Privacy Policy
This Privacy Policy explains how EWORX S.A. processes personal data when people use CityMoo, including the public website, mobile app, administration console, beta/pilot registration, support, and community participation features.
The data controller for CityMoo platform operation is EWORX S.A., Agias Varvaras 40, 15231 Chalandri, Greece. Data Protection Officer contact: dpo@citymoo.com. Municipalities, NGOs, or community organizations may be independent controllers or joint controllers for official pilot activities they initiate or manage. Where EWORX processes data on behalf of such organizations, this will be governed by the relevant pilot agreement.
Depending on how you use CityMoo, we may process account details such as name, initials, email, phone number, role, organization, municipality or community, authentication identifiers, language preference, and support messages. We may also process user-generated content such as issue reports, comments, proposals, poll participation, volunteering sign-ups, uploaded photos or videos, status updates, moderation reports, and administrative actions. Technical data may include device, browser, app version, IP address, logs, security events, crash information, and cookie or similar identifiers.
CityMoo may process precise GPS location only when you enable location access, especially to mark the exact place of a reported issue. If you do not enable precise location, CityMoo may use manual, approximate, or community-level location where the feature allows it. CityMoo should not continuously track your location in the background unless a future feature clearly explains that processing and obtains any required permission.
We process personal data to create and manage accounts, provide the app and administration console, display community activity, handle reports and moderation, support pilots, send service messages, secure the platform, prevent abuse, analyze aggregate engagement, improve CityMoo, and comply with legal obligations. Depending on the context, the lawful basis may be contract, legitimate interests, consent, legal obligation, public-interest tasks carried out by a pilot organization, or explicit consent where required for special categories of data.
CityMoo is a participation platform. Some activity may be visible to other users, moderators, administrators, pilot organizations, or the public. To protect privacy, activity may be shown in a generic or pseudonymous way, for example “A.B. reported a broken street light in Athens”. Real account details are restricted according to role, purpose, and permissions. Do not upload content that exposes unnecessary personal data about yourself or others.
CityMoo supports civic learning and participation by younger citizens while respecting EU and national rules. Where consent is required for an information society service offered directly to a child, guardian authorization or other age-appropriate safeguards may be required below the age set by applicable national law. CityMoo may use age checks, guardian consent flows, restricted visibility, clearer explanations, and additional moderation controls for young users. Users must provide accurate age information where requested.
Personal data may be accessed by authorized EWORX personnel, service providers acting as processors, hosting and infrastructure providers, authentication providers, analytics and security tools, support providers, and authorized representatives of pilot municipalities, NGOs, or communities. We may disclose data to competent authorities where required by law or necessary to protect rights, safety, and platform integrity.
We keep personal data only for as long as needed for the purposes described above, including account operation, pilot administration, legal compliance, security, dispute handling, and auditability. Account data is generally kept while the account is active. Issue reports, moderation logs, and administrative records may be retained for longer where needed for accountability, public-interest follow-up, safety, or legal claims. Deleted or anonymized content may remain in backups for a limited period.
Subject to GDPR conditions and exceptions, you may request access, rectification, erasure, restriction, portability, objection to processing based on legitimate interests, and withdrawal of consent where processing is based on consent. You may contact dpo@citymoo.com. You also have the right to lodge a complaint with the Hellenic Data Protection Authority or another competent EU supervisory authority.
CityMoo uses technical and organizational measures such as access controls, role separation, logging, secure authentication, and operational monitoring. If data is transferred outside the European Economic Area, appropriate safeguards such as adequacy decisions or Standard Contractual Clauses should apply. CityMoo does not make legal or similarly significant decisions about users solely by automated processing unless this is separately explained and legally permitted.
The public website and app may use necessary cookies or similar technologies for security, session management, language, theme, and service operation. Non-essential analytics or marketing technologies should be used only where legally permitted and with required choices. We may update this Privacy Policy as CityMoo develops; material changes will be communicated through the website, app, or account notices.
