Personal Data Processing Statement – Parking Policy

The Capital City of the Slovak Republic Bratislava, with its registered office at Primaciálne námestie No. 1, 814 99 Bratislava, ID No.: 00 603 481 (hereinafter referred to as the „Capital City“) s the data controller, processes your personal data only on the basis of legal conditions, in accordance with the Regulation¹ and the Personal Data Protection Act². When processing personal data, you are the data subject, i.e. the person about whom the personal data relating to you is processed. This statement applies only to the Parking Policy and supplements the general information on the processing of personal data by Capital City a Municipal Police (hereinafter referred to as „General Information“).

Details of the purposes of the processing of personal data

The primary purpose of processing personal data in the framework of the parking policy is „implementation of the parking policy of the Capital City“. This processing purpose includes all processes, agendas and processing activities carried out by the Capital City to achieve this purpose, in particular:

Issuing of parking cards, processing of all related applications and recording of all data within the ParkSys system;
Operation of the information system “ParkSys“;
Communication with the persons concerned regarding the parking policy (including sending SMS messages);
Carrying out parking controls and passing on information to the Municipal Police (with regard to offence proceedings, the agenda of fines and/or towing of vehicles, we refer to the General Information, as it is not part of this purpose);
Provision of customer service, one point of contact and communication especially in case of damage detection;
Management and operation of the informational website www.paas.sk;
Cooperation with mobile applications through which it is possible to purchase parking tickets (a list of which can be found at https://paas.sk/platba/).

The Capital City cooperates with processors pursuant to Article 28 of the Regulation to whom your personal data is provided and/or who obtain it directly from you, to the extent necessary for the implementation of the Capital City’s parking policy.:

– ParkDots s.r.o., with registered office at Pribinova 40, 811 09 Bratislava – Ružinov district, ID No.: 55 477 232, incorporated in the Commercial Register of the Municipal Court Bratislava III, Section Sro, Insert No. 169827/B; it provides the information system “ParkSys”, through which the applicant for the issuance of parking cards registers (until 1 July 2023, the services were provided by PosAm, spol. s.r.o.),
– the company Mestský parkovací systém, spol. s r.o., with its registered office at Primaciálne nám. 1, 811 01 Bratislava, ID No.: 35 738 880 (hereinafter also referred to as “MPS”); the company is established by the resolution of the City Council of the Capital City of the Slovak Republic Bratislava No. 516/1997 of 15.4.1997, with 100% equity participation of the Capital City of the Slovak Republic Bratislava. The company provides common, unified, complex communication in matters of parking policy; it provides services of registration of users to the information system, services at contact points, telephone support services, or other related services,
municipal districts of Bratislava – Staré mesto, Nové Mesto, Ružinov a Rača; which provide the services of a contact point for applications for the issue of parking permits;
companies that operate mobile apps through which parking tickets can be purchased (a list of which can be found at https://paas.sk/platba/);
companies that operate the physical stores through which parking tickets can be purchased;
security service providers providing protection against DDoS attacks in relation to the ParkSys web application /www.paaas.sk (Cloudflare, Inc.)

In addition, personal data are processed for “statistical purposes” in the regime of Article 89 of the Regulation in the framework of the parking policy. This processing means that the personal data is anonymised and in this anonymised form serves the analytical needs of the Capital City. Other purposes of the processing arise from the General Information and may in some cases also concern the data subjects to whom this declaration is addressed. These other purposes are purposes compatible with the original purpose pursuant to Article 6(4) of the Regulation and are directly related to the parking policy of the Capital City, in particular in connection with towing, road maintenance; changes to traffic signs; contact by Capital City employees, including the Municipal Police of the Capital City of Bratislava; the management and processing of the offence and its notification to the offender in view of the institute of strict liability. These purposes are in particular the following, which can be found in the General Information:

Hearing and investigation of offences within the jurisdiction of the Capital City;
Removal of vehicles from locations where they damage or endanger the environment or interfere with the aesthetic appearance of the municipality or a specially protected part of the nature and landscape;
Exercise of control over local roads; or.
Litigation.

Below you will find a more detailed explanation of the selected activities within the purpose of the implementation of the parking policy of the Capital City.

Issuing a parking card

In order to simplify access to the services of the Capital City, it is possible to use electronic services through which you can apply for a parking card via the website www.paas.sk. Details on the types of parking card, the documents necessary for its issuance and the scope of personal data are in the General Binding Regulation of the Capital City No. 6/2023 of 25 May 2023 on Temporary Parking of Motor Vehicles and the Operating Regulations. The provision of these services and the actual implementation of the parking policy by the Capital City is in the public interest pursuant to Article 6(1)(e) of the GDPR Regulation, according to which “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”.

The processing of personal data in the public interest is governed in particular by the following legislation:

Act of the Slovak National Council No. 377/1990 Coll. on the Capital City of the Slovak Republic Bratislava,
Act No 135/1961 Coll. on Roads (Road Act), as amended, including the National Vehicle Register,
General Binding Regulation of the Capital City No. 6/2023 of 25 May 2023 on temporary parking of motor vehicles,
STATUTE OF THE CAPITAL CITY OF BRATISLAVA, as amended by Appendices Nos 1 to 23,
Act No 177/2018 Coll. on certain measures to reduce the administrative burden through the use of public administration information systems and on amending and supplementing certain acts (Anti-Bureaucracy Act),
Act No. 305/2013 Coll. on the electronic form of exercising the powers of public authorities and on amending and supplementing certain acts (Act on e-Government),
Act No. 162/1995 Coll., the Act of the National Council of the Slovak Republic on the Cadastre of Real Estate and on the Registration of Ownership and Other Rights to Real Estate (the Cadastre Act) – verification of the apartment number (when the number of parking cards per one apartment is limited; verification of ownership of real estate in the case of subscription cards),
Act No. 253/1998 Coll. on reporting the residence of citizens of the Slovak Republic and the population register of the Slovak Republic,
Act No. 272/2015 Coll. on the Register of Legal Entities, Entrepreneurs and Public Authorities and on Amendments and Additions to Certain Acts,
Act No. 125/2015 Coll. on the Register of Addresses and on Amendments and Additions to Certain Acts,
Act No. 404/2011 Coll. on the residence of foreigners and on amendments and supplements to certain acts, as amended,
Decree of the Minister of Foreign Affairs No. 157/1964 Coll. on the Vienna Convention on Diplomatic Relations.

If you are registering a legal entity or a natural person – entrepreneur (hereinafter collectively referred to as “legal entity”), your personal data will be processed together with information relating to the registered legal entity to the extent necessary for the issuance of the relevant parking card. At the same time, this personal data will be processed to the extent and under the conditions related to the e-services as well as for the purposes set out below.

The personal data will be processed in order to ensure the necessary contact and communication with the legal entity or to verify the authorisation to act on behalf of the legal entity. The collection and provision of contact data of natural persons who communicate on behalf of legal persons is based on the legitimate interest of the controller to ensure proper communication in the provision of services, as well as in the public interest in accordance with the legislation governing the activities, performance of tasks and powers of the Capital City.

Personal data will be stored for 3 years from the expiry of the resident card, subscriber card, discount parking card or visitor card, bonus card and parking ticket. Personal data may be disclosed to an authorised public authority, auditor and/or intermediary; for the purpose of data verification, they are disclosed to the public authorities operating the registers, in accordance with the law.

Customer service

The aim of the Capital City is to ensure a high standard of services and to continuously improve their quality. That is why it processes personal data of the data subjects – holders of one of the parking cards, in connection with various questions, complaints, grievances, receives suggestions for improvement of the provided services. As part of the provision of customer service, among other things, we operate a call centre through the services of MPS.

Operation of the information system ParkSys

The Capital City has developed and adapted a special information system ParkSys, which it uses for the purposes of implementing the parking policy. The existence of this system is directly foreseen by the general binding regulation of the Capital City No.6/2023 of 25 May 2023 on the temporary parking of motor vehicles (hereinafter referred to as „VZN 6/2023“) in a number of provisions, as well as Operating rules . According to these documents, both the parking card and the parking ticket take the form of an electronic record in the information system, which is defined as: „information system of the operator (“ParkSys“) – information system ordered by the Controller and provided as an electronic service by a third party for the purpose of implementation of parking policy rules on the territory of the capital city of Bratislava in accordance with the Decree..“ The information system is developed and managed for the Capital City by ParkDots, s.r.o. (formerly PosAm, s.r.o.), which acts as an agent of the Capital City pursuant to Article 28 of the GDPR.

Operation of Mobile app

For the avoidance of any doubt, the Capital City does not operate the ParkDots mobile app or any other parking-related mobile apps that are operated by third parties (a current list of which is available here: https://paas.sk/platba/). These companies generally act as independent controllers, but to a certain extent they also carry out processing operations on behalf of the Capital City as our processors on the basis of contracts concluded pursuant to Article 28 GDPR and instructions pursuant to Article 29 GDPR. The Capital City cooperates with these companies and exchanges data on purchased parking tickets as well as related payments with them. As a result, it is possible to purchase a parking ticket from these providers without the risk of a block fine, while the persons concerned enter into a contractual relationship with these companies. This procedure is directly provided for in Article 6(1)(a) of Decree 6/2023: „The parking ticket can be purchased via (a) the web interface, including the mobile app.“ ParkDots s.r.o. is at the same time the intermediary of the Capital City also in the level of operation and administration of the ParkSys information system (as mentioned above).

General information on the processing of personal data

The capital has a designated person in charge: Mgr. et Mgr. Bruno Konečný

Contact details of the responsible person: [email protected] alt. by mail: Zodpovedná osoba Hlavného mesta SR Bratislavy, Primaciálne námestie 11, 814 99 Bratislava.

Legal basis

If we are talking about the fulfilment of legal obligations, this is the fulfilment of obligations laid down in specific legislation in accordance with Article 6(1)(c) of the Regulation. If we say that the processing is carried out in the public interest, it is the performance of tasks and authorisations where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller by specific legislation, in accordance with Article 6(1)(e) of the Regulation. We rely on both legal bases (i.e. the performance of legal obligations and public interest pursuant to Article 6(c) and (e) of the Regulation) simultaneously in order to achieve the aforementioned purpose of processing (i.e. the implementation of the parking policy of the Capital City). In particular, the Capital City performs the following tasks carried out in the public interest within the meaning of Article 6(1)(e) of the Regulation:

Operation of the information system “ParkSys“;
Extraction of personal data from public registers;
Automated assessment of applications for parking permits within the “ParkSys” system“;
Automated event evaluation and reporting to users;
Carrying out parking controls and passing on information to the Municipal Police;
Provision of customer service, single points of contact and communication, particularly in the event of damage being detected;

Management and operation of the information website www.paas.sk;
Cooperation with mobile applications through which it is possible to order a parking ticket..

The above-mentioned tasks in the public interest are related to the fulfilment of the general obligations of the Capital City according to special regulations. These obligations include, for example, the obligation to ensure the maintenance, passability and accessibility of local roads of 1st and 2nd class and public spaces not entrusted to the administration of the municipal district pursuant to Section 6a(2)(d) of Act No.377/1990 Coll. on the Capital City of the Slovak Republic Bratislava and to ensure public order on streets and other public spaces pursuant to Section 6a(2)(d) of Act No.377/1990 Coll. on the Capital City of the Slovak Republic Bratislava and to ensure public order on streets and other public spaces pursuant to Section 6a(2)(d) of Act No. 377/1990 Coll. on the Capital City of the Slovak Republic Bratislava through the implementation of the parking policy adopted on the basis of the powers provided for in § 3 (2) and § 6a of Act No. 135/1961 Coll. on Land Roads (Road Act). The Roads Act authorises us to exercise local state administration in matters of local roads and special purpose roads and empowers us to designate, for the purposes of organising traffic, by general binding regulation (GOR), sections of local roads for temporary parking of motor vehicles. The Roads Act also requires the Ordinance to provide for the manner in which parking spaces are to be provided, the amount of the charge for temporary parking of motor vehicles, the manner of payment and the manner of proof of payment. In carrying out the above public interest tasks, we therefore rely directly on Regulation 6/2023 and the Temporary Parking Operating Regulations.

Rights of data subjects

When processing personal data, you are the data subject, i.e. you are the person about whom the personal data is being processed. As a data subject, you have the right to exercise your rights relating to the processing of personal data. If necessary, the controller may ask you to provide additional information concerning your identity, in accordance with Article 12(6) of the Regulation. The purpose of identity verification is to prevent unauthorised persons from accessing personal data.

Right of access to personal data

You have the right of access to your personal data and the right to obtain confirmation of whether personal data is being processed about you. If personal data is being processed about you, you have the right to be informed within the scope of this policy and to have access to your personal data. You have the right to be provided with a copy of the personal data we hold about you, as well as information about how we use your personal data. In most cases, your personal data will be provided to you in written paper form, unless you request a different method of disclosure. If you have requested this information by electronic means, it will be provided to you electronically where technically possible. If you repeatedly request the provision of your personal data to the same extent, the controller may charge you a reasonable fee corresponding to the administrative costs.

Right to rectification

You have the right to rectification of personal data processed about you if it is incorrect or inaccurate. It is very important for the controller to have the correct information about you. Therefore, if you find that the information we hold about you is incorrect, inaccurate or incomplete, please notify us and ask for your data to be rectified (e.g. change of residence, change of contact, change of surname in case of marriage, etc.). We will then correct/complete the data without undue delay.

Right to erasure

If we process personal data about you in an unlawful manner, e.g. for longer than necessary or unreasonably, you have the right to have it erased (“right to be forgotten”).

Right to restrict processing

If you request the rectification of your personal data or object to the erasure of your personal data, if the processing is unlawful, or if the controller no longer needs the personal data for its purposes but you may need it to establish or defend legal claims, or if you have objected to the processing of your personal data on other grounds, we will restrict the processing of your personal data for as long as it is possible to resolve the matter.

Right to object

In particular, we would like to point out that as a data subject you have the right to object on grounds relating to your particular situation to processing based on legitimate or public interest pursuant to Article 6(1)(e) and (f) of the Regulation, including profiling. You also have the right as a data subject to object to the processing of personal data for direct marketing purposes, including profiling (see General Information).

In relation to parking policy, the Capital City relies on the legal basis of the fulfilment of a task carried out in the public interest under Article 6(1)(e) of the Regulation. In such cases, we can only continue to process them if we can demonstrate compelling legitimate grounds that outweigh your interests, rights and freedoms. However, we may process your personal data whenever necessary for the establishment, exercise or defence of legal claims. We have carefully considered the overriding public interest pursued in relation to the parking policy.

Right to withdraw consent

You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of the processing of personal data until it is withdrawn. Withdrawal of consent does not automatically imply the destruction of personal data (see right to erasure). The Capital City does not rely on the consent of the data subject for the implementation of the parking policy. For completeness, we do not consider setting user contact preferences to be consent, and changing these preferences does not affect the processing of contact information that we carry out on the basis of the other legal bases set out above.

Right to data portability

You have the right to obtain the personal data that you have provided to the controller in a structured, commonly used and machine-readable format, and you have the right to transfer this data to another controller, provided that the processing is carried out by automated means and the legal basis is the performance of a contract or consent pursuant to Article 6(1)(a) and (b) of the GDPR. These conditions due to another legal basis are not fulfilled for the parking policy.

Right to lodge a complaint

If you wish to make a complaint about the way in which your personal data is processed, including the exercise of the rights set out above, please contact us at the address set out at the head of this document. You can exercise your rights by contacting the Data Controller and/or you can contact the Responsible Person. We will properly investigate all your suggestions and complaints.

You also have the right to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, located at Hraničná 12, 820 07 Bratislava 27, Slovak Republic (www.dataprotection.gov.sk).

Source of personal data

In the context of the parking policy, the Capital City collects personal data primarily from data subjects through applications for a parking card or through the purchase of a parking ticket. These data may also be collected through the Capital City’s authorised agents (listed above). In addition, the ParkSys system also draws personal data from the organisation Interested Association of Legal Entities – DataCentrum elektronizácie územnej samosprávy Slovenska (DEUS), ID No.: 45 736 359 (hereinafter referred to as „DEUS“), on the basis of a joint controllers’ agreement concluded pursuant to Article 26 of the GDPR. DEUS has a specific status under the e-Government Act, allowing local authorities to use data from various public registers in the performance of their own tasks related to the parking policy of the Capital City through integrations of the Information System Data Centre of Municipalities and Cities (hereinafter referred to as „IS DCOM“). When verifying the accuracy and truthfulness of the personal data provided in your application for a parking card, the Capital City uses DEUS and IS DCOM as a source of additional personal data, which obtains personal data from a number of public registers, including the cadastre of immovable property. (Controller: Úrad geodézie, kartografie); registration of motor vehicles (Controller: Ministerstvo vnútra SR); register of natural persons (Controllerľ: Ministerstvo vnútra SR); register of legal persons (Controller: Štatistický úrad SR); address register (Controller: Ministerstvo vnútra SR), register of issued disability cards (Controller: ÚPSVaR SR), verification of electronic identity via the Central Portal of Public Administration (operated by the National Agency for Network Industries and Electronic services) The data from these registers is necessary for the primary purpose of verifying residence, ownership of the property or vehicle and other conditions for the issuance of a parking card.

The data from the above registers are obtained by the Capital City through the interaction of the municipal parking system (ParkSys) with the DCOM IS to the extent necessary, which mainly includes only common categories of personal data of the data subjects concerning their basic identification, residence or relationship to the real estate in the parking zone, or possession of a motor vehicle to be parked in the parking zone. The only information that may constitute a special category of personal data revealing health data is data on whether a particular applicant for a discounted parking permit has been issued with a severely disabled person’s badge, including data on its temporal validity.

Categories of personal data

Within the framework of the parking policy, the Capital City primarily processes the data that the user fills in when registering in the ParkSys system and provides in the application for a parking card. This includes, but is not limited to, the following information: email and password in encrypted form, telephone number, first and last name, home or work address, birth number, motor vehicle registration number, payment card details, other information enabling verification of the relationship to the vehicle and property, which we also verify through other public registers (see section – source of personal data) or other contextual data necessary for the assessment of the application and/or entitlement (e.g. disability card number, etc.).

When a parking ticket is purchased, a smaller range of data is processed, in particular the vehicle registration number, the time, place of parking, parking fees and other data within the scope of the parking ticket issued.

As part of the parking control, the Capital City primarily verifies the eligibility of parking through the vehicle registration number. In the event of an initial finding of parking ineligibility, data are collected which give rise to administrative liability for the offence (serving as evidence), which constitutes processing of personal data relating to a plea of guilty to a criminal offence or an offence under Article 10 of the Regulation. The processing in question is permitted by several legal provisions and is mainly related to the activities of the Capital City Police (we refer to the General Information).

Recipients of personal data

The Capital City takes an approach to minimise the disclosure of personal data to third parties and other recipients. The primary recipients of your personal data are the authorized agents of the Capital City listed above. In addition, parking permit and payment data is exchanged with mobile app operators, a current list of which is provided at this link: https://paas.sk/platba/.

Your personal data may also be disclosed to our employees who have been instructed pursuant to Article 29 and Article 32(4) of the GDPR and who have been bound by an obligation of confidentiality in relation to your personal data, if we have granted them access to the relevant systems in accordance with the concept of standard data protection, to the extent that they strictly need to do so in order to carry out their work tasks related to the enforcement of the parking policy of the Capital City.

Retention period

In general, we process personal data for the purpose of implementing the parking policy for a period of 3 years from the expiry of the parking card or parking ticket. This period is mainly related to the general limitation period and the possibility of retrospective parking control by the municipal police. This general retention period may be extended or shortened in specific cases and does not apply to retention periods in relation to other processing purposes (see General Information). Personal data to the extent of purchase history and tax receipts may be kept longer if the user / data subject so requests.

Joint Controllers

The Capital City also processes personal data in the capacity of a joint controller together with DEUS, with which it has an agreement pursuant to Article 26 of the Regulation. DEUS Controll the DCOM information system for municipalities and cities, through which the ParkSys information system is integrated with public registers. The main parts of the joint Controller’ agreement include:

Independent handling of requests from the persons concerned;;
Separately informing data subjects on their websites;
The possibility for data subjects to exercise their rights with any joint controller;

Mutual obligation of the joint controllers to inform each other of such requests and agreement to cooperate with each other in complying with their obligations under the Regulation and the Act;
Separate responsibility for further processing of personal data (beyond integration);
Separate liability for damages and non-pecuniary harm;
Cooperation of the responsible persons of the joint controllers in dealing with security incidents.

Voluntary provision of data

The provision of your personal data when applying for a parking card is a prerequisite for the issue of a parking card and an obligation for the data subject when applying for a parking card. This provision of data is also provided for in the VZN 6/2023, which governs the parking policy as well as the operating regulations issued by the Capital City on the basis of Article 3(2) of VZN 6/2023: „In order to issue a parking card, the applicant is obliged to provide the Controller with information and prove the facts that are decisive for the issuance of the parking card; the details are regulated by the operating regulations.“ As the Ordinance 6/2023 is a general binding regulation, it is a legal/legal obligation to provide data when applying for a parking card. However, the person concerned is not obliged to apply for a parking card. When purchasing a parking ticket, there is a similar obligation to provide basic information identifying the vehicle, parking location, time and payment details. The person concerned shall be obliged to have a parking ticket purchased under the conditions laid down in other legislation. Failure to provide the required personal data shall result in the impossibility of processing the type of parking ticket you have requested or making a valid payment for a parking ticket for temporary parking in designated parking zones. The consequence of parking your vehicle in a parking zone of the Capital City without payment of a parking ticket or a valid parking card may result in your being sanctioned by way of a fine or towing of your vehicle.

Cross-border transfers

Capital City may engage in a cross-border transfer of personal data to the U.S. as an exporter as a result of Cloudflare, Inc.’s implementation of security services on our www.paas.sk website, with Cloudflare, Inc. serving as the importer of data from visitors and users of our website. We provide you with the following information in relation to this cross-border transfer:

Contractor:	Cloudflare, Inc.
Privacy Policy:	https://www.cloudflare.com/privacypolicy/
Appropriate specific legal safeguards:	New type of standard contractual clauses approved by European Commission Decision (Module 2) and supplementary measures: Guaranteed in the Cloudflare Data Protection Addendum (see Annex 2) FAQs also responding to the need to take additional measures to secure transfers to the US, Transparent reports on access by public authorities to the data transferred.
Adequacy decision pursuant to Article 45 GDPR:	Yes, refers to Cloudflare, Inc. The data importer’s enrollment in the EU-US Data Privacy Framework can be verified here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnZKAA0&status=Active European Commission Decision on the EU-US Data Privacy Framework_en.pdf (europa.eu)

Otherwise, the Capital City does not directly transfer your personal data to third countries (outside the EU/EEA) and does not directly contract any suppliers based outside the EU/EEA. However, the Capital’s authorised sub-contractors (i.e. suppliers of data processors) may be located, have established offices or hosted servers in third countries, which is particularly common in relation to the leading reputable cloud storage services that support the operation of the ParkSys information system. These are located in the United States of America specifically in the context of using Microsoft Azure. Please see below for further information regarding transfers:

Sub-contractor:	Microsoft Corporation
Privacy Policy:	https://privacy.microsoft.com/en-us/privacystatement
Appropriate specific legal safeguards:	Microsoft has entered into a Data Protection Addendum for Online Services dated December 9, 2020 and a Data Protection Addendum for Microsoft Products and Services dated December 15, 2020 with the Capital Agent. September 2021, under which Microsoft undertakes to provide adequate safeguards through the standard contractual data protection clauses adopted pursuant to European Commission Decision 2010/87/EU (“SCC”) and has also contractually committed to comply with the obligations under the new type of SCC (P2P Module 3), declaring them between Microsoft Corporation and Microsoft Ireland Operations Limited v DPA as well as other additional measures: information regarding the transfer of personal data to the US on the use of SCCs information enforcement reports an agreed Code of Conduct for cloud computing providers í Approved Code of Conduct for cloud computing providers.
Adequacy decision pursuant to Article 45 GDPR:	Yes, it applies to Microsoft Corporation. The data importer’s entry in the EU-US Data Privacy Framework can be verified here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000KzNaAAK&status=Active Rozhodnutie Európskej komisie k EU-US Data Privacy Framework_en.pdf (europa.eu)

Automated individual decision-making

The Capital City carries out automated individual decision-making within the meaning of Article 22 of the GDPR through the information system “ParkSys”, which may have legal effects on the data subjects or may affect them in a similarly significant way. This is an automated assessment of eligibility for a specific parking card. However, this decision-making is directly foreseen in point 5.4(4) of the Operating Regulations of the Parking Policy, according to which:

„Unless otherwise specified, the assessment of the eligibility of a claim for a specific parking card against the conditions for its issue shall be carried out in the information system of the operator by verifying the data in the relevant electronic registers. In the event of successful verification, the application for a parking card shall be automatically approved. In selected cases, it is necessary to provide additional documents in the form of a scan via the electronic interface (user account management) or in person at the contact point. In these cases, the application will be approved manually.”

This means that the decision-making in question is directly permitted within the meaning of Article 22(1)(b) of the Regulation and the right under Article 22(1) of the Regulation does not apply. Nevertheless, the manual assessment of the application is part of the process, which citizens may request.

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (the “Regulation” or “GDPR”)

Act No. 18/2018 Coll. on the Protection of Personal Data.

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (the “Regulation” or “GDPR”)
Act No. 18/2018 Coll. on the Protection of Personal Data.