ParkTime: Privacy Policy

The preservation of confidentiality and privacy in the PARKTIME App is a fundamental value of BARCELONA SMART TECHNOLOGIES, S.L. (URBIOTICA) and we consequently accept the commitment to guarantee the security and privacy of our customers’ personal data at all times and not to collect unnecessary information. We hereby provide you with all the necessary information about the Privacy Policy applied to the personal data collected in the PARKTIME App, explaining:

• Who is responsible for the processing of your data?
• What personal data we process.
• What personal data do we process?
• For what purposes we collect the data that we request.
• For what purposes do we collect the data?
• What is the legitimacy for its treatment.
• What is the legitimacy of processing the data?
• How long we keep the data.
• How long do we keep the data?
• To which recipients your data are communicated.
• With which recipients are your data shared?
• What are your rights.
• What are your rights?

Who is responsible for the processing of personal data?

Data are processed through the PARKTIME app under the joint responsibility of URBIOTICA and the bodies and entities that contract the app service. URBIOTICA is responsible for the management and maintenance of the users who use the application, since these data are kept regardless of the project in which they are used. The bodies and entities that contract the service are responsible for the data from the declaration of occupancy of the parking spaces corresponding to the contracted project. URBIOTICA is in charge of the processing here, since the declaration data are eliminated when a project is no longer provided. Business name: BARCELONA SMART TECHNOLOGIES, S.L. (URBIOTICA) Tax no.: B66849514 Postal address: C/ JOAQUIM MOLINS, 5, 4º4º, 08028, Barcelona Contact: info@urbiotica.com

Who will watch over your data at URBIOTICA?

URBIOTICA has appointed a Data Protection Officer who will be URBIOTICA’s guarantor of compliance with the data protection regulations. You can contact the URBIOTICA Data Protection Officer at the following address:

• Email: privacy@urbiotica.com
• Postal mail: C/ JOAQUIM MOLINS, 5, 4º1º, 08028, Barcelona

What personal data do we process?

The application processes the following kinds of data:

• Identification of citizens who are users of the service
  • Name
  • Email (acting as a identification credential)
  • Project in which it is registered
  • Type of spaces used
• Professional data for loading and unloading spaces
  • Company
  • Tax number of the company or professional.
  • Vehicle registration
• Specific data for spaces reserved for people with reduced mobility
  • European parking card number
• Space occupancy data
  • Occupied space identifier
  • Period used
• Activity registry data
  • Registry date

Additionally, data may be collected that are required by third parties that provide services used by the application:

• Show current position on a map using Google Maps.
  • Current position according to GPS
  • Mobile IP
  • Other data that Google Maps may collect (https://policies.google.com/privacy?hl=en-US)

In no case does the PARKTIME app collect data or track the location of users with geolocation techniques. It only saves the Point of Measure (PoM) that identifies the space or group of spaces occupied when the user makes the declaration of occupancy.

For what purposes and legitimacy do we use personal data?

As those jointly responsible for this treatment:

• URBIOTICA processes the data needed to manage the list of users of the PARKTIME app and store the data necessary for its use.

This processing is legitimate since it is necessary for the performance of a contract in which the data subject is a party. It is assumed that when the user accepts the terms of use of the app, a contractual relationship is established between both parties, despite the fact that its use is free.

• The bodies and entities that contract the service and offer regulated parking spaces use the data from the PARKTIME app to enable the people who control the regulated spaces to check that the spaces are occupied in accordance with the established regulations. In no case are they used for the purpose of sanctioning.

In the case of public administrations and bodies, this treatment is necessary for the fulfilment of a mission carried out in the public interest or in the exercise of public powers conferred on the data controller. The treatment is also legitimized by the fact that the use of the PARKTIME app is voluntary and is based on the contractual nature of the relationship established between both parties through the acceptance of the conditions of use of the app. Additionally, by integrating third-party services, geolocation data will be used to show the current location on a map. This is based on the consent that the user gives to activate this function. The collected data can also be used to prepare statistical studies of the occupancy of available places, but always using duly anonymized and aggregated data. In no case will the data be used for the declaration of occupation to gather information on user habits of use or to develop identifiable user behaviour profiles.

For how long will URBIOTICA keep the data?

The data will generally be kept for the necessary time to fulfil the purpose for which they were collected and to determine all possible responsibilities that might arise from said purpose and the processing of the data.

• User registry data will be kept as long as the user is registered for the service.

When the user unsubscribes, their data will be blocked and restricted.

• Occupancy data will be kept for a maximum of 1 month, which is enough to answer possible claims. After this time, these data will be deleted or dissociated to prevent a specific user from being identified for statistical purposes.

To whom will we pass on your data?

Data are shared with the organizations and entities that contract the service and offer regulated parking spaces. We will not pass on your personal data to third parties, unless this is necessary in providing you with the service, we are covered by a law or this has previously been agreed with URBIOTICA. The contemplated data communications are:

• Map viewing service, current position location on a map based on the Google Maps function.

The activation of this function is voluntary and is based on consent by allowing the Google Maps service access to geolocation data. As indicated by Google in its privacy policy (https://policies.google.com/privacy?hl=es) the information it collects includes unique identifiers, browser type and configuration, the type of device and its configuration, operating system, mobile network information (such as operator name and phone number), and the application version number. It also collects information on the interaction of applications, browsers and devices with our services, such as the IP address, crash reports, system activity, and the date, time and reference URL of the request. To determine the location with different levels of accuracy, it uses the following tools:

• GPS
• IP Address
• Device sensor data
• Information about elements near the device such as Wi-Fi access points, mobile phone service towers, and Bluetooth-enabled devices.

The type of location data it collects depends in part on your device and account settings. The servers on which the service is based are provided by an infrastructure supplier in IaaS mode, in this case the Amazon AWS service, which acts as a data processor. The conditions of use of these services include the Data Protection Agreement (DPA: https://aws.amazon.com/service-terms/). The contracted servers are located in the European Union and include compliance with the GDPR (https://aws.amazon.com/compliance/gdpr-center/).

What are your rights when you give us your data?

You may exercise your rights of access, rectification, erasure, and portability of personal data, as well as those of objection and restriction of the personal data collected by URBIOTICA, at any time. These rights may be exercised free of charge by the data subject, and where appropriate by whoever represents them, by means of a written and signed request, accompanied by a copy of their identity or equivalent document that proves their identity, sent to URBIOTICA:

• By post: C/ JOAQUIM MOLINS, 5, 4º4º, 08028, Barcelona
• By email: privacy@urbiotica.com

If you use representation, you must prove your representation by means of a written document and attaching a copy of the DNI or equivalent document. In addition to the foregoing rights, the interested party shall have the right to withdraw the consent granted at any time through the procedure described above, without this withdrawal of consent affecting the lawfulness of the treatment prior to the withdrawal of this consent. URBIOTICA may continue to process the personal data of the interested party to the extent that the applicable law permits or persist any other legitimation that justifies it.

What security measures do we apply to your personal data?

With the aim of safeguarding the security of your personal data, we inform you that we have taken all necessary technical and organisational measures to guarantee the security of the personal data provided in relation to guaranteeing the permanent confidentiality, integrity, availability and resilience of the processing systems and services. Specifically, there are internal security measures consisting of:

• Physical control of access and protection of equipment, people, and facilities where data are processed
• Access to computer systems is through individual usernames and passwords, restricting data access to those employees who strictly require it for their work.
• Backup copies are made of personal data, whose integrity and availability have to be maintained.
• If media or documents with personal data are managed, they are duly guarded under lock and key or with equivalent locking devices.
• Perimeter protection systems of the network to prevent intrusions and anti-virus protection of computer systems.
• Security incidents are logged and mechanisms and procedures are in place to notify of any security breaches.
• There is a Continuity Plan that enables the possibility of rapidly restoring availability of and access to personal data in the event of a physical or technical incident within the timeframes required to comply with the business commitments to which we are obliged by our service agreement.

URBIOTICA has similarly implemented internal controls in order to regularly verify, evaluate, and assess the effectiveness of the technical and organizational measures implemented to guarantee the security of the processing.

Updating your data

It is important that you inform us whenever there has been any change in your personal data in order for us to keep them updated. Otherwise, we accept no responsibility for their veracity.

Amendment of the Privacy Policy

URBIOTICA can amend its Privacy Policy in accordance with the applicable laws at all times. In any case, you will be duly notified of any amendment of the Privacy Policy so that you are informed of the changes made in the processing of your personal data and, if the applicable regulations so require, the interested party can confirm their consent.