Privacy Policy

Last updated: — Parkoa.de

1. Overview

This Privacy Policy explains the nature, scope, and purpose of the processing of personal data (hereinafter “data”) within our online offering and the associated websites, functions, and content, as well as external online presences such as social media profiles (collectively referred to as the “online offering”).

The key legal bases include, in particular, the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the German Telecommunications and Telemedia Data Protection Act (TTDSG).

2. Controller

Information pursuant to § 5 TMG:

Kreshnik Kabashi
Marktstr. 66
73061 Ebersbach an der Fils
Germany

Contact:

3. Categories of data we process

  • Inventory data (e.g., names, addresses)
  • Contact data (e.g., email address, phone numbers)
  • Content data (e.g., text input, photos, videos)
  • Contract data (e.g., subject matter of contract, term, booking details)
  • Payment data (e.g., payment history, payment status)
  • Usage data (e.g., visited pages, interest in content, access times)
  • Meta/communication data (e.g., device information, IP addresses)
  • Vehicle & service data (e.g., license plate, vehicle type/color, mileage at handover/return; depending on service)
  • Flight data (e.g., return flight number, landing date; where required for service/dispatch)

4. Categories of data subjects

Visitors and users of the online offering (collectively “users”), customers, prospective customers, and business partners.

5. Purposes of processing

  • Providing the online offering, its functions, and content
  • Responding to contact inquiries and communicating with users/customers
  • Processing bookings, customer account, invoicing, and performing valet/shuttle services
  • Security measures
  • Analytics/reach measurement and marketing (only with consent where required)

6. Definitions

Personal data
Any information relating to an identified or identifiable natural person.
Processing
Any operation performed on personal data (e.g., collection, storage, disclosure, deletion).
Pseudonymization
Processing so that data can no longer be attributed to a specific person without additional information.
Profiling
Automated processing to evaluate personal aspects (e.g., interests/behavior).
Controller
The entity that determines the purposes and means of processing.
Processor
An entity that processes data on behalf of the controller.

7. Legal bases

Unless a specific legal basis is stated in this Privacy Policy, the following applies: consent is based on Art. 6(1)(a) GDPR; contract performance / pre-contractual measures on Art. 6(1)(b) GDPR; legal obligations on Art. 6(1)(c) GDPR; and legitimate interests on Art. 6(1)(f) GDPR.

8. Security measures

In accordance with Art. 32 GDPR, taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of processing, as well as the risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

9. Cooperation with processors and third parties

If, in the course of our processing, we disclose data to other persons or companies (processors or third parties), transfer it to them, or otherwise grant them access to the data, this will only take place on the basis of a legal permission, your consent, a legal obligation, or our legitimate interests.

Where we engage processors, this is done on the basis of a data processing agreement pursuant to Art. 28 GDPR.

10. Transfers to third countries

If we process data in a third country (outside the EU/EEA) or this occurs in the context of using third-party services, this will only happen under the conditions set out in Art. 44 et seq. GDPR, in particular on the basis of:

  • Adequacy decisions (e.g., the EU–US Data Privacy Framework for certified organizations)
  • Standard Contractual Clauses (SCC) as appropriate safeguards

11. Hosting and email delivery (Amazon Web Services)

Our servers are hosted with Amazon Web Services (AWS). The hosting services we use provide infrastructure and platform services, computing capacity, storage space and database services, email delivery, security services, and technical maintenance services to operate this online offering.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and efficient provision) and Art. 28 GDPR (processing by a processor).

12. Server log files

When you access our website, our systems automatically process data, in particular:

  • IP address
  • Date and time of access
  • Accessed pages/files
  • Referrer URL
  • Browser type/version, operating system
  • Status codes

Purpose: security, stability, troubleshooting, abuse detection. Legal basis: Art. 6(1)(f) GDPR. Retention: in accordance with legal requirements or as long as necessary to maintain security.

13. Cookies, consent management and TTDSG

We use cookies and similar technologies. Strictly necessary cookies are required for operating the website. Any cookies/technologies beyond that (e.g., analytics/marketing) are used — where required — only after your consent. In Germany, the consent requirement may arise in particular from § 25(1) TTDSG.

Note: You can withdraw or change your consent at any time via the cookie settings.

14. Contact

If you contact us (e.g., by email or phone), we process the information you provide in order to handle and respond to your inquiry.

Legal basis: Art. 6(1)(b) GDPR (contract / pre-contractual steps) and/or Art. 6(1)(f) GDPR (legitimate interest in communication). Retention: in accordance with statutory requirements.

15. Customer account / Manage booking

Users can create a customer account to view and manage bookings. In the course of registration and account use, we process in particular inventory, contact, contract, and usage data.

Legal basis: Art. 6(1)(b) GDPR. Retention: in accordance with statutory requirements; if the account is deleted/terminated, data will be deleted unless retention obligations apply.

16. Booking, scheduling and service delivery (Valet / Shuttle)

To deliver our services, we process the data required for dispatch, handover/pickup, invoicing, and service flow, including:

  • Name, address, email address, phone number
  • Flight data (e.g., return flight number, landing date) where required for pickup/dispatch
  • Vehicle data (e.g., license plate, type, color), depending on the service
  • Communication/dispatch information (e.g., phone coordination)

Legal basis: Art. 6(1)(b) GDPR. Retention: in accordance with statutory requirements.

17. Booking / parking software (VEVS)

Our booking/parking software is provided by VEVS.com (Head office: 36 Dimitar Ikonomov str., Varna 9000, Bulgaria). Processing is carried out to handle and manage bookings/services.

Legal basis: Art. 6(1)(b) GDPR. (Bulgaria is an EU member state.)

18. Live flight tracking (dispatch purpose)

Where flight data (e.g., return flight number, landing date) has been provided, it may be used for dispatching pickup/return or shuttle return transfer, based on publicly available flight status information (live flight tracking).

Legal basis: Art. 6(1)(b) GDPR. Retention: in accordance with statutory requirements.

19. Video recording of vehicle condition (documentation)

During handover/return, a video recording of the vehicle’s condition may be created. This is used for documentation and evidence purposes.

Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(f) GDPR (legitimate interest in evidence). Retention: the video is kept until the customer’s departure and then deleted unless an issue (e.g., complaint/damage case) requires longer retention; in that case, until final resolution.

20. WhatsApp

WhatsApp is used exclusively for non-binding change notifications. For dispatching, vehicle handover, or pickup, phone contact is the only authoritative channel.

Note: When using WhatsApp, data is also processed by the service provider. Please review their privacy information.

21. Disclosure to Flughafen Stuttgart GmbH (monthly reporting)

In line with requirements applicable at Stuttgart Airport, data on completed transactions may be transmitted on a monthly basis, e.g.:

  • Type of transaction (e.g., valet parking / shuttle service)
  • Date and time of individual transactions
  • Official license plate number (valet parking)
  • Number of transported passengers (shuttle service)

Legal basis: Art. 6(1)(c) GDPR (legal obligation) and/or Art. 6(1)(b) GDPR (contract performance), depending on the specific basis.

22. Payment processing (bank transfer, PayPal, Stripe)

We offer bank transfer and the payment service providers PayPal and Stripe. If you use PayPal or Stripe, the data required for processing the payment will be transmitted to the relevant provider.

Legal basis: Art. 6(1)(b) GDPR (contract performance) and Art. 6(1)(c) GDPR (retention obligations, e.g., invoices). Retention: in accordance with statutory requirements.

23. Administration, accounting, office organization

We process data for administrative purposes, organization of our operations, accounting, and compliance with legal obligations (e.g., archiving). In doing so, we process the same categories of data as those used for providing our contractual services.

Legal basis: Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. Retention: in accordance with statutory requirements.

24. Google Analytics

We use Google Analytics to measure reach and analyze website usage. Google Analytics uses cookies/technologies that allow analysis of how the website is used. Where required, it is only used after your consent via the cookie banner.

Legal basis: Art. 6(1)(a) GDPR (consent) and § 25(1) TTDSG.

Retention (Analytics): User- and event-level data retention is controlled in Google Analytics settings, depending on configuration (e.g., 2 months or 14 months).

Third-country transfers: If processing occurs in the USA, transfers may be based — depending on the setup — on the EU–US Data Privacy Framework (for certified organizations) or Standard Contractual Clauses.

25. Google Ads / conversion measurement / remarketing (if used)

If we use Google Ads, conversion measurement, or remarketing, this may be used to measure ad effectiveness and to show interest-based advertising. Cookies/tags may be used for this purpose. Where required, it is used only after consent.

Legal basis: Art. 6(1)(a) GDPR (consent) and § 25(1) TTDSG.

26. Affiliate programs (if used)

Within our online offering, typical tracking measures may be used to account for affiliate programs, where necessary for operating the affiliate system. Pseudonymous identifiers (e.g., cookie IDs) may be processed.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operating the program) or — where required — Art. 6(1)(a) GDPR (consent) in conjunction with § 25 TTDSG.

27. Comments and contributions (if available)

If users leave comments or other contributions, technical data (e.g., IP address) may be processed temporarily for abuse/spam prevention and legal enforcement.

Legal basis: Art. 6(1)(f) GDPR (security/legal enforcement). Retention: as necessary and in line with legal requirements.

28. Deletion of data / retention

We delete or restrict the processing of data in accordance with Art. 17 and 18 GDPR. Unless explicitly stated otherwise in this Privacy Policy, data stored by us is deleted as soon as it is no longer required for its intended purpose and no statutory retention obligations prevent deletion.

Contract-related and accounting data is retained in accordance with statutory requirements.

29. Rights of data subjects

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

30. Right to withdraw consent

You have the right to withdraw any consent you have given at any time with effect for the future. The lawfulness of processing carried out before withdrawal remains unaffected.

31. Right to object

You may object to the future processing of your data at any time in accordance with Art. 21 GDPR. In particular, you may object to processing for direct marketing purposes.

32. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy to ensure it always meets current legal requirements or to reflect changes to our services. The updated Privacy Policy will apply to your next visit.

© Parkoa.de — Last updated: