GDPR Compliance

Introduction

Quick Park is committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals located in the European Economic Area (EEA). This GDPR Compliance page explains how we handle personal data in accordance with GDPR requirements.

As a data controller, Quick Park processes personal data responsibly and transparently. This page outlines our GDPR compliance measures, your rights as a data subject, and how we protect your personal information.

Legal Basis for Processing

We process personal data based on the following lawful bases under GDPR Article 6:

Contract Performance (Article 6(1)(b))

• Account creation and user registration
• Processing bookings and payments
• Providing parking services and support
• Managing user accounts and preferences

Legitimate Interest (Article 6(1)(f))

• Improving our services and user experience
• Preventing fraud and ensuring security
• Marketing and communication (with consent)
• Legal compliance and regulatory requirements

Consent (Article 6(1)(a))

• Marketing communications and newsletters
• Location tracking for personalized services
• Cookie usage for analytics and advertising
• Sharing data with third parties for specific purposes

Legal Obligation (Article 6(1)(c))

• Compliance with tax and financial regulations
• Responding to legal requests and court orders
• Preventing illegal activities and fraud

Your GDPR Rights

As a data subject in the EEA, you have the following rights under GDPR:

Right to Access (Article 15)

• Request confirmation of personal data processing
• Obtain a copy of your personal data
• Access processing purposes and categories
• Understand recipients and retention periods

Right to Rectification (Article 16)

• Correct inaccurate personal data
• Complete incomplete personal data
• Update outdated information

Right to Erasure (Article 17)

• Delete personal data ("right to be forgotten")
• Withdraw consent for processing
• Object to processing based on legitimate interests
• Data processed unlawfully or no longer necessary

Right to Data Portability (Article 20)

• Receive personal data in structured format
• Transfer data to another controller
• Direct transfer between controllers

Right to Object (Article 21)

• Object to direct marketing
• Object to processing for legitimate interests
• Object to automated decision-making

Right to Restriction (Article 18)

• Limit processing while verifying accuracy
• Limit processing for legal claims
• Limit processing during objection assessment

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance:

• Contact: dpo@quickpark.com
• Phone: +91-80-XXXX-XXXX
• Address: Quick Park, Bengaluru, Karnataka, India
• Response Time: Within 30 days of request

Data Protection Impact Assessment

We conduct Data Protection Impact Assessments (DPIA) for high-risk processing activities:

• Location tracking and geolocation services
• Large-scale automated decision-making
• Systematic monitoring of public areas
• Processing sensitive personal data
• High-risk profiling activities

International Data Transfers

When transferring personal data outside the EEA, we ensure adequate protection:

Adequacy Decisions

• Transfers to countries with EU adequacy status
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules (BCRs)
• Approved certification mechanisms

Safeguards

• Encryption and pseudonymization
• Technical and organizational measures
• Regular compliance audits
• Data minimization practices

Data Breach Notification

In case of a personal data breach, we follow these procedures:

Notification Timeline

• Supervisory Authority: Within 72 hours
• Data Subjects: Without undue delay
• Internal Documentation: Immediate breach logging

Breach Assessment

• Risk evaluation to rights and freedoms
• Impact assessment and mitigation measures
• Communication plan for affected individuals
• Preventive measures for future incidents

Privacy by Design

We implement privacy by design principles in all our processes:

• Data minimization and purpose limitation
• Privacy settings and user controls
• Transparent data processing practices
• Regular privacy impact assessments
• Security measures integrated into design
• User consent and preference management

Automated Decision-Making

Our use of automated decision-making is limited and transparent:

• Fraud detection algorithms (with human oversight)
• Personalized recommendations based on usage patterns
• Dynamic pricing based on demand and availability
• Risk assessment for account verification

You have the right to obtain human intervention, express your point of view, and contest automated decisions.

Children's Data Protection

Special protections for children's personal data:

• Services not directed at children under 16
• Parental consent required for users under 16
• Age verification processes
• Simplified privacy notices for children
• Special safeguards for data processing

Supervisory Authority

For GDPR-related complaints or concerns, you can contact your local supervisory authority. For users in India, you may also contact:

• Data Protection Board of India
• Email: dpb@meity.gov.in
• Website: www.meity.gov.in

How to Exercise Your Rights

To exercise your GDPR rights, please contact us:

Contact Methods

• Email: gdpr@quickpark.com
• Online Form: Available in your account settings
• Phone: +91-80-XXXX-XXXX (GDPR inquiries)
• Mail: Quick Park GDPR Team, Bengaluru, Karnataka, India

Response Timeline

• Initial Response: Within 1 month
• Complex Requests: Up to 3 months (with notification)
• Free of Charge: Basic requests at no cost
• Reasonable Fee: Only for excessive or unfounded requests

Updates to This Notice

We regularly review and update our GDPR compliance practices. Changes to this notice will be:

• Posted on our website with clear version history
• Notified to users via email or in-app notifications
• Communicated at least 30 days before taking effect
• Available in all EU languages where required