We are ParkingEye Limited T/AS Car Parking Partnership (CPP).
We are a car park management company.
This policy has been produced in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018) and the Human Rights Act 1998 (HRA 1998).
Any changes to this policy will be posted on this webpage. This policy was last updated on 10/03/22.
This Policy explains:
Why we process personal data;
What personal data we collect and process;
When and why we will share personal data;
How long we will keep personal data for.
This policy also explains your rights as a data subject, including information about the right to access the information we hold about you. In certain circumstances, you also have the right to object to the processing of your data, to request that processing be restricted, or to request that we rectify or erase the data we hold about you. Further information is provided below.
Under data protection law, if you request that we action any of these rights, we must verify your identity before providing information to you. We must also provide you with an explanation if we do not agree with your request.
We look after your personal data by having security that is appropriate for its nature and the harm that might result from a breach of security. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site, any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. Those with who we share data are also required to process your data in-line with contractual safeguards and data protection law requirements.
With regard to each of your visits to our site, we may automatically collect technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number. The information which we collect and store during normal use of the site is used to monitor and analyse how parts of the site are used.
When you use a CPP car park, we collect and process data comprising of images of vehicles using the car park and/or the Vehicle Registration Mark (VRM).
If the contractual parking terms and conditions are breached, a Parking Charge Notice will be issued. The data we process when issuing a Parking Charge Notice includes the recipient’s name and address, images of the vehicle, its details and movement whilst using the car park and the Vehicle Registration Mark (VRM.)
If you submit an appeal in relation to a Parking Charge, or otherwise correspond with us, including on the phone, you may provide us with additional personal data, the data we process may include: the VRM; your name, address, email and phone number; a Parking Charge or other reference number; IP address; the capacity in which you are appealing (e.g. keeper, driver, hirer, other); and any other information you provide within any correspondence, phone call or appeal, including any documentation you share with us.
Images of vehicles and VRMs are collected via ANPR cameras and/or attendants on-site. Where in operation VRM data may also be collected and processed via the payment and/or terminals systems.
If you have received a Parking Charge Notice and you are the registered keeper of the vehicle, as held by the relevant vehicle licensing agency, then your data has been provided by the Driver and Vehicle Licencing Agency (DVLA) or international equivalent.
If you are not the registered keeper of the vehicle, then your data has been provided by:
A third party who has confirmed that you were responsible for the vehicle on that date;
A third party who has confirmed that you were driving the vehicle on that date;
A third party who has confirmed that the vehicle was on hire or leased to you on that date.
If you submit an appeal or otherwise correspond with us, the data processed by us will be as provided by you within that appeal or correspondence. Where someone appeals or corresponds with us on your behalf, then the data processed will be as provided within the documentation we receive from them.
Depending upon the nature and content of your appeal or correspondence, the information or documentation provided may be classed as “special category” personal data and will therefore be considered to be more sensitive.
Examples include: personal identity numbers, financial account information, information about an individual’s racial or ethnic origin, sexual orientation, political opinions, religious, philosophical or other similar beliefs, or information about an individual’s physical or mental health.
The information on the reverse of the correspondence issued by us explains that we will process any special category data provided based upon your explicit disclosure of that information.
When submitting an appeal via the website, you will also be specifically asked to provide your consent to the processing of any “special category” personal data you explicitly disclose as part of an appeal.
We will continue to process any “special category” personal data provided by you, as specified above, unless we are notified that your consent to processing has been withdrawn.
You are free to change your mind at any time and withdraw your consent. The consequence might be that we will no longer be able to consider your circumstances in full when reviewing an appeal and when considering whether further action is appropriate should a Parking Charge remain open.
If you wish to withdraw your consent, please contact us using the details provided below.
When using CPP car parks, personal data is collected and processed for the purposes of:
Our lawful bases for processing data are Performance of a Contract and Legitimate Interests.
If you are the driver of a vehicle using a CPP car park, your data is collected and processed as necessary for the performance of the parking contract. This includes ensuring you comply with the parking terms and conditions, as displayed on signage throughout each car park, and to enforce those terms and conditions where necessary.
We will also process data in pursuit of our, the landowners, and the public’s legitimate interests including:
Data may be processed at a destination outside the European Economic Area but we have implemented and ensured the safeguards required by data protection law.
In order to enforce the parking contract where a breach has been identified and to support the legitimate interests explained above, we may share data with the following organisations:
This privacy statement applies to all personal data which is submitted when you complete the online “New Business Enquiry” form.
When you submit a commercial enquiry, we will collect and process all the data you provide.
The data we process may include:
Personal data is collected and processed for the purposes of:
We will process your data for the purposes specified above on the basis of your consent, which will be confirmed by your completion of the online form and where you tick the relevant box before submission.
You are free to change your mind at any time and withdraw your consent. The consequence might be that we will no longer be able to assist with your enquiry.
If you wish to withdraw your consent for CPP to process your data, including from future marketing correspondence, please email: [email protected] with the subject line: ‘Withdraw consent’.
We may share data to support the purposes outlined above. Data may be shared with relevant personnel within our business ParkingEye Limited and Glyde Limited.
This privacy statement applies to all personal data which is submitted within the online form:
a) When you click on the “Pay a Parking Charge” button within the website;
b) When you click on the “Pay by Card” or “Pay with PayPal” buttons within the Driver Portal.
We use Capita Business Services Limited as a payment service provider (PSP) to process payments. When making a payment you will access a separate ePayment web page or portal, hosted and administered by the PSP, and you will leave this website.
The data processed whilst you make payment of a Parking Charge may include a VRM, a parking charge reference, email address, card number, expiry date and security code. The parking charge reference will be used for the purpose of locating the relevant parking charge to enable the PSP to populate the payment screen with the outstanding amount payable and the other details will be used by the PSP to process the transaction.
The PSP is responsible for the collection, security and integrity of such of any data captured from the ePayment web page or portal collected and processed by the PSP in an encrypted file. The PSP assumes responsibility for security and integrity of such transaction data that it may retain in transaction data history files. Where delivery of the transaction data occurs, the PSP assumes responsibility for security, integrity and delivery of such transaction data until such delivery occurs.
The PSP operates and maintains responsibility for keeping in good working order host authorisation and submission of internet transactions including any encrypted data collected and processed by the PSP as part of an authorisation or settlement request originating from the ePayment web site or Portal, including (but not limited to) confidential cardholder data such as credit / debit card numbers, CSC codes, card holder name, address details (where AVS is Used) and authorisation codes approved by the agreed Merchant Services Acquirer (“MSA”) and facilitates upgrades to such systems as agreed between the PSP and the MSA from time to time.
Although we endeavour to ensure the PSP will do its best to protect your personal data, we cannot guarantee the security of your data entered via ePayment web pages, apps, or portals. These links have their own privacy policies which you should read before transmitting any data and are provided to improve your convenience. Any transmission is at your own risk and you should take the appropriate steps in respect of this risk.
There are certain reasons why we keep hold of some of your data. How long we keep your data for depends upon the type of data we hold and the purpose(s) for which it was collected and processed.
We will store your personal data for no longer than necessary to support the purposes explained above.
We retain the personal data we hold about you for up to 6 years from collection in order to respond to any concerns or claims that may arise in that time. This may be extended if related correspondence or claims are on-going, or where a county court judgment has been issued in CPP’s favour and remains outstanding.
If you ask us to restrict the way we process your data, or no longer want to receive marketing information from us, we will retain relevant data on suppression lists. This means that we will keep just enough data about you available to ensure that we continue to comply with your reasonable request.
Body Worn Cameras
At some of the car parks we manage, CPP uses body worn cameras (BWC) to protect our Customer Service Attendants dealing with members of the public in situations where they are vulnerable to abuse and to also serve as a deterrent against threatening behaviour / criminal activity.
Visual and audio data is collected by the BWC, and the legal basis for our use of this data is our legitimate interests. Our Customer Service Attendants will inform individuals that they are going to be filmed prior to activation of the BWC, unless the situation means it is not possible. Continuous recording is not permitted. Use of a BWC shall be in accordance with the law and our own internal company policy.
BWC footage may be shared with law enforcement agencies, prosecution agencies, legal representatives and third parties where it is lawful to do so. The data will not be transferred outside of the UK.
The recorded footage is uploaded from the device after use, when it is then stored in an encrypted format on a secure server.
Any recorded footage will be retained for 30 days, before automatic deletion. Should the footage be required for evidential purposes, it will be retained until the conclusion of any criminal proceedings in relation to the incident that resulted in a physical or verbal assault on one of our Customer Service Attendants.
For your legal rights in respect of such data, please see the section below, “What are your rights as a data subject?”.
Data protection law gives you the following rights. For further information, including to make a request or ask a question about your rights, please contact our Privacy Team using the details provided below.
We will review each request we receive. Under data protection law we do not have to agree with your request but if we refuse your request, we will still contact you within one month to explain why.
In certain circumstances, individuals have the right to object to the processing of personal data. Any such objection must be based on your particular situation. We will review each request we receive and if we refuse your request, We will inform you of the reason why We have not taken action.
Individuals have the right to request a copy of the data held about them. We are required to verify your identity before passing you information and We may contact you upon receipt of your request to clarify your request. We will be unable to process your request until we have all required information.
Individuals may have the right to request the restriction or suppression of personal data. This right will only apply in certain circumstances.
Individuals may request that inaccurate personal data is rectified, or completed if it is incomplete.
The right to erasure is also known as ‘the right to be forgotten’ and individuals can request that their personal data is erased. This right will only apply in certain circumstances.
The right to data portability allows individuals to move, copy or transfer personal data easily from one IT environment to another. This right will only apply in certain circumstances.
Individuals have the right to be given information about such processing, request human intervention or challenge a decision. This right will only apply in certain circumstances.
If you are concerned about our processing of your data or if you have a privacy related query not answered by this policy, please contact our Privacy Team using the contact details below. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO). For further information, please refer to the ICO website, www.ico.org.uk.
Your query will be submitted directly to our Privacy Team.
If you submit an enquiry to us, we will process the data provided for the purpose of reviewing and responding to your enquiry. If you no longer want us to process the data provided, please contact us using the above form and include the message ‘Withdraw consent’.
Alternatively, you can write to us with your privacy related query at:
Car Parking Partnership (CPP)
PO Box 635