Effective date: June 01, 2022.
Pafos Smart Parking application (the Application) is owned and operated by the Municipality of Pafos, based on 28th of October Square, Paphos, 8047, Cyprus (the Municipality or we).
Smart Parking Systems are equipped with sensors highlighting vacant and occupied parking spaces. The Application allows the users to proceed with the parking payments via the Application. It identifies users who are beneficiaries of personalised services/facilities, such as (disabled people, mothers accompanying small children, etc.).
Personal Data: means any information about you that could identify you directly or indirectly, such as the personal information described in paragraph 7.
Processing: means any operation or set of processes that are performed on Personal Data, by automated means or otherwise, including collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure or destruction.
Smart Parking Systems®
Smart Parking Systems® is a modular parking payment management system.
It comprises a server and the Polis software; it interfaces with parking sensors, radio devices, and data reception services from Intercomp and third parties. In addition, it integrates with an application for the end-user and with a third-party payment application.
Polis management is the Smart Parking Management Software.
Polis is installed on the Pafos Cyta Server. The management software stores and processes the data received from sensors and the users in real-time via the Internet. Additionally, it makes the necessary info available to the user’s smartphone and Pafos Managing center.
Service Providers are affiliates, contracted companies, and service providers (collectively, “Service Providers”). These companies are:
- Inntenet Ltd
- Technor Engineering
- Intercomp SPa
- JCC Ltd
- Pafos DPO
Those processing your information will do so only in an authorised manner by Pafos Municipality and are subject to a duty of confidentiality.
Technical cookies: are those used for the sole purpose of carrying out the transmission of specific information on an electronic communications network or as strictly necessary for the provider of an information service to provide services requested explicitly by the subscriber or user.
3 Confidentiality taken measures
- It has been inserted non-disclosure provisions in employment agreements.
- As part of this project contract, a confidentiality agreement has been signed between Pafos Municipality and Inntenet, between Inntenet and Intercomp, Inntenet and Technor Engineering.
- Intercomp, as the Polis management Superadmin, ensures the limit access to confidential information to only those employees who process this kind of information. There are no hard copies of documents, and electronic copies are password protected. System access is monitored—monitoring activities of “suspicious activity” to prevent data leakage.
- Exit interview for departing employees.
4 Data Controller:
Municipality of Paphos
Address: 28th of October Square, 8047, Paphos Cyprus
Phone Number: +357 26822270
Fax Number: +357 26934762
E-mail Address: firstname.lastname@example.org
5 Data Protection Officer
Name of the DPO:
6 Information That You Share with us Directly
When the user uses the Pafos Smart Parking Services, providing information directly to the system. This information is stored on our systems and used for the requested services.
7 The Personal Data we collect
The Personal Data collected and processed are the following:
- User name, email address and plate numbers.
- Personal Data are derived from cookies and other similar technologies.
You are required to provide your Personal Data to the extent that it is necessary to register, conclude, and perform our services by the Application; therefore, your failure, partial or incorrect provision could result in the Municipality of Pafos being unable to establish or conduct the contractual relationship regularly.
No direct checks are carried out on users. Still, checks are nevertheless carried out on the consistency between the information sent by the Subscription or the content of the message sent via SMS for parking registrations relating to the occupation of the parking lot and the validity of the subscription.
The mobile number for SMS payments is not correlated with the physical owner of the number.
8 Payment Information
When you purchase our Services, such as parking payments or monthly parking subscriptions, a third-party payment processor JCC as the Municipality’s bank payment provider, will collect the billing and financial information to process your charges from your payment card.
Pafos Smart Parking System does not collect or store your financial information. However, Pafos Municipality payment processors may share non-financial information with us related to your purchases, like transaction information (timestamp), transaction ID, the items purchased, and value to fulfil your order.
9 Security of Your Information
Pafos Municipality has implemented appropriate security measures to protect the security of your information.
When you sign in to your account or enter payment information, our third-party payment processor or we use secure socket layer technology (“SSL”) to encrypt the transmission of that information. Additionally, the technology used by the supplier is based on high-security standards, including communication using the HTTPS protocol with a preventive authentication phase;
While we take reasonable precautions against possible security breaches of our Services and our customer databases and records, no web or Internet transmission is completely secure. Although we strive to protect your personal information, we cannot guarantee that unauthorised access, hacking, data loss, or other breaches will ever occur; we cannot guarantee the security of your information while it is being transmitted to our Service. Any transmission is at your own risk. If you have questions about the safety of our websites, please contact us at email@example.com.
10 About Cookies
10.1 What are cookies?
Cookies are text files placed on your device to collect standard Internet log information and visitor behaviour information. When you visit our website, we may collect information from you automatically through cookies or similar technology.
10.2 What types of cookies do we use?
There are several different types of cookies. However, the Application uses technical cookies to keep you signed in.
10.3 Opting Out of Cookies
If you disable cookies, you may lose some of the features and functionality of our Services because Pafos Smart Parking cookies are necessary to provide our web-based Services.
11 Opting Out of Geolocation
Information relating to geolocation is not collected to be associated with identified subjects. Still, by their very nature, it could allow the user to be identified through processing and association with data held by third parties.
Suppose you have previously allowed us to access your geolocation data and no longer wish our service providers and us to use GPS location information. In that case, you may disable the location features on your device. Please see your device manufacturer settings. If you disable those features, you will not access or receive any services, content, or features made available based on geolocation data.
12 How we collect your Personal Data and how we process them.
We process Personal Data that you provide to us in our services. For this purpose, we process and collect personal data from you and/or the authorised officials appointed by you and/or our affiliates and/or third parties authorised or instructed by you.
13 Information from Your Mobile Device
When you access our Services on your mobile device, we automatically collect:
The name you have associated with your device;
Your country; and
We may also automatically use, with your permission, your GPS location information.
You can constantly adjust your privacy preferences from the settings menu of your mobile device.
14 Why are we processing your Personal Data?
We collect and process Personal Data in full compliance with the Regulation’s provisions and the national legislation. There is a more detailed analysis of the processing’s purposes and legal ground in the following paragraphs.
15 The legal ground of this processing of Personal Data?
15.1 For the performance of a contract
The processing of Personal Data is necessary for us to provide our services by the Application and/or fulfil your orders and/or provide you with related services. The purposes of the processing are adjusted according to the nature of the service provided.
For control relating to the correct use of the Application (permission to park in a specific area, validity of the subscription, etc.) and for other purposes related to customer-supplier contractual obligations, including related assistance services.
Activation of the users on the Polis management, via the Application, for car parks that use the Pafos Smart Parking System, equipped with sensors that highlight empty and occupied spaces and allow payments for parking services via the APP.
15.2 For the legitimate interests pursued by Pafos Municipality or by a third party
Except for the above case, third parties or we process your Personal Data, when necessary, except if your fundamental rights and freedoms override the below interests. Below are some examples:
- in court proceedings and/or to claim our legal claims.
- In the context of the operation and security of the IT sector of the Municipality.
- In the context of preventing and clarifying criminal offences.
To protect its legitimate interests, such as fraud prevention, credit risk protection, maintaining security, and improving the quality of services.
15.3 Due to your consent
To allow the Application to be downloaded, and exclusively for reasons connected with the provision of the services, the user must agree to make some resources of the mobile device available to the Application itself: Internet access, information on the device, and the operating system installed, for payment transaction and/or subscriptions.
15.4 For compliance with a legal obligation
The Municipality may be subject to various legal obligations, such as the obligations arising from Municipal legislation in general, the laws and regulations applicable in the Republic of Cyprus, any directives, rules, or guidance issued by relevant authorities, as well as any regulations issued by a competent organ of the European Union.
The data will not be processed for marketing purposes.
16 Transfer of your Personal Data outside the EEA or to an international organisation
Municipality of Pafos does not transfer your Data to third parties located outside the European Economic Area (EEA).
The processors in third countries are obliged to apply the Regulation similarly to the companies located within the European Economic Area.
The Personal Data will not be transferred to non-EU countries.
17 Safety, Security, and Compliance with Law
Your information, the contents of all of your online communications in our Services, and the communications between you and Pafos Municipality may be accessed and monitored as needed to provide our Service and may be disclosed:
- When we have a good faith belief that we must disclose the information in response to a legal process (for example, a court order, search warrant, or subpoena);
- To comply with any applicable laws or regulations;
- Where, in our sole discretion, we believe that the Service is being used to commit a crime, including to report criminal activity or to share information with other companies and organisations for fraud protection, credit risk reduction, and other security precautions;
- When we have a good faith belief that there is an emergency that poses a threat to the health and/or safety of you, another person, or the public generally; and
- To protect the rights or property of Pafos Municipality and other applicable third parties, including to enforce our Terms of Service.
18 Whom we share your data with
Depending on the requested Services or as necessary to complete any transaction or provide any Service you have requested, we may share your information with our affiliates, contracted companies, and service providers (collectively, “Service Providers”) we rely upon to assist in the operation of the Mobile Application and Services available to you and whose privacy policies are consistent with ours or who agree to abide by our policies concerning Personal Information. We will not share any information with unaffiliated third parties.
Service Providers are not authorised to use or disclose your information except as necessary to perform services on our behalf or comply with legal requirements. Service Providers are given the information they need only to perform their designated functions. We do not authorise them to use or disclose any provided information for their marketing or other purposes. We will share and disclose your information only with the following categories of Service Providers:
- Server computing services
- Communication and collaboration services
- Data storage services
- User authentication services
- Website hosting service providers
- Payment service providers
18.1 Within the Municipality of Pafos
The Personal Data may be brought to the attention of employees of the Data Controller who process Personal Data or System Administrator and who will receive adequate operating instructions from the Data Controller in this regard; the same will happen towards the employees or collaborators of the Municipality.
18.2 Third-Party Service Providers
We may share information we collect with our third-party service providers that perform services on our behalf, including, but not limited to:
- Payment processing;
- Email delivery;
- Hosting services;
- Customer service;
- Data management;
- Graphics and user interface;
- Tools and utilities;
- Push notifications;
- User authentication;
18.3 Service providers who will process data
Everyone who logs in to Polis software has a personal account. The administrator can add or delete the accounts of everyone who has access to the system. The administrator sets a temporary password that each user at the first login is forced to replace.
Account expiration is set and depends on the contract’s validity between the administrator and Intercomp SpA.
Inntenet Ltd – System Administration
Technor Engineering – Network Engineer and System Administration
Intercomp SpA – Super Admin, Software IT, Technical Department, etc.
Paphos Municipality – Polis Administrator, Polis Administration, Accounting dep. Police Officers, Maintenance Technician, Technical Support.
19 How long your Personal Data will be kept for
The Personal Data communicated are kept for the time necessary to fulfil the purposes or for any other legitimate related purpose and precisely for the administrative-accounting purposes. They will be held for the entire duration of the contract and, after termination, for eight years. In the case of legal disputes, Personal Data will be kept for the whole period until the deadlines for appeals are exhausted. The Personal Data provided to manage the Application will be retained for 12 months from the last interaction with the system. Once the retention terms indicated above have elapsed, personal data will be destroyed or made anonymous, compatibly with the technical procedures for cancellation and backup.
20 Your rights
You have several important rights under the Regulation (EU) 2016/679 (General Data Protection Regulation), and Specifically Right of access by the data subject are:
- Right to access your Personal Data (Article 15): You might receive information and/or a copy of the Personal Data we hold free of charge.
- Right to rectification (Article 16): you might ask us to correct any mistakes in our information.
- Right to erasure (“right to be forgotten”) (Article 17): you might ask us to erase the Personal Data concerning you.
However, we reserve the right to deny the erasure if the processing is necessary to comply with a legal obligation, for public interests, or the establishment, exercise, or defence of legal claims.
- Right to restriction of processing (Article 18): you might require us to restrict our processing of your Personal Data if you contest the accuracy of your Personal Data, the lawfulness of the processing, or you have objected to the processing (according to article 21), and you wait for our reply whether we have legitimate grounds which override yours.
- Right to data portability (Article 20): you have the right to request and receive the Personal Data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit this data to a third party under certain circumstances.
- Right to object (Art. 21 of Regulation): You have the right at any time to object to the processing of your data, including profiling, based on the legitimate and/or public interest (section 6 (1) (e) and (f)) when you deem that this is justified due to a particular situation that concerns you.
If you disagree, we shall no longer process your data unless it demonstrates compelling legitimate grounds for the processing that override your interests, rights, and freedoms or if the processing serves the establishment, exercise, or defence of legal claims.
- Right to withdraw your consent: you reserve the right to withdraw your consent. However, the withdrawal of the consent does not affect the lawfulness of the processing based on the consent before its withdrawal.
If you wish to exercise any of the above rights or ask any questions or clarifications or complain, please do not hesitate to contact the Municipality of Pafos at firstname.lastname@example.org
Moreover, you also have the right to file a complaint to the Commissioner of Personal Data Protection. For more information concerning filing a complaint, please visit the website www.dataprotection.gov.cy/ or e-mail at email@example.com.
21 Keeping your Personal Data secure
The Pafos Municipality has appropriate security measures to prevent Personal Data from being accidentally lost, used, or accessed unauthorised. We limit access to your Personal Data to those who have a genuine business need to have access to it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures to deal with any suspected data security breach. We will notify you by email and any applicable regulator of a suspected data security breach where we are legally required to do so.
22 How to complain
We hope to resolve any query or concern you raise about our use of your information.
However, the Regulation also gives you the right to complain about the supervisory authority, the Commissioner of Personal Data Protection. For more information concerning filing a complaint, please visit the website www.dataprotection.gov.cy/) or via e-mail at firstname.lastname@example.org.
23 Are you obliged to provide us with your Personal Data?
You are required to provide your Data to the extent that it is necessary to conclude, perform our services by the Application, and/or provide you with the requested information and/or fulfil your mandates. If you refuse to give us the requested Data, we will not offer and continue to provide our services.
24 Automated individual decision-making and profiling
‘Profiling’ means any form of automated processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular, to analyze or predict characteristics concerning that natural person’s performance at work, economic situation, personal preferences, interests, reliability, behaviour, location or movements.
The Personal Data will be processed mainly in an automated form and on hard copy, with logic strictly related to the aforementioned purposes. The Data Controller has adopted suitable security measures to protect the data against the risk of loss, abuse, or alteration of Personal Data.
25 Changes in this privacy notice
This Privacy Notice was published on [01/06/2022]
26 Contact Us