Data Protection Notice

We, SITA Airport IT GmbH (hereinafter referred to as “SAIT”), take the protection and privacy of your data very seriously. Your personal data is collected and used solely in accordance with the legal provisions of the applicable data protection law.

In the following, SAIT will inform you about the nature, scope and purposes of the collection and use of personal data.

1 Responsible party / contact

The responsible party in terms of the data protection laws is:

SITA Airport IT GmbH
Parsevalstr. 7a
40468 Düsseldorf

If you have any questions or suggestions about data protection, feel free to contact us by e-mail at info(at)parkvogel.de.

2 Subject of data protection

Personal data is the subject of data protection. This is detailed information on the personal or factual circumstances of a specific or identifiable natural person. This includes, for example, information such as your name, postal address, e-mail address or telephone number, as well as personal usage data.

3 Collection and use of data

3.1 Website connection data

When accessing the SAIT website, your Internet browser will automatically transmit data for technical reasons. The following data is collected and stored separately from other data that you may transmit to us:

• Date and time of access
• IP address
• Browser type/version
• Operating system,
• URL of the previously visited website
• Quantity of data transmitted

These data are only processed for technical reasons and on the basis of our legitimate interest in securing our systems in accordance with Art 6 (1) f) of the GDPR and shall only be assigned to a specific person in the event of a security breach.

As a rule, we will delete this data after seven days at the latest, and only keep it longer if it relates to a security incident. We will then store the data until the incident has been resolved.

3.2 Using the reservation system

3.2.1 Parkvogel website
The SAIT websites offers a reservation system that lets you book one of our parking spaces. If you want to make use of this offer, and reserve a parking space, the reservation system will record the following data:

• Title: *
• First name: *
• Surname: *
• Address: *
• Telephone:
• Email address: *
• ID: *
• Flight no. Outbound::
• Flight no. Return:
• Number of travellers: *

All data marked with an “*” is mandatory data that we require to complete your reservation and parking space rental contract. The other information is voluntary, and is used to improve our service (telephone number for contact in case of problems, e.g. light on; flight numbers for better shuttle service planning, e.g. in case of flight delays).
The legal basis for processing your personal data in our reservation system is, with respect to the mandatory entries, the preparation and execution of the reservation and parking space rental agreements we shall conclude with you, each in accordance with Art 6 (1) b) of the GDPR. We process voluntary entries with your consent in accordance with Art 6 (1) a) of the GDPR.

If you book a reservation or a parking space offer in our reservation system, and must pay in advance, you will be offered various payment methods for processing the payment. We do not process these payments ourselves, but use external payment service providers that have been approved by the respective banks or credit card companies. Our system shows which company processes your payment before you enter your payment data. Please note that you can enter your payment data directly into the system of the respective payment service provider – our systems have no payment function. Therefore, we do not collect and store your payment data for security reasons. Upon your request, we merely establish the connection and receive a confirmation from the payment service provider when your payment has been successfully booked.

3.2.2 Parkvogel customer account

We can offer you a Parkvogel customer account. The advantage of this feature is that you do not have to re-enter your data every time you book a space. You can also view and, if necessary, change your previous reservations. In a customer account, we process the same data for the same purposes and on the basis of the same legal basis as those described in Clause 3.2.1. You protect your customer account with a password that only you know, and that we do not keep or store. We also do not store any credit card data. Of course, you can delete your Parkvogel customer account at any time.

3.2.3 Retention period

If you make a booking without a Parkvogel customer account, we will then store the reservation system data for a period of 80 days after completion of your parking space rental contract to provide more effective help should any complaints arise. Should you have any complaints after these 80 days have expired, you must substantiate these with your own documentation.
If you have a Parkvogel customer account, and make a booking from your customer account, we will save the reservation system data to your customer account. The data can then be called up from your customer account until you delete your customer account. You can view and, if necessary, correct all data stored about you in your customer account at any time.

3.3 Use of the Parkvogel App

3.3.1 Access to the reservation system and customer account via the Parkvogel App

If you use the Parkvogel App (“App”), we also process your personal data as required for the provision of services and invoicing in accordance with Clause 3.2.1 and, when setting up a customer account, in accordance with Clause 3.2.2, however, not the data in accordance with Clause 3.1. We will only process additional data via the app insofar as you expressly request it or configure it in the settings. The legal basis are the same as those specified in Clause 3.2.1. You are entitled to change the settings of the app at any time, or stop using the app completely by deleting the app from your device.

Clause 3.2.3 fundamentally applies with respect to the retention period. Please note that deleting the app from your device does not automatically delete any Parkvogel customer account you may have created; if you also wish to delete your Parkvogel customer account, please contact us separately.

3.3.2 Navigation with Google Maps

When you activate the map and/or navigation service in our Parkvogel app and thus issue us consent pursuant to Art 6 (1) a) of the GDPR, your navigation request will be transferred to the map service already installed on your mobile phone (Google Maps). You then use this map service directly for navigation. In the case of Google (Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA) the Google Privacy Policy, which you can access at https://www.google.com/intl/en/policies/privacy/index.html applies. Google has submitted to the EU-US Privacy Shield (certificate can be downloaded from: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI ). If you have installed another map service, please contact your map service provider directly.

3.3.3 Indoor-Navigation with Meridian

If you want to use Meridian's indoor navigation that is accessible via the Parkvogel app, you must first activate it in the settings, and agree to the transfer of your personal data described below to the Meridian provider, Aruba, a division of Hewlett Packard Enterprise LCC, 3333 Scott Blvd, Santa Clara, CA 95054, USA (“HPE”) in accordance with Art. 6 (1) a) of the GDPR:
The parking areas (parking garage, car park) have so-called Meridian Beacons, which function like bearing marks. The Beacons are marked accordingly in the parking areas. When the Meridian function is activated, the application connects via Bluetooth to the Meridian Beacons available in the parking areas, reads the position data of these beacons, and uses this data to calculate the respective position of your terminal device in order to guide you. Navigation is not computed on your device, but happens through a cloud interface from HPE. HPE collects your position data on a server located outside the European Community. HPE also calculates and stores the distance you have travelled. On the one hand, HPE uses this data to provide you with its indoor navigation service. But it also uses this data to evaluate your movement data as well. According to information from HPE, this data is evaluated anonymously. For details, please refer to HPE's data protection declaration, which can be downloaded from https://www.hpe.com/us/en/legal/privacy.html . HPE has submitted to the EU US Privacy Shield (certificate can be downloaded from: https://www.privacyshield.gov/participant?id=a2zt0000000TNKEAA4 ).
We have no influence on the processing of your data by HPE, and therefore let you decide if you want to use Meridian. You can give your consent by activating Meridian’s indoor navigation button in the Parkvogel app settings. You can revoke your consent at any time ta take effect in the future by deactivating Meridian’s navigation again. We will refer to this setting separately in the app later.

3.3.4 App permissions

The following app permissions must be allowed for the application to work:

• Read/write content from end device memory, since data is loaded from the Internet and stored in the end device memory when the app is initially started. When the app is started again, it checks the data in your end device’s memory for updates and, if necessary, downloads any updated data, and then stores it over the Internet in order to save bandwidth the next time it starts up. This relates to app content.
• Show network status so the status of the Internet connection can be determined
• Complete Internet access for communication with the app gateway
• Activate location services for Meridian’s indoor navigation function
• Activate Bluetooth for Meridian’s indoor navigation function

3.4 Cookies

We store so-called “cookies” in order to offer you a comprehensive range of functions, and to make the use of our websites more convenient and interesting. “Cookies” are small text files that are stored on your end device with the help of your Internet browser. In some cases, similar technologies like “tags” are used which are the same as cookies with respect to the processing of personal data and which we group together with under the term “cookies”. We divide cookies into the categories “necessary” and “marketing” and describe these categories in more detail below.

When you visit our website for the first time or if you have deleted your cookies, we offer you a selection menu. Via this selection menu, you can see the descriptions of the individual cookies and choose which cookies you want to allow.

3.4.1 Necessary cookies

Cookies without which our website do not function properly are necessary. These cookies save settings like the selected language and allow for the reservation system to function. For this reason, the necessary cookies cannot be deselected in the cookie selection menu because for this setting alone, we would have to place a cookie in your browser. If you do not wish to use of necessary cookies, you can prevent cookies from being stored at all by changing the corresponding settings in your Internet browser. Please note that this will limit the functionality and scope of our services.

In general, our necessary cookies are deleted either at the end of your visit or when you close your browser (session cookies). If this is not the case (e.g. for settings), you can delete the cookies in your browser yourself.

We process necessary cookies either upon your request during the preparation of a contract (e.g. for settings) or to fulfil a contract with you (e.g. processing the reservation); the legal basis is Art 6 (1) b) of the GDPR.

3.4.2 Marketing cookies

Marketing is the second category of cookies which we only activate if you consent via the cookie selection menu that appears on the website. You can also find a list of the individual marketing cookies there.

Marketing cookies are cookies from advertisers that become more familiar with your interests across various websites and with the help of which, we can provide you personalised advertisements. Our legal basis for processing this data is your consent pursuant to Art 6 (1) a) of the GDPR, whereby you can revoke your consent in the cookie settings, effective in the future, at any time. Here you can access the cookie settings:

3.4.2.2 Google Adwords Conversion Tracking

This website uses Google AdWords Conversion Tracking if you have consented to tracking. This means that if you visit a third party website and click on a Google ad to reach our website, a cookie is stored on your computer by a Google Adwords server. We do not store these cookies; this is done by Google or the website on which you see the advert. These cookies become invalid after 30 days and cannot be used to personally identify you. If you visit the offer shown in the advert on our website and the Google cookie has not yet expired, we, along with Google, will be able to see that you have clicked on the ad and that you were forwarded to our offer. Every Adwords customer receives a different cookie. Cookies can therefore not be tracked through the websites of different Adwords customers. The information gathered using conversion cookies helps Google to generate conversion statistics for us as an Adwords customer. In this way, we learn the total number of users who have clicked on our advert and been forwarded to our offer. However, we do not receive any information that could be used to personally identify you.

Further information on the purpose and scope of the data collection and its processing by Google for advertising purposes as well as further information on your rights and setting options for protecting your privacy can be obtained directly from Google: Google Inc, 1600 Amphitheater Parkway, Mountainview, California 94043, USA; Privacy policy for advertising: https://policies.google.com/technologies/ads .

3.4.2.3 Google Adsense Tracking

Our website uses Google AdSense if you have consented to tracking. This is a service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for the integration of advertisements. Google AdSense uses cookies. These are files which are stored on your PC and enable Google to analyse the data relating to your use of our website. Google AdSense also uses web beacons, which are invisible graphics that enable Google to analyse clicks on this website, traffic to this website and similar information.

The information obtained via cookies and web beacons, your IP address and the delivery of advertising formats are transmitted to a Google server located in the USA and stored there. Google may share this collected information with third parties if required to do so by law or if Google contracts with third parties to process the data. However, Google will merge your IP address with the other stored data.

Further information on the purpose and scope of the data collection and its processing by Google for advertising purposes as well as further information on your rights and setting options for protecting your privacy can be obtained directly from Google at: Google Inc, 1600 Amphitheater Parkway, Mountainview, California 94043, USA; Privacy policy for advertising: https://policies.google.com/technologies/ads .

3.5 Google Maps

We use a plugin from the maps service Google Maps on our website. The operator of Google Maps is Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google US”). If you activate the loading of Google Maps on the Parkvogel website, your browser, with your consent pursuant to Art 6 (1) a) of the GDPR, establishes a direct connection to a server from Google US, where your IP address is transmitted to the Google US server and processed by Google US for its purposes. Further information can be found in the Google Privacy Policy which you can access at www.google.com/intl/de/policies/privacy/index.html . Google US also stipulates several terms and conditions for the use of Google Maps which you can access at https://www.google.com/intl/de_de/help/terms_maps.html

3.6 Matomo web analytics tool

On our website and in the Parkvogel app, we use Matomo (http://www.matomo.org), an open-source (web) analytics tool operated by us that does not pass on any information to third parties.

When content on our website is accessed via browser or via the Parkvogel app, the following data is saved:

•  - The first two octets of the IP address (e.g.: 192.168.) of the accessing end device
•  - the ID of the accessed content
•  - the website through which the user arrived at the accessed content (referrer)
•  - the subpages accessed from the originally accessed website
•  - the length of stay on the website
•  - the frequency with which the website is accessed
•  

The software runs exclusively on our web servers. This data is stored only there. The data is not passed on to third parties. The software is designed to omit the last two octets of the IP address so that no complete IP address is stored (e.g.: 192.168.xxx.xxx). This means that it is no longer possible to trace the shortened IP address back to the accessing computer.

We use the information generated by Matomo exclusively to analyse the use of our websites and the Parkvogel app and to better identify potential areas for improvement.

We use this data based on our legitimate interest in measuring our reach and improving our website (Art 6 (1) f) of the GDPR).

3.6.1 Matomo opt-out

With respect to the website, you can object to the use of Matomo by clicking on the link below. If you don't see the corresponding text, you have already objected to the use of Matomo – possibly on another website. Your objection is saved in a cookie on your end device. Later reactivation of Matomo is therefore only possible if you delete your cookies. The Matomo function is also deactivated if you have the "Do Not Track" function enabled in your browser.

Object to the collection of usage data

Regarding the Parkvogel app, you can object to the use of Matomo by changing the Matomo switch/slider, enabled by default, in the settings of the Parkvogel app, thereby deactivating Matomo.

4 Passing on data

We only pass on your data to our carefully selected service providers, who are subject to Art 28 of the GDPR, but not to third parties without first notifying you and obtaining your consent. Only in the exceptional cases described below can we transfer your data to third parties without informing you beforehand and separately:

Personal data will be passed on to law enforcement authorities, regulatory authorities, courts and, if applicable, to injured third parties if and to the extent it serves to clarify any illegal use of our website, or is necessary for legal proceedings. However, this only happens if there are any concrete indications of unlawful or abusive practices. We are also legally obliged to provide information to certain public authorities upon request. The legal basis is Art 6 (1) c) of the GDPR.

Data may be passed on if this is required to assert our claims against you; the legal basis for this is Art 6 (1) f of the GDPR.

5 Transfer to Third Countries

We process your data largely on systems within the European Economic Area and, where possible, rely on European partners when choosing our service providers. In exceptional cases, however, we process your data outside of the European Economic Area , e.g. if the service provider is an international company. In every case, we transfer your data to only one third country if we are permitted to do so in accordance with Art. 44 ff GDPR. This means that the processing of your data is secured by special guarantees which create a level of data protection for receivers that is comparable to that of the EU. For this we expressly use the "standard contractual clauses" recognised by the EU Commission. You can obtain individual evidence from our data protection officer.

6 Deletion of your data

Unless otherwise stated above, we will delete your data as soon as it is no longer required for the aforementioned purposes.

If data must be kept for legal reasons, it will be blocked. The data is then no longer available for further productive use.

7 Your rights, data protection officer

You are, of course, entitled to request information about your personal data stored by SAIT. You also have the right to have any incorrect data corrected, delete and the processing thereof limited. If we process your data for legitimate reasons, you can object to the processing. If you provide us with data on the basis of a contract or consent, you then have the right to data portability. You can revoke your consent at any time, without affecting the legality of the processing that has taken place on the basis of the consent until its revocation. We do not operate systems for automated decision-making.

The SAIT data protection officer and his team are available for any questions, suggestions, or complaints, also concerning the exercise of your rights, you may have. The contact details are:

Data protection officer, SAIT
Parsevalstr. 7a
40468 Düsseldorf, Germany
Email: privacy(at)sita-airport-it.aero

If you wish to file a complaint, you can also contact a designated data protection authority, e.g. at your permanent residence.

8 Changes to this Data Privacy Policy

We reserve the right to change this Data Privacy Policy. You can always access the current version of the Data Privacy Policy at www.parkvogel.de/datenschutz/.

Last updated: 10/01/2022