Management of parkings at the University of Namur

Context

The University of Namur has parking facilities, access to and use of which are governed by internal regulations. In the context of granting access permits, managing renewals and monitoring car park use, the University is required to process personal data.

Categories of personal data processed and purposes of use

For the purposes of this activity, the University of Namur processes data in the following categories:

  • General identification data [this category includes the following types of data: surname, first name, postal address, e-mail addresses, copy of identity card, passport photograph, telephone number, etc.].
  • Identifiers allocated by the public authorities [category grouping the following types of data: NISS, passport number, identity/residence card number, national register number or national register bis number, driving licence number, number plate...]
  • Identifiers allocated by UNamur [category grouping the following types of data: student number, internal registration number, eID for access to internal resources, access card identifiers, student card number, etc.]
  • Lifestyle data [this category covers the following types of data: data on means of transport, travel habits, food preferences, lifestyle, hobbies and interests, etc.]
  • Data relating to the job [category grouping the following type of data: employer, job title, grade, status [academic, scientific, ATG], branch within the status, employee status, type of employment contract, length of validity of the contract, working arrangements, occupancy rate, appointment decisions, previous duties, etc.]
  • Data relating to inspections [category grouping the following types of data: data relating to the circumstances of an inspection, dates, location, purpose, facts recorded, etc.]
  • Data relating to complaints, accidents or incidents [this category includes the following types of data: data relating to the circumstances, dates, places, facts recorded, and more generally all data relating to the handling and follow-up of the complaint, accident or incident, etc.]
  • Data relating to the organisation of work [category grouping the following types of data: responsibilities, hierarchical links, place of work, projects, supervision of teleworking, working hours, etc.]
  • Data relating to the imposition of a penalty [category grouping together the following types of data: data relating to circumstances, dates, facts recorded, penalty imposed, measures taken, etc.]
  • Data relating to physical access to a place or infrastructure [category grouping the following type of data: metadata relating to access control, date and time, place, etc.]

 

This data is used for :

  • Managing access to and use of the University's car parks
  • Generate access cards
  • Check compliance with the ROI defining the conditions of use of the car parks
  • Managing penalties for failure to meet ROI targets
  • Assessing car park management needs

 

Some of UNamur's parkings are also equipped with smart cameras that record number plates and an image of vehicles entering and leaving the car park, as well as metadata (times and dates of data storage).  The data can be consulted to assess car park management needs in the light of the car parks' measured occupancy rate, and to help control vehicles not associated with a car park sticker validating the right to use the parking.

Basis for lawfulness of data processing

The activity is carried out on the basis of a legitimate interest of the University (Article 6, 1, f) of the GDPR) which consists of being able to manage the use of the University's resources. This covers the possibility of organising monitoring of the occupancy of its car parks and being able to better identify how the car parks are used (including variations in occupancy rates) in order to possibly adapt its car park offer to members of the university community.

Processing particuliar categories of data

In pursuit of the aforementioned purposes, the Université de Namur may also process data contained in a certificate issued by a health professional to justify an adjustment in relation to the use of a parking.

The processing of data falling into this particular category is justified by the fact that it is necessary for the purposes of fulfilling the obligations and exercising the rights specific to the University of Namur or to the data subject in terms of employment law, social security and social protection (Article 9, 2, b) of the GDPR).

Categories of data subjects

The categories of persons whose data is processed for the purposes of the business are as follows:

People using the University car parks, including :

  • Members of staff
  • Visitors
  • External beneficiaries of university resources

Data sources

The data included in the processing activity comes from the following source(s):

  • They were supplied by the person themselves
  • The data is generated by an activity carried out by the individual
  • The data is stored in a University database

Data recipients

Data is processed solely by University staff and departments for the purposes of carrying out the activity. The internal recipients of the data mainly belong to the following categories:

  • University administrative staff
  • Line managers
  • IT support staff

 

External data recipients fall into the following category:

  • Security gard service's staff for the purposes of carrying out the security services entrusted by the University.

Processing characteristics

The retention period is determined on the basis of the need to retain the data for operational purposes in relation to the purposes for which they are used: 

  • Data relating to one-off authorisations to use a car park (visitor) are not kept for more than one month from the end of the authorisation.
  • Data relating to other authorisations to use a car park are deleted no later than one year after the end of the last authorisation period.
  • Data relating to sanctions is kept for a maximum of 5 years from the date of the last ROI violation.
  • Data relating to the use of smart cameras is only stored for the duration of a vehicle's occupancy of a car park and for a maximum period of 24 hours. Once the vehicle has left the car park, the identifying data (number plate and image) is automatically deleted. Only overall statistical data on car park occupancy is kept.

Rights of the data subjects

The rights of data subjects are described on the https://www.unamur.be/en/privacy page. Any requests or questions relating to the files handled by this department can be sent to vignettes-parkings@unamur.be.