“Bmove Group” Privacy Policy– General Information

 

Introduction

The Bmove Group conducts business in several countries and processes personal data in accordance with applicable data protection laws. Pursuant to Article 26 of Regulation (EU) 679/2016 (hereinafter “GDPR”) all Bmove Group companies have entered into an internal data protection agreement as “Joint Controllers” to protect the personal data of data subjects when it is transferred within the Bmove Group.

Pursuant to Articles 13 and 14 of the GDPR this Privacy Policy is provided to the users (hereinafter “Users” or “User”) of the Bmove website https://www.bmove.com (hereinafter “Website”) and of the Bmove mobile application (hereinafter “App”) as well as to those who use the services offered by the Bmove Group partners/third parties. The Bmove Group enables customers of these services (hereinafter “Customers”) to facilitate payments.

Following companies are included into the Bmove Group:

  1. “Bmove GmbH” with a registered office in AUSTRIA, 1030 Vienna, Schwarzenbergplatz 5 Top 7/1;
  2. “Bmove s.r.l.” with a registered office in ITALY, 20122 Milan, Via Calderon De La Barca n. 2;
  3. “Bmove d.o.o.“ with a registered office in CROATIA, 10000 Zagreb, Trg Petra Preradovića 6;
  4. “Bmove Slovakia s.r.o.” with a registered office in SLOVAKIA, 81106 Bratislava, Hodzovo namestie 1A;
  5. “Bmove d.o.o.“ with a registered office in SLOVENIA, 1000 Ljubljana, Pot za Brdom 102.

This Privacy Policy aims to inform Users/Customers about how their personal data is processed by the Joint Controllers in the context of providing Bmove services. It is also intended to help Users/Customers understand how they can exercise their rights under the GDPR.

The services offered by the Bmove Group are intended for persons over the age of 16. If the Bmove Group becomes aware of the processing of personal data of minors under the age of 16, without the consent of their parent or legal guardian, the Bmove Group reserves the right to unilaterally interrupt the use of the services and delete the collected personal data.

The Users/Customers guarantee the transfer of third parties’ personal data, affirming that they have full rights to do so (e.g., in the case of the services called “Add User”). The Bmove Group is not liable for any claims from third parties arising from the illegitimate use of their personal data.

This Privacy Policy does not apply to other websites that may be accessed through links on the Website/App.

 

  1. Data holder (“Controller” in the context of Article 4 (7) of the GDPR)

Respective data holders: “Bmove GmbH” with a registered office in AUSTRIA, A-1030 Vienna at Schwarzenbergplatz 5 Top 7/1, “Bmove s.r.l.” with a registered office in ITALY,  Milan (MI) at Via Calderon De La Barca n. 2, “Bmove d.o.o.“ with a registered office in CROATIA, 10000 Zagreb at Trg Petra Preradovića 6,  “Bmove Slovakia s.r.o.” with a registered office in SLOVAKIA, 81106 Bratislava at Hodzovo namestie 1A and “Bmove d.o.o.“ with a registered office in SLOVENIA, 1000 Ljubljana at Pot za Brdom 102, together are considered “Joint Controllers” according to Article 26 (1) of the GDPR.

 

  1. Principles applicable to the processing of personal data

The Bmove Group’s processing of Users/Customers’ personal data is based on the principles of correctness, lawfulness, transparency, and the protection of confidentiality and fundamental rights, in compliance with the GDPR and the guidelines issued by the Privacy Authorities in the respective countries (hereinafter jointly referred to as “Privacy Legislation”).

 

  1. The categories and types of personal data processing

The personal data of Users and Customers that may be processed by the Bmove Group primarily depends on how they use Bmove services and how such data, either directly or indirectly, is provided to the Bmove Group.

For example, the Bmove Group collects the following personal data of Users/Customers when they:

  • use Bmove-App; name (first name, surname), billing address, email address, vehicle license plate number, telephone number (cell phone), IP address, payment gateway provider ID (pseudonymized data), transaction data (parking date, parking duration, garage ID), geolocation data, vehicle position history, tax data;
  • use Website; type and version of the browser and other information transmitted by the browser (e.g., operating system, access location, language settings, etc.), IP address, end device that retrieved the file, date and time of visit, website from which access was made (referrer URL), cookies;
  • use Webshop; name, surname, type of vehicle, vehicle license plate number, address (street, postcode, municipality), telephone number, email address;
  • contact the Bmove customer care service; vehicle license plate number, email address and any additional information voluntarily provided.

3.1         Personal data collected automatically when using the Website/App:

  • Browsing data. The Bmove Group automatically collects data about the type and version of the browser and other information transmitted by the browser (e.g., operating system, access location, language settings, etc.), information about the device that retrieved the file, and the connection used by the User, including, for example, the IP address, date and time of visit, hardware and software information, event data relating to the device, and data about any crashes;
  • Website/App usage data. The Bmove Group collects information on how the User/Customer used the Website/App including, for example, the website from which access was made (referrer URL, the pages and content viewed, searches performed), third party applications on the Website/App that were used by the User/Customer, links to third-party websites and applications clicked on by the User/Customer, and cookies.

3.2 Personal data provided directly by the User/Customer:

  • Mandatory data provided for account registration. The Bmove Group collects the personal data required to create the User/Customer account, such as contact details (email address) and personal information (name and surname). If this information is not provided, the User/Customer account cannot be created;
  • Optional data provided for the configuration of the User/Customer profile. In order to configure the User/Customer profile and provide services more efficiently, the Bmove Group collects the following information: contact details (e.g., email and telephone number), and identification data (e.g., name and surname, tax code, address and city of residence, postal code);
  • Mandatory data provided for the purchase of services as a guest. The Bmove Group allows the customer to purchase the services offered with a ‘guest account’ and therefore, without entering personal data. In order to enable the subsequent deletion of the guest account, the Bmove Group collects the email address;
  • Mandatory data provided to use the on-street and private parking payment services offered by the Bmove Group. The Bmove Group collects the information necessary to provide the on-street and private parking payment services (including the so-called “ticketless” service), such as contact details, vehicle license plate number, and country;
  • Mandatory data provided to use the electric vehicle charging services. The Bmove Group collects the information necessary to facilitate payment for the electric vehicle charging provided to Users/Customers by third-party car parks, such as contact details (email address, name, surname) vehicle license plate number, charging time, the location where the customer used these services, and the amounts paid;
  • Mandatory data provided to use the “New Authorisation” service. The Bmove Group collects the information required to provide the “New Authorisation” service, such as identification data (name, surname, Tax Code, domicile) and the vehicle license plate number;
  • Optional data provided for geolocation services. With the consent of the User/Customer, the Bmove Group collects the geolocation information;
  • Mandatory data provided for the submission of Limited Traffic Zone permits. To access the Restricted Traffic Zone, the Bmove Group collects identification data (name, surname, Tax Code, domicile) and the vehicle license plate number;
  • Transaction data. The Bmove Group collects information related to the transactions made by the User/Customer through the Website/App, such as the payment method chosen, the date on which the User/Customer used the services, and the amounts paid. For more information, please refer to section 5 of this Privacy Policy;
  • Data provided for marketing communications.In order to send marketing communications, with the consent of the User/Customer, the Bmove Group collects identification data (name and surname) and contact data;
  • Data provided to review the services of the Bmove Group. The Bmove Group collects personal information shared by the User/Customer in order to review the services offered by Bmove, such as contact details and any additional information voluntarily provided;
  • Data provided by email requests for information. If the User/Customer expressly and voluntarily requests information by email to be sent to the addresses indicated on the Website/App or on any of the forms present on the Website/App, the Bmove Group collects the contact details (email address, name and surname) and any additional information voluntarily provided in the communication.

 

  • Personal data provided using cookies. The Bmove Group uses cookies to collect data on the User’s activity via the Website/App, as well as preferences and other technical data related to the User/Customer. For more information on the use of cookies, the User can consult the Cookie Policy at the following link: https://www.bmove.com/cookie-policy/

 

  1. Purpose and legal basis of the data processing

According to Article 6 (1) (a) of the GDPR data processing can be carried out when the data subjects have given consent to the processing of their personal data for one or more specific purposes.

The Bmove Group processes the personal data of Users/Customers to:

  • facilitate payments for on-street and private parking services offered by the Bmove Group through the Website/App;
  • facilitate payments for the provision (by third parties) of electric vehicle charging services offered by the Bmove Group through the Website/App;
  • operate and improve the Website/App;
  • operate and improve the services provided by the Bmove Group through the Website/App;
  • keep the services provided by the Bmove Group through the Website/App secure and operational.

The processing carried out for the mentioned purposes, according to Article 6 (1) (b) of the GDPR, is based on the performance of a contract to which the data subject is party, or on the performance of pre-contractual measures taken at the request of the data subject.

 

The Bmove Group processes the personal data of Users/Customers to:

  • prevent, detect and mitigate fraud, security breaches, and potentially prohibited or illegal activities;
  • resolve disputes with Users/Customers;
  • identify and resolve problems that Users/Customers may encounter when using the Website/App (e.g., blocked or non-functioning pages) and provide a better experience for Users/Customers;
  • collect statistical information, in aggregate form, about the number of Users/Customers visiting the Website/App and how they interact with the Website/App;
  • send notifications of any disruptions related to the services;
  • publish and manage feedback issued by Users/Customers;
  • conduct communications falling under direct marketing;
  • handle billing and enforce activities in case of breach of contract.

The processing carried out for the mentioned purposes, according to Article 6 (1) (f) of the GDPR, is based on the legitimate interest of the Bmove Group or of third parties, while respecting the interests, rights and fundamental freedoms of the data subject.

 

The Bmove Group processes the personal data of Users/Customers to:

  • carry out marketing activities;
  • geolocate the User/Customer.

 

  1. Use of third-party payment gateway providers

To process payments made through the Website/App, the Bmove Group uses the following third parties, which act as payment gateway providers (intermediaries) between the Bmove Group and financial institutions, and collect data on the payment instruments of the User/Customer:

Datatrans: For more information, please consult the Datatrans privacy policy at the following link:  https://www.datatrans.ch/en/privacy-policy/ and

CorvusPay: For more information, please consult the CorvusPay privacy policy at the following link: https://www.corvuspay.com/politika-zastite-osobnih-podataka/.

The aforementioned data will be stored exclusively by the payment gateway providers. The Bmove Group has limited access to this information, such as the last four digits of the debit/credit card used, the payment gateway provider’s ID (pseudonymized data) and the transaction data.

 

  1. Use of Automatic Number Plate Recognition (ANPR)

Automatic Number Plate Recognition (ANPR) is an AI-driven vision technology that uses optical character recognition on images of vehicles to read their license plate numbers at certain locations. An ALPR system applies various image processing techniques to quickly and automatically identify vehicles in images or real-time videos from one or multiple cameras.

Through the use of ANPR technology (cameras installed at the entrance and exit of the parking area by the garage operator) at certain locations, Bmove receives the vehicle license plate numbers (typed out and/or image file) along with other data such as date and time of entry and exit from the respective owner or garage operator. (“See also the data information on-site at the respective facility”)

 

The purposes and legal basis of using ANPR data:

  • to maintain records needed for payment;
  • to enable the automatic opening of the barrier: the camera detects the vehicle license plate number and matches it with a checklist;
  • to fix Bmove service functionality issues in case of complaints from Users/Customers;
  • to monitor parking space availability;
  • to check time, place and payment.

When an individual decides to use services offered by the Bmove Group, this generally requires the initial User/Customer to first register an account to activate services. This therefore establishes a contractual relationship between the registered User/Customer and the Bmove Group.  Pursuant to Article 6 (1) (b) of the GDPR, the processing carried out for the mentioned purpose is based on the performance of a contract to which the data subject is party.

  • to facilitate billing and to enforce actions in the event of a breach of contract.

Pursuant to Article 6 (1) (f) of the GDPR, the processing carried out for the mentioned purpose is based on the legitimate interest of the Bmove Group or of third parties, while respecting the interests, rights and fundamental freedoms of the data subject.

Viewing of ANPR data

In principle, collected images are not viewed However, if they are viewed, they are only accessible to authorized personnel who have received appropriate training to ensure they understand and comply with the legal requirements related to the processing of the collected ANPR data. Furthermore, the Bmove Group has implemented records of processing activities.

To ensure the protection of the rights of individuals recorded by ANPR the Bmove Group guarantees that the collected data is stored in a manner that maintains its integrity and security.

 

  1. Methods of processing and storage of personal data

The Bmove Group ensures that personal data is processed in full compliance with the GDPR and privacy legislation in force in all countries where it operates, using automated or manual methods, and IT or telematic systems, as stated in section 2 of this Privacy Policy.

The data processing is carried out by means of automated tools for storing, managing and transmitting the data.

The data collected is protected using technical and organizational measures to minimize the risks of unauthorized access, dissemination, loss and destruction of data, in accordance with Articles 25 and 32 of the GDPR.

The data will be processed for no longer than necessary to fulfill the purposes for which it was collected. Once the purpose for which the data was processed ceases, personal data will no longer be used and will be stored in accordance with legal regulations of the respective country and/or internally determined retention period.

However, the personal data of Users/Customers may be retained for longer periods if necessary to fulfill legal obligations imposed on the Bmove Group or to protect its rights in court or other authorities.

Upon expiry of retention period, the User/Customer’s data is deleted or permanently anonymized.

 

  1. Recipients of personal data

The personal data collected may be processed by subjects or categories of subjects acting as data processors according to Article 28 of the GDPR, or by subjects authorized to process personal data according to Article 29 of the GDPR.

In the exercise of its activities, the Bmove Group transmits the User/Customer’s personal data according to Article 6 (1) (b) of the GDPR, for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract – to the individual parking provider or to the Municipality (or its operator) in compliance with their respective contractual or legal obligations.

Except for the aforementioned cases, personal data will not be disclosed to any persons, entities, or authorities, unless disclosure is required by law or regulation.

 

  1. Transfer of data to a third country or international organization

Personal data collected through the Website/App may be transferred outside the European Union solely and exclusively for the performance of the services requested through the Website/App, to provide the most appropriate responses to the requests made, and to improve the services offered. Any transfer of data outside the European Union or the EEA will be conducted in full compliance with the measures outlined in Articles 45 and 46 of the GDPR (e.g., the Standard Contractual Clauses).

 

  1. Rights of the data subject

The User/Customer has the right to request at any time:

  1. the confirmation of the existence or non-existence of personal data concerning the data subject, even if not yet registered, provided in a concise, transparent, intelligible, and easily accessible form, using simple and clear language;
  2. the personal data that are being processed from the Bmove Group and the access to the personal data with the following information:
    1. the origin of the personal data,
    2. the purposes and methods of processing,
    3. the legitimate interests pursued by the Bmove Group or by third parties,
    4. the information on any recipients or categories of recipients of the personal data,
    5. the Bmove Group’s intention, if any, to transfer personal data to a third country or an international organization,
    6. the retention period of the personal data,
    7. the logic applied, as well as the importance and expected consequences of such processing for the data subject, in the event of processing carried out with electronic instruments as part of an automated collection and/or profiling process,
    8. the identification details of the Bmove Group, the data processors, the designated representative (if any) and the data protection officer (if any),
    9. the subjects and categories of subjects to whom the personal data may be communicated, or who may become aware of the data in their capacity as designated representative in the territory of the State, data processors or persons in charge of data processing.
  3. the possibility of lodging a complaint with a supervisory authority,
  4. the update, rectification or, where interested in it, integration of the data,
  5. the cancellation, anonymization or blocking of data processed in violation of the law, including data whose storage is no longer necessary for the purposes for which it was collected or subsequently processed,
  6. the restriction of processing,
  7. the portability of personal data to another data controller,
  8. the withdrawal of consent to the processing,
  9. the right to oppose, in whole or in part, the processing of personal data for legitimate reasons, even if it is relevant to the purpose of collection.

 

To exercise these rights, the data subject may contact the Bmove Group at any time by submitting a written request to the following email address: dpo@bmove.com

The Bmove Group will address the User/Customer’s requests within one month of receipt.

Depending on the complexity and number of requests received by the Bmove Group, this period may be extended by up to two months. In such case, the Bmove Group will inform the User/Customer of the deadline extension and the reasons for it within one month of receiving the request.

In the event that the response is considered unsatisfactory, or if the processing of the User/Customer’s personal data is believed to violate data protection law or if their data protection rights have been violated in any other way, the User/Customer has the right to lodge a complaint with a supervisory authority in accordance with Article 77 of the GDPR, particularly in the Member State of habitual residence, place of work, or location of the alleged infringement.