Privacy & Cookie Policy - P4RK.com and Associates

Privacy & Cookie Policy

P4RK.com and Associates - Comprehensive Data Protection Notice

Version 2.0 | Effective: January 1, 2026
GDPR & Swiss FADP Compliant
Your Privacy Rights - Important Information

This Privacy and Cookie Policy explains how P4RK.com and Associates ("we," "us," "our," "Company") collects, uses, stores, shares, and protects your personal information in accordance with the EU General Data Protection Regulation (GDPR), Swiss Federal Act on Data Protection (FADP), and other applicable data protection laws. Please read this policy carefully to understand our practices regarding your personal data and how we will treat it.

Table of Contents

Data Controller Information

1.1 Identity of the Data Controller

The data controller responsible for your personal data is:

P4RK.com and Associates

Registered Address: Bahnhofstrasse 100, 8001 Zurich, Switzerland
Company Registration: CHE-XXX.XXX.XXX (Swiss Commercial Register)
VAT Number: CHE-XXX.XXX.XXX MWST
Phone: +41 44 688 01 00
Email: [email protected]
Website: www.p4rk.com

1.2 Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee compliance with data protection laws and to assist with data subject requests:

Data Protection Officer Contact

Name: Dr. Maria Schmidt, CIPP/E
Email: [email protected]
Phone: +41 44 688 01 05
Postal Address: Data Protection Officer, P4RK.com and Associates, Bahnhofstrasse 100, 8001 Zurich, Switzerland
Office Hours: Monday-Friday, 9:00-17:00 CET
Languages: English, German, French, Italian

1.3 EU Representative

For data subjects in the European Union, our EU representative is:

  • Company: DataRep Solutions GmbH
  • Address: Alexanderplatz 5, 10178 Berlin, Germany
  • Email: [email protected]
  • Phone: +49 30 1234 5678

Definitions

2.1 Key Terms

For the purposes of this Privacy Policy, the following definitions apply:

  • "Personal Data" means any information relating to an identified or identifiable natural person ("Data Subject"). An identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity.
  • "Processing" means any operation performed on Personal Data, whether automated or not, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction.
  • "Data Controller" means P4RK.com and Associates, which determines the purposes and means of Processing Personal Data.
  • "Data Processor" means any person or entity that Processes Personal Data on behalf of the Data Controller.
  • "Consent" means any freely given, specific, informed, and unambiguous indication of the Data Subject's wishes by which they signify agreement to Processing of their Personal Data.
  • "Data Subject" means an identified or identifiable natural person whose Personal Data is Processed.
  • "Special Categories of Personal Data" means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation.
  • "Profiling" means automated Processing of Personal Data to evaluate personal aspects, particularly to analyze or predict aspects concerning performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
  • "Third Party" means any natural or legal person, public authority, agency, or body other than the Data Subject, Data Controller, Data Processor, and persons authorized to Process Personal Data under direct authority of Controller or Processor.
  • "Recipient" means any natural or legal person, public authority, agency, or body to which Personal Data is disclosed.
  • "Supervisory Authority" means an independent public authority established by an EU Member State or Switzerland to monitor application of data protection regulations.

Data Protection Principles

We process Personal Data in accordance with the following principles as required by GDPR Article 5:

3.1 Lawfulness, Fairness, and Transparency

We process Personal Data lawfully, fairly, and in a transparent manner. We provide clear information about our Processing activities and ensure Data Subjects understand how their data is used.

3.2 Purpose Limitation

Personal Data is collected for specified, explicit, and legitimate purposes and not further Processed in a manner incompatible with those purposes. Further Processing for archiving, scientific research, or statistical purposes is not considered incompatible if appropriate safeguards are in place.

3.3 Data Minimization

We collect only Personal Data that is adequate, relevant, and limited to what is necessary for the purposes for which it is Processed.

3.4 Accuracy

Personal Data is kept accurate and, where necessary, up to date. We take reasonable steps to ensure inaccurate data is erased or rectified without delay.

3.5 Storage Limitation

Personal Data is kept in a form permitting identification of Data Subjects for no longer than necessary for the purposes of Processing. We may retain data for longer periods for archiving, scientific research, or statistical purposes with appropriate safeguards.

3.6 Integrity and Confidentiality

We process Personal Data in a manner ensuring appropriate security, including protection against unauthorized or unlawful Processing, accidental loss, destruction, or damage, using appropriate technical and organizational measures.

3.7 Accountability

We are responsible for and able to demonstrate compliance with all data protection principles. We maintain documentation of Processing activities, conduct Data Protection Impact Assessments where required, and implement appropriate policies and procedures.

Personal Data We Collect

We collect various categories of Personal Data depending on your interaction with our services:

5.1 Identity and Contact Data

  • Full name (first name, last name, title)
  • Email address
  • Telephone number (mobile and/or landline)
  • Postal address (street, city, postal code, country)
  • Date of birth
  • Gender (optional)
  • Nationality
  • Language preference
  • Username and password (encrypted)
  • Profile photograph (if provided)

5.2 Identification Documents

  • Government-issued ID (passport, national ID card, driver's license)
  • ID number and expiry date
  • Document verification status
  • Copies or scans of identification documents (when required for verification)

5.3 Vehicle Information

  • License plate number (registration number)
  • Vehicle Identification Number (VIN) - if provided
  • Vehicle make, model, and year
  • Vehicle color
  • Vehicle type (car, motorcycle, bicycle, etc.)
  • Electric vehicle status and charging requirements
  • Vehicle dimensions (height, length, width - if relevant)
  • Insurance information (policy number, insurer)
  • Vehicle registration documents (if required)

5.4 Financial and Payment Data

  • Payment card information (card number - tokenized, expiry date, CVV - not stored)
  • Bank account details (IBAN, BIC/SWIFT code)
  • Billing address
  • Transaction history and payment records
  • Invoice details
  • Tax identification number (for corporate accounts)
  • VAT number (for B2B transactions)
  • Credit check results (for corporate accounts)
  • Payment method preferences

5.5 Usage and Booking Data

  • Booking history (dates, times, locations, duration)
  • Parking facility entry and exit times
  • Parking space assignments
  • Service preferences and settings
  • Booking modifications and cancellations
  • Service complaints and support tickets
  • Customer service interactions and communications
  • Survey responses and feedback
  • Loyalty program participation and points balance
  • Promotional code usage

5.6 Technical and Device Data

  • IP address (IPv4 and IPv6)
  • Device identifiers (device ID, advertising ID)
  • Browser type and version
  • Operating system and platform
  • Screen resolution and device specifications
  • Time zone and locale settings
  • Referral source (how you found our website)
  • Cookies and similar tracking technologies data
  • Mobile application usage data
  • Network connection type

5.7 Location Data

  • GPS coordinates (precise location from mobile devices - with consent)
  • IP-based geolocation (approximate location)
  • Parking facility location data
  • Travel patterns and routes (aggregated and anonymized)
  • Location history (if location services enabled)

5.8 Communications Data

  • Email correspondence with customer service
  • Chat transcripts and messaging history
  • Phone call recordings (with notice and where legally permitted)
  • Social media interactions and messages
  • Customer reviews and testimonials
  • Complaint records and resolution history

5.9 Video Surveillance Data

  • CCTV footage from parking facilities
  • License plate recognition (LPR) data
  • Timestamp and location metadata
  • Facial images (incidental capture, not for facial recognition unless legally permitted and disclosed)
  • Vehicle images and movement patterns within facilities
  • Security incident recordings

5.10 Corporate Account Data

For business customers, we additionally collect:

  • Company name and legal form
  • Company registration number
  • Business address and contact details
  • Authorized representatives and signatories
  • Employee lists (for access management)
  • Department and cost center information
  • Fleet information and vehicle assignments
  • Usage reports and analytics data
  • Contract terms and service level agreements

5.11 Special Categories of Personal Data

Sensitive Personal Data

We do NOT intentionally collect Special Categories of Personal Data (racial/ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data for identification, health data, or data concerning sex life/sexual orientation) except where:

  • Accessibility Requirements: Health or disability information voluntarily provided to accommodate special needs (processed with explicit consent under GDPR Article 9(2)(a))
  • Legal Claims: Information necessary for establishment, exercise, or defense of legal claims (GDPR Article 9(2)(f))
  • Biometric Data: Facial recognition data (only where legally permitted, with explicit consent, and for security purposes)

5.12 Data About Children

Our services are not directed to individuals under 18 years of age. We do not knowingly collect Personal Data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete such information. See Section 15 for details.

How We Collect Data

6.1 Direct Collection

We collect Personal Data directly from you when you:

  • Register for an account on our Platform
  • Make a parking reservation or booking
  • Enter payment information
  • Contact customer service or support
  • Subscribe to newsletters or marketing communications
  • Participate in surveys, contests, or promotions
  • Submit reviews, feedback, or testimonials
  • Apply for a corporate account
  • Communicate with us via email, phone, chat, or social media
  • Visit our offices or facilities in person

6.2 Automatic Collection

We automatically collect certain data when you use our services:

  • Website and App Usage: Through cookies, web beacons, and similar technologies
  • Log Files: Server logs recording access times, pages viewed, and technical information
  • Mobile Applications: App analytics, crash reports, and usage statistics
  • License Plate Recognition: Automatic capture when entering/exiting facilities
  • Location Data: GPS and network-based location (with permission)
  • Video Surveillance: CCTV recording at parking facilities

6.3 Third-Party Sources

We may receive Personal Data from third-party sources including:

  • Payment Processors: Transaction data and payment verification
  • Identity Verification Services: KYC/AML verification results
  • Credit Reference Agencies: Credit checks for corporate accounts
  • Social Media Platforms: If you connect your social media account
  • Partner Companies: Co-branded services and referral programs
  • Public Sources: Business registries, company directories
  • Analytics Providers: Aggregated usage and demographic data
  • Marketing Platforms: Campaign performance and engagement data

6.4 Cookies and Tracking Technologies

We use cookies and similar technologies to collect data about your browsing behavior. See Section 13 for comprehensive cookie information.

Purposes of Data Processing

We process Personal Data for the following purposes, each with specific legal bases:

7.1 Service Provision and Contract Performance

Legal Basis: Contractual Necessity (GDPR Article 6(1)(b))

  • Creating and managing user accounts
  • Processing parking reservations and bookings
  • Providing access to parking facilities
  • Processing payments and managing billing
  • Providing customer support and responding to inquiries
  • Managing loyalty programs and promotional offers
  • Fulfilling our contractual obligations

7.2 Legal Compliance and Regulatory Requirements

Legal Basis: Legal Obligation (GDPR Article 6(1)(c))

  • Maintaining accounting and tax records (7-10 years retention)
  • Conducting anti-money laundering (AML) and know-your-customer (KYC) checks
  • Responding to lawful requests from authorities and regulators
  • Complying with court orders and legal processes
  • Meeting employment law obligations (employee data)
  • Reporting suspicious activities to authorities
  • Maintaining records as required by Swiss and EU law

7.3 Security, Fraud Prevention, and Safety

Legal Basis: Legitimate Interests (GDPR Article 6(1)(f))

  • Monitoring facilities for security and safety through CCTV
  • Detecting and preventing fraud, abuse, and criminal activity
  • Verifying identity and preventing unauthorized access
  • Protecting against cyber threats and security breaches
  • Investigating security incidents and violations
  • Ensuring network and information security
  • Protecting company assets and property
  • Safeguarding customer and employee safety

7.4 Business Operations and Improvements

Legal Basis: Legitimate Interests (GDPR Article 6(1)(f))

  • Analyzing usage patterns and customer behavior
  • Improving services, features, and user experience
  • Conducting research and development
  • Performing data analytics and business intelligence
  • Optimizing facility operations and capacity management
  • Quality assurance and training purposes
  • Strategic planning and business development
  • Benchmarking and performance measurement

7.5 Marketing and Communications

Legal Basis: Consent (GDPR Article 6(1)(a)) or Legitimate Interests (Article 6(1)(f))

  • Sending marketing communications and newsletters (with consent)
  • Promoting services to existing customers (legitimate interest with opt-out)
  • Personalizing marketing content and offers
  • Conducting customer surveys and feedback requests
  • Managing promotional campaigns and contests
  • Analyzing marketing effectiveness
  • Building customer profiles for targeted marketing (with consent)

7.6 Legal Claims and Dispute Resolution

Legal Basis: Legitimate Interests (GDPR Article 6(1)(f))

  • Establishing, exercising, or defending legal claims
  • Managing disputes and litigation
  • Enforcing our terms and conditions
  • Investigating and resolving complaints
  • Debt collection and recovery
  • Insurance claims processing
  • Providing evidence in legal proceedings

7.7 Corporate Transactions

Legal Basis: Legitimate Interests (GDPR Article 6(1)(f))

  • Facilitating mergers, acquisitions, or business transfers
  • Due diligence in corporate transactions
  • Asset sales and corporate restructuring
  • Integration with acquired businesses

Data Sharing and Disclosure

We share Personal Data with the following categories of recipients under strict confidentiality and data protection obligations:

8.1 Group Companies and Affiliates

  • Parent companies, subsidiaries, and affiliated entities within the P4RK corporate group
  • Purpose: Consolidated operations, shared services, group reporting
  • Location: Switzerland and EU/EEA countries
  • Safeguards: Intra-group data sharing agreements, Standard Contractual Clauses where applicable

8.2 Service Providers and Processors

We engage third-party service providers who process data on our behalf:

All processors are bound by Data Processing Agreements (DPAs) compliant with GDPR Article 28, ensuring:

  • Processing only on documented instructions
  • Confidentiality obligations for personnel
  • Appropriate technical and organizational security measures
  • Assistance with data subject rights
  • Deletion or return of data after service termination
  • Audit rights and compliance demonstration

8.3 Business Partners

  • Parking Facility Partners: Third-party facility operators where we provide booking services
  • Co-branded Services: Joint service offerings with partner companies
  • Integration Partners: Companies providing complementary services (navigation apps, travel platforms)
  • Referral Partners: Companies participating in referral or affiliate programs

8.4 Law Enforcement and Regulatory Authorities

We disclose Personal Data to authorities when:

  • Required by law, court order, or legal process
  • Necessary to respond to lawful requests (subpoenas, warrants)
  • Required for regulatory compliance or investigations
  • Necessary to protect rights, property, or safety
  • Required for prevention or detection of crime
  • Mandated for national security or public interest

Recipients may include: police, tax authorities, financial regulators, data protection authorities, courts, and other governmental bodies.

8.5 Professional Advisors

  • Legal counsel and law firms
  • Accountants and auditors
  • Insurance brokers and insurers
  • Business consultants and advisors
  • Financial advisors and banks

All advisors are bound by professional confidentiality obligations.

8.6 Corporate Transaction Parties

  • Potential buyers, investors, or merger partners (under NDA)
  • Due diligence advisors in M&A transactions
  • Acquirers or successors in business transfers
  • Bankruptcy trustees or administrators

8.7 Other Third Parties (With Consent)

  • Third-party marketers (only with explicit opt-in consent)
  • Research organizations (for anonymized/aggregated data)
  • Public testimonials and case studies (with permission)
  • Social media platforms (when you choose to share)
No Sale of Personal Data

We do NOT sell your Personal Data to third parties for monetary or other valuable consideration. Any data sharing is conducted solely for the purposes described in this Policy and under appropriate legal bases and safeguards.

International Data Transfers

9.1 Transfer Locations

Personal Data may be transferred to and processed in countries outside Switzerland and the European Economic Area (EEA), including:

  • United States of America
  • United Kingdom
  • Singapore
  • Other jurisdictions where our service providers operate

9.2 Transfer Safeguards

When transferring data to countries not recognized as providing adequate protection, we implement appropriate safeguards:

9.2.1 Standard Contractual Clauses (SCCs)

We use European Commission-approved Standard Contractual Clauses (2021/914) for transfers to third countries. These provide contractual guarantees regarding data protection.

9.2.2 Adequacy Decisions

Where possible, we transfer data to countries subject to European Commission adequacy decisions, currently including:

  • Andorra, Argentina, Canada (commercial organizations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Republic of Korea, Switzerland, United Kingdom, Uruguay
  • EU-U.S. Data Privacy Framework (for certified U.S. organizations)

9.2.3 Binding Corporate Rules (BCRs)

For intra-group transfers, we are developing Binding Corporate Rules approved by relevant supervisory authorities (implementation target: Q2 2026).

9.2.4 Transfer Impact Assessments

We conduct Transfer Impact Assessments (TIAs) to evaluate risks associated with international transfers, considering:

  • Destination country laws and practices
  • Government access to data
  • Legal remedies available to data subjects
  • Additional technical and organizational measures needed

9.3 Additional Protective Measures

Beyond legal mechanisms, we implement supplementary measures:

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Pseudonymization: Separation of identifying data where feasible
  • Access Controls: Strict limitations on who can access transferred data
  • Data Minimization: Transferring only necessary data
  • Contractual Restrictions: Enhanced obligations on data recipients
  • Monitoring: Regular audits of transfer recipients

9.4 Your Rights Regarding Transfers

You have the right to:

  • Obtain information about international transfers of your data
  • Request copies of safeguards in place (Standard Contractual Clauses)
  • Object to transfers in certain circumstances
  • Lodge complaints with supervisory authorities about transfers

To exercise these rights or obtain copies of transfer safeguards, contact our Data Protection Officer at [email protected].

Data Retention

10.1 Retention Principles

We retain Personal Data only as long as necessary for the purposes for which it was collected, considering:

  • Legal and regulatory retention obligations
  • Contractual requirements
  • Legitimate business needs
  • Limitation periods for legal claims
  • Data subject requests for deletion

10.2 Specific Retention Periods

Contact Us

[email protected]

+41 44 688 01 02

P4 News Ticker

© 2025 p4rk.com part of Rienheim Group 

P4RK®, P4RK.com®, and associated logos are registered trademarks of P4RK.com and Associates.
Unauthorized use is strictly prohibited and subject to legal action.

Cooky & Privacy Policy
This website uses cookies to improve your experience. By using this website you agree to our Data Protection Policy.
Read more
Service Category Purpose Examples
Cloud Hosting Data storage and infrastructure AWS, Microsoft Azure, Google Cloud
Payment Processing Transaction processing, fraud detection Stripe, PayPal, TWINT, PostFinance
Customer Support Help desk, ticket management Zendesk, Intercom, Salesforce
Email Services Transactional and marketing emails SendGrid, Mailchimp, Amazon SES
Analytics Usage analysis, performance monitoring Google Analytics, Mixpanel, Amplitude
Security Services Fraud prevention, threat detection Cloudflare, Sift, Forter
Identity Verification KYC/AML compliance Jumio, Onfido, Veriff
SMS Providers Notifications and 2FA Twilio, Vonage