1. Data protection at a glance
Avantpark is a brand name of Avantpark Parking Solutions Danmark ApS. Both terms are used synonymously in the following.
Data collection on this website
Who is responsible for the data collection on this website?
Data processing on our websites is carried out by the respective website operator. The contact details of the website operator can be found in the section “Information about the responsible person” in this data protection declaration.
How do we collect your data?
On our websites, personal data of the user is only collected in accordance with the applicable data protection law, in particular the General Data Protection Regulation (GDPR). The technical terms used in data protection law are explained in Art. 4 of the GDPR. Data processing is permitted under the GDPR in three cases in particular:
- if you have consented to the processing of your data by us (Art. 6 para. 1 lit. a) and 7 GDPR); we will inform you beforehand in this data protection declaration and on the occasion of the consent pursuant to Art. 4 No. 11 GDPR for which purpose and under which circumstances your data will be processed by us;
- if the processing of your personal data is necessary for the initiation, conclusion or implementation of a contractual relationship (Art. 6 para. 1 lit. b) GDPR);
- if, after a balancing of interests, the processing is necessary to protect our legitimate interests (Art. 6 para. 1 lit. f) GDPR); this includes in particular our interests in analysing, optimising and securing the offer on our website, e.g. through an analysis of user behaviour, the storage of access data and the use of third-party providers.
Accordingly, your data is collected on the one hand by you providing it to us. This can be, for example, data that you enter in a contact form. On the other hand, data is collected automatically or after your consent when you visit the website by our IT systems. This is mainly technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you visit this website.
The entry of data by you on our website is voluntary. If you do not disclose your data, you will not suffer any disadvantages as a result. However, without certain data, it is not possible for us to offer certain services or functions. We will inform you of the data required or prescribed in each case.
What do we use your data for?
Part of the data is collected to ensure error-free provision of the website. Other data may be used to analyse your user behaviour.
What rights do you have in relation to your data?
You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have consented to data processing, you can revoke this consent at any time. You also have the right to request the restriction of the processing of your personal data in certain circumstances. Please note that some of these rights are not absolute and only apply in certain circumstances. We will review any request we receive in relation to these rights. We do not have to agree to a request, but if we refuse it, we will still contact the data subject within one month to explain the reasons. You also have the right to lodge a complaint with the relevant supervisory authority (a list of authorities can be found here).
You can contact us at any time about this and other questions on the subject of data protection.
Third-party analyses and tools
When visiting this website, your surfing behaviour may be statistically evaluated. This is mainly done with so-called analysis programs.
Detailed information on these analysis programmes can be found in the following data protection declaration.
2. What data is processed when you use Avantpark parking spaces?
What data do we collect?
When you use an Avantpark parking space, we collect and process data consisting of images of vehicles using the parking space and/or the vehicle registration number.
If the contractual and parking conditions are breached, an increased user fee will be charged. The data we process when issuing an increased user fee includes the full name and address of the recipient, pictures of the vehicle, time of entry and exit (date and time) to the parking space and the vehicle’s registration number.
If you make a complaint about an increased user charge or otherwise correspond with us, including by telephone, you may provide us with additional personal data. The data we process may include: registration number, your full name, address, email address and telephone number, an increased user charge or other reference number, your IP address, the capacity in which you are contacting us (e.g. keeper, driver, hirer, other) and any other information and documentation you provide as part of the correspondence, telephone call or complaint. If you correspond with us by post, we may use a third party to scan, categorise and enter the post into our systems, return original documents provided by you and process bank payments.
How do we collect data?
Images of vehicles and number plates are captured via number plate scanners and/or staff on site. When in operation, licence plate data may also be captured and processed via the payment and/or terminal systems.
If you have received an increased user fee and are the registered keeper of the vehicle at Motorstyrelsen, your data has been transmitted by this authority.
If you are not the registered keeper of the vehicle, your details have been provided to us by:
- A third party who has confirmed that you were responsible for the vehicle concerned at the time of the parking offence and/or;
- A third party who has confirmed that you were the driver of the vehicle concerned at the time of the parking offence and/or;
- A third party who has confirmed that the vehicle concerned was rented or leased to you at the time of the parking offence.
If you no longer reside at the address registered by the Motorstyrelsen, your data was provided to us by:
- A third party who now resides at the above address, who has confirmed that you no longer reside at that address and who has provided a forwarding address; and/or
- A debt collection agency.
If you lodge an objection or otherwise correspond with us, the data you provide in that objection or correspondence will be processed by us. If someone objects or corresponds with us on your behalf and with your authority, the data will be processed as contained in the information we receive from that person.
What if you provide “sensitive” data in an appeal or correspondence?
Depending on the nature and content of your objection or correspondence, the information or documentation provided may be classified as “special category” personal data and therefore considered particularly sensitive.
Examples include: personal identity numbers, financial account information, information about a person’s racial or ethnic origin, sexual orientation, political opinions, religious, philosophical or similar beliefs, or information about a person’s physical or mental health.
In addition, when you submit a request via the website, you will be explicitly asked for your consent to the processing of personal data of a “special category”, which you explicitly provide as part of your request.
We will continue to process the “special category” personal data you provide as described above unless we are informed that you have withdrawn your consent to the processing.
You are free to change your mind and withdraw your consent at any time. This may mean that we can no longer take your circumstances fully into account when considering an objection and deciding on further action in the event of an increased usage fee.
If you wish to withdraw your consent, please contact us using the contact details below.
How will we process your data and why do we process it?
When using the Avantpark parking spaces, personal data is collected and processed for the following purposes:
- Ensuring that you comply with the posted contract and parking conditions as signposted outside each car park and enforcing these conditions where necessary.
- Charging an increased usage fee if we are of the opinion that the posted contract and setting conditions have been violated.
- Processing of increased usage fees issued until cancellation or payment, including receiving, reviewing and responding to objections, as well as collecting the increased usage fee. The recovery may include the involvement of debt collection agencies and/or legal action and/or third party verification of your address.
- Provision of parking management services, including infringement prevention and follow-up, and data analysis.
Our legal bases for processing the data are “performance of a contract” (Art. 6 para. 1 lit. b) GDPR) and “legitimate interests” (Art. 6 para. 1 lit. f) GDPR).
If you are the driver of a vehicle using an Avantpark car park, your data will be collected and processed to the extent necessary for the performance of the contract for the use of the car park. This includes ensuring that you comply with the posted contract and parking terms and conditions, as indicated on the signs outside each car park, and that we enforce these terms and conditions in the event of a breach.
We and our processors also process the data to protect our, the landowners’ and the public’s legitimate interests:
- Enforcing violations of posted contract and set-up conditions when the recipient of the increased user fee was not the driver of the vehicle. Enforcing violations of the posted contract and parking conditions provides a better overall parking experience for all users of the facilities.
- The provision of an effective customer service. Tracking the usage fees we charge, either to cancellation or payment, supports the parking management services we provide.
- Providing effective parking management to improve the customer experience. – Displaying captured information on payment machines and/or terminals to help parking users determine their entry time and choose the appropriate parking rate. – Sharing information with the lot owner when they have agreed to grant parking privileges to specific individuals (e.g. employee parking privileges) or when a payment account has been agreed for specific vehicles. And, if required, to assist in the management of on-site parking enforcement. – Carrying out data analysis, including producing reports on occupancy and vehicle types. – Providing data to the police and other security organisations to assist in the prevention and detection of crime (where required).
- As part of the inspections carried out by the vehicle registration authorities and other approved third parties.
The data may be processed in a location outside the European Economic Area, but we have put in place and ensured the safeguards required by data protection law.
With whom do we share data?
In order to enforce the User Agreement where a breach has been identified and to support the legitimate interests explained above, we may share data with the following organisations:
- Motorstyrelsen, this includes the disclosure of data in order to obtain the full name as well as the address data of the registered vehicle owner, as well as for testing purposes.
- The police or other security organisations for the safety of car park users and for the prevention and detection of crime.
- Vehicle rental and leasing companies if they confirm that a vehicle was rented or leased at the time of the parking violation.
- Other organisations such as property owners, managers, tenants and authorised subcontractors such as postal service providers, credit reference agencies, debt collection agencies, legal advisors, IT service providers and payment service providers.
We may also share data with our press office or agency if it is related to a media/press enquiry.
3. Hosting and content delivery networks (CDN)
Our website is hosted by an external service provider (hoster) in a secure facility in Germany. Our motorist portal is also hosted by an external service provider in a secure facility in Germany. The personal data collected on the website and the motorist portal is stored on the server of the respective hoster. This may include IP addresses, contact requests, meta and communication data, contact details, names, website accesses and other data generated via a website.
The hosters are used for the purpose of fulfilling contracts with our interested parties and customers (Art. 6 para. 1 lit. b) GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f) GDPR).
Our hosters will only process your data insofar as this is necessary for the fulfilment of their service obligations and will follow our instructions regarding this data.
The registered office of our website hoster is:
PO Box 548 #88100
Birmingham, AL 35201
The Motorist Portal is hosted by Microsoft’s Azure Global Infrastructure. If you believe that Microsoft is not abiding by its privacy or security commitments, you can contact Microsoft at the following postal address:
Microsoft Danish Online Services Privacy
One Microsoft Way
Redmond, Washington 98052 USA
General information and mandatory data
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.
Reference to the competent body
The data controller for this website is:
Avantpark Parking Solutions Danmark ApS
Phone: +45 71 92 92 66
E-mail: [email protected]
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).
Duration of storage
There are certain reasons why we keep some of your data. How long we keep your data depends on the type of data and the purpose(s) for which it was collected and processed. However, in this case, we will ensure that these third parties also only retain the data for as long as necessary and must adhere to our retention and deletion policies. We do not store your personal data for longer than is necessary for the above-mentioned purposes.
Data transfer within the Avantpark group of companies
We may share your data with our parent company, Parkingeye Limited, and other subsidiaries of our parent company that are located within the European Union. This may include transferring your data to the United Kingdom. The United Kingdom provides an adequate level of protection for personal data. We will monitor the status of the United Kingdom and ensure that adequate protection is in place to ensure the transfer of data outside the Member States of the European Union.
Note on data transfer to the USA
Among other things, tools from companies based in the USA are integrated on our website. If these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country in the sense of EU data protection law. US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing operations.
Withdrawal of consent to data processing
Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to object to data collection in individual cases and to direct marketing (Art. 21 GDPR)
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for direct marketing purposes (objection pursuant to Art. 21 (2) GDPR).
Right to complain to the competent supervisory authority (Art. 77 GDPR)
In the event of a breach of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR), in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to any other administrative or judicial remedy.
How can you contact the competent supervisory authority if you have concerns about our processing of your data?
If you have any concerns about our processing of your data or if you have a question about data protection that is not answered in this policy, please contact our data protection team using the contact details above. You also have the right to lodge a complaint with the relevant regional data protection supervisory authority.
For more information, please visit the website of the Datatilsynet : https://www.datatilsynet.dk
Right to data portability (Art. 20 GDPR)
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format (Art. 20 GDPR). If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Rights of access, rectification and erasure (Art. 15, 16 & 17 GDPR)
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of the data processing (Art. 15 GDPR) as well as, if applicable, a right to correction (Art. 16 GDPR) or deletion (Art. 17 GDPR) of this data. For this purpose, you can request information about the personal data we have stored about you free of charge at any time. To prevent misuse, identification of your person is required for this purpose. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time.
Right to restriction of processing (Art. 18 GDPR)
You have the right to request the restriction of the processing of your personal data. For this purpose, you can contact us at any time. The right to restriction of processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we usually need time to verify it. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of erasure.
- If we no longer need your personal data, but you need it to assert, exercise or defend legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.
- If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balancing of your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, this data – apart from storage – may only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
We will consider each request received on a case-by-case basis. Under data protection laws, we do not have to agree to your request, but if we do not agree to your request, we will still contact you within the applicable timeframe to explain our position.
4. Data collection on this website
Our internet pages use so-called “cookies”. Cookies are small text files and do not cause any damage to your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.
In some cases, cookies from third-party companies may also be stored on your terminal device when you access our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary, as certain functions of the website would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behaviour or to display advertising.
Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions you have requested (functional cookies) or to optimise the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 (1) lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of its services. Insofar as consent to the storage of cookies has been obtained, the relevant cookies are stored exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR); consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
If cookies are used by third parties or for analysis purposes, we will inform you separately within the framework of this data protection declaration and, if necessary, ask for your consent.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data is not merged with other data sources.
The collection of this data is based on Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – for this purpose, the server log files must be collected.
If you send us enquiries via the contact form, the information you provide in the enquiry form, including the contact details you provide there, will be processed by our website CMS WPMU DEV (owned and operated by Incsub LLC) and stored by us for the purpose of processing the enquiry and in case of follow-up questions. The data transfer takes place via Microsoft’s Office 365 product package hosted in the UK. We do not share this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b) GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f) GDPR) or on your consent (Art. 6 para. 1 lit. a) GDPR), if this has been obtained.
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request), in accordance with our internal data storage policy. Mandatory legal provisions – in particular retention periods – remain unaffected by this.
Enquiry by e-mail, telephone or contact form
If you contact us by e-mail, telephone or via one of our contact forms on our website, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b) GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR), if this has been obtained.
The data that you transmit to us as part of contact enquiries remains with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after processing your request has been completed), in accordance with our internal data storage policy. Mandatory legal provisions – in particular legal retention periods – remain unaffected by this.
5. plugins and tools
Google Web Fonts
This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
For this purpose, the browser you use must establish a connection to Google’s servers. This enables Google to know that this website has been accessed via your IP address. The use of Google Web Fonts is based on Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. Insofar as a corresponding consent has been obtained (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a) GDPR. The consent can be revoked at any time.
If your browser does not support web fonts, a default font from your computer will be used.
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to check whether the data entry on this website (e.g. in a contact form) is made by a human or an automated programme. For this purpose, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements of the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. Visitors to the website are not informed that an analysis is taking place.
The storage and evaluation of the data is based on Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM. Insofar as a corresponding consent has been obtained, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a) GDPR; THE CONSENT IS REVOKABLE AT ANY TIME.
For more information, see the “About Hotjar” section on the Hotjar help page.
Facebook Custom Audiences / Facebook Pixel
The “Facebook Custom Audiences” service is used on this website. Facebook Pixel is used for this service. These services are operated by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland. Facebook Custom Audiences allows us to target the user with interest-based advertising on the social network – Facebook. To make this possible, we have implemented the Facebook Remarketing Tag on our website. This tag establishes a direct connection with Facebook servers when you visit the website, so that Facebook receives information about which pages you have visited on our website. Facebook then matches this information with your Facebook user account. The next time you visit Facebook, you will then be shown personalised, interest-based advertisements (Facebook Ads). In addition, Custom Audiences is used to personalise and optimise the website.
The Facebook pixel also collects and processes performance data to track and monitor performance data derived from users’ use of Facebook ads.
The following data is collected and processed with the help of Facebook Custom Audiences:
- Facebook user ID
- IP address
- Browser information
- Non-sensitive custom data
- Facebook cookie information
- Referrer URL
- Pixel-specific data
- Pixel ID
- Social media friend network
- Usage data/user behaviour
- Views and interactions with content, ads and services
- Valued content
- Information about the device
- Successful marketing campaign
- Information on the operations
- Hardware/software type
- Browser type
- Operating system of the device
- Geographical location
- Cookie ID
- Information from third party sources
- User agent
The legal basis for the processing is your consent pursuant to Art. 6 (1) a) GDPR. If you do not want the aforementioned data to be collected and processed via Facebook Custom Audiences, you can refuse your consent or revoke it at any time with effect for the future.
Personal data shall be kept for as long as necessary to fulfil the purpose of the processing. The data will be deleted as soon as it is no longer necessary to fulfil the purpose.
In the course of processing, the data may be transferred to Facebook Inc. in addition to Facebook Ireland.
HubSpot is a customer relationship management (CRM), marketing, sales and customer service software. Its functionality includes:
Email Marketing, Social Media Publishing & Reporting, Reporting, Contact Management (e.g. User Segmentation & CRM), Landing Pages and Contact Forms.
HubSpot is a software company from the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.
The following data may be processed in connection with HubSpot:
- Phone number
- E-mail address
- Job title
- IP address
- Business address
The legal basis for the processing is legitimate interests pursuant to Art. 6 (1) (f) GDPR and consent pursuant to Art. 6 (1) (a) GDPR. If you do not want the aforementioned data to be collected and processed via Hubspot, you can refuse your consent or revoke it at any time with effect for the future.
Personal data shall be kept for as long as necessary to fulfil the purpose of the processing. The data shall be deleted as soon as they are no longer necessary to fulfil the purpose.
Within the scope of processing via HubSpot, data may be transferred to the USA. The security of the transfer is ensured via the standard contractual clauses, which guarantee that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. Should the standard contractual clauses not be sufficient to guarantee an adequate level of security, your consent pursuant to Art. 49 (1) a) GDPR may serve as the legal basis for the transfer to third countries.
We use Freshworks to convert emails, including appeals and customer queries, and social media queries into tickets for easy tracking.
Freshworks Inc (company number: 4861858) is a corporation formed under the laws of the State of Delaware with its registered office at 16192 Coastal Highway, Lewes, Delaware 19958, USA and its principal place of business at 2950 S. Delaware Street, Suite 201 San Mateo, California 94403, USA.
Freshworks can process the following data with its Freshdesk product:
- Contact information such as name, email address, postal address
- IP address
- geographical location
- the content of any messages you send to us as part of a service request, question or concern, including by email, telephone or via the website.
The processing is based on our legitimate interest in the effective handling of the enquiries addressed to us (Art. 6 (1) f) GDPR).
Personal data shall be kept for as long as necessary to fulfil the purpose of the processing. The data will be deleted as soon as they are no longer necessary to fulfil the purpose.
Microsoft 365 Suite
We use Microsoft’s Exchange online and Office online products, which are hosted in Microsoft’s UK data centre, to route requests made via the website’s contact forms to receiving systems.
Microsoft takes strict measures to protect Customer Data from inappropriate access or use by unauthorised individuals. These include restricting access by Microsoft employees and subcontractors and carefully defining requirements for responding to government requests for Customer Data. Microsoft 365 uses service-side technologies that encrypt customer data at rest and in transit. For Customer Data at rest, Microsoft 365 uses encryption at the volume and file level. For Customer Data in transit, Microsoft 365 uses multiple encryption technologies for communications between data centres and between clients and servers, such as Transport Layer Security (TLS) and Internet Protocol Security (IPsec).
The processing is based on our legitimate interest in the effective handling of the requests addressed to us (Art. 6 (1) f) GDPR).
Personal data shall be kept for as long as necessary to fulfil the purpose of the processing. The data shall be deleted as soon as they are no longer necessary to fulfil the purpose.
Amendment of the data protection policy