Privacy policy

Your privacy is important to us. We respect your privacy regarding any information we may collect from you across our website.
Introduction: Parkit values your personal privacy and processes personal data in accordance with applicable data protection legislation, including Regulation(EU) 2016/679 of the European Parliament and of the Council (the General DataProtection Regulation, GDPR) and supplementary Swedish legislation. This privacy policy describes how Parkit collects, uses, stores and protects your personal data, as well as the rights you have.

1. Data controller and contact details

Data controller: Parkit Sweden AB (company reg. no. 559301-5968) is the data controller for the processing of your personal data. Our registered office and premises are located at Varuvägen 9, 125 30 Älvsjö, Sweden. If you have any questions about data protection or wish to exercise your rights (see below), you can contact us by email at dataskydd@parkit.se. You can also reach our customer service by phone on +46 (0)8 125 05000 (weekdays excluding public holidays, 08:00-17:00) for general questions. Please note: Parkit has currently not appointed a data protection officer, as the business is not required to do so under the GDPR.

2. What personal data we collect

We only collect personal data that is relevant to the services we provide. This information is obtained either directly from you, from your use of our services or, in certain cases, from third parties. The categories of personal data we process are listed below:
  • Basic identity and contact details: Name, address, email address, telephone number, personal identity number or other identifying information. You usually provide this information to us yourself, for example when you register an account or enter into an agreement for parking services. We may also need your personal identity number in order to verify your identity, for example in connection with a credit check or for security reasons, such as screening against sanctions lists.
  • Vehicle and parking information: Information linked to your vehicle or parking history, such as registration number, residential parking permits, parking space number, entryand exit times in garages, and any violations or fines related to parking.
  • Payment information: Payment card number, billing address, bank account number or other payment related information in connection with your payment for parking or other services through Parkit. This information is collected during payment transactions and is handled securely in cooperation with our payment serviceproviders.
  • User and account information: Information about how you interact with our digital services (website and app). This may include login details, username, passwords (hashed/encrypted), settings and preferences, technical information about your device (such as browser, operating system and IP address), as well as logs of logins, logouts and activity in the service. Location data may also be processed if you use location-based functions, such as showing available parking spaces near you. Such data is then obtained from your mobile device or browser with your permission.
  • Communication and support cases: Correspondence with you when you contact customer support or otherwisecommunicate with us, for example by email, chat or phone. This includes enquiries, cases, error reports and similar information that you provide to usso that we can assist you.
  • Information from third parties: In certain cases, we may receive personal data about you from sources other than yourself. This may include partners and customers of ours, such as aproperty owner or employer that uses Parkit to administer parking for residentsor employees and therefore shares necessary information, such as names and contact details, for registration in the system. It may also include credit reference agencies or other external registers. For example, we obtain credit reports from authorised providers where relevant (see the purposes below), and we may check your information against public lists, such as lists of politically exposed persons or sanctions lists, in accordance with the law. If we collect information about you from someone other than yourself, we will inform you of this in accordance with Article 14 GDPR, where applicable and required by law.

3. Purposes of processing and legal bases

We process your personal data for specific, explicit and legitimate purposes. For each processing activity involving personal data, we must have a legal basis under Article 6 of the GDPR. Below, we explain why we process your data (the purposes) and the legal basis for doing so. In many cases, the legal basis is that the processing is necessary to perform our agreement with you or to comply with a legal obligation. In other cases, we may have a legitimate interest, or the processing may be based on your consent.

Purposes and corresponding legal basis in brief:
  • Providing services and performing agreements: To enter into and perform our agreement with you for parking and related services, we need to process your basic personal data. This includes creating and administering your account, giving you access to our digital platforms, enabling you to rent or rent out a parking space, issuing digital parking permits and managing waiting lists. Support cases and communication relating to the service are also included here. Legal basis: Performance of a contract (Article 6(1)(b) GDPR). Without this information, we cannot deliver the services you have requested.
  • Payments and financial administration: In order for you to pay for parking or receive payouts (if you rent out a space), we process payment information and carry out transactions. We also handle invoicing, payment reminders and any debt collection in the event of non-payment. Legal basis: Performance of a contract (Article 6(1)(b)) for the transaction itself, and legal obligation (Article 6(1)(c)) for accounting and compliance with requirements under, for example, tax legislation. Under the Swedish Accounting Act, we must retain records relating to payments for at least seven years.
  • Identity verification and fraud prevention: We may process personal identity numbers, identity documents or carry out credit checks to confirm your identity, particularly before granting certain services that involve financial risk, such as parking against invoice or credit. This is done to prevent fraud and money laundering and to ensure that only authorised persons use the services. Legal basis: Legal obligation (Article 6(1)(c)) in cases where we are subject to laws requiring, for example, customer due diligence, such as anti-money laundering legislation, and Parkit’s legitimate interest (Article 6(1)(f)) in protecting the business and its customers from fraud and unauthorised access.
  • Credit assessment and risk evaluation: For certain services, it may be necessary to assess your ability to pay, for example if you apply to pay parking fees by invoice or in instalments. In such cases, we obtain credit reports and carry out automated assessments of your creditworthiness (see also the section on automated decision-making). Legal basis: Legitimate interest (Article 6(1)(f)) - we have a commercial interest in assessing credit risk before granting services that involve deferred payment. This processing is also beneficial to you, as it helps ensure responsible credit provision.
  • Communication and customer service: To provide support, answer questions, send important service messages (such as changes to terms, operational information or security updates), and otherwise interact with you as a customer, we process your contact details and information about your case. Legal basis: Performance of a contract (Article 6(1)(b)) - customer service is part of the services we undertake to provide. In some cases, legitimate interest (Article 6(1)(f)) may also form the basis, for example for following up customer satisfaction after a case has been closed.
  • Marketing and information about products: If you are a customer of ours, we may wish to send newsletters, offers or information about new products and features that we believe may be relevant to you. This may include personalised offers based on how you use the service. Legal basis: Consent (Article 6(1)(a)) where you have subscribed to our newsletter or approved marketing communications. In limited cases, we may also rely on legitimate interest (Article 6(1)(f)) for marketing to existing customers regarding similar products, but you always have the right to object to direct marketing (see Your rights below).
  • Service development and customer surveys: To improve our platform, develop new features and understand customer needs, we may analyse how the service is used. We may compile statistics on user behaviour (in aggregated/anonymised form where possible) and collect feedback through surveys or customer questionnaires. Legal basis: Legitimate interest (Article 6(1)(f)) - Parkit has a legitimate interest in improving its products and services. We ensure that such analyses do not involve any undue intrusion into your privacy; for example, we use anonymised or pseudonymised data for analytics purposes whenever possible. Participation in surveys is voluntary and may also be based on consent where required.
  • Security and technical monitoring: To protect our systems and your information and to prevent unauthorised intrusions, we process logs and technical data. This includes monitoring use in order to detect and manage security incidents, DDoS attacks, viruses or other harmful activities that may threaten the integrity of the service. Legal basis: Legitimate interest (Article 6(1)(f)) - it is in both our interest and the users’ interest that the service is secure. Processing for security purposes takes place under strict access controls and does not lead to decisions affecting you beyond protecting your data. In some cases, legal obligation (Article 6(1)(c)) may also apply, for example the obligation to report data breaches under the GDPR.
  • Compliance with laws and legal claims: Finally, we process personal data to comply with our statutory obligations in addition to those mentioned above. This includes complying with requirements under accounting law, tax law, anti-money laundering legislation, traffic and parking regulations, and complying with decisions or orders from authorities or courts. We may also need to process and retain data to establish, exercise or defend legal claims, such as handling a dispute, debt recovery or proving what occurred in a particular matter. Legal basis: Legal obligation (Article 6(1)(c)) when processing is required by law or a decision by an authority; otherwise legitimate interest (Article 6(1)(f)) in managing legal claims (our legitimate interest in defending our legal rights).
Please note: Where we base processing on legitimate interest (Article 6(1)(f)), we have carried out a balancing test to ensure that our interest in the processing outweighs your right to privacy. You always have the right to object to processing based on legitimate interest (see Your rights below). If we need to process your personal data for a new purpose that is not compatible with those stated above, we will inform you separately and, where necessary, obtain your consent.

4. Recipients of personal data

We never sell your personal data to third parties. However, we may need to share your personal data with selected categories of recipients in order to run our business and fulfil the purposes of the processing. All recipients who process personal data on our behalf do so under agreements (data processing agreements) that ensure they protect the data in accordance with the GDPR. The categories of recipients that may receive your personal data are listed below:
  • Payment service providers: To handle payments, payouts or other financial transactions, we share necessary information with payment service providers such as Stripe, Klarna or equivalent providers. These actors are independently responsible for their processing of your payment data in accordance with applicable law, such as PCI DSS standards for card payments.
  • IT and cloud service providers: We use external providers for operation, storage and development of our IT environment, such as cloud platforms (hosting), email services, customer management systems and other IT tools. Examples may include Amazon Web Services, Microsoft Azure, Google Cloud or similar infrastructure services. These providers process personal data only in accordance with our instructions and on our behalf (as processors) in order to provide technical solutions such as database management, backup and support.
  • Credit reference agencies: If we carry out credit checks on customers, we share personal data, such as personal identity numbers and contact information, with authorised credit reference agencies (such as UC AB or similar) in order to obtain information about your financial situation and payment history. These companies are independent data controllers for the credit information they provide.
  • Partners and property owners: In some cases, Parkit cooperates with property owners, housing associations, employers or other organisations that administer parking for their residents or employees through our platform. If your use of Parkit is connected to such a partner, for example if your employer gives you access to parking through Parkit, or if you rent a space in a property managed by a particular company, we may need to share relevant information with that organisation. This may include confirmation that you have a valid parking permit, reports on use or violations, and similar information so that they can administer parking services for you. In these cases, you will be informed of such sharing when you join the service through the partner.
  • Authorities and statutory recipients: We may need to disclose personal data to authorities such as the Police, the Swedish Tax Agency, the Swedish Enforcement Authority or the Swedish Authority for Privacy Protection (IMY) if we are required to do so by law or by a decision of an authority. For example, in the event of suspected crime, we may share information with law enforcement authorities, or disclose transaction history to the Swedish Tax Agency in connection with an audit. Parking enforcement authorities may also be recipients if required under local parking regulations.
  • Debt collection agencies or legal representatives: If you do not pay an overdue invoice despite reminders, your debt may be transferred to a debt collection agency, which will then receive the necessary contact and debt information to collect the debt. Similarly, we may share information with lawyers or legal advisers if necessary to manage a legal dispute or our contractual rights.
All parties with whom we share data are required to process your personal data securely and in accordance with applicable data protection laws. Where the recipient acts as a processor, such as IT providers and debt collection agencies working on our behalf, we have entered into agreements regulating how they may process the data. For example, they may not use your data for their own purposes and must delete or return it to us when it is no longer needed. If the recipient is an independent data controller, such as an authority or a credit reference agency, they are responsible for complying with the law themselves. In such cases, we only share what is required and inform you to the extent we are obliged to do so.

5. Transfer of personal data to third countries

Third countries are countries outside the EU/EEA. Parkit mainly stores and processes personal data within the EU/EEA, but in certain cases we may transfer or provide access to your data outside this area. This may occur if we use a provider or sub-processor based in a third country (including the United States) or if your data needs to be handled by our staff or partners when they are travelling or located outside the EU.

Examples of recipients and countries:
  • Cloud service providers such as Amazon Web Services and Microsoft, whose servers or support staff may partly be located in the United States.
  • Communication and analytics tools that in some cases use systems outside the EU/EEA.
Safeguards for transfers to third countries:
When we transfer personal data to a country outside the EU/EEA, we ensure that appropriate safeguards are taken in accordance with Chapter V of the GDPR and the case law of the Court of Justice of the European Union (including Schrems II). These measures include:
  • European Commission Standard Contractual Clauses (SCCs): For recipients in countries without an adequate level of protection, we apply SCCs in our agreements. These require the recipient to protect personal data according to EU data protection standards.
  • Supplementary technical and organisational safeguards: We assess the risks and, where necessary, take additional measures such as encryption, pseudonymisation, strict access control and regular review of the recipient’s security procedures, to ensure that the data remains protected even outside the EU.
  • Risk assessments: Before each transfer, a documented risk assessment is carried out in accordance with the EDPB recommendations in order to determine whether the level of protection in the recipient country corresponds to EU requirements.
  • Undantag i särskilda fall: Endast i undantagsfall, och när det är tillåtet enligt
    GDPR, kan vi stödja en överföring på de specifika undantag som anges i Art. 49 GDPR (t.ex. ditt uttryckliga samtycke, när överföringen är nödvändig för att fullgöra ett avtal, eller för att fastställa, göra gällande eller försvara rättsliga anspråk). I sådana fall informerar vi dig särskilt.
You can contact us if you would like to know more about which third countries are relevant, which providers we use, or if you would like to receive a copy of the contractual clauses and safeguards applied. We continuously monitor developments in data protection legislation and adapt our procedures according to applicable requirements and recommendations from supervisory authorities.

6. Retention period - how long we store data

When it comes to trust, we know it's not enough to give you our word. That's why we're constantly working to introduce new ways to keep your data safe through our advanced security system, and to offer you the right support if you have any questions about data protection.
  • Customer and account information: Data connected to your account, such as name, contact information, account settings and agreements, is retained while you are an active customer with us. After your customer relationship has ended, for example after you close your account or agreement, we usually retain the data for up to 3 years. This period is justified by our need to handle any questions or claims that may arise after the agreement has ended, such as subsequent charging of parking fees, disputed invoices or certificates of history, as well as general limitation periods for civil claims. Assumption: 3 years is used as a general retention period for customer data unless a longer period is required as set out below.
  • Payment and transaction data: Data relating to completed payments, invoices, receipts and similar financial information is retained for 7 years from the end of the calendar year in which the financial year ended. This follows the requirements of the Swedish Accounting Act (1999:1078, Chapter 7, Section 2), which requires us to retain accounting records for seven years. In practice, certain financial data, such as invoice copies, may therefore remain longer than your customer relationship, but access to them is then limited to accounting purposes.
  • Support cases and communication: Data from support cases, including email conversations, chat logs and case history, is retained for up to 2 years after the case has been closed. This allows us to follow up recurring problems, provide better support if you contact us again regarding a related matter, and retain documentation in the event of complaints.
  • Location data: Any collected location information, such as GPS location from the app, is stored only for a short period. We normally anonymise or delete detailed location data within 30 days of collection. The purpose is to offer location-based services, such as showing available spaces near you or verifying where you parked, in real time, without retaining a history of your movements for longer than necessary. Aggregated and anonymised location statistics may be retained for longer for analytics purposes, but without any possibility of linking the data to you as an individual.
  • Marketing data: If you have consented to newsletters or similar marketing communications, we use your contact details for mailings until you withdraw your consent or otherwise unsubscribe. If we base mailings on legitimate interest, such as product news to existing customers, we will stop if you object. Our communications always include a clear way to stop further communication, such as an unsubscribe link in email. We may retain information about your request not to be contacted (so-called suppression lists) even after unsubscribing, in order to ensure that we respect your request going forward.
  • Recruitment and temporary purposes: Where applicable, personal data collected for specific and temporary purposes, such as recruitment or a temporary campaign, is retained only for as long as the activity continues and, at the latest, for the period communicated at the time of collection. Thereafter, the data is immediately deleted or anonymised.
  • Retention due to legal obligations or disputes: In exceptional cases, we may need to retain certain data for longer than stated above if required by law or to manage a legal process. For example, data may be retained during ongoing investigations into suspected misuse or fraud, or until a dispute with a customer has been resolved, even if this exceeds the normal retention periods. Such data is, however, blocked for other purposes and access is strictly limited to what is necessary for the legal purpose.
When the retention period for a certain category of personal data expires, we will either delete the data securely, anonymise it (so that it can no longer be linked to you), or, in certain cases, archive it securely with restricted access if continued retention is required for scientific, statistical or historical purposes in accordance with the GDPR and national rules.

7. Your rights under the GDPR

As a data subject (that is, the person whose personal data is being processed), you have a number of rights under the GDPR that give you control over your own personal data. These rights and how you can exercise them are described below:
  • Right to information and access: You have the right to receive information about whether we process personal data about you and, if so, to access that data. This is often referred to as the right of access. It means that you can request a copy of the personal data we hold about you and receive information about, among other things, the purposes of the processing, the categories of personal data, the categories of recipients, retention periods, your rights and the safeguards in place for any transfer to a third country. We will provide such information free of charge once; for repeated or unreasonable requests, a fee may be charged or the request may be refused in accordance with the GDPR.
  • Right to rectification: If you discover that we have incorrect or incomplete personal data about you, you have the right to request that we correct or supplement it. We will then correct incorrect data without undue delay and, taking into account the purposes, ensure that incomplete personal data is supplemented. For example, you may provide a clarification or additional information.
  • Right to erasure: In certain cases, you have the right to request that we erase your personal data, also known as the “right to be forgotten”. This right applies if: (a) the data is no longer necessary for the purposes for which it was collected or otherwise processed; (b) you withdraw consent on which the processing is based and there is no other legal basis; (c) you object to processing based on our legitimate interest and we cannot demonstrate compelling legitimate grounds that override your interests; (d) the personal data has been processed unlawfully; or (e) erasure is required to comply with a legal obligation. Please note that we cannot always erase data where legal requirements require us to retain it, such as accounting data, or where there are other legitimate reasons. In such cases, we will inform you of this.
  • Right to restriction of processing: You have the right to request that we temporarily restrict the processing of your personal data in certain circumstances. This means that the data is marked so that it may only be used for limited purposes. You may request restriction if: (a) you believe the personal data is inaccurate and we need time to verify its accuracy; (b) the processing is unlawful but you oppose erasure and instead want the use to be restricted; (c) we no longer need the data but you need it in order to establish, exercise or defend legal claims; or (d) you have objected to processing (see below) and we are considering whether our reasons override yours. If processing is restricted as described above, we will - apart from storing the data - only process it to manage legal claims, protect someone else’s rights or where an important public interest exists. We will of course inform you before any restriction is lifted.
  • Right to data portability: For personal data that you have provided to us yourself, you have, under certain conditions, the right to receive it in a structured, commonly used and machine-readable format, and the right to transfer that data to another data controller. This is called data portability. The right applies to personal data processed automatically based on your consent (Article 6(1)(a)) or on the basis of a contract (Article 6(1)(b)). At your request, and where technically possible, we can also transfer the data directly to another actor designated by you (so-called direct portability). This right is intended to make it easier for you, for example, to switch service provider. It does not cover data that we have created ourselves or other derived data, but only the raw data you have given us or that has been generated through your use of the service.
  • Right to object: You have the right to object to certain processing of your personal data. (a) Objection to legitimate interest: If we process personal data on the basis of Article 6(1)(f) (legitimate interest), you have the right to object to this processing at any time. If you object, we must demonstrate compelling legitimate grounds for continuing the processing that override your interests, rights and freedoms - otherwise we must stop the relevant processing. (b) Objection to direct marketing: You always have an absolute right to object at any time to your personal data being used for direct marketing. If you make such an objection, we will immediately stop all direct marketing to you, including profiling measures linked to such marketing. You do not need to give any particular reason for declining advertising - it is enough that you inform us.
  • Right to withdraw consent: To the extent that we base processing on your consent (Article 6(1)(a)), you have the right to withdraw your consent at any time. If you withdraw your consent, we will stop the processing based on that consent. Withdrawal does not affect the lawfulness of processing that has already taken place, but we will not continue the processing. Example: if you have consented to receiving our newsletter, you can unsubscribe at any time; we will then stop sending the newsletter, but this naturally does not affect mailings already sent before unsubscribing.
  • Right to lodge a complaint with a supervisory authority: If you believe that we have processed your personal data in breach of the law, you have the right to lodge a complaint with a supervisory authority. In Sweden, the supervisory authority is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY). You can contact IMY via its website (imy.se) for instructions on how to submit a complaint. We naturally hope that you will first contact us with any questions or complaints so that we can do our best to remedy the issue, but it is your right to involve the authority at any time.
How to exercise your rights: You can exercise your rights at any time by contacting us, preferably by email at dataskydd@parkit.se. Please specify which right and which data your request concerns, as this helps us handle your request. We will respond to your request as soon as possible, normally within 1 month of receipt. If your request is complex or if we have received many requests at the same time, we may need to extend the response time by a further two months, but in that case we will inform you of the reasons for the delay. Exercising your rights is free of charge, except in the case of manifestly unfounded or excessive requests, such as repeated requests, where under the GDPR we have the right to charge a fee covering our administrative costs or refuse to comply with the request.

8. Automated decision-making and profiling

Automated decision-making means decisions about a person that are made entirely by computers/systems without human involvement and that have legal effects or similarly significantly affect the person. Profiling means automated processing of personal data in order to evaluate or predict, for example, a person’s preferences, ability or behaviour. Under the GDPR, you have special rights regarding such processing (Article 22 GDPR).

Parkit aims not to make decisions based solely on automated processing that have a significant effect on you. We do not carry out automated profiling for marketing purposes that would lead, for example, to pricing decisions unique to you or the refusal of services without human involvement. Most decisions at Parkit involve human assessment.

However, there are certain cases where we use automated processes as a basis for decisions or to provide you with a smoother experience:
  • Automated credit assessment: As mentioned above (section Purposes), before offering you payment by invoice or similar, we may carry out an automated credit check. This means that the system obtains a credit report and calculates whether your financial profile meets our internal criteria for using the service, for example renting parking and paying afterwards. If you do not meet the criteria, the system may automatically decide to deny you that payment method. Your right: This type of decision is necessary to enter into/perform the contract (Article 22(2)(a) GDPR), as we can only offer payment on credit if certain conditions are met. However, you have the right to request that the decision be manually reviewed by a human if you are refused, as well as the right to express your opinion and contest the decision. Contact us and a case handler will review your matter again.
  • Security and fraud anomalies: Our systems may automatically flag certain activities as potentially unauthorised or risky. For example, several failed login attempts may lead to an automatic temporary account lock; if our monitoring detects a pattern resembling fraudulent behaviour, such as many bookings and cancellations within a short period, the system may automatically restrict functionality until we have had time to review it. These measures are taken to protect both you and us and fall within the exception for necessary security measures. However, if you are affected by such an automatic restriction and believe it was incorrect, contact us and we will carry out a manual review.
  • Profiling for personalisation (non-critical decisions): We may analyse your data to provide you with a better and more tailored service, for example by recommending parking solutions that suit your usage pattern or displaying relevant messages in the app based on how you use the service. This type of profiling does not affect your rights or benefits with us, but is intended solely to improve the experience, such as avoiding irrelevant offers. You have the right to object to profiling for direct marketing at any time (see Your rights above). If you object or choose not to receive personalisation, we will not send targeted communications or recommendations to you, apart from general messages that all customers receive.
Parkit therefore does not make any fully automated decisions that mean, for example, that you cannot use the service at all, are fined, charged additional fees or similar without human review. If in the future we introduce additional automated decision-making processes that have a significant impact on you, we will inform you clearly in advance and ensure that such processes comply with the legal requirements for transparency, human review and your ability to influence the outcome.

9. Security measures to protect personal data

Your privacy and the security of your personal data are of the highest priority to us. Parkit takes extensive technical and organisational security measures to ensure that your data is protected against unauthorised access, loss, alteration or unlawful disclosure. We continuously adapt our security measures in line with technological developments and new risks. Some of the most important security measures we implement are listed below:
  • Encryption in transit: All communication between you and our systems that contains personal data is encrypted. We use modern encryption protocols, such as TLS 1.3, to protect data when it is sent over the internet. This means that, for example, your login details and payment data cannot be read by outsiders when you use our app or website.
  • Encryption at rest: Sensitive personal data and financial data are stored in encrypted form in our databases, for example using AES-256 standard or equivalent strong encryption. Only systems with authorised access can decrypt the information. This protects your data even if an unauthorised person were to gain access to storage media or databases.
  • Access control and authorisation: Only Parkit staff (or staff at our trusted IT providers) who need access to personal data to perform their work duties are granted access. We apply the principle of least privilege (“need-to-know”) and use a role-based access system. All access to sensitive data is logged and monitored so that we can see who has done what in our systems. Our employees are also bound by confidentiality obligations and undergo background checks to the extent relevant.
  • Logging and monitoring: Our systems log relevant events, particularly attempts at unauthorised access or unusual behaviour patterns. We have alerts and monitoring that can detect suspicious activity, allowing us to respond quickly to potential security incidents. We also conduct regular security reviews and tests, such as vulnerability scans and penetration tests, to identify and address security deficiencies proactively.
  • Firewalls and network security: We protect our servers and networks with modern firewalls, intrusion prevention systems and antivirus software. Our cloud service providers offer high-level security mechanisms, and we configure them according to best practice to prevent unauthorised traffic or attacks from reaching our sensitive systems.
  • Secure development: When we develop new features or systems, we follow the principles of “Privacy by Design and by Default”, which means that privacy and security aspects are taken into account from the design stage. Code reviews, access restrictions in development and test environments, and separation between production data and test data are examples of procedures we have in place.
  • Backups and resilience: We take regular backups of important data to prevent information from being lost. Our backup storage is encrypted and kept separate from the main systems. We also have contingency plans to maintain operations and protect data in the event of operational disruptions or major incidents (disaster recovery).
  • Payment security: For the handling of payment information, we and our payment partners follow industry standards for data security, such as PCI DSS (Payment Card Industry Data Security Standard) for card payments. This includes, among other things, encryption of card numbers, regular security checks and strict limitation of what data is stored after a payment has been completed.
  • Training and internal policies: All Parkit employees undergo training in information security and data protection. We have internal guidelines and policies that clearly describe how personal data must be handled, and we update these continuously. Employees are expected to report any incidents or weaknesses immediately in accordance with established procedures.
  • Continuous improvement: Parkit continuously works to improve security and stays up to date on new risks. We follow established frameworks and standards for information security, such as ISO/IEC 27001, as guidance for our security work. Assumption: Parkit applies ISO 27001 principles; formal certification may be considered in the future. We conduct regular audits of our data protection work and, where necessary, engage external experts for independent review.
Despite all these measures, it is important to understand that no IT environment is 100% secure. If a personal data breach nevertheless occurs that entails risks for you, such as unauthorised disclosure of your data, we will inform you and the relevant authorities (IMY) in accordance with legal requirements, and take the necessary measures to minimise the harm. We also encourage you to help protect your data by keeping your password confidential, not sharing account details with unauthorised persons and contacting us if you suspect unauthorised use of your account.

10. Changes to this policy and version information

This privacy policy may be updated when necessary, for example if we introduce new processing activities, if legislation changes or if we improve our procedures. If we make material changes to how we process your personal data, we will notify you clearly through appropriate channels, such as email or a notice in the app, in good time before the changes take effect, and explain what has changed.

You can always find the latest version of our privacy policy on our website www.parkit.se.At the beginning of the policy, we state the date on which it was last updated and the date from which it applies. We recommend that you read through the policy from time to time to stay informed about how we protect your information.

If you have any questions about the contents of this policy or how we handle your personal data, you are always welcome to contact us at dataskydd@parkit.se.

Book a free consultation

Free of charge, we will show you how to use Parkit system, answer your questions, suggest a suitable tariff
Book a consultation
Modernize your parking
with our effortless solutions  
Pay for parking Get started with charging
Rent parking
new
Make an appeal Login Get the app
services
System features
Digital Parking Permits
Smart Queue Management
Contract Management
Dynamic Pricing
Automated Billing & Invoicing
Visitor Registration & Guest Parking
 
 
Multi-location Management
Company Management
Statistic & Insights
Smart Service Alerts
Apple CarPlay & Android Auto
Integrations
 
System add-ons
EV Chargers Port & Door Access Control ANPR Cameras Visitor Kiosks Payment Terminals Information Screens Surveillance & Enforcement
services
Hardware & installations
AC chargers
Soon
DC chargers
Soon
Port & door controllers Cameras Self-service kiosks Payment terminals Information screens
services
Service
Garage cleaning
Line painting Parking signs
Solutions
For residential estates For commercial real estate For hotels For shopping areas For airports For cities
Company
This is Parkit Careers Press Our donation Investor relationsGet in touch
Support
Help center FAQ Parkit explains Contact support Report a service issue Whistleblowing
Awards
Best digital parking solutions provider
Scandinavian Business Awards 2025
Årets Award
Star Business Awards 2025
Featured in UI/UX category
Behance 2025
Social
Find and rent parking space
with our help
Explore areas
Älvsjö
Årsta
Bagarmossen
Bålsta
Bandhagen
Botkyrka
Bromma
Ekerö
Enskede
Förslöv
Gröndal
Gustavsberg
Haga staden
Hägersten
Hammarby Sjöstad
Handen
Hässelby
Hässelby
Huddinge
Ingarö
Järfälla
Johanneshov
Kista
Kungens kurva
Lidingö
Malmö
Märsta
Nacka
Nacka Strand
Norsborg
Saltsjöbaden
Saltsjö-boo
Sätra
Segeltorp
Skärholmen
Skarpnäck
Skogås
Södertälje
Sollentuna
Solna
Spånga
Stockholm
Sunbyberg
Sundbyberg
Täby
Tullinge
Tumba
Tyresö
Upplands Väsby
Uppsala
Vällingby
© 2025 Parkit. All rights reserved
Terms and conditions Privacy policy Cookies