In accordance with the General Data Protection Regulation (GDPR β EU Regulation 2016/679), BePark is the controller of your personal data.
| Entity | BePark SA (BE/LU) | BePark SAS (FR) |
|---|---|---|
| Registered office | Rue du Mail 50, 1050 Ixelles, Belgium | 54 Rue de Paradis, 75010 Paris, France |
| GDPR contact | info@bepark.eu | info@bepark.eu |
BePark does not currently have a designated Data Protection Officer (DPO). For any questions regarding your personal data, please contact BePark directly at info@bepark.eu. BePark undertakes to respond to your requests within a maximum of one month.
When creating an account or using the Services, BePark collects the following categories of data:
| Data category | Data collected | Purpose(s) |
|---|---|---|
| Identification | Last name, first name | Account creation, billing, communication |
| Contact | Email address | Login, notifications, communication |
| Contact | Phone number | Verification, support |
| Address | Postal address | Billing, identity verification |
| Security | Password (hashed) | Secure authentication |
| History | Subscriptions, reservations, payments | Contract performance, billing, support |
When using the Platform, BePark also automatically collects certain technical data:
The BePark mobile application may, with the User's prior and express consent, access the location data of their device on an ad hoc basis. This feature is used to locate the User on the map and to verify that the User is in the immediate vicinity of the car park in order to activate the digital remote control. This location data is not permanently stored by BePark and is only used at the time the application is in use.
BePark does not collect location data in the background. Location is only checked when the User activates the remote control feature in the application or carries out searches on the map. You may revoke your consent at any time in your device settings, which will result in the inability to open any car park door.
BePark does not store the User's complete banking details. Transactions are processed securely via two certified payment service providers:
Complete banking details (card number, full IBAN) are never stored on BePark's servers. They are processed directly and exclusively by Adyen or GoCardless in their certified secure environments.
In accordance with Article 13 of the GDPR, the following are the legal bases on which each data processing activity carried out by BePark is based:
| Purpose | Data processed | Legal basis (GDPR) | Retention period |
|---|---|---|---|
| Account creation and management | Name, email, phone, address | Contract performance (Art. 6.1.b) | 3 years after last activity |
| Processing of reservations and subscriptions | Name, email, history, licence plate | Contract performance (Art. 6.1.b) | 3 years after end of contract |
| Billing and accounting | Name, address, amounts | Legal obligation (Art. 6.1.c) | 10 years (accounting law) |
| Marketing email communications | Name, email | Legitimate interest (Art. 6.1.f) | Until unsubscription |
| Transactional notifications | Email, phone | Contract performance (Art. 6.1.b) | Duration of contract |
| Audience measurement and analytics | Anonymised IP, browsing | Consent (Art. 6.1.a) | 13 months (cookies) |
| Location verification (mobile app) | One-time GPS position | Consent (Art. 6.1.a) | Not stored |
| Fraud prevention and security | IP, behaviour | Legitimate interest (Art. 6.1.f) | 13 months maximum |
| Dispute management | All relevant data | Legitimate interest / legal obligation | 5 years (civil limitation) |
BePark sends commercial email communications to its existing customers on the basis of legitimate interest (Art. 6(1)(f) GDPR), in accordance with the "soft opt-in" exception provided by Directive 2002/58/EC (ePrivacy). These communications concern products and services similar to those already purchased.
The User may object at any time to receiving these communications by clicking on the unsubscribe link in each email, or by contacting BePark at info@bepark.eu.
Personal data is retained for the following periods, in accordance with legal and regulatory requirements:
After these periods, data is securely deleted or anonymised.
BePark never sells your personal data to third parties. Your data may be shared with:
BePark uses the following sub-processors, with whom data processing agreements (DPAs) are in place:
| Sub-processor | Role | Country | Safeguards |
|---|---|---|---|
| Adyen N.V. | Card payment processing (PCI-DSS) | Netherlands (EEA) | EU Regulation, certified PCI-DSS Level 1 |
| GoCardless Ltd | SEPA direct debit processing | United Kingdom | European Commission adequacy decision for the UK (June 2021) |
| Google LLC (Analytics) | Anonymised audience measurement | EEA (EU servers) | EU Standard Contractual Clauses, IP anonymisation |
| Amazon Web Services (AWS) | Infrastructure hosting | EEA (eu-west) | EU Standard Contractual Clauses, ISO 27001 certified |
BePark ensures that your personal data is processed and stored within the European Economic Area (EEA). No transfers to third countries outside the EEA are made directly by BePark.
In the case of sub-processors whose infrastructure is partially or fully located outside the EEA, BePark has put in place the appropriate safeguards provided for by the GDPR (Articles 44 to 49):
In accordance with Articles 15 to 22 of the GDPR, you have the following rights regarding your personal data:
| Right | Description |
|---|---|
| Right of access (Art. 15) | Obtain a copy of your personal data processed by BePark. |
| Right of rectification (Art. 16) | Correct inaccurate or incomplete data about you. |
| Right to erasure (Art. 17) | Request deletion of your data, subject to legal retention obligations. |
| Right to restriction (Art. 18) | Request temporary suspension of the processing of your data. |
| Right to data portability (Art. 20) | Receive your data in a structured, machine-readable format. |
| Right to object (Art. 21) | Object to processing based on legitimate interest, including direct marketing. |
| Right to withdraw consent | Revoke consent previously given at any time (e.g. cookies, location). |
To exercise any of these rights, you may send a request to BePark:
BePark undertakes to respond to your request within one month of receipt. This period may be extended by two additional months in the case of complex or numerous requests, in which case you will be informed.
Proof of identity may be requested to verify your identity before your request is processed.
If you believe that the processing of your personal data does not comply with applicable regulations, you have the right to lodge a complaint with the competent supervisory authority:
BePark implements appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction or unauthorised disclosure. These measures include in particular:
In the event of a personal data breach likely to result in a risk to your rights and freedoms, BePark undertakes to notify the competent supervisory authority within 72 hours and to inform you as soon as possible if this risk is high.
The BePark Platform is exclusively intended for adults (18 years of age and over). BePark does not knowingly collect personal data from minors. If BePark becomes aware that a minor has created an account, the relevant data will be immediately deleted.
A cookie is a small text file placed on your device when browsing our website. The mobile application uses similar technologies (session identifiers, local storage).
BePark uses the following cookie categories:
| Cookie type | Purpose | Consent required | Max. duration |
|---|---|---|---|
| Essential / technical | Site operation, authentication, basket | No (legal exemption) | Session / 1 year |
| Analytical (Google Analytics) | Anonymised audience measurement | Yes (consent banner) | 13 months |
| Functional | Storing user preferences | Yes | 1 year |
On your first visit to our site, a cookie management banner allows you to accept or refuse non-essential cookies. You may change your preferences at any time from your customer account, or from your browser settings.
BePark uses Google Analytics with the IP address anonymisation option enabled, in accordance with the recommendations of the CNIL and the DPA.
BePark reserves the right to amend this Privacy Policy at any time, in particular to adapt it to changes in services, regulations or decisions by data protection authorities. In the event of a material amendment, the User will be informed by email.
The version in force is that published on the Platform at the date of use. The update date is mentioned at the top of the document.
For any questions or requests regarding the protection of your personal data:
Your privacy matters to BePark. We are committed to processing your data in a transparent, secure manner and in strict compliance with the GDPR. To exercise your rights or for any questions, please do not hesitate to contact us at info@bepark.eu.
