'Personal information' is information about an individual person, including information that could be used, alone or in combination with other information, to identity an individual person.

In the context of INDIGO's services, it includes parking customers' personal contact information (home addresses, phone numbers, email), payment information, vehicle licence plate numbers, the status of their account with INDIGO, and any parking enforcement or collection measures taken.

A fundamental principle of privacy laws is that all personal information belongs to the person to whom the information pertains, ie. who the information is 'about', and that their informed consent is required for its collection, use and disclosure. In addition, the information must be maintained securely and confidentially.

INDIGO's Privacy Statement sets out the purposes for which we collect personal information, which are essentially to permit us to provide our parking services to them, and for any related purposes for which they provide consent at the time of collection.

It also notifies our customers of the purposes for which it may be disclosed in the ordinary course of our business so that they can provide valid consent or otherwise be aware that their consent is not required.

Indigo does not sell or otherwise disclose our customers' personal information to third parties, other than to our contracted service providers who support our operations and who agree to stringent privacy and data security standards. INDIGO maintains its data centres in Canada

With limited exceptions, Canadian privacy laws prohibit the disclosure of personal information without an individual's consent. In most cases, INDIGO is prohibited by these laws from sharing a parking customer's personal information with property-owning clients beyond the primary purpose for which it was collected —managing the operation of the client's facility.

The transfer of parking facility management, whether to the client or another operator, is a routine aspect of our business and can typically be handled efficiently with aggregate data.

If a client requests personal information for a 'secondary purpose,' INDIGO will collaborate with them to find a feasible and compliant solution that aligns with privacy regulations. However, clients should understand that owning the facility does not automatically grant them legal rights under privacy laws to access personal information held by Indigo about individuals who use the facility.

European privacy laws allocate responsibility using the concept of a 'controller,' while Canadian laws focus on the obligations of the party collecting the information, with an emphasis on obtaining informed consent from the individual at the time of collection.

Given the widespread use of INDIGO's mobile app and other digital services by parkers across multiple locations, INDIGO often acts as the custodian of personal information for many individuals who use an owner's parking facility. Indigo neither segregates personall information by facility location nor collects data on behalf of property owners when deploying its digital services.

As a result, INDIGO assumes full responsibility for all personal information it gathers, regardless of the collection location, and is committed to managing that data in a compliant and transparent manner.

With informed consent from the individual, INDIGO and its clients can easily share specific personal information, such as building tenant details. During the onboarding process, INDIGO collaborates closely with clients to ensure a seamless and compliant transition in customer service.

As part of our business intelligence and reporting services, we can aggregate and anonymize personal information to provide valuable Insights and data while safeguarding the privacy of parking customers. We encourage our clients to maintain open communication with us to better understand and meet their needs and objectives.

While data security, individual privacy, and confidentiality are closely related, they each have distinct applications that must be understood both individually and in relation to one another, especially in specific operational contexts. This can be challenging, particularly given the rapid evolution of privacy laws and data security standards.

Parking operations, though seemingly straightforward, are complex and involve processing large volumes of personal information, including highly sensitive data such as banking and credit card details. Savvy clients recognize the importance of partnering with an operator who not only meets moder privacy requirements but also provides valuable insights and guidance.

INDIGO has made significant investments in a robust privacy program, grounded in the belief that respecting privacy fosters trust and improves the parking experience for both our clients and their customers. We sustain this program through the leadership of a dedicated Privacy Officer, continuous staff training, and our Bronze-level corporate membership with the International Association of Privacy Professionals.

In short, we are approachable and encourage our clients and property owners to collaborate with us in finding privacy-compliant solutions that meet their needs. For more information on INDIGO's privacy policies and practices, our Privacy Officer is available at privacy-officer.ca@group-indigo.com. We welcome any inquiries to provide clarity and address any concerns.

The Office of the Privacy Commissioner of Canada (OPC) has some excellent user-friendly resources on their website, including a page specifically for businesses to help them understand and comply with privacy laws.OPC regularly surveys businesses about their views and practices on privacy-related issues, and the most recent one can be found here.