The University of Namur has parking facilities whose access and use are governed by internal regulations. In the context of granting access authorizations, managing renewals as well as controlling the use of parking lots, the University is required to process personal data.
Contexte
L'Université de Namur dispose d'infrastructures de parkings dont l'accès et l'utilisation sont régis par un règlement interne. Dans le contexte de l'octroi des autorisations d'accès, de la gestion des renouvellements ainsi que du contrôle de l'utilisation des parkings, l'Université est amenée à traiter des données à caractère personnel.
Categories of personal data processed and purposes of use
For the purposes of this activity, the University of Namur processes data in the following categories:
- General identification data [category grouping the following type of data: surname, first name, postal address, e-mail addresses, copy of identity card, passport photograph, telephone number ...]
- Identifiers assigned by public authorities [category grouping the following type of data: NISS, passport number, identity/residence card number, national register or national register bis number, driving license number, license plate...]
- Identifiers assigned by UNamur [category grouping the following type of data: student number, internal matricule number, eID for access to internal resources, access card identifiers, student card number ...]
- Lifestyle data [category grouping the following type of data: data relating to means of locomotion, travel habits, dietary preferences, lifestyle, hobbies and interests ...]
- Employment data [category grouping the following type of data: employer, title of position held, grade, status [academic, scientific, ATG], stream within status, salaried status, type of employment contract, duration of contract validity, working arrangements, occupancy rate, appointment decisions, previous functions ...]
- Data relating to checks [category grouping the following type of data: data relating to the circumstances of an inspection, dates, place, purpose, facts observed ...]
- Data relating to complaints, accidents or incidents [category grouping the following type of data: data relating to circumstances, dates, places, facts observed, more generally all data relating to the handling and follow-up of the complaint, accident or incident ...]
- Data relating to work organization [category grouping the following type of data: responsibilities, hierarchical links, place of work, projects, teleworking supervision, schedule ...]
- Data relating to the imposition of a sanction [category grouping the following type of data: data relating to circumstances, dates, facts observed, sanction imposed, measures taken ... ]
- Data relating to physical access to a place or infrastructure [category grouping the following type of data: metadata linked to access control, date and time, location ...]
These data are used for :
- Manage access to and use of University car parks
- Generate access stickers
- Control compliance with the ROI defining conditions for parking lot use
- Manage sanctions in the event of noncompliance with ROI
- Evaluate parking lot management needs
Some of the University of Namur's parking lots are also equipped with smart cameras to record license plates and an image of incoming and outgoing vehicles, as well as metadata (times and dates of data storage). The data can be consulted to assess parking management needs in relation to the measured occupancy rate of parking lots, and to help control vehicles not associated with a parking sticker validating the right to use said parking lot.
Basis for lawfulness of data processing
The activity is carried out on the basis of a legitimate interest of the University (Article 6, 1, f) of the RGPD) which consists in being able to manage the use of the University's resources. This covers the possibility of organizing a control of the occupancy of its parking lots and that of being able to better identify how the parking lots are used (including variations in occupancy rates) in order to possibly adapt its parking offer to members of the university community.
Special data processing
In the pursuit of the aforementioned purposes, the University of Namur is also required to process data appearing on a certificate drawn up by a health professional to justify an accommodation in relation to the use of a parking lot.
The processing of data falling into this particular category is justified by the fact that it is necessary for the purposes of fulfilling the obligations and exercising the rights specific to the University of Namur or to the data subject in terms of employment law, social security and social protection (Article 9, 2, b) of the RGPD).
Categories of people concerned
The categories of people whose data is processed for the purposes of the business are as follows:
People making use of the University's parking lots, including:
- Staff members
- Visitors
- External recipients of University resources
Data sources
The data included in the processing activity comes from the following source(s):
- The person himself provided it
- The data is generated by an activity of the person
- The data is included in a database of the university
Data recipients
Data are processed solely by University individuals and departments for the purposes of carrying out the activity. Internal data recipients mainly belong to the following categories:
- Staff of the University's administrative services
- Supervisors
- Staff of the IT support services
External data recipients belong to the following category:
- Staff of the caretaking service for the purposes of performing the services that are entrusted to this service by the University.
Treatment features
The retention period is determined according to the need to retain the data for operational purposes with regard to the purposes for which it is used:
- Data relating to one-off parking lot use authorizations (visitor) are retained for no more than one month from the end of the authorization.
- Data relating to other parking lot use authorizations are deleted no later than one year after the end of the last authorization period.
- Data relating to sanctions are kept for a maximum of 5 years from the date of the last ROI violation.
- Data relating to the use of smart cameras are kept only for the duration of a vehicle's occupancy of a parking lot and for a maximum period of 24 h. Once the vehicle has left the parking lot, the identifying data (license plate and image) are automatically deleted. Only global statistical data on parking lot occupancy are retained.
Rights of persons concerned
The persons concerned by data processing have rights which are described on the www.unamur.be/fr/vie-privee page. Any requests or questions relating to the files handled by this department can be addressed to vignettes-parkings@unamur.be.