ProxiSmart Ltd Privacy Policy

Last Modified 29/07/2020

Scope

This privacy policy describes the treatment of personal information provided or collected on the sites and applications where this privacy policy is posted. The protection, confidentiality and integrity of your personal data are our prime concerns and we will do everything we can to protect it. We follow this privacy policy in accordance with laws associated with the General Data Protection Regulations (GDPR).

We are a UK based company and follow all laws relevant to the UK.

 

Who We Are

ProxiSmart Ltd provide a loyalty solution, called ParkingPerx, that rewards Consumers with a credit when they make qualifying purchases in participating merchants, that can be used to reduce / eliminate the cost of their parking. ProxiSmart Ltd was registered as a private company on 10th October 2014.

Our Head office is located at, The Catalyst, 3 Science Square, Newcastle Helix, Newcastle-Upon-Tyne, NE4 5TG.

We are the Data Controller for all personal information collected by the ParkingPerx app.

 

Type of Information We Collect

We collect two types of information from two different groups of people. One, the consumer, is the person who claims rewards. The other, the merchant or collaborative partner offers the reward and/or uses the app to facilitate an understanding of the location it is used. The two types of information are personal and anonymous information. Personal information is any information relating to a natural living person. Anonymous information relates to a process we use that strips out identifying factors to irreversibly prevent the identification of the individual that it concerns. Anonymous information can be used to measure general performance such as footfall, spending or parking usage of a location to monitor levels of activity or see how things can be improved. Examples of information we collect that allow us to offer you the best experience possible when using the app include: –

  • Registration information that you provide when downloading our products, enter a promotion, or link your profile on a third-party site or platform with your registration account.
  • Transaction information you provide when you request information or contact us.
  • Information we obtain from a third party, such as a car park operator or merchant about use of our applications.
  • Location information. When a consumer uses the ParkingPerx app, we will record the details of the parking and shopping events including location information provided by a mobile or other device interacting with one of our sites or applications (including through beacon technologies).
  • Activity information about your use of our sites and applications, such as the content you view or post, how often you use our services, and your preferences.
  • Usage, viewing, technical, and device data when you visit our sites, use our applications on third-party sites or platforms, or open messages we send.

When a consumer downloads and uses the app, the following personal data will be processed: –

  • Surname
  • Forenames
  • Gender
  • Address
  • Post Code
  • Mobile Telephone Number
  • Smartphone UUID (not actually inputted by the consumer but transferred because of the activation of the app)
  • Email Address
  • DoB
  • Vehicle Registration number (a Consumer may have multiple vehicles)
  • Vehicle Make
  • Vehicle Model
  • Vehicle Colour
  • Parking Session Date
  • Parking Session Start Time
  • Parking Session End Time
  • Parking Session Length
  • Parking Location (code allocated by ProxiSmart)
  • Parking Cost
  • ParkingPerx Used
  • Parking NET Cost
  • Payment Method. For parking and shopping payment events 3rdparty payment gateway software is used to capture and store Debit/Credit card details. (Details are processed but are pseudonymised vis-a-vis an encrypted token ID. ProxiSmart has access to the token ID but not the credit/debit card data)
  • Shopping Event Date
  • Shopping Event Time
  • Merchant ID (allocated by ProxiSmart)
  • Value of Spend
  • Offer ID (allocated by ProxiSmart)
  • Value of ParkingPerx earned
  • Consumer ID (allocated by ProxiSmart)

When a merchant or collaborative partner register to use the system, the following personal data will be processed: –

  • Surname
  • Forenames
  • Title (Mr etc)
  • Designation
  • Business or Trading Name
  • Business Address
  • Post Code
  • Business Mobile Telephone Number
  • Business Email Address
  • Business Landline Telephone Number
  • Payment Method. 3rdparty payment gateway software is used to capture and store Debit/Credit card details. (Details are processed but are pseudonymised vis-a-vis an encrypted token ID. ProxiSmart has access to the token ID but not the credit/debit card data)
  • Category or Type of Merchant or User you are
  • Average Ticket Spend
  • Nearest Car Park

How We Collect Your Information

We collect information you provide to us when you request or purchase products, services, or information from us, register with us (including when you link your profile on a third-party site or platform with your registration account such as Facebook), participate in public forums or other activities on our sites and applications, respond to surveys, or otherwise interact with us using one or more devices.

We collect information using analytics tools, including when you visit our sites and applications or use our applications on third-party sites or platforms.

We acquire information from other trusted sources to update or supplement the information you provide, or we collect automatically, such as when we validate postal address information using third party services.  GDPR may require that you authorize the third party to share your information with us before we can acquire it.

We collect information through a variety of technologies, such as cookies and smart beacons that identify you when you visit our sites and applications or use our applications on third-party sites or platforms using one or more devices.

 

Cookies

Cookies are text files placed on your computer or device to collect standard internet log information and visitor behaviour information. This information is used to track visitor use and to compile statistical reports on website activity. For more information on cookies please visit our Cookie Policy on the web site or app. You can manage cookie preferences through your browser settings.

 

Smart Beacons

What Is Smart Beacon Technology and how do they work?

Smart Beacons are small, wireless transmitters that use low-energy Bluetooth technology to transmit a small packet of data about the Beacon to other smart devices nearby that have the ability to ‘listen for’ these transmissions. Each device contains a CPU and batteries, and it works by repeatedly broadcasting out a small data packet which includes the unique ID of the Beacon alongside data about the health of the Beacon, such as the battery status. Each Beacon’s transmission power can be individually set, and this determines the range of the transmission (from 30cm to a maximum of around 50m). The Beacons do NOT transmit any personal data and no personal data can be transmitted to / received by the Beacon. The easiest analogy is to think of the Smart Beacon as a lighthouse. The Smart Beacon sends out a signal, just like the light from a lighthouse to indicate it is there. Devices such as Smartphones, can be programmed to ‘listen out’ for these transmissions and then react accordingly. In our analogy, the Smartphone device is the ship at sea, which changes course when it comes into range of the lighthouse.

 

How does ProxiSmart Ltd use Smart Beacons in the ParkingPerx app?

ProxiSmart Ltd primarily uses smart beacon technology to help make location-based functionality and interaction easier and more accurate. Smart Beacons are deployed into certain types of locations, such as car park vehicle and pedestrian entry and exit points, and merchant premises. The ParkingPerx App is programmed to carry out certain tasks when it receives a transmission from a given Smart Beacon, and this is dependent upon the unique ID of the Beacon itself. So, for example, where a Beacon has been installed at the ENTRY point of a car park, the Smartphone is programmed to trigger sending the user a notification, asking them to confirm the start of their parking session. From the Beacon ID, the App can denote which Car Park the user has arrived at and therefore lookup data such as tariffs to ultimately calculate the cost of the user’s parking session.

ParkingPerx has 4 use cases for Smart Beacon wireless handshakes:

  • To proactively help a user to manage, record and pay for a Parking Session
  • To allow a Merchant to verify that an in-store purchase qualifies for a ParkingPerx reward
  • To compile aggregated and anonymised statistics to gauge car park usage, location footfall and to determine the effectiveness of marketing. Aggregate information may include demographic and usage information. No Personal Information about you is shared with any third party unless it is used in connection with the transaction that involves payment to a car park operator or merchant.
  • To trigger a Notification / Smart Message to the user. Notifications / Smart Messages come in different categories:

Marketing Promotions including targeted messages based upon a user’s merchant engagement history

Information posts including safety and security news (for example in the context of the COVID-19 situation)

User Polls which request quick fire feedback from users from potentially different sources

 

Your Privacy Concerns

The security, integrity, and confidentiality of your information are extremely important to us. The use of Smart Beacons is integral to the working of the App to deliver rewards to users in the use cases numbered 1 and 2 above. In use case number 3 above, no Personal Information is stored / shared – only anonymised and aggregated data is collected. Use case 4 is optional to users and the App settings will allow you to reject / disable all or specific categories of Notifications / Smart Messages and further, to filter which sources notifications are (dis)allowed from.

 

How We Use Your Information

ProxiSmart Ltd, the Data Controller of your data, is responsible for keeping your information safe. We may use your information for the purposes described in this policy only when legally sanctioned by the GDPR. Members of ProxiSmart Ltd may have access to your information where they perform services on behalf of the data controller as a data processor and, unless prohibited under GDPR, for use as a data controller for the purposes described in this policy.

Consistent with the GDPR and choices and controls that are available to you, we may use information collected from you, or from devices associated with you, to:

  • Provide you with the experiences, products, and services you request, view, engage with, or purchase.
  • Communicate with you about your account or transactions with us and send you information or request feedback about features on our sites and applications or changes to our policies.
  • Send you offers and promotions for our products and services or third-party products and services.
  • Personalize content and experiences.
  • Provide you with targeted advertising based on your activity on our sites and applications and on third-party sites and applications.
  • Operate, understand, optimize, develop, or improve our sites, applications, products, services, and operations, including by using survey research and analytics tools.
  • Detect, investigate, and prevent activities that may violate our policies or be illegal.

Lawful basis for data processing

We only collect and process your personal data when there is a lawful basis to do so. The lawful basis we rely on in this respect includes:

Contract: used for most of the data we collect where the processing is necessary to perform your Service contract.

Legitimate interest: a legitimate commercial interest to process certain of your personal data. Examples would include: –

  • running our business and the purposes of certain forms of direct marketing and profiling.
  • to archive certain account information to allow you to re‐use your account in the future; or
  • if there is a legitimate interest from a business or security perspective, e.g. to prevent fraud or abuse of our Services, or for purpose of network and information security of our IT systems.

Legal obligation: the processing necessary to comply with a legal obligation, e.g. the legal requirement to keep administrative records for a certain period, or the legal obligation to share certain data on a police order for criminal investigation purposes.

Public interest task: the processing necessary to assist in tasks in the public interest, e.g. to aid enforcement agents in verifying the validity of a parking action or parking permit.

Consent: where you gave us explicit consent to process the data concerned, for example ‐ if applicable ‐ to share your data with partners or other third parties for commercial purposes.

If you have given your consent to the processing, you have the right to withdraw your consent at any time, the process for which is contained within the app. We will discontinue the processing of your information upon receipt of your withdrawal. However, any processing performed prior to your withdrawal remains a legitimate processing based on a valid consent at the time. We will not be under any obligation to reverse the processing.

 

Sharing Your Information

We will not share your personal information with a third party outside ProxiSmart Ltd except in limited circumstances, including:

  • When you allow us to share your personal information with another company, such as electing to share your personal information with carefully selected companies so that they can send you offers and promotions about their products and services. Please note that once we share your personal information with another company, the information received by the other company is controlled by that company and becomes subject to the other company’s privacy practices.
  • When we cooperate with others to complete the offer of products or services to you, such as Car Park Operators, Card Payment Systems or Merchants. However, we will do so only if permitted by GDPR and, in these cases, these companies are prohibited from using your personal information for purposes other than those related to the offer or services.
  • When companies perform services on our behalf, like package delivery, marketing and advertising, and customer service. Please take note these companies are prohibited from using your personal information for purposes other than those requested by us or required by GDPR; and
  • When we share your personal information with third parties in connection with the enforcement of our Terms of Use or rules, to ensure the safety and security of consumers and third parties, to protect our rights and property and the rights and property of our consumers and third parties, to comply with legal process, or in other cases if we believe in good faith that disclosure is required by law.

Your Controls and Choices

We provide you the ability to exercise certain controls and choices regarding our collection, use and sharing of your information in accordance with GDPR and The Privacy and Electronic Communications Regulations (PECR). Your controls and choices may include:

  • Requesting access to the personal information we hold about you and that we amend or delete it.
  • Correcting, updating, and deleting your registration account.
  • Requesting deletion of your personal information.
  • Requesting to restrict the amount or nature of the personal information we process.
  • Choosing or changing your choices for alerts.
  • Choosing whether to receive from us offers and promotions for our products and services, or products and services that we think may be of interest to you; and
  • Choosing whether we share your personal information with other companies so they can send you offers and promotions about their products and services.

You may exercise these controls and choices in various ways, including by logging onto your registration account and changing details, using your device or other available settings to adjust amend or delete your marketing choices or by contacting us direct by email to gdpr@proxismart.co.uk.

Please be aware that if you do not allow us to collect personal information from you, we may not be able to deliver certain experiences, products, and services to you, and some of our services may not be able to take account of your interests and preferences. If collection of personal information is mandatory, we will make that clear at the point of collection so that you can make an informed decision whether to participate.  If you have questions about the specific personal information about you that we process or retain, and your rights regarding that personal information, please contact datarequest@proxismart.co.uk.

 

Data Security, Integrity and Retention

The security, integrity, and confidentiality of your information are extremely important to us. We have implemented technical, administrative, and physical security measures in accordance with GDPR Regulations that are designed to protect your information from unauthorized access, disclosure, use, and modification. We regularly review our security procedures to consider appropriate new technology and methods. Please be aware that, despite our best efforts, no security measures are perfect or impenetrable.

We will retain your personal information for the length of time needed to fulfil the purposes outlined in this privacy policy unless a longer retention period is required or permitted by law. We have set time limits on how long we will retain personal information for consumers using the app to 12 months after the last occasion you use it. This will allow you to continue using our product after a long period without re-registration. If you want to shorten this time period, please contact us on gdpr@proxismart.co.uk.

Deleting the app does not automatically delete your registration details. These will still be retained for 12 months or for a longer period if it is required or permitted by law. If you want to shorten this time period, please contact us on gdpr@proxismart.co.uk.

 

Data Transfers, Storage, and Processing Globally

We are a UK based company. Your personal data is processed by our staff in the UK using web services such as Amazon Web Services that have been tested to ensure that all data meets UK legal requirements. All our Data Storage facilities meet with stipulations defined within the GDPR that ensure storage of data is strictly controlled and protected within the present UK legal framework. Any information transferred to a third party as described in this privacy policy is subject to standard contractual clauses approved by the UK for ensuring safeguards and all reasonable steps to ensure the privacy of your personal data.

 

Changes to this Privacy Policy

From time to time, we may change this privacy policy to accommodate new technologies, industry practices, regulatory requirements or for other purposes. We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent. Notice may be by email to you at the last email address you provided us, by posting notice of such changes on our sites and applications, or by other means, consistent with applicable law.

 

Questions, concerns, and complaints

If you have questions or concerns about the way in which we use your personal data, please contact us through gdpr@proxismart.co.uk

If you feel that an issue has not properly been resolved, you also have the right to lodge a complaint with the Information Commissioner’s Office at https://ico.org.uk/concerns/.