Information on the processing of personal data of the

Alpina Parking Holding AG, Germany and the Alpina Parking GmbH, Austria
(Privacy policy)

With the following information, we would like to give you an overview of the processing of your personal data by the following companies of the Alpina Group and your rights in this regard:

Alpina Parking Holding AG

Mauerkircherstrasse 181
81925 Munich

Germany
Phone: +49 89 59 49 61
E-Mail: office@alpina-parking.com

You can contact our data protection officer at the above postal address or by e-mail: datenschutz@alpina-parking.com

The privacy policy of Alpina Parking Holding AG can be found at:

Imprint & Privacy | ALPINA

Alpina Parking GmbH

Billrothstrasse 4
1190 Vienna
Austria
Phone: +43 1 963 005 1
E-Mail: office@alpina-parking.com
You can contact our data protection officer at the above postal address or by e-mail at datenschutz@alpina-parking.com

1. General information valid for all processing operations

We process your personal data in accordance with the European General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG) and all other relevant laws. Depending on the processing operation, this is done on the basis of legal permissions (e.g. contract fulfillment or legitimate interest) or, if necessary, on the basis of your consent.

1. Terminology used

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers practically any handling of data. Restriction of processing” refers to the marking of stored personal data with the aim of limiting its future processing.

The “controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

A “processor” is a person or body that processes personal data on behalf of the controller.

Consent” is defined as a voluntary, informed and unambiguous expression of the data subject’s will by which they give their consent to the processing of their personal data.

“Legitimate interest” is one of the legal bases for the processing of personal data in accordance with Art. 6 para. 1 lit. f of the GDPR. It exists if the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that the rights and freedoms of the data subject are not overridden. The legitimate interest must be assessed on a case-by-case basis and weighed against the interests of the data subject.

“Cookies” are text files that are stored on a computer system via an Internet browser. They are used to save certain settings during your visit.

With regard to these and other terms used, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

2. Cooperation with processors and third parties

Within the Alpina Group, access to your personal data is only granted to those departments that require it to fulfill our contractual services and legal obligations.

Data will only be passed on to external service providers (e.g. IT service providers, payment processors, consultants, marketing agencies, data destroyers) if there is a legal basis for this, for example to fulfill a contract (Art. 6 para. 1 lit. b GDPR), on the basis of legitimate interests (Art. 6 para. 1 lit. f GDPR) or on the basis of consent (Art. 6 para. 1 lit. a GDPR).

3. Transfer to third countries

A transfer to third countries (outside the EU or the EEA) does not take place unless it is necessary for the fulfillment of contractual or legal obligations or takes place on the basis of suitable guarantees in accordance with Art. 44 et seq. GDPR (e.g. EU standard contractual clauses).

4. Rights of the data subject

Right to information:

When we collect your personal data, you have the right to know what data we process, for what purpose this is done, on what legal basis this is based and how long your data will be stored.

We will also inform you about your other data protection rights and to whom your data may be passed on.

Right to information:

You can request information about your personal data stored and processed by us in accordance with Art. 15 GDPR. In addition, data subjects have the right to obtain information as to whether their personal data has been transferred to a third country or an international organization.

To exercise the right of access, data subjects may contact the data controller.

Right to rectification:

You have the right to demand the immediate correction or completion of incorrect or incomplete personal data that we have stored about you.

To exercise the right of rectification, data subjects may contact the data controller.

Right to erasure:

You have the right to request the deletion of your personal data, provided that there are no statutory retention obligations or the processing is not required to fulfill legal obligations.

To exercise the right to erasure, data subjects can contact the data controller.

Right to restriction of processing:

You have the right to request the restriction of the processing of your personal data if, for example, the accuracy of the data is disputed by you or the processing is unlawful.

To exercise the right of restriction, data subjects may contact the data controller.

Right to data portability:

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You may also request that this data be transferred to another controller, insofar as this is technically feasible and does not affect the rights and/or freedoms of other persons.

To exercise the right to data portability, data subjects may contact the data controller.

Right of objection:

You have the right to object to the processing of your personal data at any time on grounds relating to your particular situation. This is possible if the processing is based on a legitimate interest.

To exercise the right to object, data subjects can contact the data controller.

Right to lodge a complaint (with a supervisory authority):

You have the right to lodge a complaint with a competent supervisory authority if you believe that the processing of your personal data violates the General Data Protection Regulation.

To exercise the right to lodge a complaint, data subjects can contact the responsible data protection authority:

Alpina Parking Holding AG:

Bavarian State Office for Data Protection Supervision (BayLDA)
P.O. Box 1349
91504 Ansbach
+49 (0) 981 180093-0
poststelle@lda.bayern.de
www.lda.bayern.de/de/index.html
Complaint form: www.lda.bayern.de/de/beschwerde.html

Alpina Parking GmbH:

Austrian Data Protection Authority (DPA)
Barichgasse 40-42
1030 Vienna
+43 1 52 152-0
dsb@dsb.gv.at
www.dsb.gv.at

5. Storage and deletion of data

We process and store personal data of the data subject only for the period necessary to achieve the purpose of storage or if this is provided for by the GDPR, the Austrian Data Protection Act (DSG) or other relevant legislation. In accordance with Art. 17 and 18 GDPR, data will be deleted or its processing restricted (blocked) as soon as the purpose of processing no longer applies or a statutory retention period expires.

Statutory retention periods result in particular from the Austrian Commercial Code (UGB) and the Federal Fiscal Code (BAO). According to these, accounting documents, receipts and records in particular must be kept for seven years (§ 212 UGB, § 132 BAO), calculated from the end of the calendar year to which they relate.

Longer storage may be possible in individual cases, for example

• to fulfill special legal obligations,
• for the assertion, exercise or defense of legal claims within the statutory limitation periods under the ABGB, or
• as long as official or legal proceedings are pending.

Once all retention and documentation obligations have ceased to apply, personal data is deleted or – where permissible – anonymized.

We regularly check the necessity of the stored data and carry out deletions or restrictions on processing in accordance with the legal requirements.

1. Processing in detail
2. Processing of personal data on online presences

Responsible for data processing depending on the website or web app you visit:

Alpina Parking Holding AG, Germany

Alpina Parking GmbH, Austria

1.1. Hosting

The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online offering.

In doing so, we or our hosting provider process personal data (e.g. inventory, usage or communication data) insofar as this is necessary for the provision and security of the online offer. This is done on the basis of our legitimate interests in the efficient and secure provision of this online offer in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of contract). Art. 28 GDPR (conclusion of order processing contract).

1.2. Collection of access data and log files

We or our hosting provider collect on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR. GDPR, in particular in the secure and efficient provision of our website, we or our hosting provider collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for security reasons (e.g. to investigate misuse or fraud) for a maximum of seven days and then deleted. Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

1.3. Comments and contributions

When users leave comments or other contributions, in addition to your comment, information on the time of creation, your IP addresses, the e-mail address and the user name you have chosen are stored for seven days on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR and then deleted, unless they are required for further prosecution of illegal content. GDPR for seven days and then deleted, unless they are required for further tracking of illegal content. This is done for our security in the event that someone leaves illegal content in comments and posts (insults, prohibited political propaganda, etc.). In this case, we ourselves may be prosecuted for the comment or post and are therefore interested in the identity of the author.

1.4. Cookies

Our website uses so-called “session cookies”. These are used to save certain settings (e.g. language, login status) during your visit. They are automatically deleted at the end of your visit.
The use is based on Art. 6 para. 1 lit. f GDPR (legitimate interest in a technically flawless and user-friendly operation of the website).

In addition, our website may also use services that only use cookies or similar technologies with your express consent, for example to display embedded maps from Google Maps. These cookies are only set if you have previously given your consent via our consent management tool (cookie banner). Your consent is documented there and can be revoked at any time.

1.5. Integration of Google Maps

We use Google Maps on our website to display interactive maps. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the functions of Google Maps, it is necessary to save your IP address. This information is transmitted to a Google server in the USA and stored there; it may also be transmitted to the USA. Google is certified in accordance with the EU-US Data Privacy Framework, so that an appropriate level of data protection is guaranteed.

The integration of Google Maps is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time via our consent management tool.

Further information on data processing by Google can be found in Google’s privacy policy: https://policies.google.com/privacy

2. Video surveillance

Responsible company depending on the parking facility you are visiting:

Alpina Parking GmbH

Due to our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR and Sections 12 and 13 DSG for the exercise of domiciliary rights, collection of evidence, prosecution of fraud and other offenses, our parking facilities are partially video-monitored. Video surveillance is also carried out to fulfill our contractual obligations towards you (Art. 6 para. 1 lit. b GDPR), as it is necessary to contact our central technical customer service and to rectify faults. The video surveillance is identified.

The data collected will be deleted no later than 14 days after recording, unless there is a specific reason for longer recording, i.e. in particular if the recordings are required to investigate specific criminal offenses. In these cases, we collect further contact data from the Central Vehicle Register (ZFZR) of the Federal Ministry of the Interior or via the Austrian Association of Insurance Companies (VVO) on the basis of our legitimate interest.

Data subjects can assert their rights in accordance with Art. 15 et seq. GDPR can assert their rights.

3. License plate recognition

Responsible company depending on the parking facility you are visiting:

Alpina Parking GmbH

Identifiers are considered personal data if a personal reference can be established. Profiling or evaluation for other purposes does not take place.

When entering and exiting our parking facilities, your vehicle’s license plate number is recorded using automated license plate recognition (ANPR). This processing is carried out on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with §§ Sections 12 and 13 DSG to exercise domiciliary rights, to prevent fraud and to enforce our parking conditions (e.g. parking time monitoring, ticket loss, contract disruptions).

License plate recognition is used in particular for automated barrier control (e.g. for pre-registration or long-term parking contracts) and the allocation of entry and exit times.

The data is analyzed automatically and without personal reference and is generally deleted no later than 24 hours after exit, unless there is a specific reason for longer storage. Such a reason may exist, for example, in the case of

• Suspected cases of fraud or abuse (e.g. unpaid parking fees),
• Malfunctions during entry/exit or billing,
• Enforcement of claims within the framework of our General Terms and Conditions of Employment.

In these cases, we may process additional data (e.g. owner data) that we lawfully collect from the Central Vehicle Register (ZFZR) of the Federal Ministry of the Interior or via the Austrian Association of Insurance Companies (VVO) on the basis of our legitimate interest. Any further disclosure to authorities will only take place if there is a corresponding legal obligation.

Data subjects can assert their rights in accordance with Art. 15 et seq. GDPR can assert their rights.

4. Processing of personal data for the provision of contractual services

Responsible company depending on the contract you have concluded:

Alpina Parking GmbH

We process inventory data (e.g. names and addresses as well as contact data of users) and contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 para. 1 lit. b. GDPR. GDPR. We only collect data that is necessary for the conclusion or performance of the contract and use it exclusively for these purposes. Processing may also be carried out to safeguard legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, for example to assert contractual claims or in relation to the settlement of claims within the framework of a contractual relationship. We also collect the data required for this from third parties, e.g. from the Central Vehicle Register (ZFZR) of the Federal Ministry of the Interior or via the Austrian Association of Insurance Companies (VVO).

Data will only be passed on to such bodies if it is necessary for the fulfillment of the contract or the enforcement of rights (e.g. payment service providers, insurance companies, legal advisors, authorities).

The deletion of the data takes place after the expiry of statutory warranty periods, the necessity of storing the data is reviewed every three years; in the case of statutory archiving obligations, the deletion takes place after their expiry, unless there is a specific reason for further storage. Information in any customer account remains until it is deleted.

Data subjects can assert their rights in accordance with Art. 15 et seq. GDPR can assert their rights.

5. MobilePay

Depending on the location, we offer you the option of cashless and contactless payment via a MobilePay application (MobilePay) in our parking facilities. This browser-based payment solution allows you to pay your parking fees conveniently via your smartphone.

External MobilePay service providers:

These mobile payment services are provided by external service providers. Possible external service providers include the following:

• SKIDATA Deutschland GmbH (Sonnenring 14, 84032 Altdorf, Germany), https://www.skidata.com/de-de/data-privacy.
• Arivo GmbH (Am Innovationspark 10, 8020 Graz, Austria),

Data protection with the Arivo parking system

Functionality:

To do this, scan a QR code on your parking ticket or at the designated points in the parking facility with the camera of your smartphone. You will then be automatically redirected to a secure payment page (web app) of the respective MobilePay service provider. No app installation or registration is required.

Data processing:

The processing of personal data is carried out by the respective MobilePay service provider as an independent controller within the meaning of Art. 4 (7) GDPR.

In particular, the following data may be processed:

• Vehicle registration number, parking duration, parking location, date and time of the payment transaction,
• Technical connection data (e.g. IP address, browser type).

The MobilePay service providers generally store this data for a maximum of 30 days and then delete it, provided there are no statutory retention periods or legitimate interests (e.g. fraud prevention, proof of payment) to the contrary.

The application does not use any or necessary cookies and does not pass on any personal data to uninvolved third parties.

Payment processing:

External payment service providers are used for payment processing, who are also independent controllers within the meaning of the GDPR.

These include in particular

• TeleCash (First Data GmbH, Marienbader Platz 161348 Bad Homburg, Germany)

TeleCash uses the domain ipg-online.com, among others, for the technical processing of its Internet Payment Gateway (“IPG”). Depending on the payment method selected, data may therefore be transmitted via a secure connection to servers under this domain during payment processing.

Detailed information on data processing by TeleCash and IPG can be found in their privacy policies: https://www.telecash.de/datenschutz/

• Adyen N.V. (Simon Carmiggeltstraat 6, 1011 DJ, Amsterdam, Netherlands)

Detailed information on data processing by Adyen N.V. can be found in their privacy policy: https://www.adyen.com/privacy-policy

• PAYONE GmbH (Lyoner Straße 15, 60528 Frankfurt am Main, Germany)

Detailed information on data processing by PAYONE GmbH can be found in their privacy policy: Information on data protection provisions | PAYONE

• American Express Europe S.A. (Güterplatz 1, 60327 Frankfurt am Main, Germany)

Detailed information on data processing by American Express S.A. can be found in their privacy policy: Privacy Center | American Express EN

These payment service providers may require the entry of personal data (e.g. name, credit card or account details) in order to carry out payment transactions.

Data processing takes place exclusively between you and the respective payment service provider.

The Alpina Group does not receive or store any payment data (e.g. credit card numbers or account details).

Legal basis:

The MobilePay function is provided and used to fulfill the contract in accordance with Art. 6 para. 1 lit. b GDPR, as it serves the proper processing of the parking process and payment of the parking fees.

Note on data subject rights:

Data subjects can assert their data protection rights (e.g. information, rectification, erasure, objection) in accordance with Art. 15 et seq. GDPR vis-à-vis the respective MobilePay or payment service provider.

6. PayLater function – Subsequent payment

Depending on the location, we offer you the option of subsequent payment in our parking facilities with the PayLater function. With this license plate-based payment solution, you can pay your parking fees 48 to max. 72 hours after leaving the parking facility from the comfort of your own home.

External PayLater service providers:

The PayLater payment services are provided by external service providers, each of which is an independent controller within the meaning of Art. 4 (7) GDPR.

Possible external service providers are in particular

• SKIDATA Deutschland GmbH (Sonnenring 14, 84032 Altdorf, Germany), https://www.skidata.com/de-de/data-privacy.
• Arivo GmbH (Am Innovationspark 10, 8020 Graz, Austria),

Data protection with the Arivo parking system

Functionality:

The system is based on automatic license plate recognition (LPR). Your license plate number is automatically recorded and saved when you enter and exit the car park. You can then enter your license plate number on our website to pay the parking fees subsequently. No registration or app installation is required.

Data processing:

The respective PayLater service provider processes the following personal data in particular:

• Vehicle registration number,
• Date and time of entry and exit,
• Parking location and parking duration,
• Calculated parking fee,
• if applicable, technical connection data (e.g. IP address, browser type),
• Payment status.

The processing takes place exclusively for the purpose of handling the parking process and subsequent payment.

Payment processing:

External payment service providers are used for payment processing, who act as independent controllers within the meaning of Art. 4 (7) GDPR:

• TeleCash (First Data GmbH, Marienbader Platz 161348 Bad Homburg, Germany)

TeleCash uses the domain ipg-online.com, among others, for the technical processing of its Internet Payment Gateway (“IPG”). Depending on the payment method selected, data may therefore be transmitted via a secure connection to servers under this domain as part of payment processing. Detailed information on data processing by TeleCash and the IPG can be found in their privacy policies: https://www.telecash.de/datenschutz/

• Adyen N.V. (Simon Carmiggeltstraat 6, 1011 DJ, Amsterdam, Netherlands)

Detailed information on data processing by Adyen N.V. can be found in their privacy policy: https://www.adyen.com/privacy-policy

• PAYONE GmbH (Lyoner Straße 15, 60528 Frankfurt am Main, Germany)

Detailed information on data processing by PAYONE GmbH can be found in their privacy policy: Information on data protection provisions | PAYONE

• American Express Europe S.A. (Güterplatz 1, 60327 Frankfurt am Main, Germany)

Detailed information on data processing by American Express S.A. can be found in their privacy policy: Privacy Center | American Express EN

Storage period and deletion:

The license plate data is stored for a period of 48 to max. 72 hours after leaving the parking facility to enable you to make a subsequent payment. After this period has expired or after payment has been made, the data will be deleted or, if statutory retention periods apply, stored for the duration of these periods and then deleted. Paid parking transactions are deleted after 30 days.

Billing data or tax-relevant information can therefore be stored for up to 10 years.

Legal basis:

The processing of license plate data and payment data is carried out to fulfill the contract in accordance with Art. 6 para. 1 lit. b GDPR, as it is necessary for the proper processing of the parking process and for the subsequent payment of parking fees.

Insofar as statutory retention obligations exist, storage also takes place on the basis of Art. 6 para. 1 lit. c GDPR (legal obligation).

Note on data subject rights:

Data subjects can assert their rights pursuant to Art. 15 et seq. GDPR against the respective PayLater service provider or payment service provider.

7. EasyPark – Mobile payment via external service provider

Depending on the location, we offer you the option of paying your parking fees in our parking facilities via the mobile payment service “EasyPark”. This service is provided by EasyPark GmbH, Große Düwelstraße 28, 30171 Hannover.

Functionality:
When using EasyPark, payment is made via the EasyPark app or via automatic registration of a stored license plate number (e.g. as part of a whitelist). Payment is processed entirely via EasyPark. Registration or processing via our systems does not take place.

Data processing:
The processing of personal data is carried out exclusively by EasyPark GmbH as an independent controller within the meaning of Art. 4 (7) GDPR.
EasyPark can process the following data in particular:

• Vehicle license plate number, parking duration, parking location,
• Time of entry and exit,
• Payment information and usage data of the app,
• technical connection data (e.g. IP address, device data).

As the operator, we do not receive any payment data or access to user accounts of the EasyPark app. There is no joint responsibility or order processing.

Payment processing:
Parking fees are settled directly between you and EasyPark.
We only receive the data required to verify a parking transaction (e.g. confirmation that a parking transaction has been carried out via EasyPark).

Further information on data processing by EasyPark can be found directly from the provider: https://www.easypark.com/de/privacy-policy

Legal basis:
EasyPark is used voluntarily and on the basis of Art. 6 para. 1 lit. b GDPR to carry out the parking process. EasyPark GmbH is responsible for data processing within the EasyPark app.

Note on data subject rights:

Data subjects can assert their data protection rights (e.g. information, deletion, objection) directly against EasyPark GmbH.

8. Use of Google reCAPTCHA

The external service providers we use (e.g. SkiData, Arivo) also use the “Google reCAPTCHA” service on their payment pages, provided by Google Ireland Limited or Google LLC. reCAPTCHA serves exclusively to prevent abusive queries (e.g. automated license plate queries) and protects the service provider’s web forms.

Various technical data is processed by Google (e.g. IP address, mouse movements, time spent on the website, browser and device data). The processing is carried out on the basis of the legitimate interest of the service provider pursuant to Art. 6 para. 1 lit. f GDPR to ensure the secure operation of the payment functions. Google is certified in accordance with the EU-US Data Privacy Framework.

The external service provider is independently responsible for the processing by reCAPTCHA within the meaning of Art. 4 para. 7 GDPR. Further information can be found in Google’s privacy policy at: https://policies.google.com/privacy.

9. Use of Google Analytics

The controller uses Google Analytics 4 on this website. Google Analytics 4 is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For users outside the EU or EEA, the operating company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics enables the collection, analysis and evaluation of data on the behavior of website visitors, e.g. which pages were visited, how long they were viewed and from which page they came to the website (so-called referrers). This information is primarily used to optimize the website and to analyze the effectiveness of online marketing measures.

IP anonymization:

The controller has implemented Google Analytics with the extension “_anonymizeIp()”. This shortens the IP address of the data subject within the EU or EEA before it is transmitted to Google servers in the USA. This ensures that the IP address is anonymized and cannot be traced back directly to a person.

Purpose of the processing:

The use of Google Analytics is based on consent in accordance with Art. 6 para. 1 lit. a GDPR. In addition, the storage of cookies or access to information already stored in your end device is based on your consent in accordance with Section 165 (3) TKG 2021.

The aim is to better understand visitor behavior on the website in order to:

• optimize the website and its content,
• improve user-friendliness, and
• evaluate the effectiveness of marketing measures.

Google compiles reports on website activity on our behalf and provides us with other services relating to the use of the website.

We use the current version Google Analytics 4 (GA4).

Collection of data:

Google Analytics uses cookies to collect information about the use of the website. The data collected includes:

• pages visited and dwell time,
• Referrer URL (origin page),
• Browser type and version,
• Operating system,
• IP address (anonymized),
• Location data (anonymized), and
• Access time.

This data is transferred to Google servers in the USA and stored there. Google may pass this data on to third parties in individual cases if this is required by law or if third parties process this data on behalf of Google.

Google may also process the data collected for its own purposes (e.g. to improve its own services or for security purposes). In these cases, Google is the independent controller. For certain processing operations, however, there is joint responsibility between us and Google in accordance with Art. 26 GDPR, which can be viewed at the following link:

https://business.safety.google/adsprocessorterms/

Activation via the cookie banner:

Google Analytics will only be activated if you have expressly given your consent to the use of statistics cookies in our cookie banner. No data will be transmitted to Google without your consent.

Prevention of data collection:

Data subjects can prevent the use of Google Analytics and the collection of their data as follows:

• Cookie settings:
  Cookies can be blocked or deleted by adjusting the browser or cookie settings. However, this may impair the functionality of the website.
• Browser add-on:
  Google offers an opt-out browser add-on that prevents data from being collected by Google Analytics. The add-on can be downloaded and installed at the following link:
  https://tools.google.com/dlpage/gaoptout
  Note: If the person’s device is reinstalled, formatted or the add-on is deactivated, the add-on must be reinstalled or reactivated.
• Withdrawal of consent:
  Users can withdraw their consent to the use of Google Analytics at any time. This can be done via the cookie settings on our website

Retention period:

Data collected with Google Analytics is stored for a period of 14 months and then automatically deleted.

Further information:

Further details on the use and processing of data by Google Analytics can be found in the following sources:

• Google’s privacy policy: https://policies.google.com/privacy
• Terms of use of Google Analytics: https://marketingplatform.google.com/about/analytics/terms/de/
• Information about Google Analytics: https://support.google.com/analytics/answer/6004245?hl=de
  
  

10. Processing of personal data in the context of making contact

Responsible companies depending on your request:

Alpina Parking Holding AG, Germany

Alpina Parking GmbH, Austria

Purpose of the processing:

When you contact us (e.g. via contact form, email, telephone or social media), we process the personal data you provide to process your inquiry, for communication purposes and to document and track customer correspondence.

Legal basis:

Depending on the nature of your request, processing takes place on the basis of:

• Art. 6 para. 1 lit. b GDPR (fulfillment of a contract or implementation of pre-contractual measures), provided that your request is aimed at the conclusion or implementation of a contract;
• Art. 6 para. 1 lit. f GDPR (legitimate interest) in the efficient and appropriate processing of general inquiries and communication;

Art. 6 para. 1 lit. a GDPR, provided that you have expressly given us your consent (e.g. in the case of voluntary transmission of additional information).

Recipients and forwarding:

Within the Alpina Group, only those departments that need your data to process your request will have access to it.

Data will only be passed on to third parties if this is necessary to answer your request (e.g. forwarding to a responsible subsidiary or service provider) or if there is a legal obligation to do so.

The data can be processed in a customer relationship management system (CRM) or a comparable software solution.

Storage duration:

We store your request and the associated communication for as long as this is necessary for processing or to fulfill legal obligations to provide evidence or retain data. After final processing, the data will be deleted regularly, but no later than two years after the last contact, provided there are no legal retention obligations to the contrary. In the case of statutory retention obligations, the deletion takes place after these periods have expired.

Note on data subject rights:

Data subjects have the right to information, rectification, erasure, restriction of processing, objection and data portability in accordance with Art. 15 et seq. GDPR. They also have the right to lodge a complaint with a data protection supervisory authority.

11. Processing of personal data of applicants

Responsible companies depending on the company advertising the vacancy and your unsolicited application:

Alpina Parking Holding AG
Alpina Parking GmbH

Purpose of the processing:

We process your personal data that you send us as part of an application for an advertised position or as part of an unsolicited application solely for the purpose of checking your suitability, carrying out the application process and preparing a possible employment contract.

Processed data categories:

The categories of data processed may include the following in particular:

• Master data (e.g. name, address, date of birth),
• Contact details (e.g. telephone number, e-mail address),
• Application documents (e.g. cover letter, CV, certificates, qualifications),
• Information on professional background and knowledge or skills,
• If applicable, salary expectations, starting date, application photo,
• Communication data from the application process (e.g. e-mail correspondence, interview notes).

The provision of personal data is voluntary, but your application cannot be processed without it.

Legal bases of the processing:

Your application data will be processed on the basis of:

• Art. 6 para. 1 lit. b GDPR for the decision on the establishment of an employment relationship,
• Art. 6 para. 1 lit. f GDPR, insofar as the processing is necessary to safeguard legitimate interests (e.g. to defend against legal claims arising from the application process),
• Art. 6 para. 1 lit. a GDPR, if you have given us your consent for longer storage in the applicant pool.

You can revoke your consent at any time with effect for the future.

Recipient of the data:

Within the Alpina Group, only those persons who are involved in the personnel decision (e.g. HR department, management, respective specialist department) will have access to your data.

Your data will not be passed on to third parties unless there is a legal obligation to do so or you have given your consent.

Storage duration:

After completion of the application process, your data will be deleted no later than three months after sending the rejection, unless an employment relationship is established.

Longer storage only takes place if:

• statutory retention obligations exist,
• the data is required to defend against or assert legal claims (e.g. under the Equal Treatment Act, GlBG),
• if you have expressly consented to inclusion in an applicant pool. If you are included in the applicant pool, your data will be deleted after 12 months at the latest, unless you give your consent again.

Rights of data subjects:

Data subjects can assert their rights in accordance with Art. 15 et seq. GDPR can assert their rights.

12. Status and updating of this privacy policy

This privacy policy is valid as of 28.11.2025.

We reserve the right to update the privacy policy in due course in order to improve and/or adapt data protection.