Data Processing Addendum
Effective May 4, 2026. This DPA applies whenever SmartLotIQ processes Personal Data on behalf of a Customer (HOA, condo association, apartment owner, hotel) in connection with the Service. The Customer is the Controller / Business; SmartLotIQ is the Processor / Service Provider.
What it covers
- GDPR Article 28 processor obligations and assistance with Articles 32–36 (security, breach notification, DPIA).
- CCPA/CPRA Service Provider certification — no "sale", no "sharing", no combining data with other sources outside the limited business purpose.
- 30 days' advance notice of any new sub-processor; right to object on reasonable data-protection grounds.
- EU Standard Contractual Clauses (Module 2 and 3) and the UK International Data Transfer Addendum incorporated by reference for international transfers.
- Annex II technical and organizational measures: TLS 1.2+, AES-256, MFA, RBAC, signed-webhook verification, encrypted backups, annual penetration testing, 72-hour breach notification.
SmartLotIQ — modern HOA guest parking management. Start your free 3-day trial · Customer case studies · Resource library · Contact sales