„Smart Web Pay“

Information according to Art. 13, 14 and 21 of the General Data Protection Regulation (GDPR)

This data protection information applies to the collection, processing and use of your personal information when using the service “Smart Web Pay” (hereinafter “Smart Web Pay”), insofar as Scheidt & Bachmann Parking Solutions GmbH is responsible for data processing.

Scheidt & Bachmann Parking Solutions GmbH (hereinafter "we" or "Scheidt & Bachmann") takes the protection of your personal information very seriously and adheres strictly to the rules set down by data protection legislation. The following statement provides an overview of how Scheidt & Bachmann ensures this protection and explains which types of data we collect for which purposes.

1. Responsibility for data processing

Responsibility for processing your personal information lies with:

Scheidt & Bachmann Parking Solutions GmbH, Breite Straße 132, 41238 Mönchengladbach, Germany; Telephone: +49 2166/266-335; e-mail: parking-solutions@scheidt-bachmann.de

2. Data Protection Officer

You can reach our Data Protection Officer as follows:

Scheidt & Bachmann GmbH, Data Protection Officer, Breite Straße 132, 41238 Mönchengladbach, Germany; Telephone: +49 2166/266-839; e-mail: datenschutzbeauftragter@scheidt-bachmann.de

3. Which data do we process and from what sources?

We process personal data which you provide to us voluntarily or in the course of using the Smart Web Pay.

4. Processing of personal data when using Smart Web Pay

When using the Smart Web Pay, we process personal data that is technically necessary to offer you the installation and functions of the Smart Web Pay and to ensure the stability and security of the operation of Smart Web Pay.

1. Access data of the user (user data): IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (concrete page), access status/ HTTP status code, amount of data transferred in each case, operating system and its interface, device type, your device identification, unique number of the end device (IMEI = International Mobile Equipment Identity), unique number of the network subscriber (IMSI = International Mobile Subscriber Identity).
   The purpose of processing user data is to provide you with the above-mentioned functions.
2. Payment of parking tickets (payment data)
   You can use the "Pay now" function to pay the parking fees incurred, provided that the vehicle registration number has been recorded in the parking area used. We are not responsible for the collection of the vehicle registration number at the entrance to the parking area, but the operator of the parking area is. For more details, please refer to the operator's privacy policy.
   After selecting the parking spaces used, you enter your vehicle registration number for the calculation of the parking fee. The parking fee to be paid will then be calculated and displayed.
   Payment is made by selecting the respective payment method. You will then be forwarded to the respective payment service provider. We are not responsible for the processing of the further data collected, e.g. credit card data or your PayPal account data, but the respective payment service provider is. For more details, please refer to the payment service provider's privacy policy.
   We would like to point out that by entering a vehicle registration number in the app, the location of the associated vehicle as well as details of the parking process(es) can be seen.

5. Cookies, plugins and other services

The Smart Web Pay does not use cookies or similar technologies.

We use the "reCAPTCHA" service from Google. Here, personal data, such as the IP address, is collected in order to determine whether the actions taken in our app really originate from humans and not from machine programs (so-called bots). The purpose of the data processing here is to protect Smart Web Pay from bot attacks by withholding access to certain parts of Smart Web Pay from the outset. This can prevent manipulations. To use the service "reCAPTCHA2, data is sent to Google. Further information on terms of use and data protection can be found at: https://policies.google.com/privacy?hl=en-US.

6. On what legal basis do we process your data?

We process your personal data in accordance with the relevant regulations on data protection, in particular the GDPR, for various purposes.

The legal basis for the processing of user data and payment data is Art. 6 para. 1 lit. b GDPR.

In addition, we process user and payment data to protect our own legitimate interests and to ensure the stability and security of the Smart Web Pay. The legal basis for this is Art. 6 para. 1 lit. f GDPR.

7. Who receives my data?

Service providers deployed by us and operating on our behalf (so-called "processors" cf. Art. 4 No. 8 GDPR) can receive personal data. We use the following processors or categories of processor:

• IT service providers
• Group companies
• Google Inc.

In addition, we may also transfer your personal data to government agencies or authorities, for example, if there is a legal obligation to do so (the legal basis is Art. 6 Para. 1 lit. c GDPR) or to persons whom we have appointed to carry out our business operations, e.g. auditors, banks, insurance companies, legal advisors, etc. (legal basis is Art. 6 para. 1 lit. b or lit. f GDPR); otherwise only if you have given your express consent to the disclosure of your data to third parties in accordance with Art. 6 para. 1 lit. a GDPR.

8. Transfer of personal data to third countries

If necessary we transfer your personal data to countries outside the European Economic Area (EEA) to the following processors in third countries:

Group companies in Tunisia and United Kingdom

With regard to all recipients, we have implemented suitable guarantees (standard data protection clauses in accordance with Art. 46 para. 2 GDPR) to guarantee the security of your personal data. You may request a copy of these appropriate warranties. For this purpose, please contact the bodies designated in clauses 1 and 2.

9. Storage of data

We only process your personal data for as long as is necessary to serve the respective purpose of processing.

In addition, we are subject to various storage and documentation obligations, including those arising from the German Commercial Code ("Handelsgesetzbuch" – HGB) and the German Fiscal Code ("Abgabenordnung" – AO). These obligations can apply for up to 10 years.

Finally, the duration of storage is also based on statutory limitation periods, which can be up to 30 years according to Sections 195 ff. of the German Civil Code ("Bürgerliches Gesetzbuch" – BGB), whereby the standard limitation period is three years.

10. Your rights

Any data subject has the right of access according to Art. 15 GDPR, the right to rectification according to Art. 16 GDPR, the right to erasure according to Art. 17 GDPR, the right to restriction of processing according to Art. 18 GDPR and the right to data portability based on Art. 20 GDPR. In order to exercise the above rights, please use the contacts specified above in clauses 1 and 2.

If you have issued your consent for us to process your data, you can withdraw this at any time without any particular formal requirements. If possible, the withdrawal should be sent to the contacts specified in clauses 1 and 2.

Users are also legally entitled to lodge a complaint with a supervisory authority (Art. 77 GDPR). The supervisory authority responsible for Scheidt & Bachmann is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW) (State Data Protection and Freedom of Information Officer, North Rhine-Westphalia)

You also have a right to object which is explained in more detail at the end of this privacy policy.

11. Security

We use technical and organisational security measures to adequately protect your personal data managed by us against accidental or intentional manipulation loss, destruction or against access by unauthorised persons.

12. Contacting

Should you contact the offices mentioned under 1 and 2 above by post, e-mail or via a contact form on our homepage because of the Smart Web Pay, your e-mail address and, if you have provided it, your name and telephone number, will be stored by us to answer your questions (legal basis is Art. 6 para. 1 lit. a DSGVO). We delete the data arising in this connection after storage is no longer necessary or - in the case of legal storage obligations - restrict processing.

13. Validity and timeliness of the data protection declaration

This Data Protection Declaration is dated as of February 2023 and is effective for as long as no updated version replaces it.

Due to the further development of our website or the implementation of new technologies, it may become necessary to change this Data Protection Declaration. We reserve the right to change the Data Protection Declaration at any time with effect for the future. We recommend that you re-read the current Data Protection Statement from time to time.

Information on your right to object according to Art. 21 General Data Protection Regulation (GDPR)

You have the right at any time to object to personal data relating to you being processed based on Art. 6 (1) lit. f GDPR on grounds relating to your particular situation (data processing based on a balancing of interests); this also applies to any profiling based on this provision as defined by Art. 4 No. 4 GDPR.

If you file an objection, we will no longer process your personal data, unless we can prove compelling, legitimate grounds for processing which override your interests, rights and freedoms or if the processing serves the enforcement, exercise or defence of legal rights.

In individual cases, we process your personal data for the purpose of direct advertising. You have the right at any time to object to the processing of personal data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is has to do with such direct advertising.

If you object to the processing of data for the purpose of direct advertising, we will no longer process your personal data for this purpose.

There are no particular formal requirements for filing the objection; if possible it should be sent to the contacts specified above in clauses 1 and 2 of this data protection information.