Privacy Policy of Go Park Easy Mobility Pvt. Ltd.

1. Introduction

Go Park Easy Mobility Pvt. Ltd. ("Go Park Easy", "Company", "we", "us", or "our") is committed to protecting your privacy and personal data in compliance with the Digital Personal Data Protection Act, 2023, and other applicable Indian laws.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and mobile application (collectively, the "Service"). Please read this policy carefully. If you do not agree with the terms, please do not access the Service.

2. Information We Collect

2.1 Personal Information & Sensitive Personal Data (SPDI)

We collect information that identifies you as an individual, including:

• Full name
• Email address
• Phone number
• Date of birth
• Vehicle registration details
• Property registrations

We also collect Sensitive Personal Data or Information (SPDI), which requires enhanced protection under Indian law, including:

• Government-issued identification (for verification purposes)
• Payment information (credit/debit card details, UPI ID, and billing address)

2.2 Location Information

We collect precise location data from your device when you use our Service to help you find nearby parking spaces and navigate to them. You can control location sharing through your device settings.

2.3 Usage Information

We automatically collect information about your interaction with our Service, including:

• IP address
• Browser type and version
• Device information (type, operating system, unique device identifiers)
• Pages visited and time spent on pages
• Search queries
• Booking history and preferences
• Click-through and engagement rates

2.4 Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to track activity on our Service and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

3. How We Use Your Information (Purposes and Lawful Processing)

We process your information based on your Consent or other Legitimate Uses as defined under the DPDP Act, 2023. Our use is restricted to the following specified purposes:

• Provide, operate, and maintain our Service
• Process bookings and payments
• Verify your identity and prevent fraud
• Send you booking confirmations and updates
• Respond to your comments, questions, and customer service requests
• Send you technical notices, updates, security alerts, and administrative messages
• Send marketing and promotional communications (only with your explicit consent)
• Monitor and analyze usage patterns and trends
• Personalize and improve your experience
• Develop new features and services
• Comply with legal obligations and enforce our terms
• Protect against fraudulent or illegal activity

4. How We Share Your Information

We may share your information in the following circumstances:

4.1 With Service Providers

We share your information with third-party service providers who perform services on our behalf, including:

• Payment processors (Razorpay)
• Cloud storage providers
• Email service providers
• Analytics providers
• Customer support tools
• Marketing platforms

4.2 With Parking Space Owners

When you book a parking space, we share necessary information (name, vehicle details, contact information) with the parking space partner/owner to facilitate the booking.

4.3 For Legal Purposes

We may disclose your information if required to do so by law or in response to:

• Court orders or legal process
• Requests from government authorities
• To protect our rights, privacy, safety, or property
• To enforce our terms and conditions

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction.

4.5 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Data Security and Breach Notification

We implement appropriate technical and organizational security measures, constituting "reasonable security practices and procedures" under the IT Act, 2000, to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and audits
• Access controls and authentication mechanisms
• Employee training on data protection
• Secure development practices
• Incident response procedures

However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

Data Breach Notification: In the event of a personal data breach, we will notify the Data Protection Board of India and the affected Data Principals (users) as required by the Digital Personal Data Protection Act, 2023.

6. Data Retention (Purpose Limitation and Erasure)

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy (the principle of Purpose Limitation). We shall cease to retain your personal data, or take steps to anonymize it, as soon as it is reasonable to assume that the purpose for which it was collected is no longer being served, or when you withdraw your consent, unless retention is necessary to comply with a legal obligation.

The criteria we use to determine retention periods include:

• The duration of our relationship with you
• Legal or regulatory obligations
• Statute of limitations periods
• The need to address potential disputes
• Business requirements and legitimate interests

7. Your Rights and Choices (As a Data Principal)

As a Data Principal under Indian law, you have certain rights regarding your personal information:

• Right to Access and Portability: You can request access to the personal information we hold about you and receive a copy in a structured, commonly used, and machine-readable format.
• Right to Correction/Rectification: You can request that we correct or update inaccurate or incomplete personal information.
• Right to Erasure (Deletion): You can request that we delete your personal information, subject to certain exceptions such as legal obligations.
• Right to Withdraw Consent: You have the right to withdraw your consent for the processing of your personal data at any time, with the same ease as you provided it.
• Right to Nominate: You have the right to nominate any individual who would, in the event of your death or incapacity, exercise your rights under this policy and the DPDP Act.
• Opt-Out of Marketing: You can opt-out of receiving marketing communications from us by following the unsubscribe instructions in those communications or by contacting us directly.
• Cookie Preferences: You can manage your cookie preferences through your browser settings.

To exercise any of these rights, please contact us at support@goparkeasy.com. We may need to verify your identity before processing your request.

8. Children's Privacy

Our Service is not intended for individuals under the age of 18 (Child). We do not knowingly collect personal information from Children without obtaining verifiable consent from a parent or lawful guardian. We shall not undertake any processing of a child's data that is likely to cause any detrimental effect on their well-being, nor shall we engage in tracking, behavioral monitoring, or directing targeted advertisements at children. If you become aware that a child has provided us with personal information without parental consent, please contact us immediately.

9. Duties of the Data Principal

As a Data Principal, you have the following duties under the DPDP Act, 2023:

• To comply with the provisions of all applicable laws while exercising your rights under this policy.
• To ensure you do not impersonate another person while providing your personal data.
• To ensure that the information you provide is verifiably accurate and authentic.
• To refrain from registering a false or frivolous grievance or complaint with the Company or the Data Protection Board of India.

10. Third-Party Links

Our Service may contain links to third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policies of these third parties.

11. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. By using our Service, you consent to such transfers.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. For material changes, we will provide additional notice via email or through the Service.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

14. Grievance Officer

In accordance with Information Technology Act 2000 and rules made thereunder, the name and contact details of the Grievance Officer are provided below: