EN Privacy policy

Version 12/05/2023

 

All websites, platforms, and mobile applications where this Privacy Policy is found (hereafter the “Platform”) are published and operated by the company Onepark (hereafter “Onepark” or “We”), for whom the protection of your personal data is a priority.

                                                   

This Privacy Policy is intended for you, a user of our Platform. It seeks to inform you on how your personal information may be collected and processed by Onepark and its Partner Car Parks that provide you with a parking space through our intermediary, as we explain in our Terms of Use (ToU).

 

What is “processing”?

The word Processing means any operation, or set of operations, conducted on personal data, no matter the procedure used (collection, logging, organization, retention, adaptation, modification, extraction, consultation, use, communication by transmission, diffusion, or any other way of making the data available, association or interconnection, blocking, erasure, or destruction, etc.).

 

Onepark commits to upholding the following two (2) essential principles:

-      You are in charge of your personal data,

-      Your data is processed in a transparent, confidential, and secure way.

 

More formally, this means that we commit to following both the French law (the informatique et libertés law) and the European regulation (the “GDPR”).

 

More information on us and our contact information

 

Legal information: The data controller is, according to the informatique et libertés law, the person that determines the means and purposes of processing. When two or more data controllers determine the purposes and means of processing together, they are the joint data controllers (or co-controllers). The data processor is a person that processes personal data for the data controller, acting under the authority of the data controller and following their instructions.

 

The data processor for your data is the company Onepark, simplified joint-stock company (société par actions simplifiée), with a share capital of €48,654.00, registered office located at 10, rue Chaptal, 75009 Paris, registered with the French Register of Commerce and Companies in Paris under number 790 272 033, represented by Mr. Gilles Latouche, President.

 

For any question about the management and use of your personal data, you can contact us:

 

     Either using the contact form on our website, available here

 

     Or by email at  [email protected]

 

     Or by mail at   Onepark – 10, rue Chaptal, 75009, Paris.

 

 

 

 

WHY AND BASED ON WHICH PRINCIPLES DO WE PROCESS YOUR PERSONAL DATA?

 

We can collect your data to:

 

1. Allow you to use the Platform and its functions, including:

a.     Easily navigating on the Platform,

b.     Making sure the Platform functions properly and is under constant improvement,

c.      Analyzing commercial statistics to improve our services.

 

More information and legal basis for data processing

Generally speaking, our Platform functions properly with the use of “cookies”.

You can find more details on cookie management in our Cookie Management Charter.

 

We can process your data because of our legitimate desire to guarantee the highest levels of function and quality in our website and application, primarily using statistics on site visits.

 

d.     Managing your client account, if you want to track your orders, see what data has been sent to us, and facilitate reservation of parking spaces,

e.     Sending you our newsletter if you are a client or if you have specifically requested it.

 

More information and legal basis for data processing

For these sub-purposes, data processing is justified by:

 

-        Your consent, when we need it to send you the newsletter,

 

-        The execution of a contract that you conclude, whether you accept our Terms of Use when creating your Account on the Platform or when you specifically ask to exercise your right to access, correct, erase, or transfer your data, contest it or request limitation of its processing or definition of its use.

 

-        Our legitimate desire to send our clients a newsletter on our products and services

 

f.       Managing your requests on exercise of rights granted by the legislation on processing of personal data (right to access, deletion, modification, etc.).

 

More information and legal basis for data processing

For this sub-purpose, data processing is justified by:

 

-        A legal obligation.

 

 

2. Allowing you to reserve a parking space and then providing you with all necessary assistance following your reservation:

a.     Geo-tracking you if you activate the geo-tracking tool to find the Partner Car Park closest to you.

 

More information and legal basis for data processing

For these sub-purposes, data processing is justified by:

-        Your consent, which is expressly requested through a pop-up window when you activate the geo-tracking function.

 

b.     Allowing you to reserve a parking space with one of our Partner Car Parks,

c.      Allowing you to pay securely through the Platform,

d.     Providing you with all elements to give you easy access to the Partner Car Park,

e.     Providing reservation follow-up, help in case of difficulty (information, cancelations, reimbursements, exchanges, claims, management of litigation),

f.       Sending you commercial information using automated emails and the information you provided. For more information, see the section “How do we plan our marketing campaigns?” below.

 

More information and legal basis for data processing

For these sub-purposes, data processing is justified by:

 

-        Our legitimate desire to ensure the best commercial relationship with you, and to ensure top-quality services;

 

-        Contractual: data processing is needed to execute the contract between you and the Partner Car Park that will provide you with a parking space.

 

Our follow-up and management of the client relationship with you covers:

 

-        management of contracts concluded with the Partner Car Parks, orders, delivery, and billing,

 

-        accounting and management of your client account,

 

-        management of claims and customer service, provided on behalf of the Partner Car Parks,

 

-        selection of clients to conduct studies, surveys, and tests.

 

 

3.     Sending your data to Onepark’s partners for commercial prospection purposes, if you have given your consent. We will only send your data to the following companies:

a.     Companies that manage Partner Car Parks on the Platform.

 

More information and legal basis for data processing

For this purpose, data processing is justified by:

 

-        Your consent, which is expressly requested when you make your reservation.

 

 

 

WHAT DATA DO WE PROCESS?

 

In accordance with the “minimization” principle of the GDPR, stating that we must only process the data absolutely necessary to the accomplishment of the purposes listed below, we only process the following data:

 

PURPOSE

DATA PROCESSED

Purpose no. 1:

 

Allowing you to use the Platform and its functions

 

-       For account creation: Data on your identity: title, last name, first names, address, telephone number, email addresses, client code, birth date;

 

-       A copy of an ID card may be retained as evidence of exercise of the right to access, correct, or contest data or to fulfill a legal obligation.

 

 

-       For marketing: Data needed for customer retention, prospection, studies, surveys, product tests, and promotion. For more information, see the section “How do we plan our marketing campaigns?” below.

 

-       Connection logs for actions on our website or mobile application;

-       Data on your navigation on our website using cookies;


If necessary, if you reserve one of our services through one of our partners, some of your personal data will be transferred to us by this third party so that we can provide you with the requested services.

 

 

Purpose no. 1:

 

Making sure that our Platform and application function properly and are under constant improvement

 

 

The Platform uses cookies to make your experience as pleasant as possible. If you would like to know more, consult our Cookie Policy. You will also find more information on how you can change your cookies settings.

Purpose no. 2:

For reservation of parking spaces, management and supervision of contracts, orders, delivery, billing

The data that may be processed is as follows:

 

-       Your geo-tracking data (if you activate this function),

 

-       Data on your identity: title, last name, first names, address, telephone number, email address, client code, birth date,

 

-       Data on your vehicle: license plate, make and model,

 

 

-       Data on the transaction such as transaction number, details of the purchase, enrollment, service to which you have subscribed,

 

-       Data on bill payment: method of payment, discounts applied, receipts, balances, and non-payment,

 

-       Connection logs for actions on our website or mobile application.

 

Purpose no. 2:

 

To ensure top quality Services

 

-       Information on reservations made and services to which you have subscribed, details on these processes, including your specific requests and other claims,

 

-       If you contact us, data on your identity: title, last name, first names, address, telephone number, email addresses, client code, birth date,

 

-       If you call us, our conversations may be recorded to improve our customer service or for personnel training; you will be informed of this when you call,

 

-       If you respond to surveys/questionnaires on your satisfaction with our Services, some information will be provided to us by providers that measure customer satisfaction.

 

Purpose no. 2:

 

For marketing campaigns

-       Data on your identity: title, last name, first names, address, telephone number, email addresses, client code, birth date;

 

-       Data needed for customer retention, prospection, studies, surveys, product tests, and promotion;

 

-       If you participate in a contest or promotional operation, data on your identify is collected.

 

Purpose no. 2:

 

So that you can pay for the Services

-       Data on method of payment: your credit card number and security code are only processed by Onepark’s payment service provider. We only have access to the last four digits of the card used for payment and the expiration date.

 

The payment service provider only has access to the following information:

o   Data on method of payment (card number),

o   Payment data,

o   Security code,

o   Identification data on the cardholder (last and first name).

 

-       We may communicate data on your identity to providers in order to detect and prevent fraudulent payments.

-       In case of reimbursement by bank transfer, your account details.

 

 

Purpose no. 3:

 

For sharing your data with partners

 

 

The data that may be processed is the following, if you have accepted communication with the Partner Car Park:

-       Data on your identity: title, last name, first names, email address.

 

 

 

 

HOW DO WE PLAN OUR MARKETING CAMPAIGNS?

 

If you have reserved a parking space: your personal data may be used only to the extent provided for by law, in order to contact you electronically (email or SMS) or by phone to provide you with information and offer you personalized services.

 

You will receive these communications only if you did not refuse them when we collected your contact information or when sending this information.

 

If you have not yet subscribed to a service or reserved a parking space: we will only send you information and offers via email or SMS if you have requested this type of communication.

 

Without your consent, we will not send your contact information to third parties or our partners.

 

In order to ensure the pertinence of our marketing communication, we use a third party to provide a better experience to our clients and future clients. We may use your personal data:

-       To make sure that our marketing communication includes offers that may interest you,

-       To track and personalize our digital marketing.

 

If you no longer wish to receive our marketing communications, you can easily deactivate them or unsubscribe: just go to your user profile, under “my account” and “my notifications” to choose the marketing communications that you want to receive. You can also exercise this right using the links provided in each communication.

 

 

 

 

WHO HAS ACCESS TO YOUR DATA?

 

Onepark has technical and organizational security measures in place to protect and ensure the security of your data.

This means that access to your personal data is limited to only the people that absolutely need to access it.

 

Only the following people may access your data:

 

-        Authorized personnel of Onepark’s services

 

Authorized personnel from marketing, commercial, administrative, operational, and IT services that are in charge of client relations, prospection, and monitoring.

 

-        The joint data controllers that help Onepark process your data

 

More information on Onepark’s  “joint controllers”:

Legal information: The data controller is, according to the informatique et libertés law, the person that determines the means and purposes of processing. When two or more data controllers determine the purposes and means of processing together, they are the joint data controllers (or co-controllers).

 

Onepark’s joint controllers for processing your personal data are:

o   The Partner Car Parks

 

More information on data sent to the Partner Car Parks :

Onepark only communicates the data absolutely necessary for access to the Car Park:

o   Your last names, first names,

o   Your license plate, make and model of your vehicle,

o   Your telephone number,

o   Information on the reservation (price, duration, flight number if applicable).

 

 

-        If necessary, the authorized personnel of our sub-contractors

 

More information on our sub-contractors:

Legal information: The data processor is a person that processes personal data for the data controller, acting under the authority of the data controller and following their instructions.

 

Some types of sub-contractors need to process data:

-        The Platform host;

-        Our Call Centers;

-        Our Marketing Providers, who send our email campaigns;

-        All SaaS IT providers used by Onepark.

 

o   The Payment Service Provider

 

The Payment Service Provider is the company that provides payment services on behalf of the Platform and on your behalf.

 

 

-        If necessary, the courts in question, mediators, accountants, auditors, lawyers, officers of the court, debt collection companies;

 

-        The third parties that may install cookies on your devices (computers, tablets, cell phones, etc.) when you so consent (for more information, see our Cookie Management Charter).

 

 

 

 

HOW DO ONEPARK AND ITS PARTNER CAR PARKS PROCESS YOUR DATA?

 

We are, in most cases, joint controllers with the Partner Car Parks that you have chosen for the processing of your data.

 

What do we mean by “joint controllers”?

Legal information: The data controller is, according to the informatique et libertés law, the person that determines the means and purposes of processing. When two or more data controllers determine the purposes and means of processing together, they are the joint data controllers (or co-controllers).

 

Onepark and the Partner Car Park work together so that you can reserve a parking space. Onepark collects your specific need via the Platform and puts you in touch with the Partner Car Park automatically, to whom we send, once your reservation is confirmed, the following data:

-       Your last names, first names,

-       Your license plate, make and model of your vehicle,

-       Your telephone number,

-       Information on the reservation (price, duration, flight number if applicable).

 

 

 

 

IS YOUR DATA TRANSFERED OUTSIDE THE EUROPEAN UNION?

 

As a general rule, Onepark does not plan to send your data outside the European Union.

We send some data outside the European Union when we send commercial prospection through the intermediary of Mailchimp, a sub-contractor.

 

For more information on transfer outside the EU:

Mailchimp is a service described at https://mailchimp.com/en/, provided by this company:

The Rocket Science Group LLC d/b/a Mailchimp

Attn. Privacy Officer

[email protected].

675 Ponce de Leon Ave NE, Suite 5000

Atlanta, GA 30308 USA

 

This sub-contractor has committed to respecting the Privacy Shield at all times, which is an auto-certification mechanism for companies established in the United States that has been recognized by the European Commission as providing an adequate level of protection for personal data transferred by a European entity to companies in the United States.

 

 

 

 

HOW LONG DO WE RETAIN YOUR DATA?

 

We retain your data only long enough to fulfill the purposes described above. The table below provides more information on time of retention for each type of data.

 

More information on retention time

 

For management of your user account data

If no contract is concluded (for parking space reservation), your data is retained for 5 years from the day on which it is collected or your last contact with us (5 years after the last time you clicked on one of our newsletters or after the closing of your account).

 

 

For management of parking space reservations and follow-up on the contractual relationship

 

Your data is retained for the entire duration necessary to the execution of the contract.

 

This data is then archived for 5 years for probationary purposes. Your invoices and accounting data are retained for 10 years.

For geo-tracking data

Geo-tracking data is only retained for the duration of your connection to our Platform to reserve a parking space.

 

For payment by credit card

Credit card data is saved by our payment service provider for 13 months following completion of your payment.

 

For marketing

 

5 years following the end of a parking space reservation contract if you are a client or following your last contact with Onepark if you are not yet a client.

 

This data is archived for 5 years for probationary purposes, in accordance with the provisions in force (insurance code, complementary insurance code, civil code, social security code, and consumer code).

 

 

For management of your identity card if you exercise your rights

 

 

 

1 year for exercise of right to access or correction.

 

3 years for exercise of right to contestation.

 

 

Making sure that our site and application function properly and are under constant improvement

 

 

13 months. After this time, raw Platform traffic data associated with a user is either deleted or made anonymous.

 

HOW CAN YOU EXERCISE YOUR RIGHTS TO YOUR DATA?

 

 

In accordance with the informatique et libertés law and the GDPR, you have the following rights:

 

     Right to access (article 15 GDPR), correct (article 16 GDPR), update, complete your data.

 

     Right to block or erase your personal data (article 17 GDPR) if it is incorrect, incomplete, out of date, or its collection, use, communication, or retention is prohibited.

 

     Right to withdraw your consent at any time (article 13-2c GDPR)

 

     Right to limit the processing of your data (article 18 GDPR)

 

     Right to contest processing of your data (article 21 GDPR)

 

     Right to transfer your data that you have provided to us when it is used for automatic processing authorized by your consent or a contract (article 20 GDPR)

 

     Right to decide how your personal data will be treated after your death and to decide if we should communicate your data to a third party (or not) chosen by you in advance.

 

In case of death and without instruction on your part, we commit to destroying your data, unless its retention is necessary for probationary purposes or to fulfill a legal obligation.

 

You may exercise these rights upon request via email to [email protected] or by mail to 10 rue Chaptal 75009 PARIS, indicating your contact information (last name, first name, address) and a legitimate reason when required by law (particularly for contestation).

 

If you send a copy of your identity card, we will retain it for one (1) or three (3) years when related to exercise of the right to contestation.

 

For more information on your rights, you can also consult the platform of the Commission Nationale de l’Informatique et des Libertés, available at http://cnil.fr..

You can also file a complaint with the CNIL at this address: https://www.cnil.fr/en/plaintes. 

 

WHAT ABOUT COOKIES AND OTHER “TRACERS”?

 

Onepark uses data on connection to the Platform (date, time, IP address, protocol of the visitor’s computer, page consulted) and cookies (little files saved on your computer) that allow us to identify you, record your consultations, and have data on the Platform’s traffic, particularly in terms of pages consulted.

 

When you navigate on the Platform, you accept the installation of “technical” cookies by Onepark, whose sole purpose is to facilitate electronic communication between your device and our Platform, making management and navigation easier.

 

You can find more details on cookie management in our Cookie Management Charter.

 

 

For more information

 

Like with other data, you can exercise your right to access this connection data with a request by email at [email protected] or by mail to 10 rue Chaptal 75009 PARIS.

 

When you navigate on our website or use our mobile application, you are not contesting our installation of “technical” cookies, whose sole purpose is to facilitate electronic communication between your device and our Platform, making management and navigation easier.

 

We only access the information stored in your device or save information there in the following cases:

 

-       Facilitating electronic communication, mainly for marketing purposes,

 

-       When we need to in order to provide our online communication service, at your request.

 

Both we and third parties also use cookies that require your consent:

 

-       Google Analytics cookies that measure the number of visits, the number of pages viewed, your activity on our site and how often you return,

 

-       if needed, other third-party cookies with the same purpose of measuring traffic or marketing purposes.

 

-       Cookies that provide information on your online navigation: websites previously visited and pages visited on our Platform,

 

-       Cookies that provide data on your device, particularly the kind (computer, tablet, smartphone, other) with which you connect, your operating system, your IP address, the location of your device, the browser used, etc.

 

These kinds of cookies are not installed on your device unless you consent to it by continuing to navigate on our website or mobile application. You can revoke your consent to our installation of these types of cookies at any time using our Cookie Management Charter[RM17] .

 

If you would like more information on the kinds of cookies and other tracers we use on our Platform, you can consult our Cookie Charter, available here.

 

 

 

 

 

CONTACT INFORMATION FOR DATA PROTECTION OFFICER

 

You can contact the person in charge of protecting your data by email at [email protected] or mail at 10 rue Chaptal 75009 PARIS.

 

 

WHAT SECURITY MEASURES ARE USED TO PROTECT YOUR DATA?

 

Onepark and its sub-contractors are committed to using all technical and organizational means possible to ensure that the processing of your personal data remains secure and confidential, in accordance with the informatique et libertés law and the GDPR.

 

Onepark therefore takes the necessary precautions, considering the nature of your data and the risks induced by our data processing, to keep your data secure and prevent it from being altered, damaged, or accessed by unauthorized third parties (physical protection of the premises, authentication procedure for our clients with personal, secured access through usernames and confidential passwords, logging of connections, encryption of certain data, etc.).

 

 

 

*

 

*        *