Privacy Policy

← Back/Tilbage

1. Data protection at a glance

General information

Evology is a brand name of Parking Solutions Danmark ApS. Both terms are used synonymously in the following.

The notice provides a simple overview of what happens to your personal data when you apply for and maintain an Evology Permit, including the use of the Evology app and Evology portal website. Personal data is any data by which you can be personally identified.

How do we collect your data?

On our apps and websites, personal data of the user is only collected in accordance with the applicable data protection law, in particular the General Data Protection Regulation (GDPR). The technical terms used in data protection law are explained in Art. 4 of the GDPR. Data processing is permitted under the GDPR in three cases in particular:

  • if you have consented to the processing of your data by us (Art. 6 para. 1 lit. a) and 7 GDPR); we will inform you beforehand in this data protection declaration and on the occasion of the consent pursuant to Art. 4 No. 11 GDPR for which purpose and under which circumstances your data will be processed by us;
  • if the processing of your personal data is necessary for the initiation, conclusion or implementation of a contractual relationship (Art. 6 para. 1 lit. b) GDPR);
  • if, after a balancing of interests, the processing is necessary to protect our legitimate interests (Art. 6 para. 1 lit. f) GDPR); this includes in particular our interests in analysing, optimising and securing the offer on our app and website, e.g. through an analysis of user behaviour, the storage of access data and the use of third-party providers.

Accordingly, your data is collected on the one hand by you providing it to us. This can be, for example, data that you enter in a contact form. On the other hand, data is collected automatically or after your consent when you visit the app or website by our IT systems. This is mainly technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you visit.

The entry of data by you on our app and/or website is voluntary. If you do not disclose your data, you will not suffer any disadvantages as a result. However, without certain data, it is not possible for us to offer certain services or functions. We will inform you of the data required or prescribed in each case.

What do we use your data for?

Data provided by you is needed in order for us to provide our services to you. Part of the data collected by us is to ensure error-free provision of the app and website. Other data may be used to analyse your user behaviour.

What rights do you have in relation to your data?

You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have consented to data processing, you can revoke this consent at any time but this may impact or prevent our ability to offer our services to you. You also have the right to request the restriction of the processing of your personal data in certain circumstances. Please note that some of these rights are not absolute and only apply in certain circumstances. We will review any request we receive in relation to these rights. We do not have to agree to a request, but if we refuse it, we will still contact the data subject within one month to explain the reasons. You also have the right to lodge a complaint with the relevant supervisory authority (a list of authorities can be found here).

You can contact us at any time about this and other questions on the subject of data protection.

Third-party analyses and tools

When visiting, your surfing behaviour may be statistically evaluated. This is mainly done with so-called analysis programs.

Detailed information on these analysis programmes can be found in the following data protection declaration.

2. What data is processed when you use Evology Permit?

Evology Permit is our service through which we issue permits, in accordance with our Evology Permit Terms and Conditions, for vehicles to use car parks managed by us.

When you use Evology Permit, we collect and process data that you provide to us as part of your application for permit/s and management of those permit/s. This will include:

  • name;
  • address;
  • email address;
  • telephone number;
  • evidence of identity (such as copy of a passport);
  • evidence of residency;
  • vehicle registration numbers.

This data is collected following provision of it by you to us.

Our legal basis for processesing will process this data is consent (Art. 6 para. 1 lit. a) GDPR)

This data is needed in order to consider your application for an Evology Permit. Further, in order to consider this application we may be required to verify your application with relevant third parties, namely the party who controls the criteria for a permit in a car park. This may include, for example, a landlord or housing association. In making an application for a permit, you provide us with your consent to share your data with relevant third parties and we will only disclose your data to third parties for the sole purpose of verifying your application.

We will also process your data for the purpose of managing your permit account, including our systems processing vehicle registration numbers stored on your permit account in etablishing vehicles entitled to be in the car park, and how long those vehicles are entitled to remain for.

 

If you wish to withdraw your consent to our processing of your personal data, please contact us using the contact details below. If you withdraw your consent, please note that we will be unable to provide the Evology Permit service and any Permits issued will be withdrawn.

  1. Hosting and content delivery networks (CDN)

External hosting

Our Evology portal website is hosted by Microsoft’s Azure Global Infrastructure. If you believe that Microsoft is not abiding by its privacy or security commitments, you can contact Microsoft at the following postal address:

Microsoft Danish Online Services Privacy

Microsoft Corporation

One Microsoft Way

Redmond, Washington 98052 USA

 

Our app is hosted through the Apple App Store and through the Google Play Store.

 

3.  General information and mandatory data

Data protection

The operators of the Evology app and Evology portal website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

When you use the Evology app and Evology portal website, various personal data are collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose the data is used.

We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

Reference to the competent body

The data controller for the Evology app and Evology portal website is:

Avantpark Parking Solutions Danmark ApS

Kollegievej 6,

2920 Charlottenlund

Phone: +45 71 92 92 66

E-mail: [email protected]

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

Duration of storage

Unless a more specific storage period is specified in this privacy policy, your personal data will remain with us until the purpose of the data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.

There are certain reasons why we keep some of your data. How long we keep your data depends on the type of data and the purpose(s) for which it was collected and processed. However, in this case, we will ensure that these third parties also only retain the data for as long as necessary and must adhere to our retention and deletion policies. We do not store your personal data for longer than is necessary for the above-mentioned purposes.

Data transfer within the Avantpark group of companies

We may share your data with our parent company, Parkingeye Limited (a company based in England), and other subsidiaries of our parent company that are located within the European Union. This may include transferring your data to the United Kingdom. The United Kingdom provides an adequate level of protection for personal data. We will monitor the status of the United Kingdom and ensure that adequate protection is in place to ensure the transfer of data outside the Member States of the European Union.

Note on data transfer to the USA

Among other things, tools from companies based in the USA are integrated on our website. If these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country in the sense of EU data protection law. US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing operations.

Withdrawal of consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data collection in individual cases and to direct marketing (Art. 21 GDPR)

If the data processing is carried out on the basis of Art. 6 (1) lit. E or F GDPR, you have the right to object to the processing of personal data relating to you at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. You will find the respective legal basis on which the processing is based in this privacy policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection pursuant to Article 21(1) GDPR).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for direct marketing purposes (objection pursuant to Art. 21 (2) GDPR).

Right to complain to the competent supervisory authority (Art. 77 GDPR)

In the event of a breach of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR), in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to any other administrative or judicial remedy.

How can you contact the competent supervisory authority if you have concerns about our processing of your data?

If you have any concerns about our processing of your data or if you have a question about data protection that is not answered in this policy, please contact our data protection team using the contact details above. You also have the right to lodge a complaint with the relevant regional data protection supervisory authority.

For more information, please visit the website of the Datatilsynet : https://www.datatilsynet.dk

Right to data portability (Art. 20 GDPR)

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format (Art. 20 GDPR). If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Rights of access, rectification and erasure (Art. 15, 16 & 17 GDPR)

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of the data processing (Art. 15 GDPR) as well as, if applicable, a right to correction (Art. 16 GDPR) or deletion (Art. 17 GDPR) of this data. For this purpose, you can request information about the personal data we have stored about you free of charge at any time. To prevent misuse, identification of your person is required for this purpose. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time.

Right to restriction of processing (Art. 18 GDPR)

You have the right to request the restriction of the processing of your personal data. For this purpose, you can contact us at any time. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we usually need time to verify it. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
  • If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of erasure.
  • If we no longer need your personal data, but you need it to assert, exercise or defend legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.
  • If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balancing of your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data – apart from storage – may only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

We will consider each request received on a case-by-case basis. Under data protection laws, we do not have to agree to your request, but if we do not agree to your request, we will still contact you within the applicable timeframe to explain our position.

4. Data collection on our app and portal website

Cookies

Our internet pages and application use so-called “cookies”. Cookies are small text files and do not cause any damage to your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your terminal device when you access our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behaviour or to display advertising.

Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions you have requested (functional cookies) or to optimise function (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 (1) lit. f GDPR, unless another legal basis is specified. The operators have a legitimate interest in storing cookies for the technically error-free and optimised provision of its services. Insofar as consent to the storage of cookies has been obtained, the relevant cookies are stored exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, functionality may be limited.

If cookies are used by third parties or for analysis purposes, we will inform you separately within the framework of this data protection declaration and, if necessary, ask for your consent.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which is automatically transmitted to us. These are:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources.

The collection of this data is based on Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – for this purpose, the server log files must be collected.

Enquiry by e-mail, telephone or contact form

If you contact us by e-mail, telephone or via one of our contact forms, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b) GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR), if this has been obtained.

The data that you transmit to us as part of contact enquiries remains with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after processing your request has been completed), in accordance with our internal data storage policy. Mandatory legal provisions – in particular legal retention periods – remain unaffected by this.

5. plugins and tools

Google Web Fonts

This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

For this purpose, the browser you use must establish a connection to Google’s servers. This enables Google to know that this website has been accessed via your IP address. The use of Google Web Fonts is based on Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. Insofar as a corresponding consent has been obtained (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a) GDPR. The consent can be revoked at any time.

If your browser does not support web fonts, a default font from your computer will be used.

For more information about Google Web Fonts, please visit https://developers.google.com/fonts/faq and read Google’s privacy policy: https://policies.google.com/privacy?hl=de

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to check whether the data entry on this website (e.g. in a contact form) is made by a human or an automated programme. For this purpose, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements of the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Visitors to the website are not informed that an analysis is taking place.

The storage and evaluation of the data is based on Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM. Insofar as a corresponding consent has been obtained, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a) GDPR; THE CONSENT IS REVOKABLE AT ANY TIME.

For more information on Google reCAPTCHA, please see the Google Privacy Policy and the Google Terms of Use at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de

Hotjar

We use Hotjar to better understand the needs of our users and to optimise the offering and experience on this website. Hotjar’s technology gives us a better understanding of our users’ experience (e.g. how much time users spend on which pages, which links they click, what they like and dislike, etc.) and helps us tailor our offering to our users’ feedback. Hotjar uses cookies and other technologies to collect data about our users’ behaviour and their devices, in particular the device’s IP address (which is only collected and stored in anonymous form while using the website), screen size, device type (unique device identifiers), information about the browser used, location (country only) and the preferred language for viewing our website. Hotjar stores this information on our behalf in a pseudonymised user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.

For more information, see the “About Hotjar” section on the Hotjar help page.

Facebook Custom Audiences / Facebook Pixel

The “Facebook Custom Audiences” service is used on this website. Facebook Pixel is used for this service. These services are operated by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland. Facebook Custom Audiences allows us to target the user with interest-based advertising on the social network – Facebook. To make this possible, we have implemented the Facebook Remarketing Tag on our website. This tag establishes a direct connection with Facebook servers when you visit the website, so that Facebook receives information about which pages you have visited on our website. Facebook then matches this information with your Facebook user account. The next time you visit Facebook, you will then be shown personalised, interest-based advertisements (Facebook Ads). In addition, Custom Audiences is used to personalise and optimise the website.

The Facebook pixel also collects and processes performance data to track and monitor performance data derived from users’ use of Facebook ads.

The following data is collected and processed with the help of Facebook Custom Audiences:

  • Facebook user ID
  • IP address
  • Browser information
  • Non-sensitive custom data
  • Facebook cookie information
  • Referrer URL
  • Pixel-specific data
  • Pixel ID
  • Social media friend network
  • Usage data/user behaviour
  • Views and interactions with content, ads and services
  • Valued content
  • Information about the device
  • Successful marketing campaign
  • Information on the operations
  • Hardware/software type
  • Browser type
  • Operating system of the device
  • Geographical location
  • Cookie ID
  • Information from third party sources
  • User agent
  • Conversions

The legal basis for the processing is your consent pursuant to Art. 6 (1) a) GDPR. If you do not want the aforementioned data to be collected and processed via Facebook Custom Audiences, you can refuse your consent or revoke it at any time with effect for the future.

Personal data shall be kept for as long as necessary to fulfil the purpose of the processing. The data will be deleted as soon as it is no longer necessary to fulfil the purpose.
In the course of processing, the data may be transferred to Facebook Inc. in addition to Facebook Ireland.

HubSpot

HubSpot is a customer relationship management (CRM), marketing, sales and customer service software. Its functionality includes:
Email Marketing, Social Media Publishing & Reporting, Reporting, Contact Management (e.g. User Segmentation & CRM), Landing Pages and Contact Forms.

For more information on how HubSpot handles data, please see the Privacy Policy:
https://legal.hubspot.com/privacy-policy

HubSpot is a software company from the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.

The following data may be processed in connection with HubSpot:

  • Name
  • Address
  • Phone number
  • E-mail address
  • Job title
  • IP address
  • Business address

 

The legal basis for the processing is legitimate interests pursuant to Art. 6 (1) (f) GDPR and consent pursuant to Art. 6 (1) (a) GDPR. If you do not want the aforementioned data to be collected and processed via Hubspot, you can refuse your consent or revoke it at any time with effect for the future.

Personal data shall be kept for as long as necessary to fulfil the purpose of the processing. The data shall be deleted as soon as they are no longer necessary to fulfil the purpose.

Within the scope of processing via HubSpot, data may be transferred to the USA. The security of the transfer is ensured via the standard contractual clauses, which guarantee that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. Should the standard contractual clauses not be sufficient to guarantee an adequate level of security, your consent pursuant to Art. 49 (1) a) GDPR may serve as the legal basis for the transfer to third countries.

 

Freshworks

We use Freshworks to convert emails, including appeals and customer queries, and social media queries into tickets for easy tracking.

Freshworks Inc (company number: 4861858) is a corporation formed under the laws of the State of Delaware with its registered office at 16192 Coastal Highway, Lewes, Delaware 19958, USA and its principal place of business at 2950 S. Delaware Street, Suite 201 San Mateo, California 94403, USA.

Freshworks can process the following data with its Freshdesk product:

  • Contact information such as name, email address, postal address
  • IP address
  • geographical location
  • the content of any messages you send to us as part of a service request, question or concern, including by email, telephone or via the website.

The processing is based on our legitimate interest in the effective handling of the enquiries addressed to us (Art. 6 (1) f) GDPR).

Personal data shall be kept for as long as necessary to fulfil the purpose of the processing. The data will be deleted as soon as they are no longer necessary to fulfil the purpose.

Microsoft 365 Suite

We use Microsoft’s Exchange online and Office online products, which are hosted in Microsoft’s UK data centre, to route requests made via the website’s contact forms to receiving systems.

Microsoft takes strict measures to protect Customer Data from inappropriate access or use by unauthorised individuals. These include restricting access by Microsoft employees and subcontractors and carefully defining requirements for responding to government requests for Customer Data. Microsoft 365 uses service-side technologies that encrypt customer data at rest and in transit. For Customer Data at rest, Microsoft 365 uses encryption at the volume and file level. For Customer Data in transit, Microsoft 365 uses multiple encryption technologies for communications between data centres and between clients and servers, such as Transport Layer Security (TLS) and Internet Protocol Security (IPsec).

The processing is based on our legitimate interest in the effective handling of the requests addressed to us (Art. 6 (1) f) GDPR).

Personal data shall be kept for as long as necessary to fulfil the purpose of the processing. The data shall be deleted as soon as they are no longer necessary to fulfil the purpose.

Amendment of the data protection policy

If a change to the privacy policy becomes necessary for legal or other reasons, we will update this page and the privacy policy accordingly. In doing so, no changes will be made to the consent given by the user.