Privacy Policy
1. Identity and contact details of the data controller
We make a distinction between the data of users of the public car park DIAMANT and the data of the owners/shareholders of Parking Empire BV.
Controller for the website and for the shareholder-owners of Parking Empire BV:
This privacy policy applies to all personal data processed by Parking Empire BV. Parking Empire BV, with registered office at Prins Boudewijnlaan 5, box 10, 2550 Kontich, and with company number VAT BE 0413.162.194, is the sole controller of this website.
The Controller attaches great importance to your privacy and therefore processes your personal data in accordance with European Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter “GDPR”) as well as any future or supplementary legislation implementing it, where applicable.
If you have any questions or comments regarding the way we handle your personal data, you may always contact us, by mail to the above postal address.
For more details about this part of the privacy policy, see section 3.2
Controller of the parking activities
Parking Empire has a website: https://parking-diamant.be. Parking EMPIRE BV is the sole data controller of this website.
However, the contact details on the contact pages of this website refer you to INDIGO Park Belgium NV with registered office at Bijenstraat 21, 9051 Sint-Denijs-Westrem, and with company number VAT BE 0449.598.562 (description), which is the sole controller responsible for answering your questions.
The parking activities are also operated exclusively by Indigo, which must therefore be considered as the sole controller for all processing activities linked to this operation, such as payments, registrations, subscription management and so on. INDIGO Park Belgium’s privacy policy can be found at https://www.indigoneo.be/nl/privacy-policy.
For further questions regarding the handling and processing of your personal data as a user of the parking facilities or to exercise your rights in accordance with the GDPR, please contact the data controller Indigo Parking Belgium NV directly by emailing to privacy.be@group-indigo.com.
2. What does “personal data processing” mean?
Processing of personal data (hereinafter “data”) includes any processing of data that can identify you as a natural person. This Privacy Policy specifies which data are involved. The term “processing” is very broad and covers, among other things, collecting, retaining, using, or sharing your data with third parties.
3. What data do we process?
Below we explain which of your data as a user of the DIAMANT car park we may process. Depending on the specific situation, your preferences and the way you contact us, we do not process all of the information below about you.
3.1 Processing of data through the website:
The website of Parking Diamant BV (parking-diamant.be) is basically a passive and purely informative website. We offer information to website visitors and, in principle, do not request any data. Moreover, there is no interaction with third parties through, for example, a contact form.
When you visit the website, the following data may be collected from you, such as through the cookies that are placed:
- Language
- IP address
- Website browsing behaviour
More information about our cookie policy can be found in our cookie policy (https://parking-diamant.be/cookieverklaring/)
3.2 Processing data of our parking facility users:
Parking Empire BV does not collect personal data from parking facility users. The processing of relevant personal data is managed exclusively by INDIGO Park Belgium NV. The data collected by INDIGO are regulated by its privacy policy, and relates to the management and operation of the public car park. That management includes all communications of users of the DIAMANT car park with INDIGO, written and oral, as well as all footage made by the security cameras while visiting the car park building.
The following data of users of the DIAMANT car park are collected, where applicable, and managed by INDIGO Park in accordance with its privacy policy:
- Contact details such as first name, last name, phone number, email address, … and other information you communicate to the manager
- Subscription and data connected with the management of your subscription
- Financial data
3.3 For the purposes of our internal organisation: processing of shareholder-owner data:
Processing data of our owners/shareholders:
From our shareholder-owners we collect:
- Contact details such as: name, first name, address, email address, account number, phone number, mobile phone number, person to be contacted, and number of parking spaces.
- Shareholder-related data such as share register, invitations to the (Special) General Meeting, etc.
This information is kept confidential. No use is made of the entrusted data for commercial purposes, such as making them available to third parties, special offers, sales promotions, etc.
When an owner/shareholder makes himself known to the company, he/she will be asked in what way he/she wishes to receive communication for the purpose of invitations to a general meeting, information or newsletters. Shareholders agree to be contacted in writing or orally in connection with general meetings or other notices that concern the interest of their shareholding and of Parking Empire BV.
Processing data of our directors:
Those who hold office as directors or otherwise as stated in the company’s Articles of Association agree that the following data will be collected and processed:
- UBO registry information such as first name, last name, date of birth, country of birth, place of birth, nationality, etc.
- Contact details such as phone number, mobile phone number, email address
4. For what purposes do we process your data?
Personal data are processed exclusively within the framework of the company and in particular for the following purposes:
- In the context of the main activities of INDIGO Park
- Compliance with administrative and tax obligations
- Promoting the management of the public car park
5. What are the grounds for processing your data?
We process your data for the purposes described below and do not collect and process more and no other kinds of data than those required for these purposes.
We process your data only to the extent based on one of the processing grounds listed in the GDPR, and as shown below.
Legal obligation
Certain data are processed by us in order to comply with legal or regulatory obligations imposed on us. For example, in the context of tax and accounting obligations or in the area of data protection.
Necessary for the performance of the contract
Certain data are processed by us because it is necessary for entering into, performing or terminating a contract with you, the data subject. For example, to contact, schedule, respond to a request or to ask for information, or for the purpose of entering into a contractual relationship in order to provide services to you or to receive services from you.
Legitimate interest
Certain data are processed by us based on our legitimate interests which in specific cases outweigh any potential harm to your rights. For example, to improve the quality of our services; to keep records and statistics related to our activities, in the broad sense; to preserve and use evidence in the context of liability, litigation or disputes and for the purpose of keeping a record of the activities; and to ensure security both online on this website and on our premises.
Consent
Certain data are processed by us based on your consent. For example for the purpose of transferring data, for whatever reason, or for the purpose of a contract for which your consent to receive certain data is requested.
6. Origin of data
We obtained most of your data we process from you directly. For the purposes of our services, we may obtain data about you from external service providers or public sources.
7. With whom do we share your data?
We do not disclose your data to third parties, except when strictly necessary in light of the above-mentioned purposes, or if we are required to do so by law.
As part of corporate legal obligations, data concerning meetings, shareholders’ register or voting register may be shared with the directors, and only with the directors in the exercise of their office and for the purpose of managing the public car park. Those data cannot be communicated to other shareholders.
Where necessary, we use external service providers (processors) to support our operational purposes such as managing our websites and IT systems. These external service providers, where appropriate, perform certain data processing operations on our behalf. We will share your data with these external service providers only to the extent necessary for the relevant purpose. They may not use the data for other purposes. In addition, those service providers are contractually bound to ensure the confidentiality of your data through a “data processor agreement” signed with these parties.
More specifically, this means that, in so far as is relevant in your situation, we share your data with the following third parties for the following purposes, with these third parties acting as processors on our behalf in certain cases:
- Postal, transportation and delivery companies if we need to send you something by mail;
- Payment service providers if we receive payments from you, or vice versa;
- External representatives and consultants or any other parties involved as part of our main or ancillary activities;
- The processors who assist us with IT in the operation of our organisation with a view to secure and efficient digital data management within our organisation;
- Government agencies, judicial authorities and practitioners of regulated professions such as accountants, company auditors, bailiffs and lawyers, for the purpose of complying with our legal obligations and defending our interests, as required.
8. How long do we keep your data?
We will not retain your data for longer than is necessary for the purpose for which the data were collected or are processed. Since the period for which the data may be retained depends on the purposes for which the data were collected, the retention period may vary in each situation. Sometimes specific legislation will require us to keep the data for a certain period of time. Our retention periods are always based on legal requirements and a balancing of your rights and expectations with what is useful and necessary to achieve the purposes. Upon expiration of the retention period, your data will be deleted or anonymised.
9. Where do we store your data and how are they protected?
We have appropriate technical and organisational security measures in place to avoid, within the scope of our activities, the destruction, loss, falsification, modification, unauthorised access or unauthorised disclosure to third parties as well as any other unauthorised processing of those data.
We are also careful to ensure that the processors we work with also take appropriate security measures to minimise the risk of incidents as much as possible.
The data we process remain within the European Economic Area (EEA) at all times.
10. What are your rights?
You have various rights regarding the data we process concerning you. If you wish to make use of any of the rights set forth below, please contact our GDPR Officer via the contact details included under the first title of this Privacy Policy.
Right of access and copy
You have the right to access your data and obtain a copy thereof. This right also includes the right to request further information about the processing of your data, including the categories of data about you that are being processed and for what purposes.
Right to amendment or rectification
You have the right to have your data amended if you believe we have incorrect data.
Right to erasure (right to be forgotten)
You have the right to request that we delete your data without unreasonable delay. However, we will not always be able to fulfil such a request, such as when we still need the data for the purpose of an ongoing contract, or when we are required by law to retain certain of your data for a certain period of time.
Right to restriction of processing
You have the right to restrict the processing of your data. Thus the processing is temporarily stopped until, for example, there is certainty about the accuracy.
Right to withdraw your consent
If the processing is based on your consent (see above under titles 5 and 6), you have the right to withdraw this consent at any time by contacting us.
Right to object
You have the right to object to the processing of your data based on legitimate interest. This should be based on grounds relating to your particular situation. You may also object to the use of your data for direct marketing purposes.
Right to data portability
You have the right to obtain – in electronic form – your data that you yourself have provided to us with your consent or in pursuance of a contract. That way, they can easily be transmitted to another organisation. You also have the right to ask us to transmit your data directly to another organisation, where technically feasible.
Right to complain to your supervisory authority
Should you believe that we are processing your data in an incorrect manner, you always have the right to lodge a complaint with your supervisory data protection authority.
Belgian Data Protection Authority (GBA)
Drukpersstraat 35
1000 Brussels
contact@apd-gba.be
11. How to exercise your rights?
You may exercise your rights by contacting us by mail (Prins Boudewijnlaan 5, box 10, 2550 Kontich), provided that you enclose a copy of the front of your identity card or other document by which you can be identified. The copy will only be used to identify you in accordance with the GDPR.
12. Modifications
We reserve the right to modify this Privacy Policy. The latest version is available on our websites at all times. The date on which this Privacy Policy was last modified can be found at the top. In the event of substantial changes to the Privacy Policy, we will directly inform, if possible, the data subjects who may be affected.