Privacy Policy

This is the AppyWay Privacy Policy (the “Privacy Policy” or “Policy”). This Privacy Policy details how we collect, store, protect and share your information, and with whom we share it. Please ensure you read this Privacy Policy in conjunction with our Terms and Conditions for AppyParking+, and Terms and Conditions for AppyParking.

This Privacy Policy governs the AppyParking and AppyParking+ mobile parking applications for iOS & Android (collectively the “Apps”), the AppyParking, AppyParking+ and AppyWay websites, any AppyWay owned microsites, and our digital products and services (such as any competitions or surveys that we may issue from time to time), (together referred to in this Privacy Policy as our “Sites”).

Whilst you are using the Apps and / or Sites, we will collect some information about you, and we may also need to share your information sometimes.

The App and Sites can be accessed globally, and your information will be sent to and used in the EEA, USA and the UK regardless of the country you reside in. This Privacy Policy also explains how we protect your personal data when we transfer it overseas.

The Apps and Sites are operated by Yellow Line Parking Limited trading as AppyWay (“AppyWay”, “we” or “us”). AppyWay is the controller of personal information collected and processed through the Apps and Sites. AppyWay has a designated Data Protection Officer, who can be reached by emailing support@appyway.com or by post at the following address: FAO: AppyWay Data Protection Officer, Cannon Place, 78 Cannon Street, EC4N 6AF, London.

By continuing to use our App and / or our Sites you acknowledge and consent to this Privacy Policy.

Collection of information

Registration information 

When you download the AppyParking app, or choose to use the AppyParking+ app and / or AppyParking+ website for the payment of parking, you will need to create an account (“Account”), and we may collect certain information (“Account Information”) about you, such as:

  • Name
  • Email Address
  • Vehicle Registration Number
  • the name of the business or organisation you own or represent and your business title – if applicable
  • the address of the business or organisation you own or represent. – if applicable

Once you have registered you will be able to review and change this information at any time by logging into the applicable App or website. It is your responsibility to ensure that your account details are kept up to date.

Payment information

Where the service is available, you can use the Apps and / or Sites to make payment for parking. If you choose to use this service, we will process your payment information and retain this securely for the prevention of fraud and for audit / tax purposes. In order to process your cashless payment for a parking space, the Apps use a secure third-party payment platform. The payment platform will tokenize your card details and then use them to make payment to a car park provider or council depending on the type of parking you have selected. Cashless payment parking is fully PCI compliant.

Subscriptions to AppyParking+ Premium are managed by Google on Android and Apple on iOS.

[Any other processes in payment we need to include here?]

Geolocation information

When you use the Apps and/or Sites, we will ask your permission to access your location, which you can change in your device/browser settings. When you use your mobile and/or computer, we will collect location information about your longitude and latitude and may save your device’s coordinates to offer certain features to you. This information helps us identify your personal location and we use it to offer our service of finding and, where available, paying for parking.

If you have given AppyWay access to your location, but wish to turn this off, you can do so by the following methods:

  1. iOS app: Settings > Privacy > Location services > AppyParking(+)
  2. Android app: Settings > Location > AppyParking(+) > Permissions > Location.
  3. Website: Changing the location access settings of your browser.

Device information

We may collect information about your device when you use the Apps and/or Sites, including the unique device identifier, device model, operating system, and MAC address, for a number of purposes, as set out in this Policy.

Contacting our Customer Support

If you contact AppyWay via our “Send feedback”, ‘Let us know” and “Contact Us” links or support email on the Apps or Sites, we will receive your email address and may track your IP address, as well the information you send to us to help resolve your query. Communications sent to our customer support team are anonymised after 2 years of no contact, or within 30 days of AppyWay receiving a request for deletion.

Cookies

A cookie is a small file that can be placed on your device or browser that allows us to recognise and remember you. When you visit our Apps or Sites, we may collect personal data from you automatically by using cookies or similar technologies.

Electronic direct marketing activities 

Where we have your express, opt-in consent we may contact you by email or other electronic means for the purpose of providing you with marketing information (including our newsletters) relating to our products and services. You may opt-out of receiving such communications at any time by hitting the unsubscribe link at the bottom of any email communication, or by emailing us at support@appyway.com

We may use the personal data collected through cookies on our Apps or Sites to show you relevant advertising on third platforms such as Facebook, LinkedIn, Instagram and Twitter and consider that we have a legitimate interest in doing so. For further information on cookies, including how these can be disabled, please see our Cookies Policy.

Contact information collected via our Public Consultation or Streets modules within the Traffic Suite are not used for AppyWay marketing purposes. The local authority using the Traffic Suite owns and is thus responsible for this data, not AppyWay. As such, this is covered within the corresponding local authority’s privacy policy.

Links To Other Websites

We may provide links to other websites. We have no control over these other websites and are in no way responsible for their content. This policy does not extend to your use of other websites and you are advised to read the privacy policy or statement of other websites before using them.

Additional information

When you use the Websites and mobile apps to access our services, we may use technology such as (but not limited to) that provided by Google (Google Analytics and Firebase), Lucky Orange, Braze and Mixpanel to collect information about your visit to our Website. In essence, Google Analytics, Lucky Orange, Braze and Mixpanel enable us to analyse how you and others interact with our Apps and Sites. The information we collect may include:

  • your IP address;
  • your device ID;
  • the type of browser you use (e.g. whether you are using the Chrome or Safari browser);
  • the number of sessions per browser on each device;
  • the type of device (eg Samsung) and operating system (eg Android) you are using;
  • referrer information;
  • time zone;
  • user preferences;
  • which pages you visited on the Website;
  • analytics information in relation to your interactions with any newsletter or email we may send you (e.g. click rates) and,
  • visitor’s behavioural patterns upon visiting the websites and mobile apps, via click maps, actions, scroll maps and recordings.

Use of your Information. 

In order to provide our services to you, we may use your Account information and other information to:

  • Offer you services and features;
  • Contact you with information about the Apps or Sites i.e. updates
  • Personalise the Apps or Sites and the content we deliver to you;
  • Ensure that content from our Apps and Sites is presented in the most effective manner for you and for your device;
  • Improve the services we provide over the longer-term by understanding how you and other users interact with our services;
  • Serving recommendations to you around those functionalities of the Apps or Sites which are most relevant to you, based on your use of our platform;
  • Notify you about any important changes to our services;
  • Ensure that we continue to provide relevant information to recipients of our newsletters.
  • Investigate the root cause of technical issues to best provide a solution

Lawful Basis

Under EU and UK data protection laws, we are required to tell you our lawful basis for using your data and we have set this out in the table below. Where the legal basis is consent, you can withdraw consent at any time. Where the legal basis is legitimate interests, you have a right to object to our use of your data. We explain in the relevant sections in this Policy how you can withdraw consent or opt-out of certain data uses (where applicable).

Purpose for which data is used  Data  Source Legal Basis
To provide you with our services Name, email address, location (precise location in apps can be opted out from), IP address You provide your name, email address. We obtain location data from the device that you use to access the service Contractual necessity
To take payment for parking Last 4 digits of card, name, card type, session details (start/end time & location), cost Payment gateway Contractual necessity
To take payment for premium access Apple ID / Google Account
Subscriber ID
Apple (iOS), Google (Android) Contractual necessity
To carry out research and analysis to help us improve the Apps and Sites In app behavioural data Analytics tools such as, but not limited to:

 

Mixpanel

Google Analytics

Firebase

Braze

Lucky Orange

AppsFlyer

Legitimate interests – it is in our interests to analyse the way in which users are accessing and using our services so that we can further develop the Apps and Sites, implement security measures and improve the services.
To send you marketing information about our events, offers and services Name, email address, postal address, and mobile phone number You provide this information to us Consent or legitimate interests and in accordance with the laws applying to our marketing activities. We have a legitimate interest in promoting our business and products
To respond to correspondence and queries that you submit to us, including social media queries Name, email address and IP address, social media name or handle, phone number You provide your email address, social media name and phone number to us when you contact us and we obtain your IP address from the device that you use to contact us Legitimate interests – it is in our legitimate interests to respond to your queries to ensure that we provide a good service to users and troubleshoot problems
To block payment transactions as part of our anti-fraud procedures Name, IP address, email address, mobile number, cardholder name, payments received, type of payment, user ID, country You provide your name, email address, mobile number to us. We obtain your IP address from the device that you use to contact us. Legitimate interests – it is in our legitimate interests to prevent fraudulent transactions and to maintain the security of our services
To serve advertisements on third party networks and measure the effectiveness of such ads Name, email address and IP address, social media name or handle, phone number You provide your email address, social media name and phone number to us when you contact us and we obtain your IP address from the device that you use to contact us Consent – as indicated by you in your Privacy Settings/Cookies Settings preferences and via your browser or device privacy preferences (where required by your device manufacturer).
To contact you in order to run surveys for research purposes and to obtain feedback, and to find out if you want to take part in marketing campaigns Name, email address and mobile phone number You provide this information to us. Legitimate interests – it is in our legitimate interests to carry out research so that we can further develop the app and improve the service
To defend legal claims and protect legal rights This could include any information that is relevant to the issue This information may be obtained directly from you, from your device or from third parties, depending on the information involved Legitimate interests – it is in our legitimate interests to protect our legal rights, defend legal claims and to protect our users

 

Disclosure of information

Our policy is to not disclose your Account Information or personal data, except in the limited circumstances described here:

Circumstances where data may be disclosed Disclosed data
Service Providers – We engage certain trusted third parties to perform functions and provide services to us. We may share your Account Information or personal data with these third parties, but only for the purposes of performing these functions and providing such services. This could include all data that you provide to us.
Payment Processing companies – To facilitate payments associated with our services. Cardholder name, cardholder address, last four digits of card number, payment amount, transaction date/time
Law – We will also cooperate with law enforcement enquiries from within or outside your country of residence where we are required to by law, i.e where there is an investigation into alleged criminal behaviour. This may include preserving or disclosing any of your information, including your Account Information, if we believe in good faith that it is necessary to comply with a law or regulation, or when we believe that disclosure is necessary to comply with a judicial proceeding, court order, or legal request; to protect the safety of any person; to address fraud, security or technical issues e.g. through anti-spam providers to protect the service from criminal activity or to protect our rights or property or those of third parties. In such cases we may raise or waive any legal objection or right available to us. This could include any personal data that we hold about you, depending on the nature of the request or the issue that we are dealing with.
Third party analytics provider – Lucky Orange LLC, Mixpanel, Braze, Firebase and Google Analytics Includes but is not limited to: Mouse clicks, mouse movements, scrolling activity, assessing usage patterns, content heatmaps, traffic analysis, page usability, and error page detection.
Business Transfers – In the event that a AppyWay group entity or any of its affiliates undergoes a business transition or change of ownership, such as a merger, acquisition by another company, re-organisation, or sale of all or a portion of its assets, or in the event of insolvency or administration, we may be required to disclose your personal data. This could include all information and data that we hold about you.
Marketing Services Providers – To help us serve marketing and advertising on third party websites and applications and measure the effectiveness of our advertising campaigns. Active Campaign, Apple Search Ads, AppsFlyer, Braze, Calendly Google, Leadfeeder, LinkedIn, Met, Microsoft, Salesforce, Twitter, Yahoo, Zapier
Anti-Spam and Anti-Fraud – Your data may be shared with other AppyWay group companies or third party service providers, for example, to block accounts and suspected fraudulent payment transactions as part of our anti-spam and anti-fraud procedures. Name, email address, phone number, IP address and IP session information, and transaction and payment data.

 

Aggregated Information

We may share aggregated information with third parties that includes your personal data (but which doesn’t identify you directly) together with other information including log data for industry analysis and demographic profiling. AppyWay does not sell your personal data.

More Information about Disclosures:

Service Providers

We engage certain trusted third parties to perform functions and provide services to us (“Service Providers”). The suppliers with which we share your personal data varies depending on a variety of factors, such as which of our App, Sites and services you engage with. For example, to provide our services to you, we typically use the following suppliers:

  • Payment services – to allow customers to purchase paid features of our Apps and Site Product improvement and market research – we use third party platforms to carry out analytics, customer surveys and market research to improve our products and services
  • IT services – some of the third-party software providers used in the operation of our business may process your personal data

We carry out due diligence on all Service Providers we engage to ensure they have adequate data protection and information security measures in place and only provide them with the personal data necessary to the service they are providing. Measures are taken to ensure that the data shared is non-attributable to the greatest extent possible and our suppliers are also subject to extensive obligations under our contractual arrangements, including strict data retention limits.

Marketing Services Providers

We partner with providers of marketing services (“Marketing Services Providers”) to help us market and advertise our Apps, Sites and services on third party websites and applications and measure the effectiveness of our advertising campaigns. For example: Active Campaign, Apple Search Ads, AppsFlyer, Braze, Calendly Google, Leadfeeder, LinkedIn, Met, Microsoft, Salesforce, Twitter, Yahoo, Zapier

We share a limited amount of your personal data with these Marketing Services Providers, such as:

  • the advertising identifier associated with your device (this is a random number assigned by your mobile device manufacturer (for example but not limited to Apple, Samsung, OnePlus, Google…) to your device to help advertisers (including the manufacturer) know when an ad has been viewed or clicked in an app, and when an ad causes a ‘conversion’ (for example, downloading the app advertised to you))
  • your estimated location (based on your IP address)
  • your device location (precise or approximate) if you granted the app access to that info
  • age and gender
  • data about your visit to our Sites or Apps and action taken on those (for example if you downloaded our Apps or created an account with our Apps)
  • a hashed* version of your email address (to create ‘custom audiences’).

*Hashing is a way of encrypting information by turning it into a combination of random numbers and letters – this code cannot be traced back to the email address. When hashed email addresses are sent to a Marketing Service Provider, they’re then matched against the Marketing Service Provider’s own existing list of their own users’ hashed information and our ads are served to those of our users who have successfully been matched with the Marketing Service Provider’s. Matched and unmatched hashes are then deleted by the Marketing Service Provider.

For more information about how we use cookies and other tracking technologies, including how you can set and manage your preferences with regards to such technologies, please see our Cookie Policy – https://appyway.com/cookies-policy/ 

In some cases, these third parties will also use the data that they collect for their own purposes, for example they may aggregate your data with other data they hold and use this to inform advertising related services provided to other clients.

Security

AppyWay takes all appropriate security measures to help protect your information against loss, misuse and unauthorised access, or disclosure. We use reasonable security measures to safeguard the confidentiality of your personal information.We cannot guarantee that unauthorised access, hacking, data loss or other breaches will never occur, and to help keep your data secure we recommend:

  1. You do not share the password you use to access your Account with anyone else.
  2. You use a randomly generated strong password, stored and managed by a password manager that also scans known breaches to monitor leaks and advises the user to change their passwords if necessary

If you ever think someone has had access to your password or Account, please inform us immediately. We cannot guarantee the security of your personal data while it is being transmitted to our site and any transmission is at your own risk.

Your Rights

Privacy laws applicable in your country may give you the following rights:

  1. Right to be informed: what personal data an organisation is processing and why (we provide this information to you in this Privacy Policy).
  2. Right of access: you can request a copy of your data.
  3. Right of rectification: if the data held is inaccurate, you have the right to have it corrected.
  4. Right to erasure: you have the right to have your data deleted in certain circumstances.
  5. Right to restrict processing: in limited circumstances, you have the right to request that processing is stopped but the data retained.
  6. Right to data portability: you can request a copy of certain data in a machine-readable form that can be transferred to another provider.
  7. Right to object: in certain circumstances (including where data is processed on the basis of legitimate interests or for the purposes of marketing) you may object to that processing.
  8. Rights related to automated decision-making including profiling: there are several rights in this area where processing carried out on a solely automated basis results in a decision which has legal or significant effects for the individual. In these circumstances your rights include the right to ensure that there is human intervention in the decision-making process.

The particular rights which are applicable to you (which might include other rights not listed above) may vary depending on your country. You should make yourself aware of the rights you have under applicable privacy laws in your country.

Should you wish to exercise any rights in connection with your personal data, please email us at support@appyway.com. When you submit a request, we may ask you for additional information to confirm your identity and entitlement to submit such a request. If we consider that your request is manifestly unfounded, excessive or repetitive, we reserve the right to charge you an administrative fee.

We will process any request in line with any local laws and our policies and procedures. We aim to respond to enquiries within 3 working days, but may take up to 30 days to comply with valid requests.

If you have a concern about how we have processed your request or your personal data, you should contact us in the first instance via the contact details listed above.

If you feel we have not resolved your concern, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). If you live in a country or territory located in the European Union (EU) or European Economic Area (EEA), you may also get in touch with your local Data Protection Regulator. If you live in a country outside the EU, you may have the right to lodge a complaint with your local privacy or data protection regulator.

If you want to stop using the Apps or Site you may do so. If you do, you may also want to remove any cookies that we have placed on any device used to access the Apps or Site.

DATA LOCATIONS.

To enable us to provide our services, we operate a global network of servers including in the UK and EEA.. The hardware is located in third-party data centres] but is owned by AppyWay. Data collected by Advertising Partners and other Service Providers may also be held outside the UK and the European Economic Area. We ensure that the data is adequately protected by ensuring that valid, legal mechanisms are in place such as: EU approved model clauses (which can be found here), and implementing robust contractual standards. If you want more information relating to the nature of the safeguards we have in place, please email us.

DATA RETENTION AND DELETION.

We keep your personal information only as long as we need it for the legal basis relied upon (as set out above) and as permitted by applicable law.

When your personal information is no longer needed or your account has been inactive for a period of time, we will remove your personal information from our systems.

When you request for your account to be deleted, we will complete the process of removing your personal information from our systems within 30 days.

We will begin the process of deleting your personal information unless:

  1. we must keep it to comply with applicable law (for instance, if you make purchases within the Apps or Site, some personal data may be kept for tax and accounting purposes);
  2. we must keep it to evidence our compliance with applicable law (i.e. for evidential purposes in case of queries or legal claims);
  3. there is an outstanding issue, claim or dispute requiring us to keep the relevant information until it is resolved; or
  4. the information must be kept for our legitimate business interests

CHANGES TO THIS POLICY.

We may revise this Privacy Policy from time to time. The most current version of the policy will govern our use of your information and will always be at https://appyway.com/privacy-policy/. If we make a change to this policy that, in our sole discretion, is material, we will notify you, for example, via an email to the email associated with your Account or by posting a notice within the Apps or Site.

Effective date

This Privacy Policy was last updated 18th of May 2023.