Privacy statement for parking

If you come to Schiphol and use one of its official carparks, then the following personal data can be processed:

• Contact information: initials, first and last name, telephone number, address information and email address.
• Vehicle information: license plate.
• Payment information: Encrypted credit card information, encrypted debit card information, payment card supplier (e.g. Master Card), date and time of the payment, payment amount, QR-code on parking ticket (linked to a transactionID and the payment amount).
• Reservation information: start and end date of the reservation, date and time of driving in or onto the carpark, date and time of driving out of the carpark, payment amount, deposit amount, parking product, amount of passengers in vehicle (for capacity planning) and optional your flight number and travel purpose (leisure or business).
• Subscription information: Parking subscription information, subscription type, validity of subscription card.
• Information regarding charging your vehicle: charging station number, start and end time of charging session, amount of kWH charged, cost of charging session and transactionID.
• Camera surveillance on carparks: camera images

There are a number of ways to use a parking space at Schiphol. You can reserve a parking space via the website, by telephone (only for Valet Parking), via an intermediary or with a voucher. You can also drive into a car park without making a reservation.

Do you use Schiphol’s parking services? In that case, a photograph of your licence plate may be taken when you enter with your vehicle. We save the licence plate and also register your entry and departure times.

If you opt to park without making a reservation, you can take a ticket or use a credit card. If you drive in with a credit card, Schiphol will save an encrypted version of your credit card number.

If you reserve via a Privium ID or subscription, the Privium ID or subscription number is also registered.

If you use Valet Parking, we will also register the flight information (arrival date, arrival time, departure date, departure time and flight number(s)) and the make, model and colour of your car. Furthermore, we will take photographs of your car if you use Valet Parking. If someone other than yourself comes to pick up the car, we will also register his or her contact details.

In case you create a My Schiphol account, your username and password will be processed. This My Schiphol account will give you an overview of all your reservations.

Moreover, video footage is recorded of Schiphol’s parking spaces and surroundings. If you would like further information about this footage please click here.

For parking by personnel, the following personal data can be processed additional to the personal data that have been mentioned before:

• Personnel number;
• Location and name employer; and
• Schiphol card number and/or Parking card number

Schiphol processes most of your personal data, because they are necessary for the performance of the agreement that we have with you. We need your personal data, for example, to:

• Manage your parking reservation;
• Manage the payments and the payment systems;
• Manage our license plate recognition systems;
• Manage our charging stations; and
• Manage the electronic support systems in the carparks, such as the digital direction system in our parking garages.

Additionally, we also want to improve our services. That is why we will inquire how you experienced the parking services at the end by sending you an email message to request your feedback. Schiphol has a legitimate interests to process your email address for this purpose.

Schiphol can also use your personal data for marketing purposes. This excludes the personal data that Schiphol collects from parking by personnel. For the following purposes, we may use your email address to:

• Send you a newsletter containing general news about Schiphol;
• Let you know that you haven’t finished your parking reservation; and
• Send you a newsletter containing news and promotions regarding Schiphol products and services, such as our Premium Services.

At Schiphol we strive to make our marketing as efficient as possible, so that our customers receive communications that are relevant to them. In order to achieve this, we use some of your personal data to conduct marketing analyses. We may use your email address and your reservation information for these analyses. Based on these analyses, for example, we may see that you use the Schiphol carparks several times a year. In this situation, it is perhaps interesting to you to think about a Privium membership, because this membership gives you parking related perks. Based on this information, we may send you a newsletter related to a Privium membership. To process these personal data for marketing analyses, Schiphol has assessed that it has legitimate interests.

For the processes that we use your personal data based on Schiphol’s legitimate interests, you have the right to object. Do you want Schiphol to stop processing your personal data for these processes? Then send an email to our Data Protection Office (DPO) via dpo@schiphol.nl.

All personal data that we register at the time you enter and leave (payment details, time of entry and departure) are deleted three months after you have used parking services at Schiphol.

The picture that is taken by our license plate recognition system will be retained for a maximum of 24 hours. After 24 hours Schiphol will only retain an encrypted version of your license plate number for a maximum of 90 days after you have left the carpark.

The information you share when making a reservation is deleted two years after you have made use of Schiphol’s parking services.

Camera images that are made for the purpose of camera surveillance will not be retained longer than necessary, namely:

• At entrances and exit driveways and payment machines: 28 days
• In the parking garages and at the parking lots: 14 days

Some data we process are defined as personal data, due to the fact Schiphol has camera images at the parking garages and the parking lots. Without these camera images, we cannot individually identify you with these data. When the camera images have been deleted (after 14 or 24 days), then the following data are no longer personal data:

• Data that are processed in the context of charging your vehicle

If you receive our newsletter, we will process your email address until you unsubscribe. We will offer the opportunity to unsubscribe in each (commercial) newsletter.

For personnel parking, when the Schiphol card is being used, then this card is being processed separate from the Parking Management System (PMS) that is used for visitors’ parking. By using your Schiphol card at the parking entrance, no transaction is being started and no information is sent to PMS.

We sometimes engage other parties to carry out a portion of the parking services on Schiphol’s behalf. These are, for example, organisations that are specialised in providing parking reservation software and parking management software. In such cases, we only share data that are required for the performance of the relevant services.

Are you reserving a parking space via a third party, such as a travel agency? In that case, we will only exchange data that are necessary to perform the agreement concluded between Schiphol and this third party.

Schiphol may share your email address with social media services in order to send you (and others) relevant messages via these social media platforms.

To send email messages, such as our newsletter, Schiphol shares your email address with an organisation that is specialised in customer relation management software and mailing software.

In order to conduct marketing analyses Schiphol shares your personal data with an organisation that is specialised in providing a platform that supports with data analyses.

Before sharing any personal data with any organisation, we make sure that there is an agreement in place, such as a data processing agreement, so that we can ensure that these organisations will also process your personal data safely and securely.

Schiphol processes personal data as much as possible within the European Union. Incidentally, some personal data may be processed outside of the European Union.

The organisation that provides the parking management software shares personal data within the own company group, which are in the United States and Australia.

Sharing personal data outside of the European Union will always be done in line with the GDPR. Schiphol will, for example, make sure that the necessary agreements are signed, such as Standard Contractual Clauses. Also, additional measures will be assessed and implemented to make sure the transfer of personal data is done legitimately.

Access to, amendment and deletion of your personal data
You have the right to know what personal data on you are processed by Schiphol. If we have not obtained the data directly from you, you also have the right to know from what source they derive and to receive a copy thereof.

If your personal data proves to be incorrect, you can ask us to amend your data. You can also request us to delete personal data and to discontinue their use.

Restriction of processing and right to transfer your data
If in your opinion we are not processing your data in a correct manner, you can request a restriction of the processing.

You can also ask us to transfer your digital personal data to you or to another party in a readable and usable form.

Lodging an objection
Besides requesting deletion or restriction of the processing, you can also object to the processing of personal data by Schiphol. First, you can do so if you do not agree to Schiphol using your personal data for direct marketing.

Second, you can object to the use of your personal data owing to your specific situation. If you lodge an objection, we will in principle temporarily discontinue or restrict the processing. If your objection is accepted, we will definitively discontinue or restrict the processing.

Your request and our response
If you have a question, a request or if you wish to lodge an objection, email our Data Protection Officer (DPO) via dpo@schiphol.nl. We will do our utmost to respond to your request in a timely manner.

We may ask you to send us a copy of a valid ID if this is necessary in order to confirm your identity.

If any part of your request is unclear to us, we may ask you to specify your request and/or to supplement it, to enable us to provide you with the best possible service.

Who is the controller?
This privacy statement is issued by Schiphol Nederland B.V. Our contact details:

Schiphol Nederland B.V.
P.O. Box 7501
1118 ZG Schiphol

How to contact our Data Protection Officer (DPO)
Schiphol has a Data Protection Officer (DPO) for all your questions concerning privacy. The DPO also provides advice to us and monitors compliance with the privacy laws and regulations by Schiphol.

Do you have any questions or requests concerning your data? If so, you can send an email to the DPO via dpo@schiphol.nl or send a letter to our postal address, for the attention of the Data Protection Officer. Together with your request, please provide your name, address, email address and telephone number.

If you are dissatisfied with the way in which we treat your privacy or handle your request or objection, you can file a complaint with the Dutch Data Protection Authority.

If necessary, we will update this privacy statement. This may be due to changes in policies, changes in the data processing operations or changes in the systems we use to process data.