Privacy Policy

1. Who is responsible for the personal data?

The City of Stockholm (hereinafter the City) is the personal data controller and responsible for the processing of the personal data that appears in this document. Flowbird Sverige AB (hereinafter Flowbird), 556554-8293, administers Betala P services and PayEx AB (hereinafter PayEx), 556735-5671, handles the payment data, both on behalf of the City. Flowbird and PayEx act as a personal data processors and has through written contract with the City responsibility to protect the data and not to process the personal data in a way other than the City’s instruction and the contract.

2. The purpose of the treatment

The city processes your personal data in order to provide payment service for parking, Betala P, via the application and/or website. The personal data is processed for identification and/or authentication so that the City can carry out parking monitoring and the necessary administration to maintain the application's functionality and service to you as a customer.

The personal data is processed with the support of:

• the Traffic Administrations Office policy and guidelines
• the Act on municipal accounting
• the General Data Protection Regulation, Article 6.1 c. The processing is necessary to fulfill a legal obligation incumbent on the personal data controller
• freedom of the Press Ordinance (1949:105)
• the Archives Act (1990:782)
• the Publicity and Confidentiality Act (2009:400).

Personal data is saved as long as it is necessary for the purpose. Subsequently, archive and rules about personal data erasure regulate what can be deleted and what must be preserved when the personal data appears in public documents. The General Data Protection Regulation requires that personal data be archived or deleted when the purpose of the processing ceases.

If your personal data is a part of the City's public documents, the principle of public access to official records is actualized, which means that the public can request the release of public documents including the personal data. According to the Publicity and Confidentiality Act, a confidentiality assessment must always be carried out before a disclosure of a public document may take place.

3. Legal basis for the processing

There must always be a legal basis for the processing carried out by the City. In this case, the City needs to collect and process personal data, in accordance with the contract between the City and the customer, in order for the customer to be able to use the City's payment service, Betala P, for parking. The city must always obtain consent if the processing cannot be supported on another legal basis.

4. Collection and use of personal data

Personal data is data or information that can be used to identify a specific individual.

The personal data that may be processed primarily refers to information that you as a customer, directly or indirectly, provide to the City. It may concern the following personal data:

• name
• address details
• mobile phone number
• account details
• email address
• geographical location (with consent)
• registration number and location data
• other information that is necessary for the City to be able to fulfill its commitment to the customer.

In order to process the customer's payment, the City needs to obtain either card details or mobile phone number depending on the selected payment method.

The data is stored by PayEx on behalf of the City. PayEx meets strict requirements from card issuers regarding card security.

5. How is the personal data collected?

The city collects personal data from you, among other things, when you:

• register as a customer in Betala P
• use the services, applications and/or the website, and when you
• contacts the City or the supplier Flowbird.

6. Sharing of information

Part or all of the information collected when you download application or use the website may be shared with third parties only to the extent that it must be used for the operation of the services.

7. How is your personal data protected?

The City protects the customer's personal integrity. Therefore, all processing of personal data must take place in accordance with applicable law.

Your personal data is used by authorized personnel within the City and by the personal data assistant Flowbird. Flowbird's staff and consultants are bound by confidentiality that complies with applicable data protection regulations.

The City takes incidents involving personal data seriously and investigates them promptly when discovered. If it is likely that the incident poses a risk to you who are affected, the City will inform you of the incident and reports the incident to the Supervisory Authority (IMY).

8. Your rights

You can get information about your data at any time free of charge. You can also send Flowbird your request to block, correct or delete personal data stored about you. The City cannot delete information that is a part of public documents or when there is a statutory requirement for storage, such as accounting regulations, or when there are other legitimate reasons why the information must be saved. You can also withdraw your consent to collection and use of your personal data.

You have the right to request correction of your personal data from the City if the personal data is incorrect. You also have the right, upon request, to receive an extract from the register of personal data concerning you that is being processed, to object to the processing and to lodge a complaint about the processing with the Supervisory Authority (IMY). In some cases, you have the right to limit the processing. To do this, send your request to Flowbird:

betalap.stockholm@flowbird.se

Your request will be processed within 30 days.

9. How long is the personal data saved?

The City never saves your personal data for longer than necessary to fulfill the purpose of processing the personal data.

Financial information, more specifically parking receipts, is stored for 7 years in accordance with the Accounting Act (1999:1078) and destroyed thereafter.

10. How are changes to the privacy policy handled?

Changes to this privacy policy may occur. If such changes are made to the policy which means that the way the City or its personal data processor processes your personal data changes, the City will notify you of such changes via the application, website or email. For example if the City needs to collect additional personal data for specified reasons or if the processing of data for new purposes is added.

For example if the City needs to collect additional personal data for specified reasons or if the processing of data for new purposes is added.

The City recommends that you regularly read this privacy policy for the latest information on how the City and its personal data officer process your personal data.

11. Views

If you have any comments or complaints regarding the processing of personal data, you can primarily contact the City or Flowbird via:

betalap.stockholm@flowbird.se.

You also always have the right to turn to IM, You also always have the right to turn to IMY, which is the supervisory authority for the processing of personal data:

imy@imy.se