PayPark

PRIVACY POLICY

(In force as  from 14.09.2018, amdt. on 12.07.2022 amdt. on 10.10.2025)

 

 

The PayPark application is a mobile application that provides the opportunity to pay and manage the stay of vehicles in paid parking areas on the territory of different municipalities in the Republic of Bulgaria.

This policy defines the types of personal data processed when using the PayPark mobile application and the services provided through the application (the Service) as well as the purposes and means of processing .

Controller of the personal data handled by the mobile application PayPark is LINK MOBILITY BULGARIA EAD , UIC: 131384920 , with headquarters and management address in Sofia, 1 Bulgaria Sq., NDK Prono building, fl. 7;

The Data Protection Officer will answer all Your questions concerning the processing and protection of personal data and will make exercising Your rights as a subject of personal data easy and understandable. The address for direct contact with the DPO is email: dpo@linkmobility.com  .

 

What data we process, for which purposes and on what basis:

 

1. Based on Your explicit consent, expressed by allowing the application to access Your device data or by deliberate action - manually inputting data about the use of a particular functionality, marking in active fields (check box), etc.:

• Location :

- Geolocation – only after You allow the app to access location information for the device, on which the app is installed, using the "Use My Location " functionality, we collect accurate location data for Your device.

- Location History - to allow viewing of the last parking spots ;

At any time, You have the option to end the application access to the location data, as well as delete the history.

- Location data – for targeting purposes for direct marketing and advertising based on the location of the data subject. With consent provided and targeted criteria based on location/location met, the data subject sees a corresponding visualization of advertising fields, banners, or other areas in the application, targeted (intended) for the respective location where the data subject is. The consent of the data subject covers targeting based on location for direct marketing and advertising of our or partner (third party) services and products. A description of the partners (third parties) is contained below in the section " Third parties to which we provide your personal data". In case of withdrawn or missing consent, the processing of data for location for the needs of advertising/marketing targeting is not carried out / terminated.

• Vehicle information, added or edited in the application, when the data provided is intended to facilitate use of the Service (eg. inputing the name of the car to be distinguished from other vehicles). You have the ability to edit or delete this information at any time.
• Mobile device identifier (generated UID for Android based on hardware identifier) or installation identifier (generated UID for iOS) – for the purpose of producing anonymized statistics on unique interactions (clicks/opening links) in relation to corresponding advertising fields, banners, or other areas in the application. The respective identifier serves to take into account the uniqueness of the data forming separate anonymized statistics, which in turn are shared with advertising partners (third parties).

 

2. On a contractual basis for provision of the Service we process the following personal data:

 

• Registration number of the vehicle (plate number), required for  payment of parking fees or performing a check for vehicles which have been lifted/displaced by traffic administration.

 

• Information about means of payment : We may collect information for the purposes of facilitating payments for parking in the blue / green zone   - when You select a payment method "By card" we collect data for Your credit or debit card, expiry date of the card and cardholder's name ; The processing of this personal data is necessary to provide this payment service  and therefore is on a contractual basis . If You do not provide this information, You cannot use the option for payment by credit / debit card.

 

• MSISDN (phone number) : we collect information about the phone number on which the application is installed for the purposes of facilitating the mobile payment through sending a SMS . The processing of the data for the telephone number is necessary for the provision of the mobile payment service via SMS and therefore is on a contractual basis .

 

• Identification data of the device, on which the application is installed

 

• Vehicle Location - For the purposes of using the functionality "Check for displaced Vehicle"

3. On other grounds, we process as follows:

• Data for sending / visualization (MSISDN, device data, settings) and/or statistics (mobile device identifier / installation) of messages / visualizations for marketing and advertising of our own products or services may also be processed under the provision of Art. 261, para. 2 of the Electronic Communications Act, when your contact details electronically have been obtained in connection with a similar commercial transaction for the provision of our products or services (legitimate interest).
• Data on consent granted, denial of provision or withdrawal of consent (date and moment of event/choice, mobile device identifier / installation, consent status) are processed on a legal basis – reporting obligation under Art. 5, par. 2 of the GDPR.

 

Third parties to which we provide your personal data:

• mobile operators - for the purposes of SMS payments to the extent that their cooperation is necessary for charging Your phone bill;
• suppliers of payment services for carrying out the functionality of payment by card and for accounting purposes as required by law;
• the relevant municipal administration that serves the paid parking area - for the purpose of checking by the municipal officials whether a payment has been made for the registration number of your vehicle;
• Google LLC, Google Ireland ltd. and other affiliates of Google LLC for the purposes of depiction of the active and/or historic data regarding the location of the МyKi™ Device and the paired devices on a map, provided by Google LLC. The privacy policy of Google LLC is accessible at the address:  http://www.google.com/policies/privacy
• state bodies and institutions in connection to checks and probes performed by them in compliance with the legal requirements and restrictions.
• Affiliated parties of “LINK MOBILITY BULGARIA" EAD   in a connection with usage of shared technical and human resources, transformations and others.
• Partners (third parties) in connection with direct marketing and advertising – merchants advertising their own or other’s goods/products and/or services in the fields of: gambling, finance, lending, food and non-food goods and products, medicine and healthcare, IT and technology, wholesale and retail, transport (logistics, transportation, taxi services), etc.

 

In regards to private individuals, we require and pay attention that the above stated third parties apply all required technical and organizational measures for protection of such data.

 

The Data is processed in regards of the following time limits:

 

• • Data processed for the purpose of providing the Service – by default until the application PayPark is deleted; the registration numbers of the vehicles combined with the pseudonymized identification data of the mobile devices on which the PayPark application has been installed, are being kept for up to one year from receipt for utilization of subsequent use of the application.
  • Data provided on the basis of consent, incl. location data - until it is withdrawn, as provided, including through the settings of the application or the mobile device to which it is installed or deleted, as applicable) to the extent this data is required for the use of a certain functionality of the mobile application.
  • Data on consent granted, denial of provision or withdrawal of consent (reporting) – up to six months after the suspension of the service / deletion of the installation of the application.

 

Following expiration of the above stated time limit, the data is deleted and may not be retrieved and used any longer. The data shall not be deleted but shall continue to be processed only for the purposes of protection of our legitimate rights and interests or in compliance with our legitimate obligations, in the event that as of the date of expiration of the above stated time limit there is pending court, administrative and pre-court proceedings – until its termination.

 

Your rights as a data subject:

• • Right to access, including right to copy data undergoing processing:
• At any time you have the right of information in regards to your personal data processed by us. You may contact us and after filling out a written request form and verifying your identity the requested information will be provided to you;

 

• • Right to rectification of inaccurate personal data:
• You have the right to request correction and/or supplementation of your personal data when the data is incorrect and/or incomplete. This you can accomplish via your profile in the Myki mobile application or by contacting us, filling out a written request form and verifying your identity
  • Right to erasure („The right to be forgotten“) in the following cases:
• Removal of the need to process;
• Withdrawal of consent when the processing of the data is on the legal bases of provided consent;
• Illegal data processing;
• Legal obligation to delete;

The right to be forgotten is not an absolute right and might not be respected in cases provided for by law and because of a lack of reliable verification of your identity.

• • Right of limiting processing when:
• The veracity of data is disputed, for the period for which their veracity should be checked; or
• Processing of data is without legal ground, but instead of deletion on our part, you want their restricted processing; or
• Need for data concerning establishment, exercise or protection of your legal claims; or
• Objection has been submitted as regards data processing pending check as to the legality of the grounds of the administrator.

In case of correction, deletion or restriction of processing, we will notify every recipient to whom personal data has been disclosed unless this is impossible or requires disproportionately huge efforts.

• • Right of transferability of the data;
• we provide the data directly to you
• at your request and technical possibility, the data is provided to another controller of your choice
  • Right to object to the processing based on legitimate interest:
• You have the right to object to the processing of your personal data when the processing is based on legitimate interest of the Controller or a third party. ALLTERCO ROBOTICS EOOD will not continue processing your data, accept if there is a proof of founded legal basis for the continuation of it, which overrides your interests, rights and freedoms or the processing is required for the establishment, exercise or defence of legal claims.
  • Right to object to direct marketing:
•  You have the right to object to the receipt of marketing and advertising messages, including profiling/targeting and analysis for direct marketing and advertising purposes.
  • Right to lodge a complaint with a supervisory in the Member State of your habitual residence, place of work or place of the alleged infringement if you considers that the processing of personal data relating to you infringes GDPR.

 

You may exercise the aforementioned data subject rights after filling out a written predefined request form which you may receive from the business address of the Controller or via electronic means after contacting the data protection officer and filling out the electronic form which you will receive in response.

You will receive an answer to your inquiry within one month of receiving the written request.

Methods used for automated individual decision-making, including profiling

We do not use automated algorithms and/or profiling, beyond what is described in this Policy.