1. General Provisions

‍
1. This privacy policy of the Website is informative, which means that it is not a source of obligations for Websites Users. The privacy policy contains, above all, the rules for the processing of personal data by the Administrator on the Websites, including the grounds, purposes and period of personal data processing and the rights of data subjects, as well as information on the use of cookies and analytical tools on the Websites.
‍

2. The Administrator of personal data collected via the Websites is:
‍
For Poland and European Union:
NAVIPARKING POLAND SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Warsaw (registered office and delivery address: ul. Domaniewska 47/10, 02-672 Warsaw); entered into the register of entrepreneurs of the National Court Register under the KRS number: 0000692741; registry court where the company's documentation is kept: District Court for the Capital City of Warsaw in Warsaw, XII Commercial Department of the National Court Register; with share capital PLN 6,000.00; NIP [tax ID]: 7010713337, REGON [National Business Registry Number]: 368219897 and the e-mail address: office@naviparking.com
‍
For United Arab of Emirates, Bahrain and other MENA countries :
NAVIPARKING DMCC with its registered office in Dubai, 19th Floor, Conrad Hotel Sheikh Zayed Road, e-mail address: office@naviparking.com

hereinafter referred to as the "Administrator" and at the same time being the Service Provider of the Websites.

3. Personal data on the Websites are processed by the Administrator in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on free movement of such data and the repeal of Directive 95/46 / EC (General Data Protection Regulation)

hereinafter referred to as "GDPR". The official text of the GDPR:
http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679

4. Using the Websites, including concluding contracts, is voluntary. Similarly, the provision of personal data by the Service User using the Websites is voluntary, subject to two exceptions: (1) concluding contracts with the Administrator - failure to provide, in the cases and to the extent indicated on the Websites and in the Websites and in the Terms and Conditions of the Terms and Conditions of the Websites and this privacy policy, personal data necessary to conclude and perform the Reservation Agreement, contract for the provision of Electronic Services or another contract with the Administrator results in the inability to conclude this agreement. Providing personal data is in this case a contractual requirement and if the data subject wants to conclude a given contract with the Administrator, they are obliged to provide the required data. Each time, the scope of data required to conclude a contract is previously indicated on the Websites and in the Terms and Conditions of the Websites; (2) statutory obligations of the Administrator - providing personal data is a statutory requirement resulting from generally applicable legal provisions imposing on the Administrator the obligation to process personal data (e.g. for the purpose of keeping accounting books) and failure to provide them will prevent the Administrator from performing these obligations.

5. The Administrator takes special care to protect the interests of persons to whom the personal data processed by them is concerned, and in particular is responsible and ensures that the data collected by them is: (1) processed lawfully; (2) collected for specified, lawful purposes and not subjected to further processing incompatible with these purposes; (3) factually correct and adequate in relation to the purposes for which it is processed; (4) stored in a form enabling the identification of persons to whom they relate, no longer than it is necessary to achieve the purpose of processing, and (5) processed in a manner ensuring adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures.

6. Taking into account the nature, scope, context and purposes of processing as well as the risk of violating the rights or freedoms of natural persons with different probability and severity of the threat, the Administrator implements appropriate technical and organizational measures to ensure that the processing takes place in accordance with this regulation and to be able to demonstrate it. These measures are reviewed and updated as necessary. The Administrator uses technical measures to prevent the acquisition and modification of personal data sent electronically by unauthorized persons. However, the Administrator of digitalparking.city/cyfrowyparking.pl and naviparking.com cannot guarantee the security of any information that is disclosed online.

7. All words, expressions and acronyms appearing in this privacy policy and beginning with a capital letter (e.g. Service Provider, Website, Electronic Service) should be understood in accordance with their definition contained in the Terms and Conditions of the Websites available on the Websites.

8. All credit/debit cards’ details and personally identifiable information will NOT be stored, sold, shared, rented or leased to any third parties’. Merchant will not pass any debit/credit card details to third parties.

9. The merchant is not responsible for the privacy policies of websites to which it links. If you provide any information to such third parties different rules regarding the collection and use of your personal information may apply. You should contact these entities directly if you have any questions about their use of the information that they collect.

10. Particular Websites’ Policies and Terms & Conditions may be changed or updated occasionally to meet the requirements and standards. Therefore, the Customers’ are encouraged to frequently visit these sections to be updated about the changes on the website. Modifications will be effective on the day they are posted.

2. Grounds for Data Processing

1. The Administrator is entitled to process personal data in cases where - and to the extent that - at least one of the following conditions is met: (1) the data subject has consented to the processing of their personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary to fulfil the legal obligation incumbent on the Administrator; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Administrator or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, requiring the protection of personal data , in particular when the data subject is a child.

2. The processing of personal data by the Administrator requires each time the existence of at least one of the bases indicated in point 2.1 of the privacy policy. The specific grounds for the processing of personal data of the Service Users of the Website by the Administrator are indicated in the next section of the privacy policy - in relation to the given purpose of personal data processing by the Administrator.

3. Purpose, Basis and Period of Data Processing on the Website

1. Each time the purpose, basis and period as well as the recipients of personal data processed by the Administrator result from the actions taken by the given Customer on the Websites.

2. The Administrator may process personal data on the Website for the following purposes, on the following grounds and for the following period:

4. Data Recipients on the Website

1. For the proper functioning of the Website, including the proper provision of Electronic Services by the Administrator and the implementation of the Reservation, it is necessary for the Administrator to use the services of external entities (such as, for example, software provider, payment processor). The Administrator uses only the services of such processors who provide sufficient guarantees to implement appropriate technical and organizational measures, so that the processing meets the requirements of the GDPR and protects the rights of data subjects.

2. The transfer of data by the Administrator does not take place in every case and not to all recipients or categories of recipients indicated in the privacy policy - the Administrator provides data only when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it.

3. Personal data of the Website Users may be transferred by the Administrator to the following recipients or categories of recipients:

a. entities servicing electronic payments or by payment card - in the case of a Customer who uses electronic payments or a payment card on the Website, the Administrator provides the collected personal data of the Customer to the selected entity servicing the above payments on the Website at the request of the Administrator to the extent necessary to handle payments made by Recipient.

b. service providers supplying the Administrator with technical, IT and organizational solutions, enabling the Administrator to run a business, including the Website and Electronic Services provided through it (in particular computer software providers for running the Website, e-mail and hosting providers and software suppliers to manage the company and provide technical assistance to the Administrator) - the Administrator provides the collected personal data to the Service User to a selected supplier acting on their behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.

c. providers of accounting, legal and advisory services providing the Administrator with legal or advisory support (in particular an accounting office, law firm or debt collection company) - the Administrator provides the collected personal data to the Service User to a selected supplier acting on their behalf only in the case and to the extent necessary to achieve a given purpose of processing data in accordance with this
privacy policy.

d. Car Park Providers - in the case of a Customer who has concluded a Reservation Agreement with the Administrator, the Administrator provides the collected personal data of the Customer to the entity responsible for the operation of the selected parking lot to which the Reservation relates, only to the extent necessary to enable the Customer to use the Parking Service.

5. Profiling on the Website

1. The GDPR imposes an obligation on the Administrator to inform about automated decision-making, including profiling referred to in art. 22 para. 1 and 4 of the GDPR, and - at least in these cases - relevant information about the rules for their taking, as well as the meaning and anticipated consequences of such processing for the data subject. With this in mind, the Administrator provides information on possible profiling in this point of the privacy policy.

2. The Administrator may use profiling on the Website for direct marketing purposes, but the decisions made on its basis by the Administrator do not apply to the conclusion or refusal to conclude a Reservation Agreement or the possibility of using Electronic Services on the Website. The effect of using profiling on the Website may be, for example, granting a given person a discount, sending them a discount code, reminding about unfinished activities, sending a service proposal that may correspond to the interests or preferences of a given person, or offering better conditions compared to the standard offer of the Website. . Despite profiling, a given person makes a free decision whether they want to use the discount or better offers received in this way and make a purchase on the Website.

3. Profiling on the Website consists in an automatic analysis or forecast of a given person's behaviour on the Website, e.g. by analyzing the previous history of activities undertaken on the Website. The condition for such profiling is the Administrator having personal data of a given person in order to be able to send them, for example, an offer or a discount code.

4. The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and produces legal effects or significantly affects the person in a similar way.

6. Rights of the Data Subject

1. The right to access, rectify, limit, delete or transfer - the data subject has the right to request the Administrator to access their personal data, rectify it, delete it ("the right to be forgotten") or limit processing and has the right to object to the processing, and has the right to transfer their data. Detailed conditions for the exercise of the above-mentioned rights are set out in Art. 15-21 of the GDPR.

2. The right to withdraw consent at any time - a person whose data is processed by the Administrator on the basis of expressed consent (pursuant to art.6 par.1 letter a) or art. 9 paragraph 2 letter a) of the GDPR), it has the right to withdraw consent at any time without affecting the lawfulness of the processing which was carried out on the basis of consent before its withdrawal.

3. The right to lodge a complaint to the supervisory body - the person whose data is processed by the Administrator has the right to lodge a complaint with the supervisory body in the manner and mode specified in the provisions of the GDPR and Polish law, in particular the Act on the Protection of Personal Data. The supervisory body in Poland is the President of the Personal Data Protection Office.

4. Right to object - the data subject has the right to object at any time - for reasons related to their particular situation - to the processing of their personal data based on art. 6 para. 1 letter e) (public interest or tasks) or f) (legitimate interest of the Administrator), including profiling based on these provisions. In such a case, the Administrator is no longer allowed to process this personal data, unless they demonstrate the existence of valid legally valid grounds for processing, overriding the interests, rights and freedoms of the data subject, or the grounds for establishing, investigating or defending claims.

5. Right to object to direct marketing - if personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing purposes, including profiling, to the extent which processing is related to such direct marketing.

6. In order to exercise the rights referred to in this point of the privacy policy, you can contact the Administrator by sending an appropriate message in writing or by e-mail to the Administrator's address indicated at the beginning of the privacy policy.

7. Cookies and Analytics

1. Cookies are small pieces of information in the form of text files, sent by the server and saved on the side of the person visiting the Website (e.g. on the hard drive of a computer, laptop or memory card) smartphone - depending on which device is used by visitors to the Website). Detailed information on cookies, as well as the history of their creation, can be found e.g. here: https://pl.wikipedia.org/wiki/HTTP_cookie.

2. Cookies that can be sent through the website of the Website can be divided into different types, according to the following criteria:

3. Cookie policy. The Administrator may process the data contained in Cookies when visitors use the Website for the following specific purposes:

4. Checking in the most popular web browsers which cookies (including the period of operation of cookies and their supplier) are currently sent by the website of the Website is possible in the following way:

5. As a standard, most internet browsers available on the market accept cookies by default. Everyone has the option to define the terms of using cookies using the settings of their own web browser. This means that you can, for example, partially limit (e.g. temporarily) or completely disable the option of saving cookies - in the latter case, however, it may affect some of the Website's functionalities.

6. The web browser settings for cookies are important from the point of view of consent to the use of cookies by our Website - in accordance with the law, such consent may also be expressed through the settings of the web browser. Detailed information on changing the settings for cookies and their self-removal in the most popular web browsers is available in the help section of the web browser and on the following pages (just click on the link):
‍
In Chrome
In Firefox
In Internet Explorer
In Opera
In Safari
In Microsoft Edge

7. The Controller may use Google Analytics and Universal Analytics services on the Website, provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). These services help the Administrator keep statistics and analyse traffic on the Website. The collected data is processed as part of the above services to generate statistics helpful in the administration and analysis of traffic on the Website. This data is collective. The Administrator, using the above services on the Website, collects such data as the sources and medium of obtaining visitors to the Website and the manner of their behaviour on the Website, information on devices and browsers from which they visit the website, IP and domain, geographic data and demographic data (age, gender) and interests.

8. It is possible for a given person to easily block information about their activity on the website of the Website by a given person - for this purpose, for example, you can install a browser add-on provided by Google Ireland Ltd. available here: https://tools.google.com/dlpage/gaoptout?hl=pl.

8. Final Provisions

The Website may contain links to other websites. The administrator urges, after switching to other websites, to read the privacy policy established therein. This privacy policy applies only to the Administrator's Website.

The Customer is responsible for maintaining the confidentiality of his account at all times.