GDPR

What the GDPR is

The GDPR is a new comprehensive data protection law in the EU that updates existing laws to strengthen the protection of personal data. It replaces the patchwork of national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state. It is effective from May 25, 2018. EU residents will now have greater say over what, how, why, where, and when their personal data is used, processed, or disposed. This rule clarifies how the EU personal data laws apply even beyond the borders of the EU. Any organization that works with EU residents’ personal data in any manner, regardless of location, has obligations to protect the data. We fully understand this, so we collect as little personal data as possible and safeguard it as well as we can.

The Right of Access

Data subjects have the right to access all data a business holds about them at any time. This includes session and payment data.

What if a customer demands to see their data?
As a data processor, we’re under a legal obligation to assist the data controller to provide this information.

One thing to bear in mind is that there’s a big risk around Data Subject Right Requests: They can be used for fraud. We have to be careful to authenticate the customer before providing the information. We don’t want an identity thief to exploit your system in order to steal consumer information.

The Right to be Forgotten – what data you can (and can’t) delete

Another important Data Subject Right is the Right to be Forgotten. In a marketing context, this means deleting every record of the consumer and never contacting them again. This is straightforward. But it’s not so clear-cut when it comes to payment and bookkeeping data, and there are situations when certain data can’t be revoked.

There are situations when certain data can’t be revoked.

For example, in a product sales scenario, where there are statutory warranties in place, e.g. if your customer has an annual subscription, which hasn’t been canceled, you need to keep the data in order to continue billing or store data for bookkeeping.

Who the GDPR applies to

The GDPR applies to all organizations operating in the EU or processing “personal data” of EU and Switzerland residents.

What data the GDPR applies to

Under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”). Personal Data is anything that you could conceivably use to identify a person within a larger group. That includes name, address, email, IP address, cookies, location etc.

What personal data we collect and why

When registered

Data collectedCommentPurpose
Mobile numberEvery account is unique due to the uniqueness of the mobile number, which is used to identify you as a user, log you in, notify you, connect to you.User identification
Country (from ip info)
Loading relevant settings for user
Language

 

When used the service

Data collectedCommentPurpose
Type of service used (e.g. parking, pre-booking)
Can be referred to as Session info
Bookkeeping, Statistics, customer support
Timestamp, when used
Place, where used and price

 

When added payment method

Name
Payments, invoicing
Email
Credit card typeWe do not store Credit card info
Mobile operator
Company name
Company address
Company VAT ID

 

3rd parties with whom personal information may be shared

Data disclosedPurpose
InvoiceOceanName, email, vehicle registration plate number, used servicesTo create invoices automaticallyInvoicing
ZohoName, email, vehicle registration plate number, used servicesBookkeeping related info
MessenteMobile numberSMS authentication
IpInfoIP addressSetting automatically users country/language and calling code. In order to detect the misuse of the system, combat abuse, and for logging purposes.
ClevertapEmail, phone, country, name, language, session infoAnalytics
AdyenCredit card info, emailPayments
Telia Mobile number, used services, priceMobile payments
Tele2 Mobile number, used services, priceMobile payments
Elisa Mobile number, used services, priceMobile payments

Data is stored in a database hosted in DigitalOcean’s data center in Amsterdam, Netherlands.