Privacy Policy

Last updated 26 November 2018

This Privacy Policy, even taken as a whole, is not in itself an official statement of compliance and relates solely to IEM. Redstone Consulting SA takes no responsibility as to the use of this report by third parties.

How do we collect your personal data?

IEM SA is a Franco-Swiss business specializing in on-street paid parking solutions. IEM regularly shares its parking solutions with other service providers chosen by its clients, mostly local administrations and parking operators. Therefore, IEM is not always responsible for the whole on-street paid parking system of a given town/city in which you are parking. It is not necessarily the body that processes all of your personal data in relation to on-street paid parking.

IEM handles your personal data in compliance with current data protection law in your country and complies specifically with principles of lawfulness, trustworthiness and transparency, limitation of uses, minimal collection of data, precision, limitation of storage duration, integrity and confidentiality.

In this Privacy Policy, references to "IEM", "we/us", and "our" are references to the entity responsible for the processing of your personal data (data controller), which is usually the same entity that collects your personal data.

This Privacy Policy applies to personal data that we collect by means of IEM group properties, such as websites, mobile applications and third parties with whom we contract to offer our services.

This Privacy Policy describes the types of personal data that we collect, the way in which we may use this personal data, the persons with whom we may share it, and the ways in which you may exercise your rights regarding our processing of this data. The Privacy Policy also describes the measures that we take to protect the personal data that we collect, and how you can contact us regarding our privacy practices.

Definitions

'Personal Data' means any information referring to a natural person who is identified or identifiable (hereinafter referred to as the "data subject" ). An "identifiable natural person" is a natural person who may be identified, directly or indirectly;

'Special categories of personal data' means the processing of personal data relating to racial or ethnic origin, political opinions, religious or philosophical belief or membership of a union, as well as the processing of genetic data, biometric data used to identify a single natural person, data about the health, sexual life or sexual orientation of a natural person;

'Processing': any activity or collection of activities carried out with or without the help of automated processes and applied to personal data or collections of personal data, such as collection, recording, organisation, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by supply, dissemination or otherwise making available; alignment, combination, limitation, erasure or destruction;

'Data controller' means the natural or legal person, public authority, department or any other body which, alone or jointly with others, determines the purposes and means of the processing; if the purposes and means of this processing are determined by European Union law or the law of a Member State, the data controller may be designated or specific criteria regarding their designation may be provided for by European Union law or the law of a Member State;

'Data processor' means the natural or legal person, public authority, department or any other body which processes personal data on behalf of the data controller;

'Third party' means a natural or legal person, public authority, department or any other body other than the data subject, the data controller, the data processor and persons who, under the direct authority of the data controller or the data processor, are authorized to process personal data.

What types of personal data do we process?

We may collect personal information through our websites and mobile applications. The personal information that we may collect are as follows:

  • Vehicle registration number
  • Email
  • Mobile telephone number
  • Full name
  • Address, town/city, country
  • Payment information

Should you provide them to us, we also process this personal data:

  • Photo of vehicle (make and model)
  • Geolocation data
  • Occupation and name of employer

We may also request official documents for some of our services:

  • Vehicle registration document
  • Employer declaration
  • Business rates documentation
  • Residential taxes documentation
  • Lease or purchase contract

When you lodge a complaint (mandatory preliminary administrative recourse, RAPO), we process supplementary personal information on you, those that you provide on PrestoPark. When you make a preliminary recourse complaint, you may in certain cases be required to share personal data on other persons (for example, if you receive a post-parking fixed penalty (FPS) for a vehicle that you have sold). Make sure to do so in accordance with the applicable law in your country.

In the provision of our services, we are also required to exchange your personal information with various external service providers. Information on this point may be found in the section "Is your data shared with third parties?" below.

We also collect personal data online via cookies. These cookies are essential to the proper functioning of our application and internet portal.

How do we use your personal data?

We may use the personal data that we collect to:

  • Offer and manage our products and services;
  • Carry out analysis on the on-street paid parking facilities;
  • Verify your identity and protect you against fraud and other illegal activities, unauthorized transactions, claims and other liabilities, and manage the data's risk exposure;
  • Comply with and apply current legal requirements, contractual obligations and our policies and terms (Privacy Policy and other terms of use);
  • Maintain and improve the safety of our products, services, network services, informational resources and employees.

IEM's processing of your personal data, as described above, shall in general be carried out on one of the following legal bases:

  • Your consent;
  • A contractual relationship which we may have with you or a related party (e.g. your employer);
  • Our legitimate business interests; or
  • Compliance with our legal obligations.

Is your data shared with third parties?

We do not sell or disclose your personal data, except to the extent described here or at the moment of collection.

  • We may share personal data within IEM for the purposes described in this Privacy Policy;
  • We may share personal data with service providers other than IEM and the relevant public authorities involved in the on-street paid parking solution chosen by our clients (generally, the local administration in whose area you park). We therefore share information with the parking department of the local administration, with the delegated manager (operator) for parking for the local authority, the ticketing service, the municipal police, and the parking enforcement provider.
  • We may disclose personal information on you (1) if we are required to do so or authorized to do so pursuant to current legislation or in the context of legal proceedings (court order or subpoena), (2) to judicial authorities or other government representatives in order to comply with a legitimate legal request, (3) as part of an investigation into suspicions of fraud or illegal activity, or (4) in all other cases, with your authorization.

Where is your data stored?

We store your data in different places depending on how you use our services. Here is a list of those places:

  • Boost (CH) – for data collected in Switzerland
  • Amazone AWS (EU) – For data collected in the European Union

For how long do we keep your data?

To the extent allowed by current legislation, we keep the personal data that we collect about you as long as (1) is necessary for the purposes for which we collected the data, in accordance with the provisions of this Privacy Policy, or (2) we have another legal basis, as set out in this Privacy Policy, to keep the data beyond the period of time necessary to attain the original objective for which the personal data was collected.

You may at any moment invoke your right to erasure of your personal data, see the sections "What are your rights" and "how to contact us" below.

How do we transmit your personal data?

We may transmit personal data that we collect and store that data in other countries whose data protection laws may differ from those in force in the country in which the data was provided. In such instances, we will transmit the personal data only for the purposes described in this Privacy Policy. To the extent allowed by current legislation, when we transmit your personal data to recipients in other countries, we take all appropriate measures to protect your personal data.

What are your rights?

To the extent allowed by current legislation in your country, you may (1) access, modify, update and correct personal data that we hold on you via PrestoPark; (2) ask us to erase or limit your personal data using our online request form; or (3) exercise your right to data portability by the same means. Where it is authorized by law, you may at any moment withdraw the consent that you had previously given for the processing of your personal data, for legitimate reasons relating to your specific circumstances, and we will implement your wishes as appropriate. To exercise these rights, contact us at the address which may be found in the last section of this document.

To protect your private life and maintain safety, we may take steps to verify your identity before allowing you access to the information. Depending on your geographical location, you may have the right to lodge a complaint with a national regulatory body (for example the CNIL in France) if you are not satisfied with our response.

How do we protect your data?

We offer administrative, technical and physical guarantees, compliant with legal requirements, each time that we collect personal data, designed to protect against the destruction, loss, modification, unauthorized use or disclosure of personal information that you have provided to us, and against unauthorized access to the same.

Modification of our Privacy Policy

This Privacy Policy may be updated regularly and without prior notice in order to reflect changes to our practices regarding information. We will note, at the top of this Privacy Policy, the date of its most recent update.

How to contact us?

For any question or comment on this Privacy Policy, or if you wish to update information about you held by us, or your preferences, contact us via our contact form or write to us at the following address:

Company

IEM SA 109 chemin du Pont-du-Centenaire 1228 Plan-les-Ouates Geneva – Switzerland

Version: privacy-v1

Back to top