Privacy Policy
1. Overview
This Privacy Policy explains the nature, scope, and purpose of the processing of personal data (hereinafter “data”) within our online offering and the associated websites, functions, and content, as well as external online presences such as social media profiles (collectively referred to as the “online offering”).
The key legal bases include, in particular, the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the German Telecommunications and Telemedia Data Protection Act (TTDSG).
2. Controller
Information pursuant to § 5 TMG:
Kreshnik KabashiMarktstr. 66
73061 Ebersbach an der Fils
Germany
Contact:
- Phone: +49 159 013 222 81
- Email: info@parkoa.de
3. Categories of data we process
- Inventory data (e.g., names, addresses)
- Contact data (e.g., email address, phone numbers)
- Content data (e.g., text input, photos, videos)
- Contract data (e.g., subject matter of contract, term, booking details)
- Payment data (e.g., payment history, payment status)
- Usage data (e.g., visited pages, interest in content, access times)
- Meta/communication data (e.g., device information, IP addresses)
- Vehicle & service data (e.g., license plate, vehicle type/color, mileage at handover/return; depending on service)
- Flight data (e.g., return flight number, landing date; where required for service/dispatch)
4. Categories of data subjects
Visitors and users of the online offering (collectively “users”), customers, prospective customers, and business partners.
5. Purposes of processing
- Providing the online offering, its functions, and content
- Responding to contact inquiries and communicating with users/customers
- Processing bookings, customer account, invoicing, and performing valet/shuttle services
- Security measures
- Analytics/reach measurement and marketing (only with consent where required)
6. Definitions
- Personal data
- Any information relating to an identified or identifiable natural person.
- Processing
- Any operation performed on personal data (e.g., collection, storage, disclosure, deletion).
- Pseudonymization
- Processing so that data can no longer be attributed to a specific person without additional information.
- Profiling
- Automated processing to evaluate personal aspects (e.g., interests/behavior).
- Controller
- The entity that determines the purposes and means of processing.
- Processor
- An entity that processes data on behalf of the controller.
7. Legal bases
Unless a specific legal basis is stated in this Privacy Policy, the following applies: consent is based on Art. 6(1)(a) GDPR; contract performance / pre-contractual measures on Art. 6(1)(b) GDPR; legal obligations on Art. 6(1)(c) GDPR; and legitimate interests on Art. 6(1)(f) GDPR.
8. Security measures
In accordance with Art. 32 GDPR, taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of processing, as well as the risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
9. Cooperation with processors and third parties
If, in the course of our processing, we disclose data to other persons or companies (processors or third parties), transfer it to them, or otherwise grant them access to the data, this will only take place on the basis of a legal permission, your consent, a legal obligation, or our legitimate interests.
Where we engage processors, this is done on the basis of a data processing agreement pursuant to Art. 28 GDPR.
10. Transfers to third countries
If we process data in a third country (outside the EU/EEA) or this occurs in the context of using third-party services, this will only happen under the conditions set out in Art. 44 et seq. GDPR, in particular on the basis of:
- Adequacy decisions (e.g., the EU–US Data Privacy Framework for certified organizations)
- Standard Contractual Clauses (SCC) as appropriate safeguards
11. Hosting and email delivery (Amazon Web Services)
Our servers are hosted with Amazon Web Services (AWS). The hosting services we use provide infrastructure and platform services, computing capacity, storage space and database services, email delivery, security services, and technical maintenance services to operate this online offering.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and efficient provision) and Art. 28 GDPR (processing by a processor).
12. Server log files
When you access our website, our systems automatically process data, in particular:
- IP address
- Date and time of access
- Accessed pages/files
- Referrer URL
- Browser type/version, operating system
- Status codes
Purpose: security, stability, troubleshooting, abuse detection. Legal basis: Art. 6(1)(f) GDPR. Retention: in accordance with legal requirements or as long as necessary to maintain security.
13. Cookies, consent management and TTDSG
We use cookies and similar technologies. Strictly necessary cookies are required for operating the website. Any cookies/technologies beyond that (e.g., analytics/marketing) are used — where required — only after your consent. In Germany, the consent requirement may arise in particular from § 25(1) TTDSG.
Note: You can withdraw or change your consent at any time via the cookie settings.
14. Contact
If you contact us (e.g., by email or phone), we process the information you provide in order to handle and respond to your inquiry.
Legal basis: Art. 6(1)(b) GDPR (contract / pre-contractual steps) and/or Art. 6(1)(f) GDPR (legitimate interest in communication). Retention: in accordance with statutory requirements.
15. Customer account / Manage booking
Users can create a customer account to view and manage bookings. In the course of registration and account use, we process in particular inventory, contact, contract, and usage data.
Legal basis: Art. 6(1)(b) GDPR. Retention: in accordance with statutory requirements; if the account is deleted/terminated, data will be deleted unless retention obligations apply.
16. Booking, scheduling and service delivery (Valet / Shuttle)
To deliver our services, we process the data required for dispatch, handover/pickup, invoicing, and service flow, including:
- Name, address, email address, phone number
- Flight data (e.g., return flight number, landing date) where required for pickup/dispatch
- Vehicle data (e.g., license plate, type, color), depending on the service
- Communication/dispatch information (e.g., phone coordination)
Legal basis: Art. 6(1)(b) GDPR. Retention: in accordance with statutory requirements.
17. Booking / parking software (VEVS)
Our booking/parking software is provided by VEVS.com (Head office: 36 Dimitar Ikonomov str., Varna 9000, Bulgaria). Processing is carried out to handle and manage bookings/services.
Legal basis: Art. 6(1)(b) GDPR. (Bulgaria is an EU member state.)
18. Live flight tracking (dispatch purpose)
Where flight data (e.g., return flight number, landing date) has been provided, it may be used for dispatching pickup/return or shuttle return transfer, based on publicly available flight status information (live flight tracking).
Legal basis: Art. 6(1)(b) GDPR. Retention: in accordance with statutory requirements.
19. Video recording of vehicle condition (documentation)
During handover/return, a video recording of the vehicle’s condition may be created. This is used for documentation and evidence purposes.
Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest in evidence). Retention: the video is kept until the customer’s departure and then deleted unless an issue (e.g., complaint/damage case) requires longer retention; in that case, until final resolution.
20. WhatsApp
WhatsApp is used exclusively for non-binding change notifications. For dispatching, vehicle handover, or pickup, phone contact is the only authoritative channel.
Note: When using WhatsApp, data is also processed by the service provider. Please review their privacy information.
21. Disclosure to Flughafen Stuttgart GmbH (monthly reporting)
In line with requirements applicable at Stuttgart Airport, data on completed transactions may be transmitted on a monthly basis, e.g.:
- Type of transaction (e.g., valet parking / shuttle service)
- Date and time of individual transactions
- Official license plate number (valet parking)
- Number of transported passengers (shuttle service)
Legal basis: Art. 6(1)(c) GDPR (legal obligation) and/or Art. 6(1)(b) GDPR (contract performance), depending on the specific basis.
22. Payment processing (bank transfer, PayPal, Stripe)
We offer bank transfer and the payment service providers PayPal and Stripe. If you use PayPal or Stripe, the data required for processing the payment will be transmitted to the relevant provider.
Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(c) GDPR (retention obligations, e.g., invoices). Retention: in accordance with statutory requirements.
23. Administration, accounting, office organization
We process data for administrative purposes, organization of our operations, accounting, and compliance with legal obligations (e.g., archiving). In doing so, we process the same categories of data as those used for providing our contractual services.
Legal basis: Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. Retention: in accordance with statutory requirements.
24. Google Analytics
We use Google Analytics to measure reach and analyze website usage. Google Analytics uses cookies/technologies that allow analysis of how the website is used. Where required, it is only used after your consent via the cookie banner.
Legal basis: Art. 6(1)(a) GDPR (consent) and § 25(1) TTDSG.
Retention (Analytics): User- and event-level data retention is controlled in Google Analytics settings, depending on configuration (e.g., 2 months or 14 months).
Third-country transfers: If processing occurs in the USA, transfers may be based — depending on the setup — on the EU–US Data Privacy Framework (for certified organizations) or Standard Contractual Clauses.
25. Google Ads / conversion measurement / remarketing (if used)
If we use Google Ads, conversion measurement, or remarketing, this may be used to measure ad effectiveness and to show interest-based advertising. Cookies/tags may be used for this purpose. Where required, it is used only after consent.
Legal basis: Art. 6(1)(a) GDPR (consent) and § 25(1) TTDSG.
26. Affiliate programs (if used)
Within our online offering, typical tracking measures may be used to account for affiliate programs, where necessary for operating the affiliate system. Pseudonymous identifiers (e.g., cookie IDs) may be processed.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operating the program) or — where required — Art. 6(1)(a) GDPR (consent) in conjunction with § 25 TTDSG.
27. Comments and contributions (if available)
If users leave comments or other contributions, technical data (e.g., IP address) may be processed temporarily for abuse/spam prevention and legal enforcement.
Legal basis: Art. 6(1)(f) GDPR (security/legal enforcement). Retention: as necessary and in line with legal requirements.
28. Deletion of data / retention
We delete or restrict the processing of data in accordance with Art. 17 and 18 GDPR. Unless explicitly stated otherwise in this Privacy Policy, data stored by us is deleted as soon as it is no longer required for its intended purpose and no statutory retention obligations prevent deletion.
Contract-related and accounting data is retained in accordance with statutory requirements.
29. Rights of data subjects
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
30. Right to withdraw consent
You have the right to withdraw any consent you have given at any time with effect for the future. The lawfulness of processing carried out before withdrawal remains unaffected.
31. Right to object
You may object to the future processing of your data at any time in accordance with Art. 21 GDPR. In particular, you may object to processing for direct marketing purposes.
32. Changes to this Privacy Policy
We reserve the right to update this Privacy Policy to ensure it always meets current legal requirements or to reflect changes to our services. The updated Privacy Policy will apply to your next visit.