Cookies Policy

A cookie is a small text file that a website places on your device (computer, tablet, or smartphone) when you visit it. It is used to identify your device on future visits, remember preferences, and enable certain features. In addition to traditional cookies, we also use local storage technologies made available by modern browsers — localStorage and sessionStorage — which work similarly but store information directly in the browser and are not automatically sent to the server with every request. These local storage technologies are essential to keep your authenticated session secure without exposing your password, and to store user preferences (language, theme, favourite parks). We do not use these technologies for invasive cross-site tracking or for advertising profiles without your explicit consent. All these technologies are under your control: you can view, block, or delete them at any time from your browser settings.

Multipark uses these technologies for two main reasons, complemented by secondary uses that ensure service quality. First, for traffic analytics: we want to understand how many people visit the site, which pages are most popular, from which sources visitors arrive (search engines, social networks, direct links), and how they interact with the content, so we can make informed decisions about what to improve, simplify, or expand. This data is handled in an aggregated and anonymised way — we do not individually identify any visitor through this analytics. Second, for session management: when you sign in to Multipark, we securely store an access token (and, where applicable, a refresh token) in your browser's local storage so our system can recognise you on subsequent visits, avoiding the need to re-enter your password every time you open the platform. We also use local storage to save preferences that improve the experience (selected language, last search, recent parks). Secondary uses include: fraud prevention and platform abuse protection; load balancing between servers so the site loads quickly; and remembering operational choices (such as the selected park in the agent dashboard or preferred dates in the booking form). In no case do we use these technologies to read or modify other data existing on your device beyond what you explicitly authorise.

We group cookies and storage technologies into four clear categories. Strictly Necessary Cookies (Essential) — these are indispensable for the website to function and do not require consent because without them the basic services do not work. They include: authentication tokens stored in localStorage to keep your session signed in; security cookies that protect against CSRF attacks; load balancing cookies that route your request to the correct server; language preference cookies that ensure the site appears in the correct language on each visit; and internal Next.js cookies that allow the application to function correctly. Functionality Cookies — allow us to remember choices that improve your experience but are not strictly required. They include saved preferences such as theme, favourite vehicles, recent parks, and preferred filters. Performance and Analytics Cookies — collect aggregated information about how visitors use the site (pages visited, time spent, navigation path, bounce rate) through tools such as Google Analytics. The data is anonymised and helps us improve the structure of the site. Marketing Cookies — Multipark does not currently use marketing or targeted advertising cookies from third parties on our main website. Should we enable any marketing integration in the future (such as Meta Pixel or Google Ads), we will update this policy and request your explicit consent through the cookie banner before any activation. Essential categories are always active by default; the rest are only activated after your consent.

Some of our technology partners may set cookies on your device when you interact with features they provide. We identify them transparently: Google — we use Google Maps to display parks on the map and Google Analytics for traffic analytics. These services may set their own cookies subject to Google's privacy policy (policies.google.com/privacy). Analytics data is configured with IP anonymisation whenever possible. Payment Processors — when you make a payment, our partners SIBS/Unicre (for MB Way and Multibanco) and Stripe (for international cards) may set cookies necessary to securely complete the transaction and prevent fraud. These cookies are managed by the providers themselves, PCI-DSS certified, and subject to their own privacy policies. Social Networks — if, on a specific page, we embed videos or share buttons from Facebook, Instagram, LinkedIn, or YouTube, those platforms may set their own cookies. We do not have direct control over those cookies and recommend reviewing their respective policies. Multipark does not sell or transfer your data to third parties for advertising purposes. Where we use third-party services that involve international data transfers (for example, to servers in the US), the safeguards described in our Privacy Policy apply (Standard Contractual Clauses, EU-US Data Privacy Framework, etc.).

Cookies and local storage data have different retention periods depending on their purpose. Session Cookies — are temporary and automatically deleted when you close the browser. We use them for transient state, such as keeping an action in progress. Authentication Tokens (localStorage) — the access token has a short validity (typically 1 hour) and is automatically renewed through a refresh token with a longer validity (typically 7 to 30 days). When the refresh token expires, you are asked to sign in again. You can sign out manually at any time to invalidate these tokens immediately. Preferences (localStorage) — values such as language, theme, and favourite parks persist until you delete them manually or clear browser data. Analytics Cookies (Google Analytics) — identifiers typically have a 2-year validity, renewed on each interaction; you can opt out at any time through the Google Analytics opt-out add-on. Security Cookies — have a short validity (hours or days) and are automatically renewed on each session. After these periods, data is deleted from your device. You can force deletion at any time by clearing your browser data.

You have full control over cookies and local storage and can manage them in several ways. Through the Consent Banner — on your first visit (and whenever the policy materially changes) we display a banner where you can accept, reject, or customise non-essential cookie categories. You can reopen those preferences at any time through the 'Cookie Settings' link in the footer. Through Browser Settings — all modern browsers allow you to configure cookie behaviour: accept all, reject all, reject only third-party cookies, or be notified before each cookie is stored. Brief instructions by browser: Google Chrome — Settings → Privacy and security → Cookies and other site data; Mozilla Firefox — Options → Privacy & Security → Cookies and Site Data; Safari — Preferences → Privacy → Manage Website Data; Microsoft Edge — Settings → Cookies and site permissions; Opera — Settings → Advanced → Privacy & Security → Cookies. Clearing Local Storage — you can erase localStorage and sessionStorage through the browser's developer tools (F12 → Storage/Application) or by clearing website data. Important — disabling all cookies and local storage prevents the site from working correctly: you will not be able to sign in, your preferences will not be remembered, and some features will be inoperative. For general information about cookies, see aboutcookies.org or allaboutcookies.org.

Because cookies and local storage data may in some cases contain personal information (such as tokens associated with your account or identifying preferences), they are covered by the General Data Protection Regulation (GDPR). You therefore have the rights detailed in our Privacy Policy, namely: right of access to the information we process; right of rectification of inaccurate data; right to erasure ('right to be forgotten'); right to restriction of processing; right to data portability; right to object to processing; right to withdraw consent at any time, without affecting the lawfulness of processing already performed; and right to lodge a complaint with the competent supervisory authority. Withdrawing consent for analytics or functionality cookies can be done at any time through cookie settings without affecting your session or the essential cookies needed for the site to function. To exercise any of these rights, contact [email protected] — we will respond within a maximum of one month.

We may update this Cookies Policy periodically to reflect changes in the technologies we use, new services, legal or regulatory changes, or user feedback. When we publish material changes — for example, the introduction of a new cookie category or a new partner placing cookies on your device — we will notify you through a prominent banner on the site and, where applicable, by email to registered users, giving you the opportunity to review and adjust your consent preferences before the new technologies are enabled. The 'Last updated' date at the top of this page always indicates the current version. We recommend reviewing this policy occasionally. Non-material changes (typographical corrections, wording clarifications, external reference updates) may be published without direct notification.

This Cookies Policy is an integral part of our overall data protection framework and should be read alongside our Privacy Policy, which describes in detail what categories of personal data we process, for what purposes, for how long, with whom we share them, and what your rights are. In case of conflict between the two policies, the most recently published version prevails. Some important topics — such as international data transfers, security, retention of non-cookie data, and data subject rights — are covered exhaustively in the Privacy Policy to avoid duplication. We encourage reading both documents for a complete view of our practices.

If you have any question, concern, or request related to this Cookies Policy, to the use of cookies and storage technologies on our website, or if you wish to exercise any of your rights, please contact us through the following channels: Privacy Email — [email protected]; General Email — [email protected]; Data Protection Officer (DPO) — [email protected]; Contact form — available at multipark.pt/contact; Phone — +351 965 041 858 (Monday to Friday, 9am-6pm, Lisbon time); Postal Mail — Multipark - Parking Management, Ltd., Data Protection Department, Example Street, 123, 1000-001 Lisbon, Portugal. We strive to respond to all inquiries within a maximum of 30 days. You may also lodge a complaint with the Portuguese National Data Protection Commission (CNPD) at www.cnpd.pt.