Data Privacy Smart Pay App

Information according to Art. 13, 14 and 21 of the General Data Protection Regulation (GDPR)

This data protection information applies to the collection, processing and use of your personal information when using the “Smart Pay” app (hereinafter “App”), insofar as Scheidt & Bachmann GmbH is responsible for data processing.

Scheidt & Bachmann GmbH (hereinafter "we" or "Scheidt & Bachmann") takes the protection of your personal information very seriously and adheres strictly to the rules set down by data protection legislation. The following statement provides an overview of how Scheidt & Bachmann ensures this protection and explains which types of data we collect for which purposes.

1. Responsibility for data processing

Responsibility for processing your personal information lies with:

Scheidt & Bachmann GmbH, Breite Straße 132, 41238 Mönchengladbach, Germany; Telephone: +49 2166/266-0; Fax: +49 2166/266-375; E-mail: info@scheidt-bachmann.de 

2. Data Protection Officer

You can reach our Data Protection Officer as follows:

Scheidt & Bachmann GmbH, Data Protection Officer, Breite Straße 132, 41238 Mönchengladbach, Germany; Telephone: +49 2166/266-839; Fax: +49 2166/266-254; E-mail: datenschutzbeauftragter@scheidt-bachmann.de 

3. Which data do we process and from what sources?

We process personal data which you provide to us voluntarily or in the course of using the App.

4. Processing of personal data when downloading the App

When you download the App from the app store, e. g. Apple (iOS) or Google (Android) App Store, the information necessary to start and complete the download is transferred to the app store, including, but not limited to, your user name, email address and account number, time of download, payment information and individual device ID. We have no control over and are not responsible for this data processing. For more information on how your personal data is processed when you download the App, please refer to the privacy policy of the respective app store operator.

5. Processing of personal data when using the App

When using the App, we process personal data that is technically necessary to offer you the installation and functions of the App and to ensure the stability and security of the operation of the App.

5.1. Access data of the user (user data):

IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (concrete page), access status/ HTTP status code, amount of data transferred in each case, operating system and its interface (via app shop), device type (via app shop), your device identification (via app shop), unique number of the end device (IMEI = International Mobile Equipment Identity), unique number of the network subscriber (IMSI = International Mobile Subscriber Identity).

The purpose of processing user data is to provide you with the above-mentioned functions.

5.2. Use of the functions "Search Ticket/ License plate" for mobile payment of parking tickets (payment data)

With the function "Search Ticket/ License plate" you can pay the incurred parking fees.

Entrance with parking ticket

If you have received a parking ticket at the entrance, you will need the barcode printed on the parking ticket to calculate the parking fee. You scan this barcode with the camera of your mobile device; the app does not access the photo library. The parking fee to be paid is then calculated and displayed.

Entrance without parking ticket

If you have not received a parking ticket at the entrance, the parking fee will be calculated on the basis of the license plate number. We are not responsible for the collection of the license plate number at the entrance of the parking space, but the operator of the parking space is. For further details, please refer to the data protection declaration of the operator. To calculate the parking fee, please enter your license plate number into the app. The parking fee to be paid will then be calculated and displayed.

Payment of parking fee

Payment is made by entering your credit card details or your PayPal account details.

Payment by credit card is possible using the Braintree payment service, a service provided by PayPal (Europe) S.à.r.l et Cie, S.C.A., based in Luxembourg. Payment by PayPal is made by using the payment service of PayPal (Europe) S.à.r.l et Cie, S.C.A., based in Luxembourg.

The following data are processed for this purpose: IP address, UUID (Universally Unique Identifier used for device identification), Device Data (which consists of the UUID as well as the IMEI (= International Mobile Equipment Identity)), individual barcode, parking time, parking garage, amount of parking fee, reference number of the payment (including used entry device), ticket number, entry time, exit time, receipt number, currency, receipt number of Braintree/ PayPal

  • when paying by credit card additionally: credit card number, expiry date of credit card, CVC
  • when paying via PayPal additionally: PayPal account data, e-mail address, individual payment token

The purpose of data processing here is the handling of the payment process.

5.4 Use of the "Search location" functions (location data)

With the function "Search location" you can find parking garages that offer the payment option via the app and you can record the location of the parking space you used and be navigated back to your parked vehicle. To do this, you take a photo of your parked vehicle, which is linked to the location data. This requires access to the camera and GPS data on your mobile device; the app does not access the photo library.

The location data is processed for this function.

6. Cookies, plugins and other services

The App does not use cookies or similar technologies.

7. On what legal basis do we process your data?

We process your personal data in accordance with the relevant regulations on data protection, in particular the GDPR, for various purposes.

The legal basis for the processing of user data and payment data is Art. 6 para. 1 lit. b GDPR.

The legal basis for the processing of location data is Art. 6 para. 1 lit. a GDPR.

In addition, we process user and payment data to protect our own legitimate interests and to ensure the stability and security of the app. The legal basis for this is Art. 6 para. 1 lit. f GDPR.

8. Who receives my data?

For the payment processing via your credit card or PayPal the payment data will be transmitted to Braintree or PayPal to the required extent. Legal basis for the data transfer is Art. 6 para. 1 lit. b GDPR. Information about the data protection of Braintree or PayPal can be found at https://www.braintreepayments.com/gb/legal/braintree-privacy-policy and https://www.paypal.com/uk/webapps/mpp/ua/privacy-full.

When using the "Search location" function, your location data is determined via GPS and transmitted to the map service you are using. The legal basis for the transmission is Art. 6 para. 1 lit. a GDPR. You can obtain information on data protection from Apple or Google at https://www.apple.com/uk/legal/privacy/en-ww/ and https://policies.google.com/privacy.

Service providers deployed by us and operating on our behalf (so-called "processors" cf. Art. 4 No. 8 GDPR) can receive personal data. We use the following processors or categories of processor:

  • IT service providers
  • Group companies

In addition, we may also transfer your personal data to government agencies or authorities, for example, if there is a legal obligation to do so (the legal basis is Art. 6 Para. 1 lit. c GDPR) or to persons whom we have appointed to carry out our business operations, e.g. auditors, banks, insurance companies, legal advisors, etc. (legal basis is Art. 6 para. 1 lit. b or lit. f GDPR); otherwise only if you have given your express consent to the disclosure of your data to third parties in accordance with Art. 6 para. 1 lit. a GDPR.

9. Transfer of personal data to third countries

We transfer your personal data to countries outside the European Economic Area (EEA) to the following processors in third countries:

Group companies in Tunisia, United Kingdom

With regard to all recipients, we have implemented suitable guarantees (standard data protection clauses in accordance with Art. 46 para. 2 GDPR) to guarantee the security of your personal data. You may request a copy of these appropriate warranties. For this purpose, please contact the bodies designated in clauses 1 and 2.

10. Storage of data

We only process your personal data for as long as is necessary to serve the respective purpose of processing.

The payment data of the function "Search Ticket/ License plate" and the location data of the function "Search location" are stored locally on your mobile device. You can delete these data at any time by emptying the cache in the app or by uninstalling the app.

In addition, we are subject to various storage and documentation obligations, including those arising from the German Commercial Code ("Handelsgesetzbuch" – HGB) and the German Fiscal Code ("Abgabenordnung" – AO). These obligations can apply for up to 10 years.

Finally, the duration of storage is also based on statutory limitation periods, which can be up to 30 years according to Sections 195 ff. of the German Civil Code ("Bürgerliches Gesetzbuch" – BGB), whereby the standard limitation period is three years.

11. Your rights

Any data subject has the right of access according to Art. 15 GDPR, the right to rectification according to Art. 16 GDPR, the right to erasure according to Art. 17 GDPR, the right to restriction of processing according to Art. 18 GDPR and the right to data portability based on Art. 20 GDPR. In order to exercise the above rights, please use the contacts specified above in clauses 1 and 2.

If you have issued your consent for us to process your data, you can withdraw this at any time without any particular formal requirements. If possible, the withdrawal should be sent to the contacts specified in clauses 1 and 2.

Users are also legally entitled to lodge a complaint with a supervisory authority (Art. 77 GDPR). The supervisory authority responsible for Scheidt & Bachmann is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW) (State Data Protection and Freedom of Information Officer, North Rhine-Westphalia)

You also have a right to object which is explained in more detail at the end of this privacy policy.

12. Security

We use technical and organisational security measures to adequately protect your personal data managed by us against accidental or intentional manipulation loss, destruction or against access by unauthorised persons.

13. Contacting

Should you contact the offices mentioned under 1 and 2 above by post, e-mail or via a contact form on our homepage because of the app, your e-mail address and, if you have provided it, your name and telephone number, will be stored by us to answer your questions (legal basis is Art. 6 para. 1 lit. a DSGVO). We delete the data arising in this connection after storage is no longer necessary or - in the case of legal storage obligations - restrict processing.

14. Validity and timeliness of the data protection declaration

This Data Protection Declaration is dated as of May 2020 and is effective for as long as no updated version replaces it.

Due to the further development of our website or the implementation of new technologies, it may become necessary to change this Data Protection Declaration. We reserve the right to change the Data Protection Declaration at any time with effect for the future. We recommend that you re-read the current Data Protection Statement from time to time.

We use technical and organisational security measures to adequately protect your personal data managed by us against accidental or intentional manipulation loss, destruction or against access by unauthorised persons.

 

Information on your right to object according to Art. 21 General Data Protection Regulation (GDPR)
You have the right at any time to object to personal data relating to you being processed based on Art. 6 (1) lit. f GDPR on grounds relating to your particular situation (data processing based on a balancing of interests); this also applies to any profiling based on this provision as defined by Art. 4 No. 4 GDPR. 
If you file an objection, we will no longer process your personal data, unless we can prove compelling, legitimate grounds for processing which override your interests, rights and freedoms or if the pro-cessing serves the enforcement, exercise or defence of legal rights. 
In individual cases, we process your personal data for the purpose of direct advertising. You have the right at any time to object to the processing of personal data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is has to do with such direct advertising. 
If you object to the processing of data for the purpose of direct advertising, we will no longer process your personal data for this purpose.
There are no particular formal requirements for filing the objection; if possible it should be sent to the contacts specified above in clauses 1 and 2 of this data protection information.