Privacy Policy

Privacy Policy

Effective: 2026-01-26

This Privacy Policy describes the data processing activities carried out on the parking-hungary.hu website and related online services (in particular: online parking initiation, parking management, customer service administration, invoicing/receipts).

This policy has been prepared based on Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).

1. Data Controller Information

  • Name of Data Controller: Pánácz Digital Kft
  • Registered office: 9672 Gérce, Kossuth utca 2.
  • Company registration number: 18-09-116022
  • Tax number: 32579374-2-18
  • E-mail: info@parking-hungary.hu
  • Website: parking-hungary.hu

Data Protection Officer (DPO): The Data Controller is currently not required to appoint a Data Protection Officer. If practice or the legal environment makes this necessary, the details of the appointed DPO will be published here.

2. Definitions

  • Data subject: the natural person whose personal data is processed.
  • Service: online parking services and related administration on parking-hungary.hu.
  • Data processor: the service provider who processes personal data on behalf of the Data Controller.

3. Overview of Data Processing

Below, we describe the scope of processed data, legal basis, retention period, and recipients for each purpose.

3.1. Initiation and management of online parking (performance of service)

  • Processed data: license plate; parking zone/location; start and end of parking; data required for fee calculation; transaction identifiers; device and technical data (IP address, browser/OS, log data).
  • Purpose: initiation/termination/extension of parking, fee calculation, tracking of transaction and service process, prevention of abuse.
  • Legal basis: GDPR Article 6(1)(b) – performance of contract; GDPR Article 6(1)(f) – legitimate interest (fraud prevention, IT security, system integrity).
  • Retention: service data related to the parking transaction: 5 years (in line with limitation period for claims); technical logs: 90 days, except in case of incident/claim enforcement, for the necessary period.
  • Recipients: IT/hosting provider, e-mail delivery provider, invoicing/receipt provider, payment provider (Barion or Stripe – see 3.3), and, if necessary, accountant/legal representative.

3.2. Customer service, complaint handling, contact

  • Processed data: name; e-mail address; license plate; message content; attachments; case identifiers; communication timestamps.
  • Purpose: responding to inquiries, handling tickets, complaint management, verifiability.
  • Legal basis: GDPR Article 6(1)(b) – performance of contract / steps prior to entering into a contract; GDPR Article 6(1)(c) – legal obligation (where applicable); GDPR Article 6(1)(f) – legitimate interest (quality assurance, dispute management).
  • Retention: general customer service correspondence: 2 years; complaint handling documentation: 3 years or the period specified by applicable law.

3.3. Online payment (Barion and Stripe)

For payment processing, parking-hungary.hu uses Barion or Stripe as payment service providers. Typically, only one of the two solutions is active at a time, however, for business/technical reasons, the Data Controller may switch between the two. Accordingly, both providers are potential recipients/data processors.

Important: parking-hungary.hu does not process or store bank card data. The processing of bank card data takes place on the secure payment interface of the payment provider (Barion or Stripe).

3.3.1. Barion Payment Zrt.

  • Role: payment service provider (typically an independent data controller for its own compliance processes; may also act as a data processor for certain data categories during transaction processing).
  • Data typically transferred: transaction amount, currency, payment identifiers, order identifier, technical data; possibly billing name/address if required by the payment process.
  • Purpose: execution of payment transaction, fraud prevention, compliance with financial regulations.
  • Legal basis: GDPR Article 6(1)(b) – performance of contract; Barion's own legal bases for its own data processing.
  • Policies: Barion Privacy Policy

3.3.2. Stripe (Stripe Payments Europe, Ltd. and affiliated companies)

  • Role: payment service provider; for certain data categories, independent data controller and/or data processor (according to Stripe documentation).
  • Typically transferred data: transaction amount, currency, payment identifiers, order identifier, technical data; possibly billing name/address if required.
  • Purpose: execution of payment transaction, fraud prevention, compliance with payment regulations.
  • Legal basis: GDPR Article 6(1)(b) – performance of contract; Stripe’s own legal bases for its own data processing.
  • International data transfer: Stripe may transfer certain data outside the EEA. In such cases, the guarantees applied by Stripe (e.g. Standard Contractual Clauses – SCC approved by the European Commission, and other compliance mechanisms) are applicable according to Stripe’s documentation.
  • Information: Stripe Privacy Policy | Stripe Data Processing Agreement

3.4. Invoicing / receipt, accounting obligations

  • Processed data: invoice/receipt serial number; transaction identifier; payment amount; date; buyer’s name and address (if provided for invoice); email address (for delivery).
  • Purpose: issuance and delivery of receipt, accounting compliance.
  • Legal basis: GDPR Article 6(1)(c) – legal obligation (accounting and tax regulations).
  • Retention: 8 years (based on accounting retention obligation).

3.5. Fraud prevention, abuse management, IT security

  • Processed data: IP address, device identifiers, log data, transaction metadata, information related to suspicious patterns.
  • Purpose: system protection, incident management, prevention of unauthorized use, enforcement of legal claims.
  • Legal basis: GDPR Article 6(1)(f) – legitimate interest.
  • Retention: technical logs typically 90 days, in case of incident for the necessary period.

4. Data processors and recipients

For the operation of the service, the Controller may use the following partners:

  • Hosting / server operator: DigitalOcean (digitalocean.com)
  • Email delivery service provider: Resend (resend.com)
  • Invoicing/receipt service provider: Billingo (billingo.hu)
  • Payment service provider: Barion and/or Stripe (see 3.3)
  • Accountant: BetterBook (betterbook.hu) – only if necessary

The Controller uses only such data processors that provide adequate guarantees for data processing in accordance with the GDPR, and concludes a data processing agreement with them (where relevant).

5. International data transfer

The Controller basically strives to process data within the territory of the European Economic Area (EEA). However, in the case of certain partners (in particular: Stripe, and due to the nature of the service, DigitalOcean and Resend), it may occur that, due to the provider’s organizational or technical operation, data processing/data transfer outside the EEA may also be involved.

In such cases, data transfer may only take place using compliance mechanisms permitted by the GDPR, for example, the Standard Contractual Clauses (SCC) approved by the European Commission, and – where applicable – other recognized transfer mechanisms, according to the provider’s documentation and contractual terms.

6. Automated decision-making, profiling

During the operation of the service, automated logic may occur (e.g. fee calculation, parking status management). The Controller does not apply any exclusively automated decision-making that would have legal effects on the Data Subject or similarly significantly affect them (GDPR Article 22).

7. Data security

The Controller applies appropriate technical and organizational measures, in particular:

  • encrypted data transmission (HTTPS/TLS);
  • access management, authorization levels;
  • logging and monitoring;
  • security backups and recovery procedures;
  • incident management process.

8. Rights of Data Subjects

Under the GDPR, the Data Subject is entitled to:

  • Request information about the processing of their personal data (GDPR Articles 13–14);
  • Request access to their processed data (GDPR Article 15);
  • Request rectification (GDPR Article 16);
  • Request erasure (“right to be forgotten”) – with statutory exceptions (GDPR Article 17);
  • Request restriction of processing (GDPR Article 18);
  • Right to data portability (GDPR Article 20) – if processing is based on contract or consent and is automated;
  • Object to processing based on legitimate interest (GDPR Article 21);
  • Lodge a complaint with a supervisory authority or turn to a court.

How to exercise your rights: Please write to info@parking-hungary.hu.

The Data Controller shall respond without undue delay, but no later than within 1 month.

8.1. Submitting a Complaint

If you believe that our data processing violates the relevant legislation, you may file a complaint with:

  • National Authority for Data Protection and Freedom of Information (NAIH)
  • Address: 1055 Budapest, Falk Miksa utca 9-11.
  • Mailing address: 1363 Budapest, Pf. 9.
  • Phone: +36 (1) 391-1400
  • E-mail: ugyfelszolgalat@naih.hu
  • Website: naih.hu

9. Cookies and Similar Technologies

The website uses cookies for operation and to improve the user experience. Some cookies are necessary for the operation of the service (necessary cookies), while others may serve statistical/analytical or marketing purposes.

9.1. Categories of Cookies

  • Necessary cookies: essential for the basic operation of the website (legal basis: legitimate interest / performance of contract).
  • Statistical (analytical) cookies: measuring traffic, service development (legal basis: consent).
  • Marketing cookies: advertising/targeting (legal basis: consent).

9.2. Google Analytics (analytical cookies)

If you allow analytical cookies, the website uses the Google Analytics service to measure website usage and improve the service. Typical Google Analytics cookies: _ga, _gid, _gat (as well as other identifiers depending on configuration, e.g. _ga_...).

  • Data typically processed: visit events, page views, session information, technical data (browser/OS), approximate location data (city/country), IP address in truncated/anonymized form depending on settings.
  • Legal basis: GDPR Article 6(1)(a) – consent (analytical cookies).
  • Recipient/service provider: Google (according to the provider's current terms).
  • International data transfer: in the case of Google services, data transfer outside the EEA may occur based on Google's contractual and adequacy mechanisms.

9.3. Barion Pixel / Barion Metrics (measurement, conversion and consent management)

The website (especially for measuring payment/conversion processes) may also use Barion Pixel technology. Barion Pixel helps measure visitor events (e.g. page load, steps in the payment process, conversion), and according to the interfaces provided by Barion, it is linked to the visitor's consent.

  • Legal basis: GDPR Article 6(1)(a) – consent (analytics/conversion measurement).
  • Service provider/recipient: Barion (according to the current documentation and terms of the Barion Pixel technology).
  • Consent management: you can modify your consent related to non-essential cookies (analytics/marketing) at any time in the cookie settings.

9.4. Barion Fraud Prevention Cookies (payment security)

During online payment, the payment service provider (especially Barion) may also place cookies for security and fraud prevention purposes, which serve to prevent abuse (e.g. technical identifiers based on browser digital fingerprinting and session identification). These cookies may be necessary for the secure execution of the payment process.

  • Purpose: fraud prevention, reduction of payment risks.
  • Legal basis: GDPR Article 6(1)(f) – legitimate interest (security, prevention of abuse), as well as the payment service provider's own compliance processes.
  • Service provider/recipient: Barion and/or Stripe (depending on the payment service provider currently used).

9.5. Consent and Retention Periods

Consent management: Non-essential cookies (analytical/marketing) are only placed based on the Data Subject's consent, and consent can be withdrawn at any time in the cookie settings.

Retention: depending on the type of cookie, until the end of the session or up to 6–24 months.

10. Minors

The service is not specifically intended for minors. If the Data Controller becomes aware that a person under the age of 16 is involved in data processing based on consent, the necessary measures will be taken in accordance with the provisions of the GDPR.

11. Modification of the Notice

The Data Controller is entitled to unilaterally modify the notice. The modification enters into force upon publication on the website. Please check the current version of the notice from time to time.

12. Contact

If you have any questions or requests regarding data processing, please contact us at the following address: info@parking-hungary.hu.