This Privacy Policy explains how Smart Way Group (‘Smart Way’, ‘we’, ‘us’, or ‘our’) collects, uses, stores, shares, transfers, and protects personal data in connection with the ParkIn mobile application, related websites, dashboards, customer support channels, parking services, reservation flows, payment enablement, and associated digital services.
This Policy applies to users of the ParkIn application, including customers, prospective users, support requestors, and, where relevant, representatives of parking operators and service partners interacting with the service.
We process personal data in accordance with applicable laws and regulations of the Kingdom of Saudi Arabia, including the Saudi Personal Data Protection Law and its implementing framework, and we aim to maintain privacy practices that are also consistent with widely accepted international transparency and accountability standards.
1. Controller Details
The controller of personal data processed under this Policy is Smart Way Group, Kingdom of Saudi Arabia.
For privacy requests, complaints, or questions relating to personal data, users should contact the company through the official support or privacy contact channel published in the application or on the company website. Before publication, Smart Way Group should insert its official legal entity name, commercial registration details, business address, and designated privacy contact email.
2. Definitions
Personal Data means any information that identifies an individual directly or indirectly.
Processing means any operation performed on personal data, including collection, recording, storage, use, disclosure, transfer, deletion, or destruction.
Controller means the entity that determines the purpose and manner of processing personal data.
Processor means a third party that processes personal data on behalf of the controller.
Sensitive Data, where applicable, shall be handled with heightened safeguards in accordance with applicable law.
3. Personal Data We May Collect
Identity and account data, such as name, mobile number, email address, username, password credentials or login verification data, and profile information.
Vehicle and booking data, such as vehicle plate information, vehicle type, parking preferences, reservation details, booking history, check-in and check-out records, and service-related notes.
Location and device data, such as GPS or approximate location, device identifiers, IP address, operating system, app version, language, network details, crash diagnostics, and security logs, where needed for service delivery, fraud prevention, and service improvement.
Payment and transaction data, such as payment reference numbers, order value, payment status, refund records, and transaction metadata. ParkIn should avoid storing full payment card data unless strictly required and lawfully handled through compliant payment providers.
Customer support and communications data, such as support tickets, call or chat records, complaint details, user feedback, and correspondence history.
Usage and analytics data, such as feature interactions, session information, event logs, performance data, and aggregated or de-identified analytics used to improve the service.
4. Sources of Personal Data
We may collect personal data directly from the user, automatically from the device or app environment, from parking operators and service partners, from payment service providers, and from legal or regulatory sources where required.
5. Purposes of Processing
We process personal data only for legitimate, specific, and documented purposes, including to create and manage user accounts, deliver parking and valet-related services, verify reservations, process payments and refunds, provide customer support, protect platform security, investigate misuse or fraud, maintain service continuity, comply with legal and regulatory obligations, and generate operational, service quality, and mobility insights in a lawful manner.
Where analytics are used, we seek to minimize the data collected and prefer aggregated, de-identified, or pseudonymized forms where feasible.
6. Legal Grounds for Processing
We process personal data on one or more lawful grounds permitted by applicable law, which may include performance of a contract or requested service, compliance with legal or regulatory obligations, implementation of legitimate operational purposes that do not override the rights of the data subject, and consent where consent is required.
Where consent is used, users may withdraw consent for future processing to the extent permitted by law; however, withdrawal does not affect processing already carried out on a lawful basis before withdrawal.
Where specific processing is optional and not necessary for service delivery, we should clearly identify it in the app and obtain any required permissions or consents, such as for certain location or marketing-related functions.
7. Disclosure and Sharing of Personal Data
We may share personal data only on a need-to-know and lawful basis with parking operators, payment service providers, cloud or hosting providers, communications providers, customer support tools, analytics or technical service providers, professional advisers, auditors, insurers, and competent public authorities where legally required.
We do not sell personal data.
All third-party processing should be governed by appropriate contractual and security obligations, and processors should act only under documented instructions where required.
8. International Transfers
If personal data is transferred or disclosed outside the Kingdom of Saudi Arabia, such transfers shall be carried out only in accordance with applicable Saudi requirements, including the conditions, safeguards, and assessments applicable to cross-border transfers.
Where relevant, Smart Way Group should use approved contractual safeguards and internal risk assessment procedures before transferring personal data outside the Kingdom.
9. Data Retention
We retain personal data only for as long as necessary for the purpose for which it was collected, to provide the service, maintain accurate records, resolve disputes, prevent fraud, enforce our terms, and satisfy legal, accounting, tax, contractual, and regulatory retention requirements.
Because retention periods may differ by data type, Smart Way Group should maintain an internal retention schedule covering account records, bookings, payment references, support cases, security logs, analytics data, and deleted-account data.
10. Data Security
We implement reasonable and appropriate technical, administrative, and organizational safeguards designed to protect personal data against unauthorized access, disclosure, alteration, loss, misuse, or destruction.
These measures may include encryption in transit and at rest where appropriate, role-based access controls, privileged access restrictions, logging and monitoring, secure development practices, backup procedures, vulnerability management, staff confidentiality controls, incident response procedures, and vendor due diligence.
Where payment functionality is involved, payment account data environments should be handled through compliant providers and controls appropriate to the applicable payment-security framework.
11. Personal Data Breaches
If a personal data breach occurs, we will assess the incident promptly, take containment and remediation measures, maintain appropriate records, and notify the competent authority and affected individuals where required by applicable law.
12. Data Subject Rights
Subject to applicable law, users may have rights to be informed, request access to their personal data, request correction or completion, request destruction or deletion in circumstances permitted by law, withdraw consent where processing is based on consent, and raise objections or complaints through the available channels.
Certain rights may be limited where retention or continued processing is required by law, regulation, contractual necessity, evidentiary needs, fraud prevention, or the protection of public interest or legal claims.
13. How to Exercise Rights
Users may submit privacy requests through the official customer support or privacy contact channel. Smart Way Group may ask for reasonable identity verification before fulfilling a request in order to protect users and prevent unauthorized disclosure.
Smart Way Group should maintain an internal workflow to log requests, verify identity, assess applicability, respond within the legally required timeframe, and document outcomes.
14. Children’s Privacy
ParkIn is not intended for use by children where independent consent is not legally valid. We do not knowingly collect personal data from children except where permitted by law and supported by a valid legal basis or required parental or guardian authorization.
15. Marketing and Notifications
Where Smart Way Group sends service notifications, security alerts, booking updates, or transactional messages, such communications may be necessary for service delivery.
Promotional messages should be sent only in accordance with applicable law and user preference controls, including any required consent or opt-out mechanism.
16. Automated Processing
If Smart Way Group uses profiling, scoring, or materially automated decision-making that significantly affects users, the company should disclose the logic, purpose, and any user rights applicable to such processing to the extent required by law.
17. Cookies, SDKs, and Similar Technologies
If the ParkIn app, website, or dashboard uses cookies, pixels, software development kits, session tools, or similar technologies, Smart Way Group should provide a separate cookie or tracking notice where required and describe the purpose of those technologies in clear language.
18. Third-Party Services and Links
The application may integrate with or link to third-party services. Smart Way Group is not responsible for the independent privacy practices of third-party services that operate as separate controllers. Users should review the privacy notices of those services where relevant.
19. Policy Updates
We may update this Privacy Policy from time to time to reflect legal, technical, operational, or business changes. The updated version will be published through the app, website, or other official channels together with its effective date.
20. Complaints and Regulatory Contact
Users who believe their personal data has been processed in violation of applicable law may contact Smart Way Group first so the matter can be reviewed and resolved where possible.
Users may also have the right to lodge a complaint with the competent authority in the Kingdom of Saudi Arabia in accordance with applicable law.