SMART PARKING CICICOM

Terms and Conditions & Privacy Policy

Operated by Cicicom Ltd · www.cicicom.gr

1. Introduction

The Smart Parking Cicicom application (the “Application”) is developed and operated by Cicicom Ltd (“Cicicom”) on behalf of the competent local authority or public body that has licensed and deployed the Application in your area (the “Operator”).

This Privacy Policy explains how your Personal Data is handled in connection with your use of the Application, in accordance with Regulation (EU) 2016/679 (the “GDPR”) and the applicable national data protection legislation of the country in which the Application is deployed.

This Privacy Policy applies to every natural person who uses the Application. The Application facilitates car parking in designated areas equipped with a Parking Violation Monitoring System. The Application cannot be used unless the user accepts these Terms and Conditions upon first entry. The Terms and Conditions remain accessible at any time via the information button within the Application.

The Parking Violation Monitoring System uses sensors to identify vacant and occupied parking spaces and enables users to locate, navigate to, and pay for parking through the Application.

2. Roles and Responsibilities

---

Important: Cicicom Ltd acts solely as a Data Processor in relation to your Personal Data. The local authority or public body that has deployed the Application in your area is the Data Controller and is solely responsible for determining the purposes and means of processing your data. Cicicom processes your data only on the documented instructions of the Operator.

---

Data Controller: The local authority or public body that has deployed this Application in your area (the “Operator”). For the identity and contact details of your Operator, please refer to the official website or public notice board of the authority responsible for parking management in your location.

Data Processor: Cicicom Ltd — the company that develops, maintains, and operates the Application’s technical infrastructure on behalf of the Operator. Cicicom processes Personal Data exclusively on the Operator’s instructions and does not make independent decisions about your data.

Any enquiries or requests relating to your Personal Data rights (see Section 19) should be directed to Cicicom as the first point of contact, who will coordinate with the relevant Operator as required.

3. Definitions

Personal Data: Any information relating to you that could identify you directly or indirectly, as further described in Section 7.

Processing: Any operation or set of operations performed on Personal Data, whether by automated means or otherwise, including collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, alignment, restriction, erasure, or destruction.

Parking Violation Monitoring System: A parking monitoring and management system that allows users to find available spaces, navigate to them, and pay for parking via the Application. It also notifies the competent enforcement authority about possible parking violations through a separate administrative application.

Service Providers: Contracted companies engaged by Cicicom to support the delivery of the Application, including:

• Cicicom Ltd — technology provider and Application developer.
• Viva Payments Services Single Member SA (“Viva Payments”) — third-party payment processing provider.

All Service Providers process data only in a manner authorised by the Operator and are subject to a duty of confidentiality.

4. Confidentiality Measures

Cicicom, in its role as Data Processor, ensures that access to Personal Data is strictly limited to authorised personnel who require it to perform their duties. No unprotected physical copies of personal records are maintained; all electronic records are password-protected. System access is continuously monitored to detect and prevent suspicious activity or data leakage.

5. Data Controller

The Data Controller is the local authority or public body that has licensed and deployed the Smart Parking Cicicom Application in your area. Cicicom does not publicly disclose the identity of individual Operators on behalf of those Operators.

If you wish to identify the Data Controller responsible for the deployment of this Application in your specific area, you may:

• Contact Cicicom at the details provided in Section 24, who will direct you to the appropriate authority; or
• Refer to the official public notices, website, or parking signage of the local authority responsible for parking management in your location.

6. Data Protection Officer

Questions relating to data protection, including identification of the Data Protection Officer appointed by the relevant Operator, should be directed to Cicicom in the first instance using the contact details in Section 24. Cicicom will coordinate with the relevant Operator’s DPO as appropriate.

7. Information You Share with Us Directly

With your permission, when the Smart Parking Cicicom Application is used, information you provide is transmitted to the system, stored, and used exclusively to deliver the requested services. No data is used for any purpose beyond those described in this Policy.

8. The Personal Data We Collect

The Personal Data collected and processed through the Application are: email address, vehicle registration plate number, and phone number (optional).

You are required to provide your Personal Data to the extent necessary to use the Application and receive parking services. Failure to provide, or provision of partial or incorrect data, may result in the inability to establish or maintain the service. Cicicom is not responsible for errors in data entered by users.

No direct identity checks are carried out on users. Consistency checks are, however, performed between payment information, vehicle registration plate, parking registration data, and payment validity to ensure correct use of the Application.

9. Payment Information

When you make a payment through the Application, Viva Payments Services Single Member SA (“Viva Payments”), the authorised third-party payment processor, collects the billing and financial information necessary to process your transaction.

Smart Parking Cicicom does not collect or store your financial or card data. Viva Payments may share non-financial transaction data with Cicicom — such as transaction timestamp, transaction ID, parking location, and payment value — solely for the purpose of confirming and fulfilling your parking service.

Cicicom Ltd accepts no responsibility and expressly disclaims all liability for any loss or damage arising from or related to the payment processing services provided by Viva Payments. Users accept Viva Payments’ own terms and conditions when making a payment.

10. Security of Your Information

Cicicom has implemented appropriate technical and organisational security measures to protect your Personal Data against accidental loss, unauthorised access, alteration, or disclosure. Payment transmissions are handled by Viva Payments using industry-standard encryption.

While every reasonable precaution is taken, no internet transmission can be guaranteed to be completely secure. Cicicom cannot be held responsible for security incidents that are outside its reasonable control, including breaches resulting from user actions, third-party systems, or force majeure events. Any transmission of data to the Application is at the user’s own risk.

11. Opting Out of Geolocation

Geolocation data is not collected in a manner that directly identifies users. However, such data could potentially allow identification when combined with data held by third parties.

If you do not wish to share your location, you may disable location services on your device via your device’s settings. Disabling location services will prevent you from accessing features that rely on geolocation data, including nearby parking availability and navigation.

12. How We Collect and Process Your Personal Data

Cicicom processes Personal Data provided via the Application as described in Section 8, and only on the documented instructions of the relevant Operator. No Personal Data is used for any secondary purpose without an appropriate legal basis. Cicicom does not use your data for its own commercial purposes.

13. Information from Your Mobile Device

When you access the Application on your mobile device, we may automatically collect your device’s language setting.

We may also collect technical diagnostic data (such as device memory state during a crash) to identify and fix technical issues and improve the Application. Your device settings may allow you to control collection of such data. By using the Application, you consent to the collection of this technical data.

With your permission, we may use your GPS location to help you locate available parking spaces near you.

14. Legal Grounds for Processing Personal Data 14.1 Performance of the Service

Processing is necessary to provide parking services via the Application, fulfil orders, and deliver related services, including verification of parking authorisation and payment validity.

14.2 Legitimate Interests

Personal Data may also be processed where necessary for legitimate interests, including:

• Conducting or defending legal proceedings.
• Operating and securing Cicicom’s and the Operator’s IT systems.
• Prevention and investigation of fraud or criminal offences.
• Protecting the integrity and quality of the service.

Personal Data will not be processed for marketing purposes.

14.3 Legal Obligation

Processing may also be required to comply with applicable laws and regulations, including those applicable in the jurisdiction of the Operator, and any directives issued by competent national or European Union authorities.

15. Transfer of Personal Data Outside the EEA

Cicicom does not transfer Personal Data to third parties located outside the European Economic Area (EEA). Any sub-processors engaged in third countries are contractually required to apply the GDPR to a standard equivalent to that required within the EEA. Personal Data will not be transferred to non-EU/EEA countries.

16. Safety, Security, and Compliance with Law

Your information may be accessed, monitored, and disclosed where necessary to provide the Application or in the following circumstances:

• In response to a valid legal process (e.g. court order, search warrant, or subpoena);
• To comply with applicable laws or regulations;
• Where there is reasonable belief the Application is being used to commit a crime, or to share information for fraud prevention and security purposes;
• Where there is good-faith belief of an emergency posing a risk to any person’s health or safety; and
• To protect the rights or property of Cicicom, the Operator, or applicable third parties.

17. With Whom We Share Your Data

Personal Data may be shared with Service Providers (as defined in Section 3) only to the extent necessary to operate the Application and deliver the requested services. All Service Providers are contractually bound by confidentiality and data protection obligations consistent with this Policy.

Personal Data may also be disclosed to the relevant Operator for the purposes described in this Policy, and to competent authorities where legally required.

Cicicom will not share your Personal Data with any unaffiliated third party, and does not authorise Service Providers to use your data for their own marketing or commercial purposes.

18. Access Within Cicicom

Personal Data may be accessed internally only by authorised Cicicom employees who require it to perform their duties, such as system administration or technical support. All such personnel receive appropriate data handling instructions and are subject to a duty of confidentiality. The same standards apply to any authorised personnel of the Operator.

19. How Long Your Personal Data Is Kept

Personal Data is retained only for as long as necessary to fulfil the purposes described in this Policy, or as required for administrative, accounting, or legal purposes.

In the event of a legal dispute, Personal Data will be retained for the full period until all applicable appeal deadlines have been exhausted. Once the relevant retention period has elapsed, Personal Data will be securely deleted or anonymised in accordance with applicable technical procedures.

20. Your Rights

Under the GDPR, you have the following rights:

• Right of access (Article 15): Request a copy of the Personal Data held about you, free of charge.
• Right to rectification (Article 16): Ask us to correct any inaccurate or incomplete information.
• Right to erasure / ‘right to be forgotten’ (Article 17): Request deletion of your Personal Data. This may be refused where processing is necessary for legal compliance, public interest, or legal claims.
• Right to restriction of processing (Article 18): Request restriction of processing where you contest data accuracy, the lawfulness of processing, or have objected to processing pending response.
• Right to data portability (Article 20): Receive your Personal Data in a structured, machine-readable format and transmit it to another controller under certain circumstances.
• Right to object (Article 21): Object to processing based on legitimate or public interest where justified by your particular situation.
• Right to withdraw consent: Withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise any of the above rights, contact Cicicom using the details in Section 24. Cicicom will acknowledge your request promptly and coordinate with the relevant Operator as required. You also have the right to lodge a complaint with your national data protection supervisory authority (see Section 22).

21. Keeping Your Personal Data Secure

Cicicom maintains appropriate security measures to prevent Personal Data from being accidentally lost, used, or accessed without authorisation. Access is restricted to personnel with a genuine operational need, all of whom are subject to confidentiality obligations.

Cicicom maintains procedures to handle suspected data security breaches and will notify affected users and any applicable regulatory authority where legally required to do so.

22. How to Complain

Cicicom will always endeavour to resolve any concern about your data promptly and fairly. If you remain unsatisfied, you have the right to lodge a complaint with the national data protection supervisory authority in your country of residence. Contact details for national supervisory authorities are available on the European Data Protection Board website: https://edpb.europa.eu.

23. Are You Obliged to Provide Your Personal Data?

You are required to provide Personal Data to the extent necessary to use the Application and receive parking services. If you decline to provide the required data, Cicicom and the Operator will be unable to offer the requested services.

24. Changes to This Privacy Notice

Cicicom reserves the right to update this Privacy Policy periodically to reflect changes in the Application, applicable law, or our data practices. We encourage you to review this Policy regularly. Material changes will be communicated to users in accordance with applicable legal requirements. Continued use of the Application following any changes constitutes acceptance of the revised Policy.

25. Contact Us

For any questions, requests, or concerns about this Privacy Policy or your Personal Data, please contact Cicicom Ltd directly:

Cicicom Ltd

Address: Cicicom Ltd, Kosta Varnali 12 – 4th floor, 15233, Chalandri, Athens, Greece

Phone: +30 210 6391072

E-mail: info@cicicom.gr

Website: www.cicicom.gr

Cicicom will respond to all enquiries as promptly as possible and in any event within the timeframes required by applicable law.