Data Processing Agreement
Last updated: 1 January 2025
This Data Processing Agreement ("DPA") applies between OPARKO A/S ("OPARKO", "Processor") and the parking operator ("Controller") that has entered into a service agreement with OPARKO for use of the OPARKO platform.
1. Definitions
"Personal Data", "Processing", "Controller", "Processor", "Data Subject", and "Supervisory Authority" have the meanings given to them in Regulation (EU) 2016/679 (GDPR) and applicable Danish data protection legislation.
2. Subject matter and nature of processing
OPARKO processes personal data on behalf of the Controller in connection with the provision of the OPARKO parking management platform. The categories of data processed include vehicle registration numbers, contact details of permit holders, and payment transaction data.
3. Processor obligations
OPARKO will: (a) process personal data only on documented instructions from the Controller; (b) ensure that persons authorised to process personal data are bound by confidentiality obligations; (c) implement appropriate technical and organisational security measures; (d) assist the Controller in responding to Data Subject requests; (e) make available all information necessary to demonstrate compliance with this DPA.
4. Sub-processors
OPARKO uses sub-processors to deliver its services, including cloud infrastructure providers and payment processors. A current list of sub-processors is available on request. OPARKO will notify the Controller of any intended changes to sub-processors with at least 30 days' notice.
5. Security measures
OPARKO implements technical and organisational measures appropriate to the risk, including encryption of data in transit and at rest, access controls, regular security testing, and incident response procedures.
6. Data retention and deletion
Personal data is retained only as long as necessary for the purposes set out in the service agreement. On termination of the agreement, OPARKO will, at the Controller's choice, delete or return all personal data and delete all existing copies.
7. International transfers
OPARKO processes data within the EEA. Where sub-processors involve transfers outside the EEA, OPARKO ensures appropriate safeguards are in place, including Standard Contractual Clauses where required.
8. Contact and supervisory authority
For questions about this DPA, contact OPARKO at hello@oparko.com. Complaints may be lodged with the Danish Data Protection Authority (Datatilsynet), Carl Jacobsens Vej 35, 2500 Valby.