clients and to Customers. The legal basis for the processing of personal data is our contractual obligation towards our Clients.
  2. What personal data is processed for this purpose depends on what part of our Services is concerned. The personal data processed for this purpose is collected from the Client or directly from the Customer.
  3. As part of our Services, personal data may be processed as follows:
  • a) Collection of fines for vehicle offences: We process personal data in order to process and collect fines on behalf of our Clients. This processing of personal data is carried out in order to fulfil our contractual obligations towards our Clients. The personal data processed for this purpose is, amongst else, names, addresses, vehicle model and registration numbers, traffic offence references and fine amounts. The personal data may be supplied by local registries of the relevant country, by the Client or by the Customer.
  • b) Collection of environmental fines: We process personal data for the purpose of collecting environmental fines (Low Emission Zones) on behalf of our Clients. The personal data processed for this purpose is names, addresses, vehicle model and registration numbers and fine amounts. The personal data may be supplied from the relevant Client.
  • c) Collection of road user charges and setting up automatic payment accounts: We process personal data for the purposes of collecting road user charges such as road tolls, bridge tolls, congestion taxes and setting up automatic payment accounts for Clients. The processing of personal data for these purposes is carried out in order to fulfil our contractual obligations towards our Clients. What personal data is processed for this purpose may vary depending on what Client is involved and the scope of our assignment. The personal data may be supplied by local registries of the relevant country, by the Client or by the Customer.

Moreover, we may also process personal data in order to contact or respond to requests from Customers or Clients, for instance to handle customer support matters or for the purposes of providing technical support with regard to the Services. What personal data is processed for this purpose may vary depending on the character of the relevant support errand. The personal data will be supplied by the person/entity contacting or being contacted by us.

3.2. For security purposes and prevention of abuse

  1. We process personal data in order to detect and prevent abuse, intrusion attempts, attacks (viruses and DDOS), law violations and violations of our terms and conditions (including this Notice). The processing of personal data for these purposes is based on our legitimate interest of providing adequate security measures.
  2. The personal data processed for these purposes are, amongst else, IP addresses and technical information relating to your device. The personal data is collected from the Customer or the user of our Services.

3.3 For analysing and marketing purposes

  1. We process personal data relating to the use of our Services in order to improve our Services and to market our Services. The processing of personal data for these purposes is based on our legitimate interest of analysing the use of our Services in order to improve the user experience and to market our Services.
  2. The personal data processed for these purposes depend on what parts of our Services is used. The personal data is collected from the Client or directly from the Customer.

4. Transfers of personal data outside the EU/EES and recipients of personal data

  1. Transfers of personal data to third countries (meaning countries outside the EU/EEA) will only be made (i) if the EU Commission has determined that such country has an adequate level of data protection, (ii) if the recipient has signed a legally binding and enforceable agreement providing sufficient guarantees as for the data protection of the personal data processed, or (iii) if there is another legal basis under data protection law for such transfer.
  2. We use sub-processors in order to carry out some of the processing of personal data described herein, e.g. to process payments from Customers. The processing of personal data carried out by such sub-processors may only be made in accordance with this Notice, or in accordance with the privacy policy of the relevant Client.
  3. Some of our sub-processors are established in countries outside the EU/EEA. For instance, our parent company, Marston (Holdings) Limited., is established in the United Kingdom and we may transfer personal data to them, as well as to other companies within the Marston (Holdings) Limited group of companies, for the purposes described herein.
  4. We may be required to provide certain personal data to authorities, e.g. the police, if we are obliged by law to do so.

5. Protection of personal data

  1. We have taken appropriate technical and organisational measures with regard to our processing of personal data to ensure protection against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.

6. Data storage

  1. ParkTrade retains personal data for a period specified by the Client in its capacity as data controller, however not for a longer period than permitted under data protection law, including the GDPR.
  2. ParkTrade also retain personal data for a period specified by the Customer (the Vehicle Owner/Epass24 account user in accordance with requirement in relevant legislation, such as, but not limited to the General Data Protection Regulation GDPR).

7. Your rights

  1. According to data protection law, you are provided the following rights:
    1. The right to be informed,
    2. The right of access,
    3. The right to erasure,
    4. The right to restrict processing,
    5. The right to data portability,
    6. The right to object, and
    7. Rights in relation to automated decision-making and profiling.
  2. In cases where ParkTrade is the processor with regard to the personal data processed in accordance with this Notice, please contact the Client (the data controller) in the first instance to address your rights with respect to such personal data.
  3. If you have any complaints with regard to our processing of personal data, you may submit your complaint to the competent supervisory data protection authority.
  4. You may also contact us on the details below if you have any questions or complaints with regard to our processing of personal data, or if you want to exercise any of the abovementioned rights. Please be aware that not all of the rights set out above are absolute. Some of the rights comes with exceptions and limitations.

8. Cookies

  1. We use cookies on our website. Cookies are small text files stored locally on your device. We use two types of cookies; session cookies and persistent cookies.
  2. Session cookies are cookies that are stored temporarily during the time you visit our website, for example to keep track of whether or not you are logged in. Persistent cookies are cookies stored on your device for a longer period of time, for example to improve the user experience for the reoccurring website visitors. Some of the persistent cookies used by us are third-party cookies, meaning cookies used by third parties, for instance for marketing purposes.
  3. If you wish to deny the use of cookies and/or delete, or delete already stored cookies, you may do so via your browser settings.

9. Amendments to this Notice

  1. We reserve the right to make amendments to this Notice from time to time. The date of the latest amendment to this Notice will be published below. If we make any amendment to this Notice, we will publish such amendments on our website. It is recommended that you keep yourself updated with the content of this Notice in order to be informed about any amendments made.
  2. If we amend the Notice in a way that substantially differs from the previous version, we will inform the stakeholders about such amendments and, if applicable, request the stakeholders to read through it and, if applicable, accept the Notice once again.
  3. The most recent update of the Notice was made on 26 March 2021

10. Contact

  1. For questions related to the Notice or about our processing of personal data, please contact our representative Henrik Saalman by email to gdpr@parktrade.com.

Road User Charges

To improve infrastructure, environment & public health.

The Toll Operators

Epass24 represent most toll operators in Europe.