Whilst you are using the Apps and / or Sites, we will collect some information about you, and we may also need to share your information sometimes.
The Apps and Sites are operated by Yellow Line Parking Limited trading as AppyWay (“AppyWay”, “we” or “us”). AppyWay is the controller of personal information collected and processed through the Apps and Sites. AppyWay has a designated Data Protection Officer, who can be reached by emailing email@example.com or by post at the following address: FAO: AppyWay Data Protection Officer, Cannon Place, 78 Cannon Street, EC4N 6AF, London.
Collection of information
When you download the AppyParking app, or choose to use the AppyParking+ app and / or AppyParking+ website for the payment of parking, you will need to create an account (“Account”), and we may collect certain information (“Account Information”) about you, such as:
- Email Address
- Vehicle Registration Number
- the name of the business or organisation you own or represent and your business title – if applicable
- the address of the business or organisation you own or represent. – if applicable
Once you have registered you will be able to review and change this information at any time by logging into the applicable App or website. It is your responsibility to ensure that your account details are kept up to date.
Where the service is available, you can use the Apps and / or Sites to make payment for parking. If you choose to use this service, we will process your payment information and retain this securely for the prevention of fraud and for audit / tax purposes. In order to process your cashless payment for a parking space, the Apps use a secure third-party payment platform. The payment platform will tokenize your card details and then use them to make payment to a car park provider or council depending on the type of parking you have selected. Cashless payment parking is fully PCI compliant.
Subscriptions to AppyParking+ Premium are managed by Google on Android and Apple on iOS.
[Any other processes in payment we need to include here?]
When you use the Apps and/or Sites, we will ask your permission to access your location, which you can change in your device/browser settings. When you use your mobile and/or computer, we will collect location information about your longitude and latitude and may save your device’s coordinates to offer certain features to you. This information helps us identify your personal location and we use it to offer our service of finding and, where available, paying for parking.
If you have given AppyWay access to your location, but wish to turn this off, you can do so by the following methods:
- iOS app: Settings > Privacy > Location services > AppyParking(+)
- Android app: Settings > Location > AppyParking(+) > Permissions > Location.
- Website: Changing the location access settings of your browser.
We may collect information about your device when you use the Apps and/or Sites, including the unique device identifier, device model, operating system, and MAC address, for a number of purposes, as set out in this Policy.
Contacting our Customer Support
If you contact AppyWay via our “Send feedback”, ‘Let us know” and “Contact Us” links or support email on the Apps or Sites, we will receive your email address and may track your IP address, as well the information you send to us to help resolve your query. Communications sent to our customer support team are anonymised after 2 years of no contact, or within 30 days of AppyWay receiving a request for deletion.
A cookie is a small file that can be placed on your device or browser that allows us to recognise and remember you. When you visit our Apps or Sites, we may collect personal data from you automatically by using cookies or similar technologies.
Electronic direct marketing activities
Where we have your express, opt-in consent we may contact you by email or other electronic means for the purpose of providing you with marketing information (including our newsletters) relating to our products and services. You may opt-out of receiving such communications at any time by hitting the unsubscribe link at the bottom of any email communication, or by emailing us at firstname.lastname@example.org
We may use the personal data collected through cookies on our Apps or Sites to show you relevant advertising on third platforms such as Facebook, LinkedIn, Instagram and Twitter and consider that we have a legitimate interest in doing so. For further information on cookies, including how these can be disabled, please see our Cookies Policy.
Links To Other Websites
When you use the Websites and mobile apps to access our services, we may use technology such as (but not limited to) that provided by Google (Google Analytics and Firebase), Lucky Orange, Braze and Mixpanel to collect information about your visit to our Website. In essence, Google Analytics, Lucky Orange, Braze and Mixpanel enable us to analyse how you and others interact with our Apps and Sites. The information we collect may include:
- your IP address;
- your device ID;
- the type of browser you use (e.g. whether you are using the Chrome or Safari browser);
- the number of sessions per browser on each device;
- the type of device (eg Samsung) and operating system (eg Android) you are using;
- referrer information;
- time zone;
- user preferences;
- which pages you visited on the Website;
- analytics information in relation to your interactions with any newsletter or email we may send you (e.g. click rates) and,
- visitor’s behavioural patterns upon visiting the websites and mobile apps, via click maps, actions, scroll maps and recordings.
Use of your Information.
In order to provide our services to you, we may use your Account information and other information to:
- Offer you services and features;
- Contact you with information about the Apps or Sites i.e. updates
- Personalise the Apps or Sites and the content we deliver to you;
- Ensure that content from our Apps and Sites is presented in the most effective manner for you and for your device;
- Improve the services we provide over the longer-term by understanding how you and other users interact with our services;
- Serving recommendations to you around those functionalities of the Apps or Sites which are most relevant to you, based on your use of our platform;
- Notify you about any important changes to our services;
- Ensure that we continue to provide relevant information to recipients of our newsletters.
- Investigate the root cause of technical issues to best provide a solution
Under EU and UK data protection laws, we are required to tell you our lawful basis for using your data and we have set this out in the table below. Where the legal basis is consent, you can withdraw consent at any time. Where the legal basis is legitimate interests, you have a right to object to our use of your data. We explain in the relevant sections in this Policy how you can withdraw consent or opt-out of certain data uses (where applicable).
|Purpose for which data is used||Data||Source||Legal Basis|
|To provide you with our services||Name, email address, location (precise location in apps can be opted out from), IP address||You provide your name, email address. We obtain location data from the device that you use to access the service||Contractual necessity|
|To take payment for parking||Last 4 digits of card, name, card type, session details (start/end time & location), cost||Payment gateway||Contractual necessity|
|To take payment for premium access||Apple ID / Google Account
|Apple (iOS), Google (Android)||Contractual necessity|
|To carry out research and analysis to help us improve the Apps and Sites||In app behavioural data||Analytics tools such as, but not limited to:
|Legitimate interests – it is in our interests to analyse the way in which users are accessing and using our services so that we can further develop the Apps and Sites, implement security measures and improve the services.|
|To send you marketing information about our events, offers and services||Name, email address, postal address, and mobile phone number||You provide this information to us||Consent or legitimate interests and in accordance with the laws applying to our marketing activities. We have a legitimate interest in promoting our business and products|
|To respond to correspondence and queries that you submit to us, including social media queries||Name, email address and IP address, social media name or handle, phone number||You provide your email address, social media name and phone number to us when you contact us and we obtain your IP address from the device that you use to contact us||Legitimate interests – it is in our legitimate interests to respond to your queries to ensure that we provide a good service to users and troubleshoot problems|
|To block payment transactions as part of our anti-fraud procedures||Name, IP address, email address, mobile number, cardholder name, payments received, type of payment, user ID, country||You provide your name, email address, mobile number to us. We obtain your IP address from the device that you use to contact us.||Legitimate interests – it is in our legitimate interests to prevent fraudulent transactions and to maintain the security of our services|
|To serve advertisements on third party networks and measure the effectiveness of such ads||Name, email address and IP address, social media name or handle, phone number||You provide your email address, social media name and phone number to us when you contact us and we obtain your IP address from the device that you use to contact us||Consent – as indicated by you in your Privacy Settings/Cookies Settings preferences and via your browser or device privacy preferences (where required by your device manufacturer).|
|To contact you in order to run surveys for research purposes and to obtain feedback, and to find out if you want to take part in marketing campaigns||Name, email address and mobile phone number||You provide this information to us.||Legitimate interests – it is in our legitimate interests to carry out research so that we can further develop the app and improve the service|
|To defend legal claims and protect legal rights||This could include any information that is relevant to the issue||This information may be obtained directly from you, from your device or from third parties, depending on the information involved||Legitimate interests – it is in our legitimate interests to protect our legal rights, defend legal claims and to protect our users|
Disclosure of information
Our policy is to not disclose your Account Information or personal data, except in the limited circumstances described here:
|Circumstances where data may be disclosed||Disclosed data|
|Service Providers – We engage certain trusted third parties to perform functions and provide services to us. We may share your Account Information or personal data with these third parties, but only for the purposes of performing these functions and providing such services.||This could include all data that you provide to us.|
|Payment Processing companies – To facilitate payments associated with our services.||Cardholder name, cardholder address, last four digits of card number, payment amount, transaction date/time|
|Law – We will also cooperate with law enforcement enquiries from within or outside your country of residence where we are required to by law, i.e where there is an investigation into alleged criminal behaviour. This may include preserving or disclosing any of your information, including your Account Information, if we believe in good faith that it is necessary to comply with a law or regulation, or when we believe that disclosure is necessary to comply with a judicial proceeding, court order, or legal request; to protect the safety of any person; to address fraud, security or technical issues e.g. through anti-spam providers to protect the service from criminal activity or to protect our rights or property or those of third parties. In such cases we may raise or waive any legal objection or right available to us.||This could include any personal data that we hold about you, depending on the nature of the request or the issue that we are dealing with.|
|Third party analytics provider – Lucky Orange LLC, Mixpanel, Braze, Firebase and Google Analytics||Includes but is not limited to: Mouse clicks, mouse movements, scrolling activity, assessing usage patterns, content heatmaps, traffic analysis, page usability, and error page detection.|
|Business Transfers – In the event that a AppyWay group entity or any of its affiliates undergoes a business transition or change of ownership, such as a merger, acquisition by another company, re-organisation, or sale of all or a portion of its assets, or in the event of insolvency or administration, we may be required to disclose your personal data.||This could include all information and data that we hold about you.|
|Marketing Services Providers – To help us serve marketing and advertising on third party websites and applications and measure the effectiveness of our advertising campaigns.||Active Campaign, Apple Search Ads, AppsFlyer, Braze, Calendly Google, Leadfeeder, LinkedIn, Met, Microsoft, Salesforce, Twitter, Yahoo, Zapier|
|Anti-Spam and Anti-Fraud – Your data may be shared with other AppyWay group companies or third party service providers, for example, to block accounts and suspected fraudulent payment transactions as part of our anti-spam and anti-fraud procedures.||Name, email address, phone number, IP address and IP session information, and transaction and payment data.|
We may share aggregated information with third parties that includes your personal data (but which doesn’t identify you directly) together with other information including log data for industry analysis and demographic profiling. AppyWay does not sell your personal data.
More Information about Disclosures:
We engage certain trusted third parties to perform functions and provide services to us (“Service Providers”). The suppliers with which we share your personal data varies depending on a variety of factors, such as which of our App, Sites and services you engage with. For example, to provide our services to you, we typically use the following suppliers:
- Payment services – to allow customers to purchase paid features of our Apps and Site Product improvement and market research – we use third party platforms to carry out analytics, customer surveys and market research to improve our products and services
- IT services – some of the third-party software providers used in the operation of our business may process your personal data
We carry out due diligence on all Service Providers we engage to ensure they have adequate data protection and information security measures in place and only provide them with the personal data necessary to the service they are providing. Measures are taken to ensure that the data shared is non-attributable to the greatest extent possible and our suppliers are also subject to extensive obligations under our contractual arrangements, including strict data retention limits.
Marketing Services Providers
We partner with providers of marketing services (“Marketing Services Providers”) to help us market and advertise our Apps, Sites and services on third party websites and applications and measure the effectiveness of our advertising campaigns. For example: Active Campaign, Apple Search Ads, AppsFlyer, Braze, Calendly Google, Leadfeeder, LinkedIn, Met, Microsoft, Salesforce, Twitter, Yahoo, Zapier
We share a limited amount of your personal data with these Marketing Services Providers, such as:
- the advertising identifier associated with your device (this is a random number assigned by your mobile device manufacturer (for example but not limited to Apple, Samsung, OnePlus, Google…) to your device to help advertisers (including the manufacturer) know when an ad has been viewed or clicked in an app, and when an ad causes a ‘conversion’ (for example, downloading the app advertised to you))
- your estimated location (based on your IP address)
- your device location (precise or approximate) if you granted the app access to that info
- age and gender
- data about your visit to our Sites or Apps and action taken on those (for example if you downloaded our Apps or created an account with our Apps)
- a hashed* version of your email address (to create ‘custom audiences’).
*Hashing is a way of encrypting information by turning it into a combination of random numbers and letters – this code cannot be traced back to the email address. When hashed email addresses are sent to a Marketing Service Provider, they’re then matched against the Marketing Service Provider’s own existing list of their own users’ hashed information and our ads are served to those of our users who have successfully been matched with the Marketing Service Provider’s. Matched and unmatched hashes are then deleted by the Marketing Service Provider.
In some cases, these third parties will also use the data that they collect for their own purposes, for example they may aggregate your data with other data they hold and use this to inform advertising related services provided to other clients.
AppyWay takes all appropriate security measures to help protect your information against loss, misuse and unauthorised access, or disclosure. We use reasonable security measures to safeguard the confidentiality of your personal information.We cannot guarantee that unauthorised access, hacking, data loss or other breaches will never occur, and to help keep your data secure we recommend:
- You do not share the password you use to access your Account with anyone else.
- You use a randomly generated strong password, stored and managed by a password manager that also scans known breaches to monitor leaks and advises the user to change their passwords if necessary
If you ever think someone has had access to your password or Account, please inform us immediately. We cannot guarantee the security of your personal data while it is being transmitted to our site and any transmission is at your own risk.
Privacy laws applicable in your country may give you the following rights:
- Right of access: you can request a copy of your data.
- Right of rectification: if the data held is inaccurate, you have the right to have it corrected.
- Right to erasure: you have the right to have your data deleted in certain circumstances.
- Right to restrict processing: in limited circumstances, you have the right to request that processing is stopped but the data retained.
- Right to data portability: you can request a copy of certain data in a machine-readable form that can be transferred to another provider.
- Right to object: in certain circumstances (including where data is processed on the basis of legitimate interests or for the purposes of marketing) you may object to that processing.
- Rights related to automated decision-making including profiling: there are several rights in this area where processing carried out on a solely automated basis results in a decision which has legal or significant effects for the individual. In these circumstances your rights include the right to ensure that there is human intervention in the decision-making process.
The particular rights which are applicable to you (which might include other rights not listed above) may vary depending on your country. You should make yourself aware of the rights you have under applicable privacy laws in your country.
Should you wish to exercise any rights in connection with your personal data, please email us at email@example.com. When you submit a request, we may ask you for additional information to confirm your identity and entitlement to submit such a request. If we consider that your request is manifestly unfounded, excessive or repetitive, we reserve the right to charge you an administrative fee.
We will process any request in line with any local laws and our policies and procedures. We aim to respond to enquiries within 3 working days, but may take up to 30 days to comply with valid requests.
If you have a concern about how we have processed your request or your personal data, you should contact us in the first instance via the contact details listed above.
If you feel we have not resolved your concern, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). If you live in a country or territory located in the European Union (EU) or European Economic Area (EEA), you may also get in touch with your local Data Protection Regulator. If you live in a country outside the EU, you may have the right to lodge a complaint with your local privacy or data protection regulator.
If you want to stop using the Apps or Site you may do so. If you do, you may also want to remove any cookies that we have placed on any device used to access the Apps or Site.
To enable us to provide our services, we operate a global network of servers including in the UK and EEA.. The hardware is located in third-party data centres] but is owned by AppyWay. Data collected by Advertising Partners and other Service Providers may also be held outside the UK and the European Economic Area. We ensure that the data is adequately protected by ensuring that valid, legal mechanisms are in place such as: EU approved model clauses (which can be found here), and implementing robust contractual standards. If you want more information relating to the nature of the safeguards we have in place, please email us.
DATA RETENTION AND DELETION.
We keep your personal information only as long as we need it for the legal basis relied upon (as set out above) and as permitted by applicable law.
When your personal information is no longer needed or your account has been inactive for a period of time, we will remove your personal information from our systems.
When you request for your account to be deleted, we will complete the process of removing your personal information from our systems within 30 days.
We will begin the process of deleting your personal information unless:
- we must keep it to comply with applicable law (for instance, if you make purchases within the Apps or Site, some personal data may be kept for tax and accounting purposes);
- we must keep it to evidence our compliance with applicable law (i.e. for evidential purposes in case of queries or legal claims);
- there is an outstanding issue, claim or dispute requiring us to keep the relevant information until it is resolved; or
- the information must be kept for our legitimate business interests
CHANGES TO THIS POLICY.