PayByPhone

Privacy policy

PayByPhone is committed to respecting your privacy and complying with all applicable data protection and privacy laws. In this Privacy Policy, we describe how we collect, use, share and protect your Personal Data.

As part of our commitment to you, we ensure that your Personal Data is accurate, confidential, and secure and allow you to access, correct, or erase your Personal Data. Please note that in order to offer our Services, we transfer your Personal Data to Canada and to certain service providers which may be located in other countries.

When you create an Account with us or use our Services, you agree to this Privacy Policy and the Terms and Conditions. Each time you use your Account or our Services, or provide us with information, the current version of this Privacy Policy and the Terms and Conditions govern the processing of your Personal Data.

If you do not agree with the terms of this Privacy Policy or the Terms and Conditions, please refrain from creating an Account or using our Services.

If you have any questions or comments about this Privacy Policy, please contact the relevant Data Protection Officer at the address listed in Section 15 below.

SPECIAL NOTICE REGARDING CHILDREN

Our Services are not directed to people under 16.  We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with Personal Data without the proper consent, please contact the relevant Data Protection Officer at the address listed in Section 15 below and we will take steps to remove such information and terminate the account, as necessary.

Table of Contents

  1. Who processes your information?
  2. What information is processed?
  3. Why is your information processed?
  4. How is your information processed?
  5. With whom is your information shared?
  6. Where is your information transferred?
  7. How is your information kept safe?
  8. How long is your information retained?
  9. What rights do you have in regard to your information?
  10. Definitions.
  11. App store; Links to other websites.
  12. Applicable law.
  13. Changes to this Policy.
  14. Further questions.
  15. Contacts.

1. Who processes your information?

Your contract and Account may be with PayByPhone Technologies Inc. or one of its subsidiaries, including without limitation PayByPhone US Inc. (United States), PayByPhone Limited (United Kingdom), PayByPhone SAS (France, Monaco), PayByPhone Suisse AG (Switzerland), PayByPhone Italia S.r.l. (Italy) or PayByPhone Deutschland GmbH (Germany).  Collectively, all of these entities are referred to here as “PayByPhone”.  The applicable contract party depends on the country from which you open your Account and in which you conduct your Parking Sessions, as set out in the Terms and Conditions in greater detail.

Your PayByPhone contract party and PayByPhone Technologies Inc., incorporated in Canada, are jointly responsible for the processing of your Personal Data, including in the context of the registration for and general use of the Services, product and system development including ensuring IT security, and for advertising and marketing purposes.  The controllers have agreed among themselves who will fulfill specific obligations with respect to the data processing and shall work closely together. In particular, they will provide each other with the information necessary to fulfill their respective obligations and to enable the exercise of data subject rights.

You will have statutory protection in the applicable territories and this Privacy Policy is without prejudice to those statutory rights.

PayByPhone is committed to complying with all applicable privacy laws (“Data Protection Laws”), including without limitation the Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”), the European General Data Protection Regulation (“GDPR”) and the UK General Data Protection Regulation (“UK GDPR”).

Facilities Operators for the locations where you park process parts of your Personal Data which relate to the Parking Sessions at their parking facilities and which, among other things, enable them to effect parking validation, enforcement and fines.

For information on additional processors of your Personal Data, see section 5 below.

2. What information is processed?

We only collect and process Personal Data that is required to create an Account and to offer the Services you request and to communicate with you.

You and anyone you authorize to use your Account provide some of this information directly when you create an Account, use a Service or contact us for support, including:

  • Mobile phone number
  • Vehicle license plate
  • Billing information (such as credit card and debit card numbers and expiry dates) (NOTE: We do not store CVV/CVV2 security numbers on our servers.)
  • Password
  • Transaction data (such as Parking Session date, time, duration, zone number and amount paid)
  • Customer support issue details
  • Email address

In some cases, for example when you permit another party, such as your employer, to pay for parking sessions on your Account through linking your Account to theirs and adding their payment method to your Account, we ask you or the owner of the payment method to provide your:

  • Profession
  • Professional affiliations membership
  • Work email address
  • Unique username
  • Work mobile phone number
  • Job Title
  • Department
  • Office Name
  • Employee Cost centre

You may also give us additional information when you choose to open your Account using information from third party services you already have, including:

  • Your device settings and credentials
  • Credentials from a third-party app or platform

You may also choose to give us additional information to obtain a Service or receive communications from us including:

  • Name
  • Postal code/zip code
  • Location
  • Type of vehicle
  • Communication preferences
  • Any information related to your voluntary participation in our contests, promotions, and research, including demographic or occupation information that you choose to provide

You may stop providing us this additional information at any time by adjusting your Account settings in the App, on the Site or by contacting us.

We also collect other data indirectly when our software interacts with your device and when we use technologies like cookies and error messages. This may include:

  • IP address and information about the device you use to access the Services
  • Media Access Control (MAC) address
  • Operating system name and version
  • Device manufacturer and model
  • Your language preferences
  • Type and version of your Internet browser
  • Name and version of the App you use
  • Site traffic data
  • Landing and exit page details
  • Details of your session between pages of the Site to provide a continuity of experience
  • Details of when you install and uninstall the App

Please see our Cookies Policy for more information.

We also sometimes obtain data about you from third parties (including parking operators, payment facilitators, parking enforcement agencies and hardware/software manufacturers). For example:

  • When you register a credit card or debit card with us to use the Service, we will use card authorization and fraud screening services to verify that your card information matches other information that you supply to us, and that the card has not been reported as lost or stolen.
  • When you opt into Autopass (available in some countries), a Service that allows you to automatically pay for parking at facilities that support automatic number plate recognition, we will obtain from the parking operator the time of the vehicle entry and exit from the parking facility and we may receive a photograph of the vehicle taken at that time.

3. Why is your information processed?

We process your information so that we can offer you our Services and communicate with you.

Contractual Relationship

When we process your Personal Data in relation to our Services (including, without limitation, for customer service, security messages, processing payments, sending receipts and reminders of parking session expiry) and our related internal purposes (including administration, risk management, compliance, product development, research, debt collection, financial audit, security and record keeping,) we rely on the lawful basis of having a contractual relationship with you.

Consent

When we process your information to communicate with you (including about our and our affiliate promotions, events occurring in localities where you recently parked, targeted advertising and marketing of services), we rely on the lawful basis of consent to process your Personal Data and we are committed to obtaining that consent in a legitimate way.

You can provide your consent in the App, on the Site or verbally to our authorized representatives. You will be asked specifically if you would like to opt-in to each of these communications and you can choose whether to receive some, all, or none of these communications.

Unless the type of use is necessary for us to provide the Services, you will have the right to remove your consent to such use at any time (more on this below) by logging in to your Account on the Site, in the App or by calling your Customer Support Center or writing to your respective Data Protection Officer at the contact listed in Section 15 of this Privacy Policy. You will have an opportunity to unsubscribe each time we communicate with you. Note that your decision to withhold or withdraw your consent to certain other uses of Personal Data or certain types of communication may restrict our ability to provide a particular service or product.

Subject to Data Protection Laws, we may collect, use, store or share Personal Data without your consent in the following limited circumstances:

  • As instructed by local authorities in emergency situations that threaten an individual's life, health, or personal security such as emergency warnings for tsunami or earthquakes.
  • When the Personal Data is available from a public source (e.g. a telephone directory).
  • To protect ourselves and other users from fraud.
  • To investigate an anticipated breach of an agreement or a contravention of law.
  • When such collection, use or disclosure of Personal Data is permitted or required by law.

Legitimate Interest

Where permitted by law, we will process your Personal Data on the basis of our legitimate interest, for example when contacting you about new product offerings and conducting customer satisfaction surveys to enhance our services or sending you newsletters and parking, vehicle or road use related service and security messages. For this type of processing, we will always take into consideration the effect of such processing on your fundamental rights and freedoms, and if we believe that the communication would be an infringement on your rights, we will not proceed with that communication.

PayByPhone Technologies Inc. acts on the basis of legitimate interest in the group-wide use of a central IT infrastructure (including for registration and processing of parking transactions, product and system development and ensuring IT security).

You may opt-out of receiving legitimate interest-based communications by logging in to your Account on the Site or in the App or by calling your Customer Support Center or writing to your respective Data Protection Officer at the contact listed in Section 15 of this Privacy Policy. Note that your decision to opt-out may restrict our ability to provide a particular service or product.

4. How is your information processed?

We only process your Personal Data for the purposes for which we have a lawful basis.

Some processing associated with the purpose of providing you our Services include:

  • Creating your Account.
  • Operating the Service.
  • Providing you with navigation services to your parking location.
  • Providing you with parking information at or near you or at your location.
  • Sending you notifications of the end of your parking session.
  • Facilitating, processing, and keeping a record of your Transactions.
  • Serving as the merchant of record for certain Transactions.
  • Collecting or attempting to collect any unpaid amounts owed by you.
  • Sending you the receipt for your Transactions.
  • Providing you with your parking history.
  • Facilitating communication between you and PayByPhone.
  • Providing you customer support.
  • Cooperating with relevant authorities (for example: regarding your Parking Penalties).
  • Analyzing and monitoring App and Service usage and making improvements, enhancements, and customizations to your experience.
  • Investigating and resolving outages, malfunctions, or problems that you may be having with our App or Services.
  • Ensuring the security of the App and Services, preventing fraud, and enforcing our policies.
  • Complying with any applicable law and assisting law enforcement agencies under applicable law.
  • Working with you to terminate your Account and retaining only your Personal Data when we are required to retain such information by law or pursuant to our other agreements.
  • Responding to any dispute, or legal proceeding of any kind between you and PayByPhone.
  • Providing required reports to our financial partners or service providers.
  • Creating Anonymized Data sets for internal, external, commercial, and analytical purposes.
  • Performing other activities with your consent.

Some processing associated with the purpose of communicating with you include:

  • Sending you updates, notices, announcements, and additional information related to our Services, vehicle, parking or road use related service and security messages, or information about events occurring in localities where you recently parked.
  • Conducting surveys, contests, questionnaires, discounts or rewards programs, sweepstakes, or promotions for ourselves.
  • Sending you marketing, advertising material, and other content and provide you with information and advertisements about offers, discounts and other services relevant to you, or that we believe you may find interesting.
  • Sending you updates, notices, announcements, and additional information related to other products and services or those of our affiliates or those of other third parties.
  • Conducting surveys, contests, questionnaires, discounts or rewards programs, sweepstakes, or promotions on behalf of our affiliates or third parties.

5. With whom is your information shared?

We will never use or disclose your Personal Data unless we have a lawful basis to do so.

We do not sell your Personal Data to parties outside of PayByPhone. We will not rent, license or exchange customer lists or your Personal Data to other parties outside of PayByPhone, except as we describe below.

No Personal Data will be shared with third parties, except as required to offer the Services to you or as you specifically consent. We may:

  • Send your vehicle information to parking operators and parking enforcement agencies to confirm your parking sessions.
  • Send some information to third party service providers that help us to operate our Services including, but not limited to, website hosting, data warehousing, data analysis, event logging, information technology, customer service, user analytics, email delivery, messaging, auditing, and debt collecting.
  • Send your credit or debit card payments to our payment processors.
  • Send some information to police, security forces, competent governmental, intergovernmental or supranational bodies, competent agencies, departments or regulatory, self-regulatory authorities or organizations or other third parties where  the information is subject to disclosure in accordance with the applicable law, or where we believe, in good faith, it is appropriate to cooperate with in relation to investigations of fraud or other illegal activity or potential illegal activity, or to conduct investigations of violations of our Terms and Conditions.
  • Send some information to auditors in connection with independent audits of our financial statements and operations. These auditors cannot use personally identifiable information for any secondary purposes.
  • Share your Personal Data with a potential purchaser of PayByPhone (or the majority of its assets), or a merger, reorganization, or internal acquisition.
  • Send information to our affiliates as allowed by law. Any Personal Data relating to you that we provide to our affiliates will be treated by those affiliates in accordance with this Policy and we are responsible for the management of the jointly used Personal Data.
  • Disclose aggregated statistical data for statistical or public relations purposes. For example, we may disclose that a specific percentage of our users drive a blue car. However, this aggregated information is not tied to personal information.
  • Share some Anonymized Data with third party partners who use the Anonymized Data to create mobility-related analytics including for example, parking analytics & predictive occupancy as well as parking availability reports.
  • Share information with the party which pays for Parking Sessions on your Account through linking your Account, with your permission, to theirs and adding their payment method to your Account.  The information shared includes data collected from you, data collected on parking and other transactions including financial information, data collected on your mobile devices, and derivative data used and stored in PayByPhone databases, to the extent that such data relates to the use of third-party payment method added to your Account. The data will be shared primarily for the purposes of verifying parking transactions paid for with the third-party payment methods and generating parking activity reports for the third party.

6. Where is your information transferred?

We will transfer your Personal Data to PayByPhone in Canada, irrespective of the country in which you reside or from which you provide Personal Data.

The transfer of your Personal Data is done in a secure way and in compliance with Data Protection Laws. The European Commission has found, on the basis of Article 45 of the GDPR, that Canada, while not bound by the GDPR, ensures an adequate level of protection of personal data. This adequacy decision took into account Canada's domestic law, its supervisory authorities and international commitments it has entered into.

We may also transfer your Personal Data to third party suppliers in other countries to provide part of our Service to you. In our agreements with these parties, we require them to protect your Personal Data and to adhere to Data Protection Laws and we make sure that they have provided appropriate safeguards.

Your personal information may be accessible to regulatory, law enforcement and national security authorities of those jurisdictions, and may be subject to disclosure in accordance with the laws of those countries.

7. How is your information kept safe?

We have put appropriate technical and organizational protection measures in place to protect your Personal Data from unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks.

PayByPhone commits to the following security measures:

  • All Personal Data of users is stored electronically on an encrypted database of PayByPhone protected by a firewall.
  • The PayByPhone Service is hosted in a secure server environment that uses a firewall and other advanced technology to prevent interference or outside access.
  • Physical access to the database where Personal Data is stored and the servers where the PayByPhone Service is hosted is protected by 24/7 guards who only allow authorized personnel access to the database, such personnel is limited to those that need access.
  • PayByPhone complies with PCI Data Security Standard Level-1 with a robust security process for payment card data and other Personal Data, including prevention, detection and appropriate reaction to security incidents.
  • Parking transactions processed through our Services are encrypted using x-bit (for example 128-bit) secure sockets layer (SSL).
  • PayByPhone uses appropriate security measures when destroying customers’ Personal Data such as deleting electronically stored information.

We will continually review and update our security policies and controls as technology changes to ensure the ongoing security of your Personal Data.

8. How long is your information retained?

PayByPhone will retain your data in accordance with Data Protection Laws.

We will retain your Personal Data (including information related to each parking session and to each of your Transactions) for only so long as is reasonably necessary to fulfil the purposes for which the information was collected or as required by law.

If you create an Account with us, we will retain your Personal Data as long as you have that Account. If you close your Account or if there is no activity on your Account (including no log-ins and no parking sessions) for a period of more than 3 years, we will mark your Account in our database as "Closed," but may have to keep some information for as long as is required to comply with our legal obligations or 7 years, whichever is shortest.

9. What rights do you have with regards to your information?

According to the controller arrangement between your PayByPhone contract party and PayByPhone Technologies Inc., your PayByPhone contract party is responsible for fulfilling the obligations related to data subject rights.

You can contact the relevant local Data Protection Officer at the address set out at Section 15 below with requests related to the rights described below.  You are also free to assert your data subject rights against PayByPhone Technologies Inc. at the contact listed in the first line of Section 15 below.

Any request must be made to PayByPhone in writing and provide sufficient detail to identify the Personal Data that it relates to. PayByPhone may request that you verify your identity.  PayByPhone will address the request within 30 business days or provide written notice of an extension where additional time is required to fulfil the request.

Access

You have the right to request access to your Personal Data, to know how we use it and to whom we have disclosed it, subject to certain limited exceptions.

You can assert this right by accessing your Account on the Site or the App. You may also contact us with a Personal Data access request and we will take all reasonable steps to assist you with any legitimate request for access.

We may not be in a position to respond to a data access request. If a request is refused in full or in part, we will notify you in writing and provide the reasons for refusal and the recourse available to you.

Rectification

You have the right to make sure that your Personal Data is accurate.

We make reasonable efforts to ensure that all of our users’ Personal Data is kept accurate and complete. If you are the Account holder, we provide you with tools to access or modify the Personal Data associated with your Account. You may also request that we correct your Personal Data.

If your Personal Data is demonstrated to be inaccurate or incomplete, we will, so far as practicable and as soon as practicable, correct your Personal Data and send the corrected information to any organization to which we disclosed the Personal Data in the previous year. If the correction is not made, we will note your correction request in your file.

Erasure

You have the right to obtain from us the erasure of your Personal Data.  

At any time, you may close your Account and uninstall the App. You may also request that we erase your Personal Data.

In the event that you delete your Account and the App or request erasure of your Personal Data, we will use commercially reasonable efforts to remove your Personal Data from our files, however, we may not be able to delete some of your Personal Data to the extent that it is still required for discharging our legal obligations. We may also retain, use, and share your Anonymized Data that we previously collected prior to your deletion of your Account.

Withdraw consent (when processing is based on consent)

As mentioned above, when PayByPhone is relying on consent as the lawful basis for processing your Personal Data, you may remove such consent at any time, examples of this include:

  • For certain types of communications, you can change your preferences in your Account permissions via the settings in the App.
  • For emails, you may click on the “Unsubscribe” link in the received email.
  • For push notifications, you can change the setting on your mobile device or adjust your Account settings.
  • For Cookies on the Site, you can change the Cookies settings on your browser.
  • For collection of location information, you can change your location access to our App using your mobile device settings and by adjusting your Account settings.

Please note that changing your consent may result in a change in your Services and experience.

Lodge a complaint

You have the right to communicate with PayByPhone about any issues that you may have relating to your Personal Data.

The Data Protection Officer of your respective PayByPhone contract party is responsible for ensuring PayByPhone’s compliance with this Privacy Policy and Data Protection Laws. You should direct any complaints, concerns or questions regarding PayByPhone compliance in writing to the respective Data Protection Officer at the contact information below in Section 15.

You may also write to the Privacy Commissioner of Canada or the privacy supervisory authority in your country.

10. Definitions

  • Account - The PayByPhone parking service account opened by you in the App, on the Site or by calling our Customer Support Centers.
  • Anonymized Data - Anonymous, statistical, or aggregated information, on a de-identified basis (such as anonymous location information, enrollment numbers, demographic group information, etc.), in a form that does not enable the identification of a specific user.
  • ANPR – The automatic number plate recognition feature which (1) identifies an opted-in vehicle, prior to payment, as authorized to park at the participating parking facilities and allows access to the parking facilities without having to perform any action normally required to remove a barrier to entry and (2) automatically records the time of entry and exit from the participating parking facility, calculates the length of stay and the cost of the Parking Session for the purposes of initiating payment.
  • App - The PayByPhone mobile parking payment application and other applications that we may develop.
  • Autopass – The service from PayByPhone that you opt your vehicle or vehicles in using the App, the Site or our Customer Support Center which allows you to automatically pay for parking at participating parking facility operators that support ANPR.
  • Cookies - The small data files on your computer or other device which consist of cookies, pixel tags, e-tags, “flash cookies”, or other local storage provided by your browser or associated applications.
  • Data Protection Officer - The individual designated as responsible for ensuring that PayByPhone complies with this Privacy Policy and applicable privacy laws, and is listed in the Contacts section below.
  • Facilities Operator - The operator of a parking facility offering the option to pay for parking with the PayByPhone service.
  • Parking Penalties - Parking fines, violation notices, tickets, citations, or penalties; your vehicle being wheel booted, your car being towed, or impounded; and other enforcement of vehicle parking requirements.
  • Parking Session - The parking service you obtain from a Facilities Operator within the Transaction.  Details of a parking session can include location, license plate, start parking session time, end parking session time and are usually linked to a payment.
  • Payment Information - Information of any type necessary to process payments by credit cards, debit cards, digital wallets, in-app and web purchases and any other payment method accepted by PayByPhone now or in the future in connection with any Transaction.
  • Personal Data - Information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier. Note that not all personal information that is shared with PayByPhone is considered Personal Data.
  • Services - All services offered by PayByPhone, including those that allow you to pay for a Parking Session at participating parking clients, including Autopass, pursuant to the Terms and Conditions, by using our App, Sites, Application Programming Interfaces, backend technologies, products, services, content, features, functions, applications, IVR System, PayByPhone Portal, PayByPhone Business Portal, and any future updates, changes or additions thereto.
  • Site - All PayByPhone operated websites including https://www.paybyphone.com, https://www.paybyphone.fr, https://www.paybyphone.co.uk, https://www.paybyphone.ch, https://paybyphone.de, https://www.pbp.it/, as well as any successors to such sites.
  • Terms and Conditions – Our Terms and Conditions which are accepted and agreed to by you when you open an Account or use the Services and which govern your use of the App and Services.
  • Transactions – Any time you start, pay for, complete, or make a parking session transaction using our App or Services.

11. App store; links to other websites

Your app store (e.g., iTunes or Google Play) may collect certain information in connection with your use of the App, such as Personal Data, Payment Information, geolocational information, and other usage-based data. We have no control over the collection of such information by a third-party app store, and any such collection or use will be subject to that third party’s applicable privacy policies.

Some pages on the Site and the App include links to third party websites. These third-party sites are governed by their own privacy statements, and we are not responsible for their operations, including but not limited to, their information practices. You should review the privacy statement of those third-party sites before providing them with any personally identifiable information. PayByPhone is not responsible for the processing of Personal Data on those third-party sites. We strongly advise you not to share any personal information about your Account, including your account number or password, on any social media site or with any third-party application that is not operated by PayByPhone.

12. Applicable law

All matters related to this Privacy Policy shall be governed in all respects by the laws of and all disputes shall be subject to the exclusive jurisdiction of the competent courts located in the jurisdiction in which the PayByPhone entity with whom you have a contract is domiciled, excluding the application of any conflict of laws principles and/or rules.  In the case of PayByPhone Technologies Inc., the relevant jurisdiction is the Province of British Columbia, Canada (subject to the provisions of the Consumer Protection Act applicable to residents of Quebec), in case of PayByPhone US Inc. – the State of Delaware, United States, in the case of PayByPhone Limited - United Kingdom, in the case of PayByPhone SAS - France, in the case of PayByPhone Suisse AG - Switzerland, in case of PayByPhone Italia S.r.l. - Italy and in the case of PayByPhone Deutschland GmbH - Germany.  Notwithstanding the above, you agree that it shall be nevertheless permissible for PayByPhone to apply for equitable relief in any jurisdiction. You also agree to comply with all local laws, rules, and regulations, including but not limited to those applicable to online conduct and acceptable Internet content.

13. Changes to this policy

We may amend, update, modify, replace, or revise this Privacy Policy at any time by communicating those updates with you and by posting such on our Site. All such amendments, updates, modifications, replacements, versions, or revisions are effective immediately upon posting on our Site. All references in this Privacy Policy to the Terms and Conditions, Legal Notice, and any other Services matters are references to the same as they are amended, updated, modified, replaced, or revised.

14. Further questions

If at any time you would like to contact us with your views about our privacy practices, or with any enquiry relating to your personal information, you can do so by emailing us at the addresses listed below.

15. Contacts

PayByPhone’s Data Protection Officer can be contacted via dpo@paybyphone.com

Last updated: 2023-02-13