Privacy Policy
Last updated: April 15, 2026
1. Introduction
FNG Applied Engineering Services LTD ("ParkInTown", "we", "us", or "our") is committed to protecting the privacy and personal data of all individuals who interact with our services. This Privacy Policy explains how we collect, use, store, and protect your personal data in connection with:
- Our smart parking management platform, including our Automatic Number Plate Recognition (ANPR) camera systems
- Our mobile application for drivers
- Our real-time occupancy dashboard for parking facility operators
- Our payment processing systems
- Our airport parking service at Larnaca International Airport (valet and shuttle operations)
- Our proposal generator and commercial intelligence tools for business prospects
- Our internal customer-relationship workflow used to track commercial conversations
- Our careers application pipeline
- Our public websites and marketing pages
This policy applies to all visitors, drivers, parking facility operators, airport parking customers, commercial prospects, job applicants, and website visitors, whether accessed through our mobile application, on-site camera systems, the airport dispatch channels, our websites, or any other means.
We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Cyprus Processing of Personal Data (Protection of the Individual) Law of 2001 (as amended), and all other applicable data protection laws.
2. Data Controller
The data controller responsible for your personal data is:
FNG Applied Engineering Services LTD
Nicosia, Cyprus
Email: hello@parkintown.io
For all privacy-related inquiries, data subject requests, or complaints, please contact us at hello@parkintown.io.
3. Data We Collect
We collect and process different categories of personal data depending on how you interact with our services. All data listed below is handled directly by ParkInTown on infrastructure under our control.
3.1 ANPR Camera Data
When vehicles enter or exit parking facilities equipped with our ANPR camera systems, we automatically capture:
- Vehicle license plate numbers (number plate images and extracted text)
- Date and time of entry and exit
- Duration of parking session
- Camera location and facility identifier
- Vehicle images (captured during plate recognition, limited to the plate area and immediate surroundings)
3.2 Mobile Application Data
When you register for and use the ParkInTown mobile application, we collect:
- Account information: Name, email address, and authentication data provided through Google or Apple login
- Vehicle information: License plate number(s) you register in the app
- Location data: Your device location when you actively use navigation features (only with your explicit permission)
- Usage data: App interaction logs, feature usage patterns, session duration, and in-app actions
- Device information: Device type, operating system version, app version, unique device identifiers, and push notification tokens
3.3 Payment Data
When you make payments through our services, we collect:
- Payment method type (credit card, debit card, digital wallet)
- Truncated card details (last four digits only; we do not store full card numbers)
- Transaction amounts, dates, and reference numbers
- Billing address (where required)
- Payment history and receipts
Full payment card details are handled exclusively through PCI DSS-compliant payment channels and are never stored on our systems.
3.4 Parking Facility Operator Data
If you are a parking facility operator using our dashboard, we collect:
- Business contact information (name, email, phone number)
- Company registration details
- Dashboard login credentials
- Usage data related to dashboard interactions
3.5 Airport Parking Customer Data
When you book and use our valet and shuttle parking service at Larnaca International Airport, we collect:
- Booking details: name, email, phone number, flight numbers, scheduled departure and return times, vehicle make, model, and registration plate
- Tier selection (covered or uncovered bay) and any optional services
- Vehicle photographs taken at drop-off and pickup through our photo-log application, used to document vehicle condition at every custody transition
- Key-handover records and dispatch logs for every customer-driver interaction
- Incident reports and any claim-related documentation linked to a specific booking
- Customer communications related to the booking (including WhatsApp, phone, and email exchanges with dispatch)
3.6 Prospect and Commercial-Lead Data
When you request information, complete an assessment, or are otherwise identified as a prospective operator or commercial partner, we collect:
- Business name, role, and professional contact details
- Information about your parking facility (location, type, capacity, current systems, operational model)
- The content of your interactions with our sales and business-development teams
- Pipeline status (for example, initial contact, assessment in progress, proposal sent, follow-up, closed)
- Any documents, photos, or files you share with us in the context of a commercial evaluation
3.7 Job Applicant Data
When you submit a job application through our careers page or by other means, we collect:
- Full name, email address, phone number
- Public professional profile (for example, LinkedIn URL)
- Cover letter and other text you voluntarily share
- Resume or CV file (PDF or similar document)
- The position you applied for and the timestamp of the application
- Notes and status flags added by our recruitment team during the evaluation process
3.8 Website and Communication Data
- Information you provide when contacting us (name, email, message content)
- Cookie and tracking data (see Section 10 below)
- IP address, browser type, and referring pages when visiting our website
4. Legal Basis for Processing
We process your personal data only where we have a valid legal basis under the GDPR. The following table summarizes the legal bases we rely on for each type of processing:
| Processing Activity | Legal Basis (GDPR Article) |
|---|---|
| ANPR capture of license plates for managing parking access and enforcing parking rules | Legitimate interest (Art. 6(1)(f)): Necessary for the operation and security of parking facilities. We have conducted a Legitimate Interest Assessment confirming that this processing is proportionate and does not override the rights of data subjects. |
| Mobile app registration and account management | Consent (Art. 6(1)(a)): You voluntarily create an account and consent to data processing during registration. You may withdraw consent at any time. |
| Location data for navigation features | Consent (Art. 6(1)(a)): Location access is requested through your device's permission system and can be revoked at any time. |
| Payment processing | Performance of a contract (Art. 6(1)(b)): Processing payment data is necessary to fulfill the parking service agreement and collect fees for services rendered. |
| Operator dashboard access and management | Performance of a contract (Art. 6(1)(b)): Processing is necessary to deliver the dashboard service under our operator agreements. |
| Airport parking booking, pickup, and delivery | Performance of a contract (Art. 6(1)(b)): Processing is necessary to deliver the airport parking service you booked, including dispatching a driver, taking custody of the vehicle, and returning it to you. |
| Photo-log of vehicle condition at handover | Legitimate interest (Art. 6(1)(f)): Necessary to protect both you and us against unfounded damage claims and to provide an authoritative record of vehicle condition. |
| Prospect and commercial-lead management, including assessment submissions and proposal generation | Legitimate interest (Art. 6(1)(f)): Necessary to evaluate business-to-business opportunities, prepare commercial offers, and manage our sales pipeline. Where the prospect is an individual contact at a business, we rely on the soft opt-in available under Cyprus and EU business-to-business communication rules. |
| Sending service notifications (parking confirmations, payment receipts, airport pickup alerts) | Performance of a contract (Art. 6(1)(b)): Necessary to deliver the service you signed up for. |
| Marketing communications | Consent (Art. 6(1)(a)): Only sent with your prior opt-in consent. You may unsubscribe at any time. |
| Recruitment: evaluation of job applications | Pre-contractual measures (Art. 6(1)(b)) and legitimate interest (Art. 6(1)(f)): Necessary to take steps at the request of the applicant prior to entering into an employment contract and to maintain a qualified talent pool. |
| Fraud prevention and security monitoring | Legitimate interest (Art. 6(1)(f)): Necessary to protect our services and users from fraud and abuse. |
| Compliance with legal obligations (tax records, law enforcement requests) | Legal obligation (Art. 6(1)(c)): Required to comply with applicable laws and regulations. |
5. How We Use Your Data
We use the personal data we collect for the following purposes:
- Parking access management: Automating vehicle entry and exit through ANPR recognition, calculating parking duration, and determining fees
- Payment collection: Processing parking fees, issuing receipts, managing refunds, and handling billing disputes
- Service delivery: Providing real-time parking availability, navigation to open spaces, and session management through the mobile app
- Operator services: Delivering real-time occupancy data, revenue analytics, and operational insights through our dashboard
- Airport parking operations: Dispatching drivers, coordinating pickups and deliveries, documenting vehicle condition with photo-logs, reconciling key custody, and resolving incident reports
- Prospect and lead management: Evaluating commercial opportunities, preparing tailored proposals, tracking pipeline status, and maintaining an internal record of commercial conversations
- Recruitment: Reviewing applications, contacting candidates, scheduling interviews, and making hiring decisions
- Customer support: Responding to inquiries, resolving disputes, and providing technical assistance
- Service improvement: Analyzing usage patterns (on an aggregated, anonymized basis where possible) to improve our technology, user experience, and operational efficiency
- Security and fraud prevention: Detecting unauthorized access, preventing abuse, and maintaining system integrity
- Legal compliance: Fulfilling our obligations under applicable laws, responding to valid legal requests from authorities
6. Use of AI and Automated Tooling
ParkInTown uses artificial-intelligence language models and other automated tooling as part of certain internal workflows. In particular:
- Proposal generator: When we prepare a commercial proposal for a prospective operator, the business information we hold about the prospect is processed through a multi-step drafting pipeline that includes language models. The output is a tailored proposal document that our team reviews before sending.
- Operational automation: Internal tools that classify messages, extract actionable items from conversations, translate content, draft replies, and support our dispatch and customer-support teams may use language-model assistance under our direct operational control.
- Photo-log assistance: Automated tooling may be used to tag vehicle photos at handover for faster retrieval during a dispute, without any biometric processing of persons.
All AI and automated-tooling workflows run on GDPR-compliant infrastructure located in Europe and managed by ParkInTown. We do not use personal data you provide to train publicly available artificial-intelligence models. Human review is applied to all AI-generated content before it is used in a commercial-facing way. No automated decision-making within the meaning of Article 22 GDPR produces legal effects or similarly significant effects on you.
7. Where Your Data Is Processed and Who Can See It
ParkInTown processes your personal data on infrastructure that we operate or control, located within the European Economic Area (EEA). We do not sell your personal data to anyone. We share personal data only in the following limited circumstances:
7.1 Our Staff and Authorized Personnel
Access to personal data within ParkInTown is restricted on a role-based need-to-know basis. Only authorized members of our team (for example, operations staff for ANPR sessions, dispatch drivers for airport bookings, recruitment admin for job applications, sales team for prospect data) can access the relevant records.
7.2 Parking Facility Operators
We share aggregated occupancy data, session data, and relevant operational data with the parking facility operators whose facilities you use. License plate data may be shared with the facility operator for the purpose of managing access, enforcing parking rules, and resolving disputes.
7.3 Legal and Regulatory Disclosure
We may disclose personal data when required by law, in response to valid legal process (court orders, subpoenas), to protect our rights and safety, or to prevent fraud or other illegal activity. This includes cooperation with Cyprus and EU law enforcement authorities where legally mandated.
7.4 Infrastructure and Technical Support
Operating a software platform, a valet fleet, a payment flow, and a careers pipeline requires technical infrastructure, including hosting, email delivery, and communication channels. Where operational needs require the use of a specialized technical service, we select providers that are bound by GDPR-compliant data processing agreements, that host data within the European Economic Area, and that are contractually restricted to processing data only on our instructions and only for the purposes we define. We do not transfer personal data outside the EEA except under the safeguards described in Section 7.5.
7.5 International Data Transfers
Where, in exceptional operational circumstances, personal data must be transferred outside the EEA, we apply one or more of the safeguards approved under the GDPR, including adequacy decisions, Standard Contractual Clauses, or equivalent mechanisms. You may request information about any such specific safeguard by contacting us at hello@parkintown.io.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. The following table outlines our standard retention periods:
| Data Category | Retention Period |
|---|---|
| ANPR images (raw plate captures) | 30 days after the parking session ends, then automatically deleted |
| ANPR session records (plate text, entry/exit times) | 12 months, then anonymized or deleted |
| Mobile app account data | Duration of account plus 12 months after account deletion |
| Payment transaction records | 7 years (required by Cyprus tax and accounting regulations) |
| Airport parking booking records | Duration of service plus 12 months, except where a specific incident or claim requires longer retention |
| Airport photo-log images (drop-off and pickup) | 90 days after the booking is closed, then automatically deleted, except where linked to an open claim |
| Customer support communications | 24 months after resolution of the inquiry |
| Operator dashboard data | Duration of the service contract plus 12 months |
| Prospect and lead data, proposal documents | 24 months from the last meaningful commercial interaction, unless the prospect converts to an operator (in which case the operator retention period applies) |
| Job applications (unsuccessful) | 12 months after the hiring decision, then deleted unless the applicant explicitly agrees to be kept in our talent pool |
| Job applications (successful) | Transferred into the employee file and retained according to Cyprus employment-record retention rules |
| Marketing consent records | Duration of consent plus 12 months after withdrawal |
| Website cookies and analytics | See Section 10 (Cookies) |
After the applicable retention period, data is securely deleted or irreversibly anonymized so that it can no longer be linked to an identifiable individual.
9. Your Rights
Under the GDPR, you have the following rights regarding your personal data. You may exercise any of these rights by contacting us at hello@parkintown.io:
- Right of Access (Art. 15): You have the right to obtain confirmation of whether we process your personal data and to receive a copy of that data, along with information about how it is processed.
- Right to Rectification (Art. 16): You have the right to request correction of inaccurate personal data or completion of incomplete data.
- Right to Erasure (Art. 17): You have the right to request deletion of your personal data where it is no longer necessary for the purposes it was collected, where you withdraw consent, or where processing is unlawful. This right is subject to legal retention obligations.
- Right to Restriction of Processing (Art. 18): You have the right to request that we restrict processing of your data in certain circumstances, such as when you contest the accuracy of the data or object to processing.
- Right to Data Portability (Art. 20): Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
- Right to Object (Art. 21): You have the right to object to processing based on legitimate interests, including ANPR data processing, photo-log, and prospect-and-lead processing. Where you object, we will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
- Right to Withdraw Consent (Art. 7(3)): Where processing is based on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
- Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority. The relevant authority in Cyprus is the Office of the Commissioner for Personal Data Protection (www.dataprotection.gov.cy).
We will respond to all valid data subject requests within 30 days. If a request is particularly complex, we may extend this period by an additional 60 days, in which case we will inform you of the extension and the reasons for it.
10. Cookies and Tracking Technologies
Our website and mobile application may use cookies and similar technologies to enhance your experience. Below is a summary of the cookies we use:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Essential for website and app functionality (authentication, session management, security). These cannot be disabled. | Session or up to 12 months |
| Functional | Remember your preferences (language, display settings, saved locations). | Up to 12 months |
| Analytics | Help us understand how users interact with our services so we can improve them. Data is aggregated and anonymized where possible. | Up to 24 months |
We do not use advertising or third-party tracking cookies. You can manage your cookie preferences through your browser settings or through the cookie consent mechanism on our website. Disabling non-essential cookies will not affect core service functionality.
11. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit (TLS/SSL) and at rest
- Hosting on GDPR-compliant infrastructure located in Europe
- Access controls and role-based permissions for all systems, including separate admin gating for sensitive panels (secrets, users, careers applications)
- Regular security assessments and vulnerability testing
- Secure ANPR camera infrastructure with encrypted data transmission
- PCI DSS-compliant handling of payment card data
- Single sign-on with session cookies, bcrypt-hashed passwords, and forced first-login password change for all internal accounts
- Employee training on data protection and security best practices
- Incident response procedures for prompt identification and mitigation of data breaches
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (as required by GDPR Article 33) and, where required, notify affected individuals without undue delay (Article 34).
12. Children's Privacy
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe that we have inadvertently collected data from a minor, please contact us at hello@parkintown.io and we will take steps to delete the data promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by:
- Posting the updated policy on our website with a revised "Last updated" date
- Sending a notification through our mobile application (for registered users)
- Emailing registered users where the changes materially affect how their data is processed
We encourage you to review this policy periodically. Your continued use of our services after changes are posted constitutes your acceptance of the updated policy.
14. Contact Us
If you have any questions about this Privacy Policy, wish to exercise your data subject rights, or have a complaint about how your personal data is handled, please contact us:
FNG Applied Engineering Services LTD
Privacy Inquiries / Data Protection
Nicosia, Cyprus
Email: hello@parkintown.io
If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection in Cyprus at www.dataprotection.gov.cy.