Flex Park Privacy Policy

Effective date: 17/09/2025
Last updated: 17/09/2025

This Privacy Policy explains how FlexPark, operated by Noctocode d.o.o., processes personal data of users and individuals contacting us. We operate in accordance with Regulation (EU) 2016/679 (GDPR) and applicable local data protection laws.

This Privacy Policy has been prepared to better serve individuals concerned about how their Personally Identifiable Information (PII) is used online. PII refers to information that can be used on its own or with other data to identify, contact, or locate a person, or to identify an individual in context. Please read this Privacy Policy carefully to understand how we collect, use, protect, or otherwise handle your personal data in connection with our mobile application and website.

The administrator of your personal data is Noctocode d.o.o., with registered office at Oražnova ulica 1, 1000 Ljubljana, Slovenia, email: support@flexpark.org

‍For clarity, throughout this Privacy Policy:

“You” refers to the user of the FlexPark app or website.

“We” refers to FlexPark, as the data controller and service provider.

Depending on the nature of the data:

• Customer-provided data: For information entered by FlexPark customers about their employees (e.g., names, emails, phone number, license plate numbers), Noctocode d.o.o. acts as a data processor, under a Data Processing Agreement (DPA) with the customer, who remains the data controller.
• Other data: For all other categories of personal data (e.g., reservation history, usage analytics, support queries, marketing-related data), Noctocode d.o.o. acts as the data controller.

Account Data (FlexPark as Data Processor)

‍When customers enter employee information into FlexPark, we process the following on their behalf:

• Full name
• Email address
• Phone number
• Vehicle license plate numbers

Operational Data (FlexPark as Data Controller)
‍
For the operation and improvement of our services, FlexPark may process:

• Reservation history (e.g., parking spaces booked and released)
• Actions taken within the application
• Device information (type, operating system, browser)
• IP address and login timestamps

Communication and Support (FlexPark as Data Controller)
‍
When you contact us for help or provide feedback, we may process:

• Messages sent to our support team
  
• Survey and feedback responses
  
• Vehicle license plate numbers

Contact Data from Interested Individuals (FlexPark as Data Controller)
‍
If you contact us to learn more about FlexPark, we may process:

• Full name
• Email address
• Phone number (if voluntarily provided)
  
• Company name
• Message content

As a Data Processor

We process personal data only on behalf of and under the instructions of our customers, based on a Data Processing Agreement (DPA) in accordance with Article 28 of the GDPR.

As a Data Controller, we process data for the following purposes:

• Providing platform functionality and managing user accounts
  
• Technical maintenance and system analytics
• Responding to support requests
• Marketing communication (only with prior consent)
• Ensuring system protection (e.g., via security tools such as Google reCAPTCHA)
• Handling inquiries and sales-related communication
• Compliance with legal obligations (e.g., tax and accounting requirements)

Legal Bases for Processing

• Art. 6(1)(b) GDPR – Contract performance or pre-contractual measures
• Art. 6(1)(f) GDPR – Legitimate interest (e.g., ensuring security, improving functionality, maintaining customer relations)
• Art. 6(1)(a) GDPR – Consent (e.g., for marketing communication)
• Art. 6(1)(c) GDPR – Compliance with legal obligations

We may share your personal data with trusted third parties where necessary to deliver our services or comply with legal obligations.

Within Your Organization

• Other users in your organization (e.g., to view shared booking calendars and reservation history).

Service Providers (Processors)

• IT service providers (e.g., hosting, technical support, user communication).
• Brevo – for sending newsletters and marketing communications (only if you have given consent).
• Google Ireland Ltd. – for reCAPTCHA protection and security.

All processors operate under written contracts with Noctocode d.o.o. that ensure compliance with the GDPR.

Analytics and Advertising Partners (Separate Data Controllers)

To better understand and improve our services, and (if you have consented) for marketing purposes, we may share limited information with:

• Google Analytics – to understand how users interact with our app and website. Google Privacy Policy. You can opt out here.
• Google Ads – where Google acts as an independent controller, for targeted advertising.
• Facebook Ads / Facebook Business Tools (including Pixel) – to measure the effectiveness of campaigns and deliver relevant ads.

Public Authorities

‍We may share personal data when required by law, for example to respond to lawful requests by public authorities, subpoenas, or court orders.

• By default, all data is stored and processed within the European Economic Area (EEA).
• If data is transferred outside of the EEA (e.g., to Canada or the United States), such transfers will only take place under appropriate safeguards as required by GDPR. These safeguards may include:

• Adequacy decisions of the European Commission;
• Standard Contractual Clauses (SCCs); or
• Transfers to US-based entities certified under the EU–US Data Privacy Framework (successor to Privacy Shield).

We will not transfer your personal data outside the EEA without ensuring adequate protection of your rights and freedoms.

FlexPark uses cookies and similar technologies to improve the functionality and security of our services. Specifically, we use cookies to:

• Maintain session states.
• Personalize interface settings.
• Understand and save user preferences for future visits.
• Analyze website traffic and application usage.
• Compile aggregate statistics about site traffic and interactions to improve user experience.

We may also use trusted third-party services to help us analyze and optimize performance.

‍Managing Cookies:
‍
You can choose to have your browser warn you each time a cookie is sent, or disable cookies entirely through your browser settings. Please note that if you disable cookies, some features of our application or website may not function properly.For more information about cookies and how to disable them, visit: www.allaboutcookies.org.

Marketing Emails

‍With your consent, we may send you information about FlexPark’s features, product updates, and news using Brevo.

You can unsubscribe at any time by clicking the “unsubscribe” link included in each email, or by contacting us directly at support@flexpark.org.

We will not send you marketing communications without your prior consent, and we do not share your email address with third parties for their own marketing purposes.

Transactional Emails

Independent of your marketing preferences, we may send you transactional emails related to the use of FlexPark. These may include:

• Reservation confirmations or updates
• Account creation and password reset emails
• Important service or security notifications

These communications are necessary to provide the service and cannot be opted out of, except by deleting your account.

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, and in accordance with legal, contractual, and operational requirements. Specifically:

• For organizational accounts: Data is retained for the duration of the contract between Noctocode d.o.o. (FlexPark) and your organization.
• For consent-based processing: Data is retained until you withdraw your consent.
• For legitimate interest processing: Data is retained until a valid objection is raised under GDPR.
• For legal and regulatory purposes: Data may be retained for the time required by applicable law (e.g., accounting, tax) or to defend against legal claims.

After these periods, personal data will be securely deleted or anonymized.

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

• Access – You can request confirmation of whether we process your personal data and obtain a copy of it.
• Rectification – You can ask us to correct or update inaccurate or incomplete data.
• Erasure (“right to be forgotten”) – You can request deletion of your data where legally permitted.
• Restriction of processing – You can request that we limit the processing of your personal data in certain cases.
• Data portability – You can request to receive your data in a structured, commonly used, and machine-readable format, and transmit it to another controller.
• Object to processing – You can object to the processing of your personal data based on legitimate interests, including profiling.
• Withdraw consent – Where processing is based on consent (e.g., marketing emails), you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at: support@flexpark.org

We take the protection of your personal data seriously and implement appropriate technical and organizational measures to safeguard it against unauthorized access, loss, misuse, or disclosure. These include:

• Encrypted data transmission (TLS/SSL) to secure communication between our app, website, and servers.
• Access controls and multi-factor authentication (MFA) to restrict access to personal data only to authorized personnel.
• Continuous monitoring and regular security audits to identify and mitigate vulnerabilities.
• Trained staff and internal data protection policies, ensuring that employees handle data responsibly and in compliance with GDPR.

We may update this Privacy Policy from time to time to reflect changes in the law or how we provide our services. If there are important changes, we will let you know by email or in-app notification.

If you have any questions or concerns about this Privacy Policy or how we handle your personal data, please contact us at:

‍Noctocode d.o.o.
Oražnova ulica 1
1000 Ljubljana, Slovenia
Email: support@flexpark.org