Notice of processing of personal data

Date last modified: 02.10.2023
SharePark LIMITED LIABILITY COMPANY which operates under the GimleParking brand (hereinafter referred to as the the "Personal Data Owner" and/or the "Contractor" and/or the "Controller") in this Personal Data Processing Notice (hereinafter referred to as the "Notice") describes how it processes personal data of adult individuals (hereinafter referred to as the "Personal Data Subjects") and/or "Users" when using the GimleParking website, web application, mobile application (hereinafter referred to as the "Software") and in any other case of obtaining personal data of Users.
I. General terms and conditions:

  1. The Controller collects personal data of the Users in order to enable the Users to use the Software and receive the services specified in the Agreement, to improve the Software. This Personal Data Processing Notice describes what Personal Data the Controller collects, how it is processed and for what purposes.
The Software shall be used in accordance with the Public Offer of the GimleParking Agreement available at https://gimleparking.com/ua/public-offer (hereinafter referred to as the "Agreement"), which is concluded between the Controller and the User.

II. Terms:


  1. Controller - an individual or legal entity that determines the purpose of processing personal data, establishes the composition of this data and the procedures for its processing.
  2. Processing of personal data means any action or set of actions, such as collection, registration, accumulation, storage, adaptation, modification, updating, use and dissemination (distribution, sale, transfer), depersonalization, destruction of personal data, including with the use of information (automated) systems.
  3. Software means the gimleparking.com website, web application and mobile application of the Controller.
  4. Personal data means information or a set of information about an individual who is identified or can be specifically identified.
  5. The legal basis for processing personal data is one of the grounds for which the processing of personal data is permitted by law. There are the following grounds:
  • Consent;
  • Legitimate interest of the Controller;
  • Conclusion of a contract;
  • Other grounds defined by the legislation of the Republic of Bulgaria.
6. Termination of a legal entity is the termination of a legal entity in the event of liquidation or reorganization. In the case of reorganization of legal entities, property, rights and obligations are transferred to legal successors. Types of reorganization:
  • Merger - two legal entities merge into one;
  • Merger - one legal entity merges with another;
  • Division - two legal entities are formed from one legal entity;
  • Transformation - one legal entity changes its organizational and legal form.
7. Processor - a natural or legal person who is authorized by the Personal Data Owner or by law to process this data on behalf of the Controller;
8. Personal data subject is an individual whose personal data is processed;
9. Third party - any person, except for the personal data subject, the Controller or Processor and the Supervisory Authority to whom the Controller or Processor transfers personal data.
10. The Independent Supervisory Authority (hereinafter referred to as the "Supervisory Authority") is a government agency that protects the rights of personal data subjects, namely the Ukrainian Parliament Commissioner for Human Rights. More information is available at https://ombudsman.gov.ua/ua/page/zpd.
III. Rights of personal data subjects:

  1. Know the following information about personal data:
  • Sources of collection and location of your personal data;
  • The purpose of their processing;
  • Location or place of residence (stay) of the Owner or Manager of personal data or to give an appropriate order to obtain this information to persons authorized by him/her, except in cases established by law.
2. Receive information about the conditions for granting access to personal data, including information about third parties to whom his/her personal data is transferred;
3. To access their personal data;
4. Receive a response no later than 30 calendar days from the date of receipt of the request as to whether his/her personal data is being processed, as well as receive the content of such personal data;
5. To submit a reasoned request to the Personal Data Controller with an objection to the processing of their personal data;
6. Submit a reasoned request to change or destroy your personal data;
7. To protect their personal data from unlawful processing and accidental loss, destruction, damage due to intentional concealment, failure to provide or untimely provision, as well as to protect against the provision of information that is inaccurate or discrediting the honor, dignity and business reputation of an individual;
8. Apply for legal remedies, file complaints against the processing of their personal data to the Supervisory Authority or to the court;
9. Make reservations regarding the restriction of the right to process their personal data when providing consent or processing on the basis of legitimate interest;
10. Transfer your personal data;
11. Withdraw consent to the processing of personal data;
12. Know the mechanism of automatic processing of personal data;
13. To be protected against an automated decision that has legal consequences for him/her.
IV. Personal data:
  1. The Controller collects Personal Data provided by the Personal Data Subject. The Controller does not receive it from any third party. 
  2. If the Controller receives personal data from a third party in the future, the Controller will act and/or notify the specific Personal Data Subject of each such fact in accordance with the law.
  3. The Controller has the right to transfer personal data to any Processor to fulfill the Purpose of Processing and the Grounds for Processing specified in this Notice for the period specified in this Notice.
V. Location of personal data::

  1. Personal data of the Data Subjects is stored in the DigitalOcean data center in Frankfurt, Germany.
VI. Processors:
VII. Transfer of personal data to a third party:

  1. The Controller may transfer personal data to a third party with the consent of the personal data subject, a legal requirement, a court decision and/or a government agency.
  2. The Controller shall notify personal data subjects of the desire to transfer personal data by e-mail to their e-mail address or in the Software or by publishing a new version of this Notice, unless they have previously consented to this.
  3. In the aforementioned letter, the Controller provides an opportunity to express consent to the transfer, informs the purpose of the transfer, the transfer period, the rights of the personal data subject, etc.
  4. Consent is expressed by checking an empty checkbox next to which is written "I agree to the transfer of personal data and confirm that I have read this notice".
  5. In case of liquidation and bankruptcy, information on the transfer of personal data may be published in the Software.
VIII. Personal data in case of termination and bankruptcy of a legal entity.

The bankruptcy of a legal entity is the inability to repay debts by methods provided for by law, except for liquidation.
  • The Controller performs the following actions with personal data during reorganization:
2. In the event of liquidation and bankruptcy, personal data is destroyed or transferred to a third party in accordance with the section Transfer of personal data to a third party.
IX. Protection of personal data:

  1. The Controller cares about the protection of your personal data, so we use technical, administrative and legal security measures for this purpose.
  2. The Controller uses the following security measures:
  • SSL and TLS certificates protect your personal data when it is transmitted through our website and web application;
  • Your personal data is stored in different databases. If you access one of them, you cannot be identified without accessing the other;
  • Databases are protected by encryption;
  • The [application name] protects our website and web application from DDOS attacks;
  • Stores personal data in secure data centers, which is confirmed by many certifications;   
  • Conclude non-disclosure agreements with each employee and contractor for confidential information and trade secrets, including your personal data;
  • Set strong passwords for access to all accounts on any platforms, services and equipment.
X. Transfer abroad of Ukraine:

  1. The Controller has the right to transfer your personal data by default to safe jurisdictions, which are the states of the European Economic Area and the states that have signed the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, recognized as providing an adequate level of personal data protection.
XI. Notification of a personal data security breach:

  1. The Controller is obliged to notify the personal data subject of a personal data leak and/or cyber incident that has led to a violation of the terms of personal data processing in accordance with this notice by sending an e-mail to the subject's e-mail and/or posting a notice in the Software within 3 business days from the date on which the Controller became aware of the personal data leak and/or cyber incident.
  2. The following information will be included in the email and/or message:
  • Information about the Controller;
  • A description of the specifics of the personal data protection breach, including, where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records affected;
  • Notification of the individual and contact details of the data protection officer or other focal point where more information can be obtained;
  • A description of the likely consequences of the personal data protection breach;
  • Description of the measures taken or proposed to be taken by the Owner to respond to the personal data protection breach, including, if necessary, measures to mitigate its potential negative consequences.
XII. Validity and amendments:

  1. The notice is valid from the date indicated in the "Date of last modification" at the very beginning of the page and indefinitely.
  2. The Controller reserves the right to change the notice at any time and without your consent, but the Controller undertakes to keep old versions of the notice and to notify the Personal Data Subject of significant changes.
  3. The Controller shall indicate that changes have been made by putting the date in the "Date of the last change" designation.
XIII. Appeal:

  1. If the Personal Data Subject has any questions regarding the notification and/or processing of personal data, the Personal Data Subject may send a request to info@gimleparking.com, to which the Controller will respond within 30 calendar days.
  2. The Personal Data Subject may send an appeal to the Supervisory Authority for the Protection of the Rights of Personal Data Subjects to the e-mail hotline@ombudsman.gov.ua or to the address: 21/8 Instytutska St., Kyiv, 01008.
XIV. Final provisions:

  1. The Notice shall be governed by and construed in accordance with the laws of Ukraine. All disputes arising out of this notice shall be resolved in accordance with the laws of Ukraine in the appropriate court.
  2. The notice on the use of cookies available at https://gimleparking.com/ua/cookie-notification is an integral part of this notice.
XV. Information about the Personal Data Controller:

Name: LLC SharePark
Identification code: 44738007
Registration address: Ukraine, 02055, Kyiv, Petra Hryhorenko Ave. 12, apartment 246
E-mail: info@gimleparking.com / gimle.parking@gmail.com
Director: Andrii Varnava