Privacy Policy

Who we are

To understand who your data controller is please see the section entitled “How to reach us”.

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to our privacy policy and how we handle your personal data. Details about how to contact our DPO can be found in the “How to reach us” section of this privacy policy.

Definitions

  • Account - The PayByPhone parking service account opened by you in the App, on the Site or by calling our Customer Support Centers.
  • Anonymized Data - Anonymous, statistical, or aggregated information, on a de-identified basis (such as anonymous location information, enrollment numbers, demographic group information, etc.), in a form that does not enable the identification of a specific user.
  • ANPR – The automatic number plate recognition feature which (1) identifies an opted-in vehicle, prior to payment, as authorized to park at the participating parking facilities and allows access to the parking facilities without having to perform any action normally required to remove a barrier to entry and (2) automatically records the time of entry and exit from the participating parking facility, calculates the length of stay and the cost of the Parking Session for the purposes of initiating payment.
  • App - The PayByPhone mobile parking payment application and other applications that we may develop.
  • AutoPay – The service from PayByPhone that you opt your vehicle or vehicles in using the App, the Site or our Customer Support Center which allows you to automatically pay for parking at participating parking facility operators that support ANPR.
  • Cookies - The small data files on your computer or other device which consist of cookies, pixel tags, e-tags, “flash cookies”, or other local storage provided by your browser or associated applications.
  • Data Protection Officer – The individual designated as responsible for ensuring that PayByPhone complies with this Privacy Policy and applicable privacy laws, and is listed in the Contacts section below.
  • Facilities Operator – The operator of a parking facility offering the option to pay for parking with the PayByPhone service.
  • Parking Penalties – Parking fines, violation notices, tickets, citations, or penalties; your vehicle being wheel booted, your car being towed, or impounded; and other enforcement of vehicle parking requirements.
  • Parking Session – The parking service you obtain from a Facilities Operator within the Transaction.  Details of a parking session can include location, license plate, start parking session time, end parking session time and are usually linked to a payment.
  • Payment Information – Information of any type necessary to process payments by credit cards, debit cards, digital wallets, in-app and web purchases and any other payment method accepted by PayByPhone now or in the future in connection with any Transaction.
  • Personal Data – Information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier. Note that not all personal information that is shared with PayByPhone is considered Personal Data.
  • Services - All services offered by PayByPhone, including those that allow you to pay for a Parking Session at participating parking clients, including AutoPay, pursuant to the Terms and Conditions, by using our App, Sites, Application Programming Interfaces, backend technologies, products, services, content, features, functions, applications, IVR System, PayByPhone Portal, PayByPhone Business Portal, and any future updates, changes or additions thereto.
  • Site - All PayByPhone operated websites including https://www.paybyphone.com, https://www.paybyphone.fr, https://www.paybyphone.co.uk, https://www.paybyphone.ch, https://paybyphone.de, https://www.pbp.it/,  as well as any successors to such sites.
  • Terms and Conditions – Our Terms and Conditions which are accepted and agreed to by you when you open an Account or use the Services and which govern your use of the App and Services.
  • Transactions – Any time you start, pay for, complete, or make a parking session transaction using our App or Services.

Information we collect

As part of our commitment to you, we ensure that your Personal Data is accurate, confidential, and secure and allow you to access, correct, or erase your Personal Data. Please note that in order to offer our Services, we transfer your Personal Data to Canada and to certain service providers which may be located in other countries.

When you create an Account with us or use our Services, are consenting to the practices described in this Privacy Policy and the Terms and Conditions. Each time you use your Account or our Services, or provide us with information, the current version of this Privacy Policy and the Terms and Conditions govern the processing of your Personal Data.

If you do not agree with the terms of this Privacy Policy or the Terms and Conditions, please refrain from creating an Account or using our Services.

If you have any questions or comments about this Privacy Policy, please contact us at the address listed  below in the Contact Section.

We only collect and process Personal Data that is required to create an Account and to offer the Services you request and to communicate with you.

You and anyone you authorize to use your Account provide some of this information directly when you create an Account, use a Service or contact us for support, including:

  • Mobile phone number
  • Email address
  • Vehicle license plate
  • Billing information (such as credit card and debit card numbers and expiry dates) (NOTE: We do not store CVV/CVV2 security numbers on our servers.)
  • Password
  • Transaction data (such as Parking Session date, time, duration, zone number and amount paid)
  • Customer support issue details

In some cases, for example when you permit another party, such as your employer, to pay for parking sessions on your Account through linking your Account to theirs and adding their payment method to your Account, we might ask you or the owner of the payment method to provide your:

  • Profession
  • Professional affiliations membership
  • Work email address
  • Unique username
  • Work mobile phone number
  • Job Title
  • Department
  • Office Name
  • Employee Cost centre

You may also give us additional information when you choose to open your Account using information from third party services you already have, including:

  • Your device settings and credentials
  • Credentials from a third-party app or platform (e.g. Apple, Google, Meta)

Our Services

When we process your Personal Data in relation to our Services (including, without limitation, for customer service, security messages, processing payments, sending receipts and reminders of parking session expiry) and our related internal purposes (including administration, risk management, compliance, product development, research, debt collection, financial audit, security and record keeping,) we rely on the lawful basis of having a contractual relationship with you. It is a condition of us offering the Services to you that you provide us with such personal data as is required for us to enter into and fulfill a contract with you for the Services you select and for us to comply with our legal obligations in order to provide such Services. Without this data, we will not be able to fulfill our obligations under a contract with you and have to refuse to enter into the contract or terminate an existing contract. You may also choose to give us additional information to obtain a Service or receive communications from us including:

  • Name
  • Physical address
  • Postal code/zip code
  • Location
  • Type of vehicle (including an image)
  • Communication preferences
  • Any information related to your voluntary participation in our contests, promotions, and research, including demographic or occupation information that you choose to provide.

You may stop providing us this additional information at any time by adjusting your Account settings in the App, on the Site or by contacting us.

We also collect other data indirectly when our software interacts with your device and when we use technologies like cookies and error messages. This may include:

  • IP address and information about the device you use to access the Services
  • Traffic and Activity data
  • Media Access Control (MAC) address
  • Operating system name and version
  • Device manufacturer and model
  • Your language preferences
  • Type and version of your Internet browser
  • Name and version of the App you use
  • App and Site traffic data
  • Landing and exit page details
  • Details of your session between pages of the Site to provide a continuity of experience
  • Details of your session between launch of the app and booking to provide a continuity of experience
  • Details of when you install and uninstall the App

Please see our Cookies Policy for more information on the use of cookies and adjust your Cookie Settings.

We also sometimes obtain data about you from third parties (including parking operators, payment facilitators, parking enforcement agencies and hardware/software manufacturers). For example:

  • When you register a credit card or debit card with us to use the Service, we will use card authorization and fraud screening services to verify that your card information matches other information that you supply to us, and that the card has not been reported as lost or stolen
  • When you opt into AutoPay (available in some countries), a Service that allows you to automatically pay for parking at facilities that support automatic number plate recognition, we will obtain from the parking operator the time of the vehicle entry and exit from the parking facility and we may receive a photograph of the vehicle taken at that time.
  • We may also add publicly available information to your account, such as information about your vehicle type obtained from public records (for example, information held by the Driver and Vehicle Licensing Agency (DVLA) in the UK). This additional information helps us improve our services and provide a more tailored experience.

Consent

When we process your information to communicate with you (including about our own and our affiliate offers & promotions, offers & promotions by third parties, events occurring in localities where you recently parked, targeted advertising and marketing of services, and personalized advertisements based on your vehicle information), we rely on the lawful basis of consent to process your Personal Data and we are committed to obtaining that consent in a legitimate way.

You can provide your consent in the App, on the Site or verbally to our authorized representatives. You will be asked specifically if you would like to opt-in to each of these communications and you can choose whether to receive some, all, or none of these communications.

Unless the type of use is necessary for us to provide the Services, you will have the right to revoke your consent to such use at any time (more on this below) by contacting us, including but not limited to logging in to your Account on the Site, in the App or submitting a support ticket, by contacting your relevant Data Protection Officer. in to your Account on the Site or in the App or or submitting a support ticket or writing to your respective Data Protection Officer at the contact listed in Section 15 of this Privacy Policy. You will have an opportunity to unsubscribe each time we communicate with you outside the app and/or through your App settings. Note that your decision to withhold or withdraw your consent to certain other uses of Personal Data or certain types of communication may restrict our ability to provide a particular service or product.

Subject to Data Protection Laws, we may collect, use, store or share Personal Data without your consent in the following limited circumstances:

  • As instructed by local authorities in emergency situations that threaten an individual's life, health, or personal security such as emergency warnings for tsunami or earthquakes.
  • When the Personal Data is available from a public source (e.g. a telephone directory).
  • To protect ourselves and other users from fraud.
  • To investigate an anticipated breach of an agreement or a contravention of law.
  • When such collection, use or disclosure of Personal Data is permitted or required by law.

Legitimate Interest

Where permitted by law, we will process your Personal Data on the basis of our legitimate interest, for example when contacting you about new product offerings and conducting customer satisfaction surveys to enhance our services or sending you newsletters and parking, vehicle or road use related service and security messages. For this type of processing, we will always take into consideration the effect of such processing on your fundamental rights and freedoms, and if we believe that the communication would be an infringement on your rights, we will not proceed with that communication.

PayByPhone Technologies Inc. acts on the basis of legitimate interest in the group-wide use of a central IT infrastructure (including for registration and processing of parking transactions, product and system development and ensuring IT security).

You may opt-out of receiving legitimate interest-based communications by logging logging in to your Account on the Site, in the App or submitting a support ticket, by contacting your relevant Data Protection Officer. in to your Account on the Site or in the App or or submitting a support ticket or writing to your respective Data Protection Officer at the contact listed in Section 15 of this Privacy Policy. Note that your decision to opt-out may restrict our ability to provide a particular service or product.

How we use your data

We only process your Personal Data for the purposes for which we have a lawful basis.

Some processing associated with the purpose of providing you our Services include:

  • Creating your Account
  • Operating the Service
  • Providing you with navigation services to your parking location
  • Providing you with parking information at or near you or at your location
  • Sending you notifications of the end of your parking session
  • Facilitating, processing, and keeping a record of your Transactions
  • Serving as the merchant of record for certain Transactions
  • Collecting or attempting to collect any unpaid amounts owed by you
  • Sending you the receipt for your Transactions
  • Providing you with your parking history
  • Facilitating communication between you and PayByPhone
  • Providing you customer support
  • Cooperating with relevant authorities (for example: regarding your Parking Penalties)
  • Analyzing and monitoring App and Service usage and making improvements, enhancements, and customizations to your experience
  • Investigating and resolving outages, malfunctions, or problems that you may be having with our App or Services
  • Ensuring the security of the App and Services, preventing fraud, and enforcing our policies
  • Complying with any applicable law and assisting law enforcement agencies under applicable law
  • Working with you to terminate your Account and retaining only your Personal Data when we are required to retain such information by law or pursuant to our other agreements
  • Responding to any dispute, or legal proceeding of any kind between you and PayByPhone
  • Providing required reports to our financial partners or service providers
  • Creating Anonymized Data sets for internal, external, commercial, and analytical purposes
  • Performing other activities with your consent as set out in the terms of the express consents you give to us, for example sharing data to send you customized offers & promotions with the Corpay Group and/or third parties.
  • Some processing associated with the purpose of communicating with you include (supported by your consent where required):
  • Sending you updates, notices, announcements, and additional information related to our Services, vehicle, parking or road use related service and security messages, or information about events occurring in localities where you recently parked.
  • Conducting surveys, contests, questionnaires, discounts or rewards programs, sweepstakes, or promotions for ourselves and third parties.
  • Sending you marketing, advertising material, and other content and provide you with information and advertisements about offers, discounts and other services relevant to you, or that we believe you may find interesting.
  • Sending you updates, notices, announcements, and additional information related to other products and services or those of our affiliates or those of other third parties.
  • Conducting surveys, contests, questionnaires, discounts or rewards programs, sweepstakes, or promotions on behalf of our affiliates or third parties.
  • After you use our services, we may invite you to provide feedback about your experience (to do this, we may share your email address with a review platform that sends a one-time review invitation on our behalf. We rely on our legitimate interests to understand how our services are performing and to improve them. You can opt out of receiving review invitations at any time)
  • Providing you with personalized advertisements and product recommendations based on your vehicle information (such as type of car) and other relevant data.

Date we share and receive

We do not sell or otherwise disclose your data, except as described in this privacy policy. We may share you data with the following parties:

Other members of the Corpay group of companies.

Providers of transaction services, merchants, payment processors and other suppliers to assist with the transactions and administration of the payment services.

Marketing and data analytics companies.

Review service providers who send customer feedback invitations on our behalf.

Our commercial partners who sell similar products and services.

Partners who provide features on our websites.

IT suppliers.

Risk and fraud prevention agencies and monitoring providers.

Our insurers and professional advisers.

Regulators and other government agencies including, but not limited to, public authorities, regulators, the police and other law

enforcement agencies.

Any company to whom we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets, along with its professional advisers.

We do not authorise any third parties that we share data with to use or disclose your data except as necessary to perform certain services on our behalf, to comply with legal requirements. We require these third parties, through our contractual arrangements with them, to appropriately safeguard the privacy and security of the data they process on our behalf.

We may also receive personal data about you from the following third parties:

  • Social media platforms
  • Your employer.
  • Data brokers.
  • Our commercial partners.
  • Public databases.
  • Regulators and other government agencies.

If you would like to receive a full list of our suppliers and other third parties who we share your data with or receive your data from then you can get in touch with us using the details provided in the section “How to reach us?”.

Where is your information transferred

As with any multinational organisation, we are often required to transfer data internationally. Accordingly, your personal data may be transferred globally (if your data is collected within the European Union, this means that your data may be transferred outside of it). This includes transfers that have been identified in the previous section “Who do we share your data with and for what purposes”.

When using personal data as described in this privacy policy, it may be transferred either within or outside the country or territory where it was collected, including to a country, territory or international organisation that may not have EU equivalent data protection standards.

For example, we may transfer your personal data to our vendors based outside the European Union. In all cases, the transfer will be on the basis of a European Commission adequacy decision or we will implement adequate measures, for example the EU Model Contracts, and including appropriate security measures, for the protection of personal data in those countries, territories or international organisations in accordance with applicable data protection laws. If you would like more information about any of the data transfer measures on which we rely please contact us using the details provided in the section “How to reach us”?.

How we keep your information secure

Corpay will take appropriate technical and organisational security measures to secure your personal data and to protect it from loss, misuse or alteration. Personal data that we hold about you is stored on our secure servers or those of our appointed suppliers. Our web pages that collect your data are secured with Secured Socket Layers (SSLs).

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share this password with anyone.

Corpay maintains an information security program that is designed to:

  • Secure and maintain confidentiality of your personal data.
  • Protect against anticipated threats or hazards to security or integrity of your data.
  • Protect against unauthorised access to or use of your data that could result in substantial harm or inconvenience to you or your entity if compromised.
  • Comply with applicable laws.

How long we may keep your data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data can be requested by contacting the DPO.

In some circumstances you can ask us to delete your data, please see “Your Rights and Choices”.

Third Party Providers (App store; links to other websites; used services)

App Store

Your app store (e.g., iTunes or Google Play) may collect certain information in connection with your use of the App, such as Personal Data, Payment Information, geolocational information, and other usage-based data. We have no control over the collection of such information by a third-party app store, and any such collection or use will be subject to that third party’s applicable privacy policies.

Additional Services

Some pages and information on the Site and the App include links to third party websites or offers. These third-party sites are governed by their own privacy statements, and we are not responsible for their operations, including but not limited to, their information practices. You should review the privacy statement of those third-party sites before providing them with any personally identifiable information. PayByPhone is not responsible for the processing of Personal Data on those third-party sites. We strongly advise you not to share any personal information about your Account, including your account number or password, on any social media site or with any third-party application that is not operated by PayByPhone.

Use of services

We engage service providers to perform functions and provide services for us, located for example in the Czech Republic, Canada, United States, Ireland, and other countries.

The following is a selection of techniques used:

  • In some regions we may offer insurances through our partner Chubb. For purchases made through our app involving Chubb and Car Contents insurance, the following applies: by purchasing a policy through our App, you consent to the sharing and processing of your personal data, specifically your email address and transactional data, by Chubb. Chubb operates as a separate controller for this data. They will process this data in accord with their own Privacy Policy and legal obligations. This is done to ensure the smooth operation of services, resolve issues and queries, and fulfil any legal, regulatory, or contractual requirements. Please review Chubb's Privacy Policy by visiting https://www.chubb.com/us-en/online-privacy-policy.html to better understand their practices. We are committed to the careful, confidential, and secure handling of your personal data at all times.
  • In some regions, we may engage with our partner Rokt to provide custom offers from other brands on our Sites or in our App. You can learn more about Rokt and learn how to opt-out of Rokt’s personalized brand offers by visiting https://www.rokt.com/privacy-policy/. ROKT serves as an independent data controller for this collected information, operating in compliance with their own Privacy Policy and legal obligations. Only we with your consent, we may share personal data with our partner. This data is used to enhance your user experience by providing customized advertisements and promotional materials that best match your interests.

Children's privacy

Corpays websites are not intended for use by children, especially those under the age of 18. No one under the age of 18 should provide any personal data or participate in any forums, chats, or online discussions. Minors under the age of 18 are prohibited from applying for emails, newsletters and/or products or services, on our websites. If we identify that we have received any such personal data we will delete it.

Your rights and choices

You may have some or all of the following rights in respect of personal data about you that we hold:

  • Request us to give you access to it
  • Request us to rectify it, update it, or erase it
  • Request us to restrict our using it, in certain circumstances
  • Object to our using it, in certain circumstances
  • Where legally possible, withdraw your consent to our using it
  • Data portability, in certain circumstances
  • Opt out from or objecting to our using it for direct marketing
  • Lodge a complaint with the supervisory authority in your country (if there is one).

You are able to exercise these rights by contacting us using the details set out at in the “How to reach us” section below.

Please visit our cookie policy to learn about how you can also exercise your rights in relation to our use of cookies, web beacons and similar technologies.

You have the rights set out in the table below:

Right in respect of the data about you that we holdFurther detail (note: certain limits to all these rights apply)
To request access to it

This is confirmation of: 

  • whether or not we process data about you
  • your name and contact details;
  • purpose of the processing;
  • categories of data concerned;
  • the categories of persons with whom we share the data and, where any person is outside the EU and does not benefit from a European Commission adequacy decision, the appropriate safeguards for protecting the data;
  • (if we have it) the source of the data, if we did not collect it from you;
  • (to the extent we do any, which will have been brought to your attention) the existence of automated decision-making, including profiling, that produces legal effects concerning you, or significantly affects you in a similar way, and information about the logic involved, as well as the significance and the envisaged consequences of such processing for you; and
  • the criteria for determining the period for which we will store the data.

On your request we will provide you with a copy of the data we hold.

You can assert this right by accessing your Account on the Site or the App. You may also contact us with a Personal Data access request, and we will take all reasonable steps to assist you with any legitimate request for access. 

To request us to rectify or update itThis applies if the data we hold is inaccurate or incomplete.
To request us to erase it

This applies if:

  • The personal data we hold is no longer necessary in relation to the purposes for which we use it;
  • we use the data on the basis of your consent and you withdraw your consent (in this case, we will remember not to contact you again, unless you tell us you want us to delete all personal data about you in which case we will respect your wishes);
  • we use the data on the basis of legitimate interests and we find that, following your objection, we do not have an overriding interest in continuing to use it;
  • the data was unlawfully obtained or used; or
  • to comply with a legal obligation
At any time, you may delete your Account through the app. In that case your data related and associated to the creation of the Account is deleted. You will have to set up a new Account and add your personal information again. 
To data portability

This right applies: 

  1. to personal data that you have provided to us; and 
  2. if we use that data on the basis either of your consent, or on the basis of discharging our contractual obligations to you. 

If both (i) and (ii) apply, you have the right to receive the data back from us in a commonly used format, and the right to require us to transmit the data to someone else if it is technically feasible.

To lodge a complaint with the supervisory authority in your country

Each country must provide for one or more public authorities for this purpose. Please consult your specific country regulator for more information.

For individuals in the United States or Germany, please refer to the following additional information.

Additional US-State-Specific Privacy Disclosures

For individuals in the United States, please refer to our U.S. State Data Privacy Notice for additional information about the processing of your personal data, and your rights under applicable U.S. State data privacy laws.

Germany Specific Disclosures

In Germany, with a large number of Facilities Operator, we have a processing of personal data agreement under joint responsibility in accordance with Art. 26 of GDPR. You can find a detailed list of Facilities Operators here.

Jersey Specific Disclosures

If you are a resident in Jersey and use our services in Jersey, please refer also to our Jersey specific policy.

For information on additional processors of your Personal Data, see in the Section "With whom is your information shared" below.

How to reach us

If you have any questions about our privacy policy, then please dpo@paybyphone.com

If you would like to raise any request to exercise your legal rights in relation to the data we hold on you including a Data Subject Access Request, contact dpo@paybyphone.com.

If your country of residence has a data protection authority, you have a right to contact it with any questions or concerns. If we cannot resolve your questions or concerns, you also have the right to seek judicial remedy before a national court.

Updates to this privacy policy

We will update this policy from time to time to reflect changes in our business. We will inform you of these changes as required under applicable laws.

3/3/2026, 2:04:44 AM | V14.0