Privacy and Personal Data Protection Policy

Version of 01 October 2024

Table of Contents

  1. Preamble and Scope of Application
  2. Data Controller of Personal Data
  3. Personal Data Collected and Processed by Yespark
  4. Purposes and Legal Bases for Processing Personal Data
  5. Communication of Personal Data to Third Parties
  6. Transfer of Personal Data outside the European Union
  7. Security of Personal Data
  8. Your Rights

We invite you to carefully read this Privacy and Personal Data Protection Policy (hereinafter the "Policy").

For any questions about the Policy and, in general, about the collection and processing of your personal information by Yespark, please do not hesitate to contact us via the following email address: [email protected].

Preamble and Scope of Application

When you:

  • Access and use the Site www.yespark.frand/or the Application (hereinafter together the "Platform"),
  • Subscribe to one of our Services for parking and/or recharging of light vehicles and motorized two-wheelers,
  • Submit a contact request or appointment request,

you entrust us with certain data and information, including data that allows us to identify you or make you identifiable (e.g., name, email, copy of an identity document) which constitute "Personal Data".

Yespark is committed to allowing you to use the Platform and Services with complete confidence and to protect your Personal Data.

The Policy aims to define the rules applicable to the collection and processing of your Personal Data. It applies to users of the Platform regardless of their category: professional owner, social lessor, private owner, user (professional or non-professional) of parking and/or vehicle recharging Services, visitor of the Site.

The current Policy of Yespark is the one accessible on the Platform at the date of your connection to it. It may be modified at any time by Yespark, for the purpose of updating, or in accordance with developments in current regulations.

Any modification to this Policy will be notified to professional owners, social lessors, private owners, users (professional or non-professional) of parking and/or vehicle recharging Services.

Data Controller of Personal Data

The processing of Personal Data is subject to French law, in particular to Law No. 78-17 of January 6, 1978 as amended relating to data processing, files and freedoms, as amended (known as the Data Protection Act), as well as to EU Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter the "GDPR").

The "Data Controller" of the Personal Data collected and processed on the Platform is the company Yespark, a simplified joint-stock company (SAS), registered with the Paris Trade and Companies Register under number 801 558 495 and whose registered office is located at 10 rue de Penthièvre, 75008 Paris, France.

Personal Data Collected and Processed by Yespark

  • Data relating to your identity (name, first name, telephone number, email address, postal address, billing details, copy of a valid identity document, K Bis extract and/or registration in the SIRENE directory);
  • Data relating to your banking information;
  • Data relating to your vehicles, including the license plate number;
  • Data relating to the management of your contract(s) with Yespark, including your invoices;
  • Your communication preferences and your login data to the Platform (see our Cookie Policy).

Purposes and Legal Bases for Processing Personal Data

Yespark only collects your Personal Data for specific, explicit, and legitimate purposes.

Yespark undertakes that your Personal Data collected in this context will only be processed for the purposes described below and limited to those strictly necessary and relevant to these purposes.

Each processing of Personal Data by Yespark is based on one of the legal bases provided for in the GDPR and described below.

In addition, Personal Data is retained only for the duration necessary for the purposes pursued; a longer retention period is possible when it results from a legal or regulatory obligation to which Yespark is subject.

In order to guarantee perfect transparency regarding the purposes, legal bases for processing, and retention periods applied within Yespark, you will find below an explanatory table:

Purpose(s) of the processing Applicable legal base(s) Retention period(s)
Conclusion, management, and execution of the subscribed contract(s), including the establishment of Services, billing, management of complaints and disputes The processing is necessary for the conclusion, execution, and legal security of the subscribed contract(s) (Article 6.1 b) of the GDPR). The processing is necessary to comply with a legal obligation (Article 6.1 c) of the GDPR). The entire duration of the contract(s) and an additional period of 5 years from the end of the contractual relationship.
Fraud prevention, security of premises and their users, response to judicial requisitions The processing is necessary for the legitimate interest of Yespark, in particular to ensure the identity of its co-contracting party(ies), combat fraud, and ensure the security of the premises made available and its users (Article 6.1.f) of the GDPR). The processing is necessary to comply with a legal obligation (Article 6.1 c) of the GDPR), namely to respond to judicial requisitions from the authorities. The entire duration of the contract(s).
Commercial prospecting and customer loyalty operations (management of newsletters, sending of advertising emails, information on Yespark's news, response to your questions/contact requests/appointment requests, estimation requests, alert requests, satisfaction surveys and questionnaires, information on the loyalty program, abandoned cart email reminders) The processing is necessary for the legitimate interest of Yespark, in particular its commercial interest in prospecting and retaining its customers by offering Services related, complementary, or similar to those already provided (Article 6.1.f) of the GDPR). In some cases, the processing is based on the consent of the data subject (Article 6.1.a) of the GDPR). Personal Data relating to a non-client prospect is retained for a period of 24 months from their collection by Yespark or the last contact from the prospect. Personal Data relating to a client is retained for the entire duration of the contract(s) and an additional period of 5 years from the end of the contractual relationship.
Recruitment The processing is based on the consent of the person who submits their application (Article 6.1.a) of the GDPR). The processing may also be necessary for the performance of pre-contractual measures (Article 6.1.b) of the GDPR) and/or carried out in the legitimate interest of Yespark (Article 6.1.f) of the GDPR) which is to contact the candidates. For selected candidates: Personal Data is retained for the duration of the recruitment process and may be used for personnel management purposes. For non-selected candidates: Personal Data is retained for the duration of the recruitment process. With the candidate's agreement, the Personal Data concerning them may be retained for an additional period of 24 months.

Communication of Personal Data to Third Parties

In the context of using the Platform, Yespark undertakes to limit access to your Personal Data to only those who need to use it, namely:

  • Yespark's employees;
  • Parking owners;
  • Yespark's subcontractors and service providers.

Yespark never discloses Personal Data to third parties, except: (1) in the event of a judicial requisition; (2) if disclosure is necessary for the execution of your contract(s) with Yespark; (3) if disclosure is necessary to comply with contractual, legal, and/or regulatory obligations; (4) if you request or authorize the disclosure.

Transfer of Personal Data outside the European Union

The Data is hosted by Scalingo, whose servers are based in France (EU).

If Yespark transfers your Personal Data outside the European Union, Yespark undertakes to take all necessary precautions to protect your Personal Data and ensure that the processing complies with the GDPR, notably through the Standard Contractual Clauses of the European Commission of June 2021.

Security of Personal Data

We implement all necessary security measures to protect your Personal Data against any unauthorized access, disclosure, alteration, damage, or destruction of the data we hold.

To this end, Yespark has deployed appropriate measures to ensure the integrity, confidentiality, and security of your Personal Data. Its employees are particularly bound by a strict obligation of confidentiality.

We also invite you to submit copies of identity documents in a protected digital format or with a watermark.

Your Rights

You have rights over your Personal Data, including:

  • Right to information: you are entitled to clear information about the use of your Personal Data and the exercise of your rights, by consulting this Policy and the various information disseminated on the Platform;
  • Right of access: you can request access to the Personal Data concerning you and request its communication;
  • Right to rectification and erasure: you can request the rectification, updating, or erasure of all or part of the data concerning you;
  • Right to object: you can object to the processing of your Personal Data, subject to Yespark's legal or contractual obligation to process such data to provide you with its Services and/or fulfill its legal and contractual obligations;
  • Right to erasure: you can request the erasure of Personal Data to the extent that it is no longer necessary for the purpose for which we may have needed to process it;
  • Right to restriction of processing: this means that, in certain cases, you can ask us to temporarily suspend the processing of data;
  • Right to data portability: you can ask us to provide you with the Personal Data concerning you in a structured, commonly used, and machine-readable format, in order to transmit it to a third party, or ask us to transmit it directly to that third party;
  • You can provide us with directives regarding the storage, erasure, or communication of your Personal Data after your death.

You can exercise these rights at any time in two ways of your choice:

  • By email to: [email protected]
  • By postal mail to: YESPARK SAS, Attn: DPO, 10 rue de Penthièvre, 75008 Paris, France

Your request will be processed within a maximum period of 1 month, if necessary renewable for the same duration. Yespark reserves the right to ask you for a copy of an identity document to verify your personal interest in exercising your rights, unless your identity is sufficiently established; this copy will only be kept for this purpose and for the duration of the processing of your request only.

If you believe that Yespark is not fulfilling its obligations regarding the protection of Personal Data or is not responding to your requests satisfactorily, you can contact the Commission Nationale de l'Informatique et des Libertés (CNIL) via its website (www.cnil.fr) or by postal mail: CNIL, Service des Plaintes, 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex.