Last modified: 10.10.2024

This privacy policy applies to all services provided by APCOA Norway AS, org.nr: 929 292 065 (the Company). The Company's address is Innspurten 15, 0663 OSLO.

The Company processes personal data in order to provide and manage parking services to our customers through our various platforms. In this policy, we explain why we collect information about you, how we use this information, how we take into account your privacy and your rights in connection with this.

It is the Company (through the CEO) that is responsible for and is the data controller for the Company's processing of personal data in all channels associated with the Company.

The contact information for APCOA Norway AS is:

Address: Innspurten 15, 0663 Oslo

E-mail: kundesenter@apcoa.no

Telephone: 22 05 75 00

Org. no: 929 292 065

If you have any questions about your personal data or other enquiries regarding the processing of your data, you can contact us by email at any time.

We collect and process personal data in order to fulfil the obligation in the agreement you enter into with us either by registering or by parking in an area with a sign recognition camera. The information we process is also necessary to comply with laws and regulations for accounting and bookkeeping. Information collected from Google Analytics about the use of our websites is collected to analyse how our websites are used. The company collects and uses your personal data for different purposes depending on who you are and how we get in touch with you. Processing of personal data takes place in line with the purposes stated here:

• To be able to provide our parking services (subscription or rental of a parking space). The processing takes place on the basis of an agreement with you, or when you utilise our services without a separate agreement.

• To be able to create and edit a digital user profile in our digital services.

• When issuing a control sanction. In this case, we only process your personal data as permitted by law, and so that we can demand recovery. The processing is based on our fulfilment of an agreement with you and our legitimate interest.

• We use video surveillance in some car parks to ensure security in the area and to prevent theft and vandalism. The processing is based on our fulfilment of an agreement with you and our legitimate interest.

• For customer service purposes, we process the information in enquiries received by us, or if the need arises for us to contact you.

• In order to obtain information about the use of our websites and to carry out targeted marketing, we use cookies. The processing is based on our legitimate interest, necessity and/or your consent.

The personal data processed for the stated purposes is in each case limited to what is necessary to fulfil the purpose for which it was collected. The information processed will depend on the content of your customer relationship with us and any agreements you have entered into with the Company.

• Information you provide to us yourself

When you register as a user of our services, we store the personal information you voluntarily provide to us. The information stored is your name, address, telephone number, e-mail address and information about your vehicles and credit cards. In addition, we may process passwords, location, order and purchase history, photographs of vehicles, enquiries to the Company and recordings from video surveillance.

• Information we obtain through your use of our services

Our services collect and store personal data through the use of sign recognition cameras. For example, by parking in a car park with a license plate recognition camera, we can register the license plate of your vehicle and in some cases information about the owner of the vehicle. Our website, www.apcoa.no, www.profectum.no, www.leie.apcoa.no, www.leieparkering.no and FLOW app, uses analysis tools that collect IP addresses in order to offer a customised user experience based on location, as well as anonymised information about use, such as the type of device you use to visit the pages or which pages you use.

Personal data is used to offer and customise our services to you. For example, we need personal data to enable you to log in to our services, send you an invoice or receipt or check whether you have a valid agreement. We also use anonymised data for statistical purposes and to ensure that our services function properly, including that our digital services function optimally.

We take security seriously and have strict requirements for our systems to protect the personal data under our control. For the sake of the security of our systems, no further information is provided here.

APCOA Norway AS is responsible for processing personal data and does not share personal data with other companies, unless we have a legal basis for this. Legal basis will typically be an agreement with you, your consent or another basis that requires us to disclose the information. In our services where you have a permit or rent a car park from a landlord, your name and information about your vehicles will be available to the landlord. We use the following data processors who process personal data on our behalf:

• Microsoft Azure is given access to personal data to store and operate our services.

• Arvato Finance AS is given access to personal data in order to provide customer service and invoicing.

• Kredinor SA is given access to information about whether vehicles have a valid licence.

• Sendgrid Inc. is given access to email addresses to send out receipts by email.

• Twilio Inc. is given access to telephone numbers to send SMS.

• Firebase: Used for app development support, including tracking app usage, managing notifications and user authentication.

• Clevertap: Tracks in-app interactions to identify areas for improvement and enables targeted communication with users.

• Greenflux, Zaptec, Easee, Defa: Manages and monitors power consumption data for electric vehicles.

• Mixpanel: Tracks user interactions to detect errors and identify improvements.

• Mapbox: Provides map viewing and location-based services.

• Google Maps: Provides map viewing and location-based services.

• NETS: Processes secure online payments.

• VIPPS: Processes secure online payments and logins.

APCOA Group GmbH acts as a data processor and has access to data for purposes related to service improvement. They may also access personal information on a case-by-case basis to provide customer support.

• With third-party suppliers who carry out tasks or work on behalf of or under instructions from us, such as system suppliers and payment service providers. In such cases, we have entered into agreements to safeguard information security at all stages of the processing.

• With third parties, when this is necessary to provide our services in accordance with the agreement with you or to pursue our legitimate interest, e.g. where a payment claim is sent for collection.

• With public authorities when required by law or a legally enforceable decision from an authority.

In some cases, your data may be transferred to business partners or other parties located outside the EU/EEA area. We then take the necessary precautions to ensure that the information is protected in line with applicable privacy regulations.

The company stores your personal data for as long as it is necessary to fulfil the purpose for which the personal data was collected. The personal data we process is stored for as long as you have an active customer relationship with us or we have contractual or statutory obligations that require us to store it. Personal data that we process in order to fulfil an agreement with you will be deleted when the agreement has been fulfilled and all obligations arising from the contractual relationship have been met, so that data will be deleted after the parking has been paid for and the appeal deadline has expired. Data we process on the basis of your consent will be deleted if you withdraw your consent. In some cases, we may retain information beyond the above where it is necessary to safeguard our interest in a complaint case or we are legally required to do so under the Accounting or Bookkeeping Act.

In order to limit the storage of personal data, we anonymise or delete personal data on an ongoing basis when it is no longer necessary for our services to have access to the personal data. For example, we anonymise personal data if you have parked in an area with sign recognition cameras and the parking was free of charge, you paid at a payment machine on site or if you paid online within 48 hours. If you cancel your customer relationship, all personal data that we are not legally obliged to retain will be deleted. You can enquire about this and cancel your customer relationship by email to kundesenter@apcoa.no.

You have the right to demand access to, rectification or erasure of the personal data we process about you. You also have the right to demand restricted processing, object to processing and demand the right to data portability.

To exercise your rights, you must contact our customer centre. We will respond to your enquiry as soon as possible, and at the latest within 30 days. We will ask you to verify your identity or to provide additional information before we allow you to exercise your rights towards us. We do this to ensure that we only give access to your personal data to you - and not someone pretending to be you.

You can withdraw your consent for us to process your personal data at any time. The easiest way to do this is to change your marketing settings in our application or by contacting our customer service.

We use cookies and similar technologies when you visit our website.

You also have the right to complain about our data processing to the Norwegian Data Protection Authority. Information about this can be found on the Norwegian Data Protection Authority's website: www.datatilsynet.no.

We use cookies for user statistics, to customise the websites for our visitors and to remember visitors' user preferences. The information is used to make the websites work more efficiently and to provide us with business and marketing information.

In addition, we also use cookies for marketing purposes in order to show you adverts that may be relevant on other websites you visit. Such cookies are placed on our website by a third-party advertising network, including Facebook and Google, on our behalf and with our permission.

The cookies may share information about your navigation on the website, what you have purchased, the time of your purchase and your IP address and browser to the ad network.

The ad networks can then link the activity on our website to your user account when you are logged in to their platforms.

The purpose of the activity is to be able to offer our customers customised and relevant advertising.

You can easily disable cookies on our website (except for necessary cookies) by going to our cookie settings or by opting out by changing the settings in your browsers.

You can also delete cookies that have been stored on your device. You do this via the menu in your browser. How this is done depends on your browser.

If you choose to switch off cookies in your browser, your online activity will not be registered. You should be aware that when you switch off cookies, you will also automatically opt out of some of the website's functionality, and the site may not function optimally.

Montserrat, designed by Julieta Ulanovsky, Sol Mats, Juan Pablo del Peral, Jacques Le Bailly;https://fonts.google.com/specimen/Montserrat

The software for this font is licensed under the SIL Open Font licence, Version 1.1.

This licence is available with a FAQ at:https://openfontlicense.org