Privacy and GDPR

Introduction

We have on this page collected information about the General Data Protection Regulation (2016/679) (GDPR) and how EasyPark handles personal data.


What is GDPR?

GDPR is a regulation adopted by the EU to harmonise the rules for the treatment of personal data throughout the EU/EEA. GDPR specifies the requirements for companies and organisations that handle personal data and sets out rights of individuals.


What constitutes personal data?

Any information related to a natural person that can be used to directly or indirectly identify the person is considered as personal data, e.g. names, photographs, phone numbers, email addresses, car registration plates and GPS-coordinates.


What is a data subject?

A data subject is an individual to whom the personal data is related to.


What is a data controller?

A data controller is someone who (either alone or jointly with others) determines the purposes for the processing of personal data and how the personal data is processed.


Are there any specific rules businesses should be following in order to ensure compliance?

Article 5 of the EU GDPR states that personal data must be:

  • Processed lawfully, fairly and in a transparent manner

  • Collected only for specified, explicit and legitimate purposes

  • Adequate, relevant and limited to what is necessary

  • Accurate and kept up to date.Held only for the absolute time necessary and no longer

  • Processed in a manner that ensures appropriate security of the personal data


Is GDPR also applicable in countries outside EU/ EEA?

The GDPR is applicable not only to organisations located within the EU/EEA but also applies to companies and organisations located outside of the EU if they offer goods and services to EU/EEA citizens and thereby process personal data. Hence, GDPR applies to all companies and organisations processing the personal data of data subjects residing in the European Union or EEA, regardless of the company’s location.


How does EasyPark treat my personal data?

For further information about how EasyPark processes personal data, please see our privacy policy.


What security measures has EasyPark implemented in order to protect personal data

EasyPark has implemented an information security management system (ISMS) in accordance with ISO 27001. Furthermore, EasyPark has recruited a Head of Information and IT Security and established internal control as part of the ISMS.


Does the data subject need to give consent to the data controller?

A company or an organisation must have legal grounds for processing an individual's personal data. A legal ground for processing of personal data is for example that the processing is required in order to fulfill an agreement with the data subject, to fulfill a statutory obligation or if the data subject has given consent to the processing. The data subject should be informed of how the personal data will be processed and in cases where consent is required for the processing. If a certain kind of processing requires consent, then consent shall be obtained. A full description of EasyParks processing of your personal data and the legal grounds of the processing will be found in EasyParks privacy policy.


Does EasyPark use suppliers that process personal data?

Yes, EasyPark has contracts with suppliers that perform services for EasyPark. EasyPark has entered into data processing agreement with all suppliers that process personal data on behalf of EasyPark.


DPO contact information

Contact information to our DPO - dpo@easypark.net