Privacy Notice Cityzen App & cityzenparking.com
The Societe Anonyme Cityzen Parking & Services and Athens International Airport are committed to protecting your personal data. Therefore, they take the necessary and proportionate measures to protect, secure and maintain the integrity and availability of your data, which are processed through the website www.cityzenparking.com ("Website") and the application Cityzen Parking & Services ("Application") provided for iOS and Android devices.
Users are asked to carefully read the Website and Application Privacy Notice. By using either the Website or the Application, you accept the terms of this Privacy Notice. If you do not agree to the terms of this Privacy Notice, you must not use the website or application. Using the Website or Application after modifications to this Privacy Notice constitutes your acceptance of those changes.
The Privacy Notice is directly linked to and accompanies the Terms of Use of the Website and the application. Please refer to them for more information (https://cityzenparking.com/en/pages/terms-of-use-web-app - https://cityzenparking.com/en/pages/terms-of-use-mobile-app)
Data Controller / Reservations for Athens International Airport
The company under the name "Cityzen Parking Systems SA", based at 294 Kifissias Avenue & 1 Tzouna, Athens and email info@cityzen.com.gr (hereinafter Cityzen), is the owner and administrator of the website www.cityzen.com.gr and data controller for the personal data processed via the website and for the services it offers.
Cityzen has appointed Mr. Konstantinos Kakavoulis as Data Protection Officer, with whom you can contact by sending an email to privacy@cityzen.com.gr.
Cityzen also processes in the name and on behalf of Athens International Airport SA (Athens International Airport SA, Administration Building 17, 19019 Spata) (hereinafter "AIA" or "Airport") personal data of users who use the application and / or the website for booking, booking modification or cancellation of reservation of spaces in the Parking lots of Short Term 1 and 2 (Long Term 1 and 2), Long Term (Economy) and Economy of the Airport, in the capacity of Data Processor for the AIA. For more information please see below the section Cityzen-AIA.
Data we collect from you
Through the website and the application, Cityzen customers may buy / reserve one of the services offered by the company such as parking reservations, modification or cancellation of reservations and the relevant payment, reservations and payment appointments for car wash or biological cleaning, securing parking offers. We collect the following data:
|
Identification data
|
Name
Surname
Personal Password
|
|
Communication Data
|
Email
Phone (Optional)
|
|
Personal Information
|
Car plate
Location (Upon consent/ setting)
|
|
Data about the transaction
|
Date & Time of Reservation
Date & Time of Payment
Means of Payment
|
In case of interest for a monthly parking space, for the Share the Space service and for the Cityzen Storage Program, the following personal data of users is collected through the website:
|
Communication Data
|
Name
Surname
Email
Telephone number
|
|
Personal Information
|
Area of residence
Discount coupon
|
|
Data for Invoicing (for monthly parking space)
|
Profession
Registered Office
TIN
Tax Authority
|
|
Personal Preferences
|
Parking Station that the user is interested in
Type of User’s interest
Time for communication
|
By subscribing to the newsletter and its receipt, as well as with the sending of offers the following personal data of users are collected:
|
Communication Data
|
Email
|
|
Personal Information
|
IP address
|
|
User Interaction Data
|
Date & time of interaction with the link
|
If you have given your consent for commercial communication, via sms / viber messages, User Interaction Data is also collected.
Data we collect by automated means
When you use our website or our application, your device automatically provides us with data so that we can serve and tailor our response to you. The type of information we collect through automated means generally includes technical information about your device, such as the IP address or other device ID, the type of device you are using, and the version of the operating system.
The data we collect may also include usage information and statistics about your interaction with the website.
We encourage you to read our Cookies Policy carefully to learn more about Cookies, how to use them and how you can control their use.
Purpose & Lawful Basis for personal data processing
The processing of personal data of website or application users is subject to the terms hereof, the relevant provisions of the General Data Protection Regulation (EU / 2016/679), and of the Greek law 4624/2019.
We use data we collect through our website or application for the following purposes and based on the following legal bases:
Purpose: Inform for our services
Legal basis: Company’s legitimate interests
Purpose: Provision of Services through the website and the application
Legal Basis: Necessary processing for the performance of a contract/ to take steps at the request of the data subject prior to entering into a contract
Purpose: Improving the website’s and the application’s offering
Legal basis: Company’s legitimate interests
Purpose: Measuring website traffic and gathering relevant statistics
Legal basis: Consent
Purpose: Improving the company's advertising campaigns
Legal basis: Consent
Purpose: Communication with users upon request and satisfaction of users’ requests
Legal basis: Necessary processing for the performance of a contract/ to take steps at the request of the data subject prior to entering into a contract
Purpose: Receive requests for monthly parking space , Share my Space, Storage
Legal basis: Necessary processing prior to entering into a contract at the request of the data subject
Purpose: Commercial promotion by subscribing to the newsletter or messaging service (SMS, Viber, etc.)
Legal basis: Consent
Purpose: Log in to the Application and creation of account
Legal Basis: Necessary processing prior to entering into a contract at the request of the data subject
Purpose: Provision of discounts
Legal basis: Legitimate interests of the Company
We also process data for the fulfilment of the legal and / or contractual obligations of Cityzen as Data Processor for the Athens International Airport (AIA). For more information on the processing purposes that Cityzen performs as the Data Processor for the Airport, please see below the section Cityzen-AIA.
Finally, we may also process and forward user personal data to comply with our legal obligations or orders from the relevant police, public and judicial authorities.
Data Retention
The data of users shall be kept for as long as this is required for the provision of the agreed services between the as well as for the necessary period of 15 years after its expiration or termination in any way, regardless if the provision of the services is performed with simultaneous payment/prepayment or not, for us to comply with legal / tax obligations and / or to protect the legal interests of Cityzen. However, payment and booking history will be kept directly accessible to users through their account for five years from the end of the year in which the contract was last created or modified or cancelled, if it was made with simultaneous payment / prepayment.
Data related to the creation of a user account on the website and / or the application is retained until the user requests the deletion of the account. The only exception is if the user has not made any reservation within the last five (5) years from the end of the year in which the last reservation was made or the account was created, in which case the account is also deleted.
The data of users who request monthly parking, share my space services or storage services and enter into a contract with the company is kept for as long as the contract for the provision of monthly parking, share my space services or storage services is active as well as for the necessary period of 15 years after its expiration or in any way termination for us to comply with legal / tax obligations and / or to protect the legal interests of Cityzen.
User data collected regarding requests for monthly parking, share my space services or storage services or related information but not get into contract with Cityzen is retained for the year in which they submitted their request or query, unless it is deemed necessary to maintain it for a longer period for our compliance with legal / tax obligations and / or for the protection of Cityzen's legitimate interests.
User data collected for sending newsletters and commercial communications with their consent is retained until the user revokes its consent and is deleted from the service, either by changing the corresponding settings on their device, or by using the unsubscribe option provided in relevant communications.
Data may exceptionally be retained for longer than the above mentioned times in case a) it is required by law, b) if Cityzen (or the AIA on a case-by-case basis-see below) deems that they are linked to existing and / or possible legal disputes, (c) in order for Cityzen or a third party to defend its legal interests.
The retention period of the personal data of the users who use the application and / or the website for the reservation, modification of reservation or cancellation of reservation of places in the Parking lots of Short Term 1 and 2 (Long Term), Long Term (Economy) and Valet, are determined by the Data Controller, the AIA. For more information on the retention period of the respective data by AIA and consequently Cityzen as the data processor, please see below in the section Cityzen-AIA.
For the duration of the retention of the information collected through cookies, please be informed by the cookies policy.
Recipients of data
We transfer your data to third parties -data processors, when necessary for the sole purpose of providing our services. They may also need to become available to Cityzen personnel, and website maintenance technicians, who are external partners. All parties are bound by the obligation of confidentiality and due process.
In addition, we transmit your personal data on a case by case basis to the company-provider of maintenance and troubleshooting services for the website and the application (Bapp), to the company-provider of hosting services for the website (Easy.gr), to the company-provider of hosting services for the mobile app (Digital Ocean), to the company-provider of marketing / hybrid messaging and newsletter services (Apifon), to the company Website Analysis Services Provider (Google Analytics - Google). All parties operate as data processors and are bound by the obligation of compliance with the rules of confidentiality and lawful processing.
In addition, Cityzen processes in the name and on behalf of Athens International Airport personal data as mentioned above, which may be shared with the above processors depending on the nature of the service provided, the instructions of the AIA and the existence of consent or not. For more information on this topic, as well as information on the subcontractors for Cityzen in this case please see below the section Cityzen - AIA.
Please note that your personal data may be disclosed, in any case where we are required to do so under applicable law or when necessary for the purposes of our legal interests protection or in the context of processing by our partners or third parties (such as cloud services), always ensuring that the guarantees for its safety and protection is met.
Cityzen- AIA
Cityzen processes personal data in the name and on behalf of Athens International Airport as set out above. The reservation of a place in the parking spaces of AIA through the application and / or the website is a contract between the respective User and the societe anonyme with the name "ATHENS INTERNATIONAL AIRPORT SA". ("AIA" or "Airport"), based in Spata, Attica, PC 190 19, with Tax Identification Number 094440299 and Tax Registration Office. FAE Athinon. Users who proceed with the reservation, modification of reservation or cancellation of reservation of places in the parking lots of Short Term 1 and 2 (Short Term 1 and 2), Long Term (Economy) and Valet of Athens International Airport through the website and / or the application of Cityzen accept both the Cityzen Privacy Notice and the Privacy Policy & Privacy Statement of AIA. Users may find the Privacy Policy & Privacy Statement of AIA for the operation of parking lots here: Athens International Airport - Personal Data protection (aia.gr). At the stage before the confirmation of a reservation by the user, the request for finding a place at a selected date and time - and consequently of availability - is made on an anonymous basis, without data transfer between Cityzen and AIA. Until the stage of confirmation of a reservation by the user, the user remains exclusively a customer of Cityzen with the latter acting as data controller. AIA assumes the role of data controller vis-a-vis the user after the booking confirmation by the user and the conclusion of the respective contract.
The disclosure of the data between Cityzen and AIA is carried out as follows: The website and the application are connected to the AIA e-Parking Platform, ie to the AIA e-Parking reservation management system.
The personal data of the users collected through the application or the Cityzen website for the reservation of parking spaces, modification or cancellation of reservations in the parking spaces of the AIA, as well as the data for the creation of the account on the website and / or the application of Cityzen are described above in paragraph “Data we collect from you”.
AIA does not process users' location in any way. Location information remains with Cityzen for the navigation service.
The payment of the parking fee in the parking lots of Short-Term 1 and 2, Long-Term, Economy and Valet of Athens International Airport is made exclusively at the exit of the user in one of the automatic payment machines located in the parking lots of AIA. Users are NOT allowed to prepay or pay through the application or the website.
The data of the data subjects-users who use the application or the website for making reservations (including modification and cancellation of them) for the parking spaces of AIA are subject to processing by AIA data controller and by Cityzen as data processor for the following purposes:
-for the provision of services by Cityzen and / or the AIA to users under the contract between the user and the AIA on the reservation, modification or cancellation of a parking reservation in the parking spaces of the AIA. The service contract from AIA refers only to the reservation of a parking space and / or its modification and / or cancellation
-to contact them regarding the provision of services by the AIA, and Cityzen as the data processor for the AIA, regarding the reservation, modification or cancellation of a parking reservation in the AIA parking spaces
-to send confirmation EMAIL to users that made a parking reservation in the parking spaces of AIA and / or its modification and / or cancellation
-to manage communications concerning requests or complaints by users or about users
-for the fulfilment of the legal obligations of the AIA
-for the compliance of Cityzen and / or the AIA with orders from the competent police, public and judicial authorities-
- to protect the legitimate interests of AIA and / or Cityzen, as well as their property and their rights
- to detect an attempted data interception or fraud using the name of Cityzen and / or the AIA (ie phishing)
- to protect the vital interests of a data subject
- to respond to requests from users regarding the exercise of their rights as consumers but also as data subjects
-for checking users' compliance with the privacy notice and the terms of use of the website and / or the application as well as with the Data Protection Policy & the Privacy Statement of Athens International Airport
The legal basis for the processing of data for proceeding with reservations in the parking spaces of the AIA through the website or the application, for the customer service regarding the reservation in the above spaces, for the information about the reservation is the existence of a contract between the AIA and the users, with Cityzen acting in this case as described above as data processor for the AIA, for the fulfilment of which contract - including all its stages as described above - the processing of the specific personal data is necessary.
In particular, Cityzen processes user data in order to conclude the contract with the AIA at the request of each data subject - User, ie processes user data and transmits it to the AIA in order to conclude the contract for the parking space between the parties in the parking lots of AIA and maintains them for the necessary period of time to provide the service and in accordance with the data retention policy of AIA (see below). Data is also processed for the compliance of the AIA with its legal obligations as data controller in cases where it has the capacity of data controller. Accordingly, data is processed if such processing is necessary for the purposes of the legitimate interests pursued by the AIA as data controller or as a third party. The AIA considers in this case whether its own interests or the fundamental rights and freedoms of the data subject prevail, so if the latter is valid, it refrains from processing. Finally, the AIA may process personal data in order to safeguard the vital interest of the data subject, in this case the user, or of another natural person. Further information on the legal basis for data processing by the AIA can be found in its Data Protection Notice (Athens International Airport - Personal Data protection (aia.gr)
The data of users who use the application to make parking reservations exclusively in the parking lots of Athens International Airport are also subject to the AIA Privacy Statement and is kept for as long as the AIA stipulates and more specifically for as long as necessary to provide the service and for five (5) years from the end of the year which includes the date of the completion of the service, or the originally scheduled date of completion in case the user does not show up to claim its scheduled reservation (no show). Data may exceptionally be retained for longer than the above mentioned times in case a) is required by law, b) if the AIA on a case-by-case basis considers that these are related to existing and / or potential legal disputes (c) to defend the AIA and / or a third party, d) to safeguard the vital interest of the data subject or a third party.
The website and the application are connected to the AIA e-Parking Platform, ie the management system of the online parking reservations of AIA, in order to communicate the data of the users who make reservations in the parking lots of the Airport. Third-party processing services from both parties are also used for this connection. Specifically on Cityzen’s side, the subcontractors for this data processing are Bapp (provider of maintenance and troubleshooting services for the application and the website), Digital Ocean LLC (provider of virtual private server services). On AIA’s side, Chauntry Ltd. is also a data processor. For more information you can contact the Cityzen Data Protection Officer at the email address privacy@cityzen.com.gr or the AIA Data Protection Officer at the email address privacy@aia.gr . For the full list of AIA Data processors regarding the provision of booking and parking services please see the AIA's Data Protection Notice (AIA e-Parking Platform) here: Athens International Airport - Personal Data protection (aia.gr). Disclosure of data may also take place if it is ordered for compliance with the provisions of the Law and of the competent authorities or if it is ordered by police or other administrative or judicial authority. Disclosure may also take place if it is necessary to safeguard the vital interests of the data subject or other natural persons. Data is disclosed to the employees, executives and in the general corporate structure of AIA to the extent that this is necessary for the purposes of providing the requested services to the Users.
Technical Measures of the Website & the Application
We work with the website's virtual private server service provider, Digital Ocean, to ensure that your personal data is protected. Digital Ocean maintains the data of our mobile app on its servers within the European Economic Area. Data is protected by European legislation. Digital Ocean operates as data processor, while Cityzen is the Data Controller.
We work with the hosting service provider Easy.gr, to ensure that your personal data is protected. Easy.gr maintains the data of our website on its servers within the European Economic Area. Data is protected by European legislation. Easy.gr operates as data processor, while Cityzen is the Data Controller.
Our website and application use an encryption system (SSL) to ensure greater security during your navigation.
Cityzen uses third party vendors and hosting partners to provide the necessary hardware, software, storage and related technology required for the operation of the website and the application. We may store encrypted backups of our database to a third party storage provider to ensure its security in the event of an emergency or disaster.
Bapp operates as data processor, while Cityzen is the data controller.
Your rights
|
You have the following rights regarding your personal data
|
|
|
Right to information
|
You have the right to be informed about the collection and processing of your personal data
|
|
Right to access
|
You have the right to receive confirmation from us as to whether or not your personal data is being processed and, if so, you have the right to access your personal data in a concise, comprehensible, transparent and easily accessible form.
|
|
Right to correction
|
You can request and we will ensure that without undue delay we will correct inaccurate or incomplete personal data, including via a supplementary statement.
|
|
Right to erasure
|
You have the right to ask us to delete the personal data that concern you, without undue delay and we will proceed with the deletion, under the conditions set by the law.
|
|
Right to processing limitation
|
You have the right to ask us to limit processing activities to specific purposes only, subject to the conditions set by the law.
|
|
Right to object
|
You have the right to object, at any time and for reasons related to your particular situation, to the processing of personal data concerning you. We will no longer process personal data unless there are compelling and legitimate reasons for processing that override your interests, rights and freedoms or to establish, exercise or uphold legal claims.
|
|
Right to data portability
|
You have the right to receive the personal data concerning you, which you have provided us with, in a structured, commonly used and machine-readable format, as well as the right to request the transfer of such data to another processor without objection from us under the conditions set by the law.
|
|
Right to human interference
|
You have the right to not be subject to a decision made solely on the basis of automated processing, including profiling, which produces legal effects that concern you or significantly affect you in a similar way.
|
|
Right to withdraw consent
|
You have the right to withdraw the consent that you have provided for the processing of data at any time. The withdrawal of the consent does not impact the lawfulness of processing based on the consent prior to its withdrawal
|
If you have any questions about this privacy notice or would like to ask for clarification or if you wish to exercise any of your rights or withdraw your consent to any communication, please contact the Cityzen Data Protection Officer at privacy@cityzen.com.gr .
We will respond to your request within thirty (30) days of receipt. In the event that an extension of the above deadline is required for the investigation and / or processing of your request, we will inform you, explaining the reasons why the extension of the deadline is necessary.
The user of the website or/and the application for the reservation of spaces in the parking spaces of AIA can exercise their rights or request more information by sending an e-mail to the email address privacy@cityzen.com.gr or by contacting directly with the AIA Data Protection Officer at the following contact information:
Data Protection & Compliance Officer
Athens International Airport S.A.
Administration Building (17) 190 19 Spata, Attica, Greece
Email Address: privacy@aia.gr
In any case, if you feel that the protection of your personal data has been violated in any way, you have the right to file a complaint to the Hellenic Personal Data Protection Authority (www.dpa.gr). For the Authority’s jurisdiction and the way of submitting a complaint, you can visit its website where there is detailed information.
Modification of this Privacy Notice
We may make changes to this Notice from time to time. We may make these modifications for a variety of reasons, for example to reflect changes or requirements arising from the law, new features or changes in corporate practices. The latest version will be published in the relevant place on the website. You should check often to find the latest version. The latest version is the applicable one. If the changes involve significant ones that affect your rights or obligations, we will notify you in advance via reasonable means, which may include notice through the Website or by email. If you continue to use the Services after the changes take effect, you agree to the revised notice.
Last Modified: 18/05/2022