These Privacy Policy (hereinafter "Policy") describe how the operator of the ParkingUnit.com platform (hereinafter "Controller") collects, processes, and protects users' personal data.
Processing is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Act No. 110/2019 Coll., on the processing of personal data.
1. Who is the controller of your data
ParkingUnit — operator of the ParkingUnit.com platform.
Contact: [email protected]
For data protection enquiries and the exercise of your rights: [email protected]
2. What data we process
In the course of providing our services, we process the following categories of personal data:
Identification and contact data (at the time of booking)
- First and last name
- Email address
- Phone number
- Vehicle registration plate (licence plate)
- Flight number / arrival time (optional)
Payment data
- Transaction details (amount, date, payment identifier)
- Credit card numbers are not processed or stored — payments are processed by our payment partner (Stripe / GoPay) in accordance with the PCI DSS standard
Technical and operational data (automatically collected)
- IP address, browser type, language settings, operating system
- Website visit data (date, time, visited URLs, time spent on page)
- Cookie identifiers (see Cookie Policy)
Marketing communications data
- Consent to receive commercial communications (where granted)
- Email delivery and open information
3. Purposes and legal basis for processing
| Purpose of processing | Legal basis (GDPR) | Retention period |
|---|---|---|
| Processing a booking, passing data to the car park | Performance of a contract (Art. 6(1)(b)) | For the duration of performance + 12 months |
| Accounting, tax documents | Compliance with a legal obligation (Art. 6(1)(c)) | 10 years under the Accounting Act |
| Communication, support, complaints | Legitimate interests (Art. 6(1)(f)) | 3 years |
| Newsletter, marketing | Consent (Art. 6(1)(a)) | Until consent is withdrawn |
| Analytics, service improvement | Consent (cookies) / Legitimate interests | 14 months |
| Security, fraud prevention | Legitimate interests (Art. 6(1)(f)) | 12 months (logs) |
4. To whom we disclose your data
We share your personal data only to the extent strictly necessary with the following categories of recipients:
- Parking provider named in the booking — we pass data required to identify the vehicle (licence plate, name, contact details, arrival and departure date/time);
- Payment service provider (Stripe Inc. / GoPay s.r.o.) — for payment processing;
- Email service provider — for sending transactional and marketing emails;
- Hosting and infrastructure provider — servers are located in the EU (DE/CZ);
- Accountant and tax adviser — to the extent necessary for bookkeeping purposes;
- Public authorities — only in cases required by law (e.g. upon court order).
We do not transfer data outside the European Economic Area unless such transfer is based on a valid international decision or standard contractual clauses approved by the European Commission.
5. Your rights
As a data subject you have the following rights under the GDPR:
- Right of access — you may request information about what data we process about you;
- Right to rectification — you may ask us to correct inaccurate data;
- Right to erasure ("right to be forgotten") — you may request deletion of your data where it is no longer needed for the purposes for which it was collected;
- Right to restriction of processing — you may request that processing be restricted in cases provided for by law;
- Right to data portability — you may receive your data in a machine-readable format;
- Right to object — to processing based on legitimate interests or for direct marketing purposes;
- Right to withdraw consent — at any time, without affecting the lawfulness of processing carried out before withdrawal;
- Right to lodge a complaint with a supervisory authority — Office for Personal Data Protection (ÚOOÚ), Pplk. Sochora 27, 170 00 Praha 7.
To exercise your rights, please contact us at [email protected]. We will respond to your request within 30 days at the latest.
6. Data security
We protect your data with technical and organisational measures:
- Encrypted transmission (HTTPS / TLS 1.3);
- Encrypted storage of sensitive data (passwords hashed using bcrypt, reset tokens using SHA-256);
- Regular security audits and updates;
- Access to data is limited to authorised employees bound by confidentiality obligations;
- Two-factor authentication for administrator accounts.
7. Cookies and tracking technologies
Detailed information about the cookies we use can be found in the separate document Cookie Policy. You can change your consent to non-essential cookies at any time in the page footer ("Cookie settings").
8. Changes to this Policy
We may update this Policy — in particular in response to changes in legislation or our services. The current version will always be available on this page with the date of the last update indicated. In the event of a material change, you will be notified by email or by a notice on the Platform.
Last updated: 24 May 2026