Parktime: Política de privacidad

The preservation of confidentiality and privacy in the PARKTIME App are fundamental values of BARCELONA SMART TECHNOLOGIES, S.L. (URBIOTICA) and we consequently assume the commitment to guarantee the security and privacy of our customers’ personal data at all times and not to collect unnecessary information.

We hereby provide you with all the necessary information about the Privacy Policy applied to the personal data collected in the PARKTIME App, explaining:

• Who is responsible for the processing of your data.
• What personal data we process.
• For what purposes we collect the data that we request.
• What is the legitimacy for its treatment.
• How long we keep the data.
• To which recipients your data are communicated.
• What are your rights.

Who is responsible for the processing of personal data?

Data are processed through the PARKTIME app under the joint responsibility of URBIOTICA and the bodies and entities that contract the app service.

URBIOTICA is responsible for the management and maintenance of the users who use the application, since these data are kept regardless of the project in which they are used.

The bodies and entities that contract the service are responsible for the data from the declaration of occupation of the parking spaces corresponding to the contracted project.

URBIOTICA is in charge of the processing here, since the declaration data are eliminated when a project is no longer provided.

Business name: BARCELONA SMART TECHNOLOGIES, S.L. (URBIOTICA)

Tax no.: B66849514

ddress: C/ JOAQUIM MOLINS, 5, 4º4º, 08028, Barcelona

Contact: info@urbiotica.com

Who will watch over your data at URBIOTICA?

URBIOTICA has appointed a Data Protection Officer who will be URBIOTICA’s guarantor of compliance with the data protection regulations.

You can contact the URBIOTICA Data Protection Officer at the following address:

• Email: privacy@urbiotica.com
• Postal mail: C/ JOAQUIM MOLINS, 5, 4º1º, 08028, Barcelona

What personal data do we process?

The application processes the following kinds of data:

• Identification of citizens who are users of the service
  • Name
  • Email (acting as a credential for identification)
  • Project in which it is recorded
  • Type of spaces to use
• Professional data for loading and unloading spaces
  • Company
  • Tax number of the company or professional.
  • Vehicle registration
• Specific data for spaces reserved for people of reduced mobility
  • European parking card number
• Space occupancy data
  • Occupied space identifier
  • Period of use
• Activity registry data
  • Registry date

Additionally, data may be collected that are required by third parties that provide services used by the application:

• Show current position on a map using Google Maps.
  • Current position according to GPS
  • Mobile IP
  • Other data that Google Maps may collect (https://policies.google.com/privacy?hl=en-US)

In no case does the PARKTIME app collect data or track the location of users with geolocation techniques. It only saves the Point of Measure (PoM) that identifies the space or group of spaces occupied when the user makes the declaration of occupancy.

For what purposes and legitimacy do we use personal data?

As those jointly responsible for this treatment:

• URBIOTICA processes the data necessary for managing the list of users of the PARKTIME app and storing the data necessary for its use.

This treatment is legitimate since it is necessary for the performance of a contract in which the data subject is a party. It is assumed that when the user accepts the terms of use of the app, a contractual relationship is established between both parties, despite the fact that its use is free.

• The bodies and entities that contract the service and offer regulated parking spaces use the data from the PARKTIME app to enable the people who control the regulated spaces to verify that the spaces are occupied in accordance with the established regulations. In no case are they used for the purpose of sanctioning.

In the case of public administrations and bodies, this treatment is necessary for the fulfilment of a mission carried out in the public interest or in the exercise of public powers conferred on the data controller.

The treatment is also legitimised by the fact that the use of the PARKTIME app is voluntary and is based on the contractual nature of the relationship established between both parties through the acceptance of the conditions of use of the app.

Additionally, by integrating third-party services, geolocation data will be used to show the current location on a map. This is based on the consent that the user gives to activate this function.

The collected data can also be used to prepare statistical studies of the occupation of available places, but always using duly anonymised and aggregated data.

In no case will the data be used for the declaration of occupation to gather information on user habits of use or to develop identifiable user behaviour profiles.

For how long will URBIOTICA keep the data?

The data will generally be kept for the necessary time to fulfil the purpose for which they were collected and to determine all possible responsibilities that might arise from said purpose and the processing of the data.

• User registry data will be kept as long as the user is registered for the service.

When the user unsubscribes, their data will be blocked and restricted.

• Occupation data will be kept for a maximum period of 1 month, which is enough for answering possible claims. After this time, these data will be deleted or dissociated to prevent a specific user from being identified for statistical purposes.

To whom will we pass on your data?

Data are shared with the organisations and entities that contract the service and offer regulated parking spaces.

We will not pass on your personal data to third parties, unless this is necessary in providing you with the service, we are covered by a law or this has previously been agreed with URBIOTICA.

The contemplated data communications are:

• Map viewing service, current position location on a map based on the Google Maps function.

The activation of this function is voluntary and is based on consent by allowing the Google Maps service access to geolocation data.

As indicated by Google in its privacy policy (https://policies.google.com/privacy?hl=es) the information it collects includes unique identifiers, browser type and configuration, the type of device and its configuration, operating system, mobile network information (such as operator name and phone number), and the application version number. It also collects information on the interaction of applications, browsers and devices with our services, such as the IP address, crash reports, system activity, and the date, time and reference URL of the request.

To determine the location with different levels of accuracy, it uses the following tools:

• GPS
• IP Address
• Device sensor data
• Information about elements near the device such as Wi-Fi access points, mobile phone service towers, and Bluetooth-enabled devices

The type of location data it collects depends in part on your device and account settings.

The servers on which the service is based are provided by an infrastructure supplier in IaaS mode, in this case the Amazon AWS service, which acts as a data processor.

The conditions of use of these services include the Data Protection Agreement (DPA: https://aws.amazon.com/service-terms/).

The contracted servers are located in the European Union and include compliance with the GDPR (https://aws.amazon.com/compliance/gdpr-center/).

What are your rights when you give us your data?

You may exercise your rights of access, rectification, deletion and portability of personal data, as well as those of opposition and restriction of the personal data collected by URBIOTICA, at any time.

These rights may be exercised free of charge by the data subject, and where appropriate by whoever represents them, by means of a written and signed request, accompanied by a copy of their identity or equivalent document that proves their identity, sent to URBIOTICA:

• By post: C/ JOAQUIM MOLINS, 5, 4º4º, 08028, Barcelona
• By email: privacy@urbiotica.com

In the case of representation, this must be proven by means of a written document and attaching a copy of the identity or equivalent document that proves the identity of the represented party.

In addition to the above rights, the data subject will be entitled to withdraw their consent granted at any time through the procedure described above, without said withdrawal of consent affecting the legality of the processing prior to its withdrawal. URBIOTICA may continue to process the personal data of the data subject insofar as the applicable law allows it or any other legitimisation that justifies it persists.

What security measures do we apply to your personal data?

With the aim of safeguarding the security of your personal data, we inform you that we have taken all necessary technical and organisational measures to guarantee the security of the personal data provided in relation to guaranteeing the permanent confidentiality, integrity, availability and resilience of the processing systems and services.

Specifically, there are internal security measures consisting of:

• Physical control of access and protection of equipment, people and facilities where data are processed
• Access to computer systems is through individual usernames and passwords, restricting data access to those employees who strictly require it for their work.
• RBackup copies are made of personal data, whose integrity and availability have to be maintained.
• In the case of managing supports or documents with personal data, these are duly guarded under lock and key or with equivalent locking devices.
• Perimeter protection systems on the network to prevent intrusions and anti-virus protection of computer systems.
• Security incidents are logged and mechanisms and procedures are in place for the notification of security breaches.
• There is a Continuity Plan that establishes the possibility of rapidly restoring availability and access to personal data in the event of a physical or technical incident, within the time frames required to comply with the business commitments to which we are obliged by our service agreement.

URBIOTICA has similarly implemented internal controls in order to regularly verify, evaluate and assess the effectiveness of the technical and organisational measures implemented to guarantee the security of the treatment.

Updating your data

For us to keep your personal data updated, it is important that you inform us whenever there has been any change; otherwise, we cannot be held responsible for their veracity.

Changes to the Privacy Policy

URBIOTICA may modify its Privacy Policy in accordance with applicable legislation at any time. In any case, any changes in the Privacy Policy will be duly notified so that you are informed of the changes made in the processing of your personal data and, if the applicable regulations should so require, the data subject might grant their consent.