We – Airport Parking GmbH, Holtumsweg 32, 47652 Weeze, Germany – attach great importance to transparency and legal conformity in the processing of your personal data (hereinafter also referred to as “data”). It is, therefore, a matter of course for us to observe accepted data protection regulations, and, in particular, the EU Data Protection Basic Regulation (“DS-GVO”).
The party directly responsible for processing the data while using our website and the services offered there, and specifically as such relates to DS-GVO, is:Airport Parking GmbH
represented by Lukas Hendriksen as Managing Director
Phone: + 49 (0) 2837 - 969 8010
Fax: + 49 (0) 2837 - 969 8011
Data Protection Officer of the responsible party:FREY Rechtsanwälte Partnerschaft (Attorneys at Law Partnership)
Agrippinawerft 22 (Rheinauhafen)
here represented by Dr. Matthias Rudolph
Phone: +49 (0) 221 - 42 074 800
Fax: +49 (0) 221 - 42 074 829
If you have any questions or suggestions regarding data protection, please contact our Data Protection Officer directly.
1. What is personal data?
The focus of data protection in this context is personal data. Personal data is all information relating to an identified or identifiable natural person (“data subject”) (Art. 4 No. 1 DS-GVO). An identifiable natural person is one who can be identified directly, or indirectly, by means of an identifier such as a name, an identification number, location data, an online identifier, etc.
2. What data do we collect, for what purpose and what happens to your data?
2.1 Data that we process when you visit our website
2.1.1 Operation of the website
When you visit our website, the following data is always collected and processed – i.e. when you simply visit our website without registering or using our individual services – without drawing any conclusions about your person:
Data collected directly by us:
- the previously visited website (referrer URL);
- the individual pages of our website which you accessed;
- the date and time you access our website;
- the internet Protocol Address (IP address) of the accessing device;
- the type of device you use to access our website (e.g. computer, mobile phone, etc.);
- the browser and operating system from which you access our website, including the respective version number and the language set on the website
Data we receive from our provider:
- other similar data and information used to protect against potential dangers in the event of attacks on our information technology systems.
This information is needed to:
- deliver and present the contents of our website correctly;
- optimise the content of our website and its application, e.g. adapt the content for viewing on a mobile device;
- ensure the long-term operability of our information technology systems and the technology of our website
- and provide law enforcement authorities with the information they need to prosecute a cyber attack.
The data collected will be anonymised by us 7 days after the end of the respective internet session. The data will subsequently be evaluated statistically with the aim of increasing data protection and data security in our company. The ultimate goal being to ensure an optimum level of protection for the personal data processed by us. The processing of your data is necessary for the legitimate interests pursued by our company and is based on Art. 6 Para. 1 Sentence 1 Letter f) DS-GVO.
Cookies and HTML5 web storage
Our website uses various types of cookies and HTML5 web storage techniques:
Session cookies and session storage
If you use our booking system or make use of services on our website that include registration and login with a user account (see Sec. 2.3 and 2.4), cookies and web storage serve to temporarily store login information and settings for the user account, as well as the entries you have already made (hereinafter referred to as “session objects”).
Session objects contain data such as a unique identification number (“session ID” as a pseudonym), with which we can assign various requests from your browser to the shared session and recognize your terminal device on various sub-pages of our website. We can also make this assignment if you return to our website during a continuous internet session, e.g. after you have accessed another website in the meantime.
An identification of your person on the basis of this pseudonymised data is only possible for us if you provide further data during the internet session, which enables an identification of your person. This is particularly the case if you register as a user of our website or provide personal information during a booking process.
The setting of session objects is necessary to ensure we do not lose any entries you have already made in the connected booking process and to enable the restoration of your entries in the event of a fault (e.g. short-term disconnection from our website during the call of a subsequent booking page), as well as the correction of the entries already made in the event you use the “back” button of your browser. On the other hand, session objects are also required for the provision of a login function within the framework of our user system and therefore correspond to the recognised technical and organisational measures put in place to prevent unintentional access to your data by third parties.
Data processing by means of these session objects is thus carried out to fulfil the contract or to implement pre-contractual measures and is based on Art. 6 Para. 1 Sentence 1 Letter (b) DS-GVO.
Preference cookies and local storage
The cookies and web storage techniques we use also serve to save your preferred settings on this website and to assist you in finding the information you require about our services (hereinafter referred to as “preference objects”). Without the use of preference objects, we would not be able to provide the above functionality.
The information we store in – and retrieve from – the preference objects does not relate to you personally. Preference objects are automatically deleted after 30 days if they are cookies. Local storage objects cannot be provided with an automatic expiration date by us for technical reasons and must therefore be deleted by you.
Deactivating and deleting cookies and web storage objects
Under the menu item “Help” in most internet browsers, you will find information on how you can choose the option to prevent the acceptance of cookies and web storage objects, and settings regarding how your browser informs you about the placement of a new cookie or web storage object. Please note that some functions of our website may no longer be available if cookies and web storage objects are deactivated.
2.1.3 Google Tag Manager
If you want to disable Google Tag Manager, you can disable cookies from Google Tag Manager in your browser.
2.1.4 Google Analytics
- Perform opt-out (Google Analytics Tracking is disabled when you click the link)
In connection with the use of Google Analytics, your personal data will be transferred to the USA. Google LLC is subject to the EU–U.S. Privacy Shield. This ensures an adequate protection of your personal data. The full text of the EU–U.S. Privacy Shield Framework can be found at the following link:
2.1.5 Google Adwords & Facebook Pixel
We process your personal data on the basis of our legitimate interest in displaying product recommendations and implementing marketing measures, on the basis of Art. 6 Para. 1 Sentence 1 Letter f) DS-GVO. For this processing, we use Google Adwords and Facebook Pixel. If you wish to object to data processing by Google Adwords and/or Facebook Pixel, please click on the respective link (opt-out option):
- Google Adwords: https://www.google.de/settings/ads/
- Facebook Pixel: http://www.youronlinechoices.com/de/praferenzmanagement
In connection with the use of Google Adwords and Facebook Pixel, your personal data will be transferred to servers located in the USA. Google LLC and Facebook, Inc. are subject to the EU–U.S. Privacy Shield. This ensures an adequate protection of your personal data. The full text of the EU–U.S. Privacy Shield Framework can be found at the following link:
For further details on data processing by Google Adwords and Facebook Pixel, please refer to the corresponding data protection information:
2.1.6 Social Media (Facebook & Instagram)
We place advertisements on social media platforms Facebook and Instagram – also known as social media ads. If you have an account on these platforms and agree to receive advertising via your account settings on said social media platform, you might receive recommendations about our products and services when you use the platform. These recommendations are generated on the basis of your interests stored in your public profile on Facebook or Instagram. We also access your public profile data from these social media platforms. On the basis of your interests as defined in said public profile, we will show you tailored advertising. To measure the potential relevance of the advertisement, we specifically access and process
- Your IP address,
- Your device/cookie ID,
- Page/feed activity,
- Internet speed,
- Purchasing activities and
- Social connections,
to measure the success of the advertisement. We process your personal data on the basis of our legitimate interest in being able to effectively place advertisements and carry out advertising campaigns on the basis of Art. 6 Para. 1 Sentence 1 Letter f) DS-GVO. Your personal data will be transferred to the USA. Facebook, Inc. is subject to the EU–U.S. Privacy Shield. This ensures an adequate protection of your personal data. The full text of the EU–U.S. Privacy Shield Framework can be found at the following link:
For more details on data processing, please refer to the Facebook and Instagram privacy information:
Our website uses the MapBox map service via an API. The provider is MapBox Inc. 740 15th St NW, Washington, DC 20005, USA.
By using MapBox, data is usually transferred to the servers of MapBox Inc. in the USA and processed there. We would like to point out that, as the provider of the pages, we have no influence on the content of the transmitted data or its use by MapBox.
The use of MapBox is in the interest of an appealing presentation of our online offers and easy retrievability of the places indicated by us on the website. This constitutes a legitimate interest with respect to Art. 6 Para. 1 Letter f) DS-GVO.
In the FAQ, the search for content is conducted by Algolia. Search queries are delivered with immediate visual feedback and typo tolerance. Furthermore, the Places API from Algolia is used in the booking process to simplify address entry.
The legal basis for this data processing is Art. 6 Para. 1 Letter f) DS-GVO based on our aforementioned legitimate interest.
The legal basis for this data processing is Art. 6 Para. 1 Letter f) DS-GVO based on our aforementioned legitimate interest.
2.1.10 Google reCAPTCHA
The legal basis for this data processing is Art. 6 Para. 1 Letter f) DS-GVO based on our aforementioned legitimate interest.
2.2 Data that we process when you contact us
If you contact us via the contact methods offered on the website, specifically via the contact form or the e-mail addresses and fax numbers given, we process the date and time of your enquiry and the location (airport) affected by your enquiry, as well as such data which you voluntarily communicate to us. These are, for example, your title, academic title, name, mobile telephone number, e-mail address, address, the company you work for and other information that you provide voluntarily. We use this data to process your contact request. The processing of your data is therefore based on your request and on Art. 6 Para. 1 Sentence 1 Letter b) DS-GVO.
If you make use of services on our website that include registration or login with a user account (see Sec. 2.4), we will store the data transmitted in the context of the contact request in your user profile. This processing of your data is carried out in order to properly process your request and to identify you as a person when making enquiries about our products and services and to document your enquiries in connection with our contractual relationship. In this respect, it is based on Art. 6 Para. 1 Sentence 1 Letter b) DS-GVO.
When using our contact form, your internet protocol address (IP address) will also be saved. This storage is done to ensure the provision of our services and to prevent their misuse. It makes it possible to investigate criminal offences committed when necessary and to enforce the private rights of third parties. In this respect, the storage of your IP address is necessary for our security. A sharing of this data to third parties does not take place in principle, except with existence of a corresponding legal obligation to share, or if sharing serves a criminal prosecution. The legal basis for the processing of this data is Art. 6 Para. 1 Sentence 1 Letter f) DS-GVO.
If the enquiry is made in connection with the use of our services (see Sec. 2.3) or within the framework of our contractual relationship including its initiation, the data transmitted or collected in the enquiry will be stored for the duration of our contractual relationship. Otherwise, the data will only be stored as long as is necessary to answer your request. A storage extending beyond this is possible, however, in the cases mentioned in Sec. 4.
2.3 How we process data when you use our booking system
You have the option of booking an airport parking space via our booking system. In addition to the details of your departure airport and the desired parking time, we also require your title, name, address, mobile telephone number and e-mail address in order to identify you as our contractual partner, to be able to check your booking and, if we have successfully checked and confirmed your booking, to enable us to fulfil the contract. If you make use of services on our website that involve registration or login with a user account (see Sec. 2.4), we will store the data transmitted within the framework of the booking request in your user profile. The processing of the above data for the fulfilment of the contract is based on Art. 6 Para. 1 Sentence 1 Letter b) DS-GVO.
In addition, you may provide further detailed information, e.g. about your job title or your current employer. If your consent is required, we will also store and use this data in your existing user profile (Sec. 2.4) in order to get to know you better and to better tailor our content and services to your individual needs, e.g. in the form of personalised newsletters and personalised incentives. The provision of this additional data is always voluntary and the collection and processing of this data is only carried out with your consent and is, therefore, based on Art. 6 Para. 1 Sentence 1 Letter a) DS-GVO.
When using our booking system, your internet protocol address (IP address) and the date and time of the respective booking request are also saved. The data is stored in order to ensure the provision of our services and to prevent their misuse. This data makes it possible, if necessary, to investigate criminal offences committed and to enforce the private rights of third parties. In this respect, the storage of this data is necessary for our security. A sharing of this data to third parties does not take place in principle, except with existence of a corresponding legal obligation to share, or if sharing serves a criminal prosecution. The legal basis for the processing of this data is Art. 6 Para. 1 Sentence 1 Letter f) DS-GVO.
This data is stored for the duration of our contractual relationship. A storage extending beyond this is possible in the cases mentioned in Sec. 4.
2.4 How we process data when you register/sign-up as a user
You have the opportunity to register as a user on our website by providing personal data. We need your title, name, address, e-mail address, a user name chosen by you and a password created by you in order to identify you as our contractual partner and to enable the fulfilment of the contract and the provision of our services. The processing of the above data for the fulfilment of the contract is based on Art. 6 Para. 1 Sentence 1 Letter b) DS-GVO.
In addition, you may provide further detailed information, e.g. about your job title or your current employer. Subject to your consent, we will use this data to get to know you better and to better tailor our content to your individual needs. The provision of this additional data is always voluntary and the collection and processing of this data is only carried out with your consent and is, therefore, based on Art. 6 Para. 1 Sentence 1 Letter a) DS-GVO.
An activation/confirmation e-mail will be sent to the e-mail address you provided during registration. Only after clicking on the confirmation link will your user account be activated. This is to confirm the accuracy of the e-mail address and the proof of your ownership of that e-mail address. Your internet protocol address (IP address) is stored along with the current date and time when you register on our website, and also when you access the confirmation link and log in as a registered user. The data is stored in order to ensure the provision of our services and to prevent their misuse. This data makes it possible, if necessary, to investigate criminal offences committed and to enforce the private rights of third parties. In this respect, the storage of this data is necessary for our security, and is, therefore, in our legitimate interest and is based on Art. 6 Para. 1 Sentence 1 Letter f) DS-GVO.
The above data will be stored until your user profile is deleted. A storage extending beyond this is possible in the cases mentioned in Sec. 4. To delete your user profile, simply send us the appropriate request. You can also send it by e-mail to firstname.lastname@example.org.
2.5 Data that we process when you agree to our newsletter (“Easy Airport Parking Newsletter”)
When registering a user account and on our website, you can also sign up for the Easy Airport Parking Newsletter (hereinafter referred to as the “Newsletter”), which contains news about our products and services.
To receive the newsletter, you must have a valid e-mail address and have registered to receive it. For legal reasons, a confirmation e-mail will be sent to the e-mail address you entered as part of the double opt-in procedure for subscribing to the newsletter. This confirmation e-mail is used to check whether you, as the owner of the e-mail address, authorise receipt of the newsletter. The registration becomes effective only after you have clicked on the link in the confirmation e-mail. Your internet protocol address (IP address) and the current date and time will be stored when you register for our newsletter, when you access the confirmation link and when you register as a registered user. The data is stored in order to ensure the provision of our services and to prevent their misuse. This data makes it possible, if necessary, to investigate criminal offences committed and to enforce the private rights of third parties. In this respect, the storage of this data is necessary for our security, and is, therefore, in our legitimate interest and is based on Art. 6 Para. 1 Sentence 1 Letter f) DS-GVO.
Subject to your consent, we process your data as follows:
The personal data collected as part of a registration to receive the newsletter will be used to send the newsletter. You may also be informed by e-mail if this is necessary for the operation of the newsletter service or registration (e.g. changes to the news service or changes to technical conditions). You can unsubscribe from the newsletter at any time. You will find a corresponding link at the end of every newsletter e-mail.
By registering for our newsletter service, you consent to the receipt of the newsletter and the processing of this data in accordance with the above. In this respect, data processing is based on Art. 6 Para. 1 Letter a) DS-GVO.
When you order our newsletter, your internet protocol address (IP address), the date and time of registration will be stored. The data is stored in order to ensure the provision of our services and to prevent their misuse. This data makes it possible, if necessary, to investigate criminal offences committed and to enforce the private rights of third parties. In this respect, the storage of this data is necessary for our security, and is, therefore, in our legitimate interest and is based on Art. 6 Para. 1 Sentence 1 Letter f) DS-GVO.
The data collected in the course of ordering the newsletter will be stored until you unsubscribe from the newsletter. A storage extending beyond this is possible in the cases mentioned in Sec. 4.
2.6 Processing of data for payment processing
The payment methods SEPA direct debit (only for Germany) and credit card (Mastercard and VISA) are available for payment processing.
When paying by credit card or SEPA direct debit, personal data is automatically transferred to the payment service provider EVO Payments International GmbH, Elsa-Brändström-Straße 10-12, 50668 Cologne, Germany (hereinafter referred to as “payment service provider”).
When paying by credit card, the personal data required to process the payment is the cardholder’s first and surname, the card number, CVC (Card Validation Code) and expiry date.
When paying by SEPA direct debit, the personal data required to process the payment is the first and surname of the account holder and the bank account data in the form of the IBAN. As part of the payment confirmation, you must also accept a mandate that gives us authorisation to debit your account. You do this during the booking process.
The payment service provider uses the aforementioned data to process the payment and, where appropriate, to contact the payment and to provide customer service in this regard. The payment service provider shall disclose the personal data to affiliated companies to the extent necessary to fulfil the contractual obligations or to process the data on behalf of the payment service provider. In this respect, the processing of the data takes place for the payment processing and is based on Art. 6 Para. 1 Sentence 1 Letter b) DS-GVO.
In addition, the payment service provider may disclose the data to third parties if this is required by law with regard to the type of payment (e.g. to prevent money laundering under the Money Laundering Act).
Please note that the Payment Service Provider is also subject to numerous obligations to retain the information you provide, including ensuring that transactions can be reasonably processed, settled, refunded or charged back, helping to detect fraud, and complying with anti-money laundering and other laws and regulations applicable to the Payment Service Provider and its financial service providers. Therefore, the payment service provider shall retain certain data in order to fulfil its obligations.
Data processing is, therefore, based on Art. 6 Para. 1 Sentence 1 Letter c) DS-GVO.
Your data will also be disclosed if this is necessary to protect our rights, the rights of the payment service provider, to enforce the conditions of the payment service provider or to comply with requirements of law enforcement authorities and others. Such a transfer is based on Art. 6 Para. 1 Sentence 1 Letter f) DS-GVO.
2.7 Video Surveillance
The car parks and parking areas that we make available for you to use are monitored by video. The vehicle, its registration number and the occupants are recorded as a video image. These recordings are stored by the respective operator and transmitted to us.
This video surveillance serves to ensure safety in the car parks and parking areas. This is specifically intended to prevent criminal offences and secure evidence in the event of possible criminal offences (such as fleeing from the scene of an accident). The legal basis for this processing is Art. 6 Para. 1 Sentence 1 Letters (b) and (f) DS-GVO.
Video recordings are also made in the entrance and exit areas of the car parks and parking areas provided by us. This video surveillance at the entrance and exit area serves to enable you, as the customer, to identify us as the provider in the event of problems occurring during entry and exit (specifically loss or non-functioning of a parking ticket), since the parking facilities may be used by several parking service providers. The legal basis for the processing of this data can be found in Art. 6 Para. 1 Sentence 1 Letter b) DS-GVO.
Subject to a longer storage period required by Sec. 4, the video recordings shall be stored for a maximum of 2 working days.
3. How do we handle your data?
When processing data, it is our aim to always achieve the highest possible level of security within the scope of the respective purpose of use. However, absolute protection cannot be guaranteed. Therefore, we have taken additional security precautions to protect your data.
For example, we always transmit your data in encrypted form only. For this purpose we use the SSL (Secure Socket Layer) coding system, which is intended to prevent the data streams from being intercepted by third parties and to prevent your data from being viewed in plain text. You can recognise the use of the SSL coding system by the “https://” in the address line of your browser and, in the case of most browsers, by the fact that a corresponding lock symbol appears next to the address line. So you can be sure that your data will be securely transmitted to us.
4. How long do we keep your data?
We process and store personal data for the period of time necessary to achieve the stated purpose (see Sec. 2).
After completion of the purpose for which the personal data was transmitted to us, or if you specifically request it, this data will be deleted, unless we are legally entitled (for example, for evidence purposes in the context of the processing of our contractual relationship) or obliged (for example, for tax reasons) to store it. This storage period may be longer than required for the original purpose (rule storage period). In the case of storage of accounting documents, for example, we are obliged to store them for a period of 10 years (§ 147 Para. 3 of the Tax Code).
If the original purpose of use has been achieved or no longer applies, we will not use the personal data for further processing. Upon the expiration of the authorisation or the legal storage obligations, we will then delete the data permanently.
5. Do we pass on your data to third parties?
We may arrange for data to be passed on to one or more persons or companies who process the data for us as the responsible party within the scope of the purposes described above (so-called contract processors). These external recipients may include:
- those third parties that we use to provide our services (such as the provision of parking facilities) to the extent that the transfer is necessary to fulfil the contracts concluded with us, such as providers of barrier systems and parking control centres;
- the service providers used by us (e.g. in the areas of transport, marketing, IT or payment processing), who provide services for us on a separate contractual basis, which may also include the processing of personal data, as well as the subcontractors of our service providers used with our consent;
- non-public and public bodies, insofar as we are obliged to transmit your personal data due to legal obligations.
These processors process your data with the necessary care. They are subject to our control and to our instructions. This ensures that data processing is always carried out in compliance with your rights, specifically those set out in Sec. 6 below.
6. What rights do you have?
You have the following rights with regard to the use of your data. You can assert these rights against us as the responsible party. You are welcome to contact our data protection officer directly.
6.1 Right of objection in accordance with Art. 21 DS-GVO
You have the right to object at any time, for reasons related to your particular situation, to the processing of personal data concerning you carried out pursuant to Article 6 Para. 1 (e) or (f) of the DS-GVO; this also applies to profiling based on these provisions. In the event of your objection, we will no longer process the personal data concerning you unless we can prove compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims. If we process personal data relating to you for the purpose of direct marketing, you have the right at any time to object to the processing of personal data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
In addition, you have the right, for reasons arising from your particular situation, to object to the processing of personal data relating to you by us for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 DS-GVO, unless such processing is necessary for the performance of a task in the public interest. You have the option to exercise your right of objection in relation to the use of information society services – notwithstanding Directive 2002/58/EC – by means of automated procedures using technical specifications.
6.2 Revocation of consents pursuant to Art. 7 Para. 3 DS-GVO
6.3 Further rights
As a data subject, you also have the right to
- information on the personal data stored about you, Article 15 DS-GVO;
- correct inaccurate or incomplete data, Article 16 DS-GVO;
- deletion of personal data, Article 17 DS-GVO;
- restriction of processing, Article 18 DS-GVO;
- data transferability, Article 20 DS-GVO; and
- complain to the supervisory authority, Article 56 Para. 2 DS-GVO.
If you have a complaint pursuant to Article 56 Para. 2 DS-GVO, please address it directly to the relevant supervisory authority.
Posted: August 2019