Name	Description	Retention Period
_mg	This cookie used for the user's authentication.	Session
allowedCookie	This cookie stores whether a decision has already been made to use cookies or not.	Session
allowedUserCookieCategories	This cookie stores the consent given by the visitor to the use of cookies and to the integration of third-party content (see below for selection) for current session.	Session
ASP.NET_SessionId	This cookie stores the visitors session state to ensure smooth communication between server and client.	Session
lang	This cookie stores the language chosen by the visitor for the duration of the session.	Session
sxa_site	This cookie stores the name of the site	Session
theme	This cookie stores the theme value	Session
__RequestVerificationToken	This cookie stores the visitors request verification token to ensure smooth communication between server and client.	Session

Name	Description	Retention Period
consentfuture	This cookie stores the consent given by the visitor to the use of cookies and to the integration of third-party content (see below for selection) for future sessions.	390 days
langfuture	This cookie stores the language selected by the visitor for future sessions, in case preference cookies were accepted.	390 days
themefuture	This cookie stores the theme selected by the visitor for future sessions, in case preference cookies were accepted.	390 days

Name	Description	Retention Period
_ga	This cookie is used to distinguish users. We use the web analysis service Google Analytics of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google") on our website. For details, please refer to the cookie policy of Google Analytics	2 Years
_ga_property-id	This cookie is used to persist session state. We use the web analysis service Google Analytics of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google") on our website. For details, please refer to the cookie policy of Google Analytics	2 Years
SC_ANALYTICS_GLOBAL_COOKIE	This cookie is used to identify anonymously reoccurring visits of a visitor.	390 days
nmstat	Siteimprove Analytics cookies contain no personal information and are used only for anonymized web analytics. For example to identify sequences of pages visitors often looked at in general. This helps to improve the information offer and reduce unnecessary steps. Siteimprove generate a number of cookies. For details, please refer to the privacy policy of siteimprove.	1000 days

	Name	Description	Retention Period
	YouTube	The YouTube videos embedded on these pages use a number of cookies for display. For details, please refer to the privacy policy of Google.	For details, please refer to the privacy policy of the service provider mentioned in the description.
	Google Maps	The Google Maps content embedded on these pages use a number of cookies for display. For details, please refer to the privacy policy of Google.	For details, please refer to the privacy policy of the service provider mentioned in the description.

Data privacy notice Smart Parking

1. General information

a) Introduction

With the following data protection information, METRO Campus Services GmbH, Metro-Straße 12, 40235 Düsseldorf, Germany (hereinafter referred to as "METRO", "we" or "us") informs you aboutabout the processing of personal data in connection with the system for operating the underground parking garage and the parking spaces offered there, including the video recording used for this purpose ("parking space operation").

Personal data is any information relating to an identified or identifiable natural person (such as first and last name, address, telephone number or e-mail address). In the following, we would like to inform you in particular about which personal data is processed in connection with parking space operation, the purpose of this processing and what rights you have in relation to this processing in accordance with the General Data Protection Regulation ("GDPR").

b) Controller / data protection officer

METRO is the controller(Art. 4 No. 7 GDPR) for the processing of personal data. If you have any questions or other concerns regarding the processing of your personal data, you can contact our data protection officer at any time using the following contact details

METRO Campus Services GmbH, Data Protection Officer, Metro-Straße 12, 40235 Düsseldorf
E-mail: datenschutz@metro-services.de

2. Information on the processing of personal data

a) Categories of personal data that we process:

Data for the fulfillment of the contract
Access and usage data of the online customer portal

The provision of your personal data is voluntary. Reference is made to image recording and the collection of license plate data in accordance with legal requirements.

b) Purposes and legal bases of data processing

We will process your personal data for the following purposes:

aa) Permanent parking management

bb) Tariff calculation for parking by time

cc) Control of the terms of use (e.g. parking over two parking spaces)

dd) Control of legally compliant use (e.g. exceeding the free parking time)

ee) Protection of the facilities (e.g. vandalism)

ff) Prosecution of misuse (e.g. exit without payment)

gg) Online Customer Portal

hh) Automated entry and exit by means of vehicle license plates

c) Legal basis for processing

The legal basis for the billing of parking fees (both for short-term parking and long-term parking) is "performance of the contract" (Art. 6 para. 1 lit. b) GDPR).
For license plate recognition for long-term parkers, the legal basis is your consent (Art. 6 para. 1 lit. a) GDPR).
For license plate recognition for short-term parkers, the legal basis is the legitimate interest of the controller (Art. 6 para. 1 lit. f) GDPR), which consists of achieving the purposes mentioned above under point 2. b) (aa to hh).

d) Storage duration

Your personal data will only be stored by us for as long as is necessary to fulfill the contract in order to achieve the purposes mentioned under point 2. b).

aa) For non-registered customers

For normal parking transactions, the image of the license plate is usually anonymized 24 hours after the last recorded action (after the exit if payment was made beforehand or after payment if this was made after the exit).
In the case of completed parking transactions with outstanding costs, anonymization takes place one day after expiry of the grace period. This data is required as evidence for warnings and in the event of disputes.
Unregistered customers who leave within the free period or turn around when entering are anonymized after 5 minutes.
The remaining data will be deleted after the retention period of ten years under tax law has expired.

bb) For registered customers

Parking processes of registered customers who have not generated any costs: 12 hours after exit.
Parking transactions with payment on account: 12 hours after invoicing (monthly invoice).
Rejections of registered customers: 7 days after rejection (rejections are cases where a vehicle is not allowed to enter because it violates a rule (e.g. the number of vehicles has exceeded the contract limit)).
The remaining data is deleted after the retention period of ten years under tax law has expired.

cc) Incorrect movements

Parking processes where two entries were recorded but no associated exit: anonymization 30 days after entry.
Parking processes where one exit was recorded but no associated entry: anonymization 30 days after the exit.
Open parking processes that have not yet been completed: Anonymization after 90 days.

e) Recipients of personal data

For the above-mentioned purposes, your personal data will be transmitted to processors (e.g. call center, complaint management) and the following other recipients - if necessary

Billing platforms
insurance companies
Debt collection agency, lawyers, courts
Authorities within the scope of their remit
Employers of METRO employees
Client of the parking space operator

3. Your rights

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the information specified in Art. 15 GDPR.

The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her and, where applicable, the completion of incomplete personal data (Art. 16 GDPR).

The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the grounds listed in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued (right to erasure).

The data subject has the right to obtain from the controller restriction of processing where one of the conditions listed in Art. 18 GDPR applies, e.g. if the data subject has objected to processing, for the duration of the verification by the controller.

The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. The controller will then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims (Art. 21 GDPR).

Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes the GDPR (Art. 77 GDPR). The data subject may exercise this right before a supervisory authority in the Member State of their habitual residence, place of work or place of the alleged infringement. In North Rhine-Westphalia, the competent supervisory authority is

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, Kavalleriestr. 2, 440213 Düsseldorf, e-mail: poststelle@ldi.nrw.de