Our Commitment to Privacy
As a PCI DSS Level 1 provider, FINE Airport Parking is bound by PCI DSS regulations to treat all cardholder data appropriately. Customers can find a copy of the PCI DSS v3.2 Agreement found here: https://www.
Our parking software provider, netPark, is also a PCI DSS Level 1 service provider and all credit card information is encrypted and then tokenized. No netPark employee, nor Fine employee, ever has direct access to credit card data after it has been entered into the system and tokenized.
All credit card information is entered into the system by the customer only or the credit card is swiped at a machine.
Regarding customer personal information, per the Service Agreement, netPark agrees to use Fine’s customer data only to support Fine.
Customer Data. Customer hereby grants to Provider the right to store, access and manipulate all data, information and communications sent or entered by Customer while accessing the System, or which Customer supplies to Provider for processing by the System (“Customer Data”), solely for Customer’s benefit, to the extent necessary for Provider to provide use of the System to Customer. Provider shall have the right to use Customer Data in an aggregated format to perform statistical analysis, improve the operation of the System and other business purposes; provided, however, that any such aggregated data disclosed to a third party will not identify Customer or any personally identifiable data regarding a customer of Customer. Customer acknowledges that Provider exercises no control over the content of the Customer Data as submitted by Customer, and it is the sole responsibility of Customer to ensure that the data Customer furnishes to Provider complies with all applicable laws and regulations. Customer acknowledges that, unless otherwise agreed by the parties, Customer Data will be transmitted through and to servers located in the United States of America. Customer agrees to make all legally-required disclosures to its customers in connection with Customer’s collection, use and disclosure of personal data which may be input to the System and deemed Customer Data hereunder.
PCI-DSS Compliance. Provider is responsible for securing and protecting all Customer Data consisting of cardholder data that is stored on, transmitted via or processed by Provider-managed System components and for maintaining such components in compliance with the Payment Card Industry Data Security Standard (PCI-DSS). Provider shall have no responsibility for (i) the security of Customer Data to the extent that it is stored on, transmitted via or processed by system components managed or operated by Customer or any third party, or (ii) any security breach, unauthorized disclosure of Customer Data or non-compliance with PCI-DSS resulting from Customer’s actions or omissions, including, without limitation, any modifications that Customer may make to the System or any System settings or parameters configured or changed by Customer.
Customer Systems. Customer is responsible for (i) obtaining and maintaining any hardware, software and communications resources required to access and use the System via the Internet, (ii) securing and protecting cardholder data that is stored on, transmitted via or processed by Customer-managed system components including, without limitation, all technical facilities used to provide data to the System, and for maintaining such components in compliance with the Payment Card Industry Data Security Standard (PCI-DSS), and (iii) any communications or other fees incurred by Customer in the course of accessing or using the System.