This privacy declaration (hereinafter referred to as "App Privacy Declaration") is applicable to the parking & mobility management App developed by Commuty SA, on web and mobile, to (i) optimize the parking usage and costs through smart parking management, and (ii) organise and incentivise alternative mobility for employees (hereinafter the "App").
This "App Privacy Declaration" includes information about the personal data collected by your Employer (the "Data Controller") and processed by Commuty SA (the "Data Processor") when you use the App, as well as the manner in which the Data Controller and Data Processor use and process this personal data.
The Data Controller and the Data Processor wish to emphasize that they always attempt to act in accordance with (i) the Belgian Privacy Law of 8 December 1992 on privacy protection in relation to the processing of personal data (i.e. as long as still in force), (ii) the EU Regulation of 2016 concerning the protection of individuals with regards to the processing of personal data, regarding the free movement of such data and repealing Directive 95/46/EC and/or (iii) all (future) Belgian laws regarding the implementation of this Regulation.
Using the App, creating an account in order to use the App, subscribing for the newsletter and/or a seminar, webinar or event relating to the App implies your express approval (through disclosure of your personal information or opt-in) of the App Privacy Declaration and consequently how we collect, use and process your personal data.
Types of personal data
The Data Controller/Processor can collect and process the following personal data. Personal data that Commuty stores mostly depends on which features are enabled.
Common personal data:
- Primary Email
- A Secondary Email on which they can receive notifications (optional)
- First name
- Last name
- Phone number (optional)
- Profile picture (optional)
- Preferred language
- Personal address (can be the city only)
- License plate (optional or mandatory, depending on enabled features)
- Carpool pass
- Multiple home-work trips
- Departure-Return hours (optional)
- Car availability (optional)
- Out of office days
The Data Controller/Processor also automatically collect anonymous information regarding your use of the App. As such, the Data Controller/Processor shall, for example, automatically log which sections of the App you visit, which web browser you use and which website you visited when you obtained access to the App. We cannot identify you through these data, but it allows the Data Controller/Processor to draw up statistics regarding the use of the App.
Methods of personal data collection
These personal data are collected in the context of:
- Creating an account
- Your use of the App, whether or not using a mobile device
- The verification of your identity (e.g. when you contact customer support of the Data Processor)
- Incoming and outgoing correspondence with the Data Controller or the Data Processor
- If your Employer has subscribed to the feature "Open a barrier using Bluetooth Low Energy", on Android only, Android collects location data to enable the proximity Bluetooth scanning. This location is only used locally, never transmitted to Commuty or any other service, and never stored anywhere.
The personal data collected by the Data Controller/Processor are therefore expressly and voluntarily provided by you.
Use of personal data
The Data Controller/Processor can use your personal data for the following purposes:
- Providing the App services, whether or not via the website, the platform and/or the app, and whether or not using a mobile device
- Providing support/assistance (e.g. in case of problems)
- Providing reports as to the use of the App by any of the Users;
- Sending of newsletters
- Aggregated statistics
Processing takes place on the following legal grounds, as the case may be:
- You have given consent to the processing of your personal data for one or more specific purposes
- Processing is necessary for the performance of the agreement with the Data Controller/Processor or in order to take steps at your request prior to entering into an agreement
- Processing is necessary for compliance with a legal obligation to which the Data Controller is subject
- Processing is necessary in order to protect your vital interests or of another natural person
- Processing is necessary for the performance of a task carried out in the public interest
- Processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data (in particular when you are a child).
Disclosure of personal data to third parties
The Data Controller/Processor shall not disclose your personal data to third parties, unless it is necessary in the context of providing the services and optimising them (including but not limited to maintenance works, payment processing, the delivery of services to the Data Controller (e.g. subcontracting) and database management). In this respect, your personal data may be disclosed to payment providers, software providers, cloud partner, datacentre, external IT-consultants and service providers.
If it is necessary that the Data Controller/Processor discloses your personal data to third parties in this context, the third party is required to use your personal data in accordance with the provisions of this App Privacy Declaration.
Notwithstanding the foregoing, it is however possible that the Data Controller/Processor discloses your personal data:
- To the competent authorities (i) if the Data Controller/Processor is obliged to do so under the law or under legal or future legal proceedings and (ii) to safeguard and defend our rights;
- If the Data Controller, or the majority of its assets, are taken over by a third party, in which case your personal data – which the Data Controller has collected – shall be one of the transferred assets
- For the purpose of identifying similar profiles to your own, except if you have expressly opted out in this respect.
In all other cases, the Data Controller/Processor will not sell, hire out or pass on your personal data to third parties, except when it (i) has obtained your permission to this end and (ii) has completed a data processing agreement with the third party in question, which contains the necessary guarantees regarding confidentiality and privacy compliance of your personal data;
Storage of personal data
Unless a longer storage period is required or justified (i) by the law or (ii) through compliance with another legal obligation, the Data Controller/Processor shall only store your personal data for the period necessary to achieve and fulfil the purpose in question, as specified in the App Privacy Declaration under 'Use of personal data'.
Your privacy rights
In light of the processing of your personal data, you enjoy the following privacy rights:
- Right of access to personal data which the Data Controller/Processor possibly has concerning you;
- Right to rectification, completion or update of your personal data;
- Right to delete your personal data ('right to be forgotten') (the Data Controller/Processor wishes to point out that in this context certain services will no longer be accessible and/or can no longer be provided if you delete resp. request deletion of certain required personal data);
- Right to limit the processing of your personal data;
- Right to transferability of your personal data;
- Right of access to personal data which the Data Controller/Processor possibly has concerning you;
- Right to object to/oppose the processing of your personal data.
If you wish to invoke your privacy rights, please open https://app.commuty.net/settings/privacy in a web browser.
In addition, you can always, via your personal account, update, modify and/or verify your personal data which you were required to submit when creating your (demo) account.
If you no longer wish to receive newsletters or information about our services, you can unsubscribe at any time by clicking the "unsubscribe" button underneath each of the Data Controller's/Processor’s emails.
Security of personal data
The Data Controller/Processor undertakes to take reasonable, physical, technological and organisational precautions in order to avoid (i) unauthorised access to your personal information, and (ii) loss, abuse or alteration of your personal data.
The Data Controller/Processor shall store all personal data which it has collected in the cloud. Notwithstanding the Data Controller's/Processor’s security policy, the checks it carries out and the actions it proposes in this context, an infallible level of security cannot be guaranteed. Since no method of transmission or forwarding over the internet, or any method of electronic storage is 100% secure, the Data Controller/Processor is, in this context, not in a position to guarantee absolute security.
Finally, the security of your (demo) account will also partly depend on the confidentiality of your password in obtaining access to the App. the Data Controller/Processor will never ask for your password, meaning that you will never be required to communicate it personally. If you have nonetheless communicated your password to a third party – for example because this third party has indicated that it wishes to offer additional services - this third party shall have access to your (demo) account and your personal data via your password. In such cases, you are liable for the transactions which occur as a result of the use made of your (demo) account. The Data Controller/Processor therefore strongly advises you, if you observe that someone has accessed your (demo) account, to immediately change your password and contact us.
Cross-border processing of personal data
Any transfer of personal data outside the European Economic Area (EEA) to a recipient whose domicile or registered office is in a country which does not fall under the adequacy decision enacted by the European Commission, shall be governed by the provisions of a data transfer agreement, which shall contain (i) the standard contractual clauses, as referred to in the 'European Commission decision of 5 February 2010 (Decision 2010/87/EC)', or (ii) any other mechanism pursuant to privacy legislation, or any other regulations pertaining to the processing of personal data.
Update App Privacy Declaration
The Data Controller/Processor is entitled to update this App Privacy Declaration by posting a new version on the App. As such, it is strongly recommended to regularly consult the App and the page explaining the App Privacy Declaration, to make sure that you are aware of any changes.
The App may potentially contain hyperlinks to other websites. When you click on one of these links, you may be redirected to another website or internet source that could collect information about you through cookies or other technologies. The Data Controller/Processor does not bear any responsibility, liability or control authority over these other websites or internet resources, nor about their collection, use and disclosure of your personal data. You must check the privacy declarations of these other websites and internet sources in order to be able to judge whether they act in accordance with the Privacy Legislation.
Contact the Data Controller
If you have questions about this App Privacy Declaration, or the manner in which the Data Controller/Processor collects, uses or processes your personal data, please contact us:
- Via e-mail: firstname.lastname@example.org or
- Via post: 6, Rue Louis de Geer, B-1348 Louvain-La-Neuve