Data protection with the Arivo digital parking system

Definitions

Short-term parking

Contract of use with customers, which is concluded with the help of an automated system when customers enter the car park by recording their number plate (e.g. use of an NFC card, use of an authorised medium as a registered customer, e.g. number plate, QR code). The contract ends after the exit has been paid for.

Registered short-term parkers receive a collective invoice at the end of the month.

Long-term parking

Customers acquire the right to use a parking space by concluding a usage contract. The contract of use is created and concluded online via the Arivo software.

Licence plate recognition

The licence plate is converted into text symbols via optical image processing and entered into a database.

Vehicle registration number

The vehicle registration number is an indirectly personal data in the sense of Art. 4 Z 1 GDPR, i.e. information that relates to an identified or identifiable natural person. The licence plate is used as a parking authorisation medium.

Parking permit medium

Medium that authorises access to a garage (incl. parking areas), e.g. use of an NFC-enabled credit or debit card, QR code or customer card or vehicle registration number.

Data Processor & Responsible Party

Operators of a public garage process personal data of customers. Since operators decide on the purposes and means of processing personal data, they are data controllers in the sense of Article 4(7) of the GDPR.

Should the owner of the garage transfer the operation (management) to an external company as manager, the manager is considered a processor and the owner of the garage is a data controller.

In accordance with the definitions in Article 4 GDPR, Arivo acts in this context as a processor within the meaning of Section 8 and fulfils the obligations as a processor regulated in Article 28 GDPR.

Data acquisition

The Arivo parking system consists of a local processing unit (Intel Nuc) and at least one camera. No permanent video recording is made by the camera. A single image is only recorded as soon as a vehicle enters the detection range (which can be freely defined) of the camera. All areas outside the licence plate are rendered unrecognisable (pixelated) and therefore neither persons nor vehicle type can be recognised. In order to detect whether a vehicle is moving forwards or backwards, several images are taken and processed every second. The camera itself does not store any data, but sends the video image to the computer unit. This records the number plate and checks whether an authorisation (e.g. in the form of a long-term parking contract) exists. indirectly personal data in the sense of Art. 4 Z 1 GDPR and is subject to the strict requirements of the GDPR.

Legal basis of the processing of data

The lawfulness of the processing is based on the variants apparent in Article 6 (1) of the GDPR, depending on the application: For the sector at hand, consent pursuant to lit a leg cit may be decisive, taking into account the conditions for consent in Article 7 GDPR. Furthermore, data processing may also be justified by lit b leg cit, provided that the fulfilment of the contract constitutes the given lawfulness. Finally, the lawfulness can also exist due to the legitimate interest of the controller according to lit f leg cit. With regard to the corresponding legitimation, we refer to point 5 (short-term parkers) and point 6 (long-term parkers) of the approved rules of conduct of the WKO. A distinction must be made between the cases of application listed there.

Processing personal data for short-term parking

Operators of a public garage collect the registration number of the entering motor vehicle via number plate recognition. The permissibility of the processing of the vehicle registration number results from Art. 6 Para. 1 lit. f GDPR. The legitimate interest of the parking operator lies in the economic interest of ensuring simple, rapid and efficient initiation and processing of parking contracts.

Through the technical and organisational measures, the operator shall ensure that

• the personal data which are processed within the scope of the registration licence plate recognition
  (specifically: the licence plate number) is used exclusively for the purpose of processing the hiring contract
  be used,
• the data will be collected and processed to the minimum extent possible,
• use for other purposes is prevented.

The vehicle registration number is used as a parking authorisation medium. With the entry camera, the licence plate number is recorded as a pseudonymised data element and stored with the entry date and time. This data is the basis for the correct billing of the parking process. 
parking process. In the case of chargeable garages or time overruns, the applicable tariff can be paid before the vehicle leaves the garage. In the case of FreeFlow facilities (without barriers), a holder data query can be carried out in the event of a breach of contract (non-payment of open parking fees) and an invoice sent to the holder. Alternatively, depending on the design of the garage, the parking customer can pay the parking fee at a machine or online.

If the (potential) customer does not wish to have his number plate registered, he can prevent the registration of his number plate by not driving up to the garage (there is no obligation to contract on the part of the garage operator).

The car registration number is only evaluated for billing purposes or if there is a breach of contract. Furthermore, the licence plate recognition prevents the repeated use of a free parking time.
When using the licence plate recognition as a parking authorisation medium, it is also possible to check whether the ticket number of the vehicle entered at the exit matches the assigned number plate. If this is not the case, the exit barrier does not open and the possible theft of a vehicle can be prevented. 
the possible theft of a vehicle can be prevented.

Further information can be found in point 5.4 of the Code of Conduct for Garage and Car Park Operators of the Professional Association of Garages, Petrol Stations and Service Companies of the WKO.

Processing of personal data in long-term parking

If the parking operator has already concluded a parking contract with the customer, the following rules apply:
Personal data is only processed for registered customers. Depending on the parking authorisation medium, the transaction data of the individual parking processes are linked to the accruing tariffs and invoiced at the end of the billing period (mostly one month). Depending on the contractual agreement, payment is made with the means of payment deposited with Arivo. In the case of long-term parking, the licence plate number also serves as the parking authorisation medium.

In all cases where personal data are processed on the basis of an existing contract, the processing is carried out as follows:

For customers who are not entrepreneurs within the meaning of § 1 para 2 KSchG (private customers) the following applies:

Long-term parking customers conclude a long-term parking contract in the webshop provided by Arivo. In doing so, the long-term parking customer explicitly consents to the processing of his personal data within the meaning of this point. In addition, the garage operator refers to the privacy policy.

The following applies to customers who are entrepreneurs within the meaning of § 1 para 2 KSchG (corporate customers):

The customer has the option of creating user authorisations for himself or for his own employees (e.g. adding further licence plates within the scope of the contract). If the garage operator does not have any personal data about the individual user (no personalisation of the usage authorisation), no further measures are necessary. 

The data processing of the registration number is based on the explicit consent of the respective data subject within the meaning of Art. 6 para. 1 lit. a GDPR:
DThe data subject has given consent to the processing of personal data concerning him or her for one or more specific purposes;
as well as § 12 para. 2 no. 2 GDPR
Image recording is......permissible if the data subject has consented to the processing of his or her personal data,

Data protection impact assessment of licence plate recognition

A data protection impact assessment for license plate recognition is not necessary due to the rationale presented below.

With regard to the processed identifiers, there is no risk to the rights and freedoms of natural persons as a consequence, since the prescribed technical measures are designed in such a way that unauthorised access is virtually impossible and - should this nevertheless occur - the data obtained here
inadmissibly obtained data would not represent any added value. It can therefore be concluded that hacking attacks on number plate recognition systems are highly unlikely. Therefore, a data protection impact assessment does not have to be carried out for number plate recognition because the requirements of Article 35 of the GDPR are not met.