This privacy declaration (hereinafter referred to as "Application Privacy Declaration") is applicable to the workplace management application developed by Commuty, a public limited company, having its registered seat at rue Louis de Geer 6, 1348 Ottignies-Louvain-la-Neuve, registered in the register of legal entities of Brabant Walloon under enterprise number 0556.631.530 (“Commuty”), on web and mobile, to (i) optimize the parking usage through smart parking management, (ii) organise and incentivise alternative mobility for employees, and book any shared resource in the workplace, (hereinafter the "App").
This Application Privacy Declaration includes information about the personal data collected by Commuty when you use the Application, on basis of the instructions provided by your employer or the person or entity managing the resource you would like to access (the “Data Controller”), as well as the way Commuty processes this personal data.
This Application Privacy declaration must be considered a complement of the Data Controller privacy policy, or any other relevant documentation shared by them, if any.
Types of personal data
The following personal data may be processed by Commuty after being provided either by you or by the Data Controller directly. Personal data that Commuty processes mostly depend on which features are enabled or the decisions taken by the Data Controller.
Common personal data:
- Primary Email
- A Secondary Email on which they can receive notifications (optional)
- First name
- Last name
- Phone number (optional)
- Profile picture (optional)
- Preferred language
- Personal address (can be the city only), (optional or mandatory depending on enabled features and/or the decision of the Data Controller to make it mandatory or not)
- Company (optional)
Parking:
- License plate (optional or mandatory, depending on enabled features and on the decision of the Data Controller)
Mobility data:
- Multiple home-work trips
- Departure-Return hours (optional)
- Car availability (optional)
- Commutes
- Out of office days (optional)
Commuty also automatically collects anonymous information regarding your use of the Application (for example, Commuty automatically logs which sections of the Application you visit). We cannot identify you through these data, but it allows to draw up statistics regarding the use of the Application.
Methods of personal data collection
These personal data are collected in the context of:
- Creating an account for the Application
- Your use of the Application, whether or not using a mobile device
- The verification of your identity (e.g. when you contact customer support of Commuty)
- Incoming and outgoing correspondence concerning the Application
- If your Data Controller has subscribed to the feature "Open a barrier using Bluetooth Low Energy", on Android only, Android collects location data to enable the proximity Bluetooth scanning. This location is only used locally, never transmitted to Commuty or any other service, and never stored anywhere.
Use of personal data
As Commuty acts as a Data Processor, Commuty only processes Personal Data for the purposes specified by the Data Controller it works for (e.g. your employer).
Generally, we are instructed to handle Personal Data for the following purposes:
(i) to provide you the Application and the related services;
(ii) to provide support/assistance (e.g. in case of problems);
(iii) to provide reports as to the use of the Application in general;
(iv) to provide statistics;
(v) to respect specific legal obligations.
In other terms, we are generally processing your personal data as part of the execution of the contract existing between you and the Data Controller (art. 6, §1, (b) of the GDPR), to comply with legal obligations (art. 6, §1, (c) of the GDPR) or for the purposes of the legitimate interests pursued by the Data Controller or by a third party (art. 6, §1, (f) of the GDPR) (e.g., implementing an effective and sustainable mobility policy). Other legal bases may however apply (e.g., your consent when you decide to provide optional personal data) and you will find more information through the privacy documentation of the Data Controller.
Disclosure of personal data to third parties
Your personal data shall not be disclosed to third parties, unless it is necessary in the context of providing the services and optimising them (including but not limited to maintenance works, payment processing, database management). In any such case, the third party is required to use your personal data in accordance with the provisions of this Application Privacy Declaration and the applicable legal provisions (such as the general data protection regulation).
Notwithstanding the foregoing, it is however possible that the Data Controller or Commuty discloses your personal data:
- To the competent authorities (i) if the Data Controller or Commuty is obliged to do so under the law or under legal or future legal proceedings and (ii) to safeguard and defend our rights;
- If the Data Controller or Commuty, or the majority of its assets, are taken over by a third party, in which case your personal data may be one of the transferred assets.
Storage of personal data
Unless a longer storage period is required or justified (i) by the law or (ii) through compliance with another legal obligation, Commuty shall only store your personal data for the period necessary to achieve and fulfil the purpose of use in question, as specified in the Application Privacy Declaration under ‘Use of personal data’, being the duration of the collaboration between Commuty and the Data Controller save for some specific personal data for which the period shall be shorter:
- three (3) months for visitors or other individuals who do not have an account on the Application ;
- twelve (12) months for some historical data such as calendar events ;
- the duration of your account on the Application.
Security of personal data
Commuty undertakes to take reasonable, physical, technological and organisational precautions in order to avoid (i) unauthorised access to your personal information, and (ii) loss, abuse or alteration of your personal data.
Commuty shall store all personal data which it has collected in the cloud, in a secured space fulfilling high level security obligations. Notwithstanding Commuty security policy, the checks it carries out and the actions it proposes in this context, an infallible level of security cannot be guaranteed. Since no method of transmission or forwarding over the internet, or any method of electronic storage is 100% secure, Commuty is, in this context, not in a position to guarantee absolute security.
Finally, the security of your account will also partly depend on the confidentiality of your password in obtaining access to the Application. Commuty will never ask for your password, meaning that you will never be required to communicate it personally. If you have nonetheless communicated your password to a third party – for example because this third party has indicated that it wishes to offer additional services - this third party shall have access to your account and your personal data via your password. In such cases, you are liable for the transactions which occur as a result of the use made of your account. Commuty therefore strongly advises you, if you observe that someone has accessed your account, to immediately change your password
Your privacy rights
In light of the processing of your personal data, you enjoy the following privacy rights:
- Right of access to personal data processed by Commuty;
- Right to rectification, completion or update of your personal data;
- Right to delete your personal data (‘right to be forgotten’) (it being understood that certain services will no longer be accessible and/or can no longer be provided if you request deletion of certain required personal data);
- Right to limit the processing of your personal data;
- Right to transferability of your personal data;
- Right to object to/oppose the processing of your personal data.
If you wish to invoke your privacy rights, please and visit the privacy page:
- On the Commuty web application: open https://app.commuty.net/settings/privacy in a web browser
- On the Commuty mobile application: in My account > Privacy
In addition, you can always, via your personal account, update, modify and/or verify your personal data which you were required to submit when creating your account.
Update Application Privacy Declaration
Commuty is entitled to update this Application Privacy Declaration by posting a new version on the Application. However, an adaptation of this Application Privacy Declaration can never lead to significant changes in the way personal data are being processed by Commuty.
Other websites
The Application may potentially contain hyperlinks to other websites. When you click on one of these links, you may be redirected to another website or internet source that could collect information about you through cookies or other technologies. Commuty does not bear any responsibility, liability or control authority over these other websites or internet resources, nor about their collection, use and disclosure of your personal data. You must check the privacy declarations of these other websites and internet sources in order to be able to judge whether they act in accordance with applicable privacy legislation.
Contacts
If you have questions about this Application Privacy Declaration, or the manner in which Commuty collects, uses or processes your personal data, please contact us:
- Via e-mail: support@commuty.net or
- Via post: 6, Rue Louis de Geer, B-1348 Louvain-La-Neuve
You can also always contact the Data Controller (and in particular their data protection officer if one was appointed).
Issue a complaint
In case you are not satisfied with the way Commuty handled your questions and/or remarks or have any complaints about the way Commuty collects, uses and and/or processes your personal data, note that you have the right to lodge a complaint with the Data Protection Authority, either directly on their website (https://www.autoriteprotectiondonnees.be/) or via post at the attention of the Data Protection Authority, rue de la Presse - Drukpersstraat 35, 1000 Brussels.