Privacy Policy

Who we are?

Car Park Securities Limited (122081462), is a company registered in England and Wales whose registered office address is York House 15/17, York Street, Heywood, Lancashire, OL10 4NN.

Our Data Protection Officer can be contacted by emailing contact@carparksecurities.com.

We operate under the Data Protection Act 2018. We are the Data Controller in respect of all personal information that we process in connection with our business.

What we do

Patrolled sites

We provide effective management of privately-owned car parks and by doing so, entry into one of our managed sites, may result in your personal data being obtained, retained and processed depending on the category of user you are of our site.

Images of vehicles including vehicle registration number will be obtained if you breach the terms of parking, to pursue the driver or keeper for outstanding parking charges.

Camera sites

We monitor the entry and exit of privately owned/managed ANPR or CCTV car park sites.

Images of people and vehicles, including vehicle registration numbers, will be obtained to confirm the length of stay and enforce non-compliance of the Terms and Conditions of entry onto our privately-owned sites.

Your personal data is being obtained, retained, and processed, depending on the category of user you are of our site.

The Legal Position

Our Lawful Basis for Processing Your Personal Information

We have two lawful bases for processing your personal information:

  1. Because the processing is necessary for the contract with us which was created when you entered and remained on the car park
  2. For these legitimate interests, which are proportionate to your rights and freedoms:
  3. To pursue motorists for unpaid parking tariffs.
  4. To pursue motorists for unpaid parking charges.
  5. To ensure safety and security and help deter/detect crimes.
  6. Providing car park management services on private land, including the management of permits and the adjudication of appeals both by ourselves and on behalf of our clients.
  7. As part of the audit processes undertaken by the DVLA and the industry regulator, the International Parking Community (IPC).

What Personal Information Do We Collect and How Do We Collect It?

We use an Automatic Number Plate Recognition system (“ANPR”) or handheld recording devices/mobile applications. Images of vehicles and the Vehicle Registration Mark (VRM) are collected. Within ANPR sites, we record an image of the number plate (VRM) of every car that enters and exits the car park, as well as the time that happens and we record an image of the vehicle at a distance. Within our manually patrolled sites, we take images of any vehicle that contravenes the site rules.

VRM, date, time and location data may also be collected and processed via terminal registration systems if they are in operation. Where this happens, we will tell you clearly through onsite signage.

Where we issue a parking charge or tariff, then we collect more information. We obtain the name and address of the registered keeper of the vehicle from the DVLA.

If you are not the registered keeper of the vehicle, then we have obtained your data from the registered keeper or from another person that the registered keeper has referred us to, who has identified you as the driver/hirer of the vehicle on the time and date of the parking event.

Where we use a permit management system or online portal to validate authorised use of a car park or to prevent the issue of a charge, we may collect your data such as, name, email address, telephone number and job title. This may be collected directly from you or via a third party who may be responsible for accessing our systems to administer your parking permit.

If you submit an appeal or otherwise correspond with us, then we will process the personal information that you give to us. Where someone appeals or corresponds with us on your behalf, then we will process the personal data we receive from them. If you appeal, we will usually process information about your status as driver, if you are the registered keeper of the vehicle or the hirer/lessee or other relationship with the vehicle, your name, postal address, email address and telephone number, the details of the appeal and any evidence submitted to us.

Special Category or “Sensitive” Data

We will only collect special category personal data when you provide it to us via correspondence or if you appeal against a charge or tariff and include this information. Examples of this kind of data include information about an individual’s racial or ethnic origin, sexual orientation, political opinions, religious, philosophical, or other similar beliefs, or information about an individual’s physical or mental health.

We will use, store, or share this special category of data only in two circumstances:

  • If you have given your explicit consent, or
  • The processing is necessary for the establishment, exercise, or defence of a legal claim.

Why Do We Collect Your Personal Information?

We manage car parking on Private Land. The sites are privately owned and operated and so we need your personal information to confirm compliance with displayed terms and conditions of parking and to determine whether a parking charge should be issued for non-compliance and to collect any charges. We also need your personal information when we are managing, administering, or processing appeals against parking charges or tariffs.

We also need the personal data to ensure safety and security and to help deter or detect crimes. Our Data Retention Policy We always retain information in accordance with legal requirements.

We only retain the data necessary to fulfil those requirements. Where your vehicle registration number has been recorded on our systems but has complied fully with the terms and conditions of the site, your data is usually deleted within 48 hours, or if a bank holiday intervenes, then after the bank holiday. On occasion this data may be held up to a maximum of 30 days.

Where there is an unpaid charge the data will be held for sufficient time to enable the charge to be settled by you, or another person, to resolve any dispute and to satisfy any statutory obligations. We will hold your records for 2 years after your case has been resolved as we are required to comply with regulatory and legislative requirements.

We are required to keep accounting details for 6 years in accordance with HMRC rules.

In accordance with PCI DSS regulations we do not store payment card details for payments made or attempted.

If there is an order from a court or there is an investigation by law enforcement agencies or our regulators, we may be required to retain your information beyond the retention period set out above. This is intended to make sure that we will be able to produce records as evidence if they are needed.

How We Share Your Personal Data

We keep your information confidential and will not share it without your prior consent, other than to the following:

  • the Independent Appeals Service (IAS), the independent adjudicator for private parking appeals, when you are involved in an appeal.
  • the Driver and Vehicle Licensing Agency (DVLA).
  • to the IPC, the industry regulator, when responding to a query or a complaint made in relation to a parking charge or event that they are assessing.
  • debt recovery agents if you fail to pay a charge or tariff.
  • bailiffs or solicitors if recovery is required or legal action is taken.
  • the freeholder of the car park or the client on whose behalf we are providing parking facilities, to confirm information the landowner may already have because an appeal, claim or complaint has been made or you have entered into correspondence with them;
  • or to other service providers, such as Payment Service Providers. Lettering providers or IT System Providers as our authorised sub-contractors.

No information collected by us is used for any marketing purposes. We do not sell or pass information to others for marketing purposes.

How We Protect Your Data

We look after your personal data by having security that is appropriate for its nature and the harm that might result from any breach of security.

Your Privacy Rights

We want to make sure you are aware of your rights in relation to the personal information we process about you.

You have the following rights: the right of access; the right of rectification; the right of erasure; the right to restriction of processing; the right to objection; the right to portability; the right to not be subject to automated processing and the right to be informed.

Access

You have a right to request a copy of any of your personal information that we hold, as well as to ask us for details about how we process your personal information. If your request is unclear, we will contact you and ask you to clarify your request. If we are unsure about your identity, we will ask you for more information and will only begin to process your request once your identity has been verified.

You can make a subject access request by contacting our data protection officer by emailing contact@carparksecurities.com

Rectification

You have the right to ask us to rectify or delete any of your personal information that is inaccurate as to any matter of fact, or if your personal information is incomplete.

Erasure

The right to erasure is also known as ‘the right to be forgotten’. You can request that we erase all of your personal information when it is no longer necessary for us to continue processing this data and in some other limited circumstances, as described in the Information Commissioner’s guidance, available on www.ico.org.uk.

Restriction

You have the right to request the restriction or suppression of your personal information. This right will only apply in certain circumstances, as described in the Information Commissioner’s guidance, available on www.ico.org.uk.

Objection

In certain circumstances, you have the right to object to the processing of your personal information. Any such objection must be based on your situation. We will review each request we receive and if we refuse your request, we will inform you of the reason why we have not acted.

Portability

You have the right to receive personal data you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to request that we transmit this data directly to another organisation.

Automated Decision Making

You have the right to not be subject to any decision based on automatic decision making. This right will only apply in certain circumstances, as described in the Information Commissioner’s guidance, available on www.ico.org.uk. We do not carry out Automated Decision Making.

Informed

You have the right to be informed about how we collect and use your personal data. We comply with your right through this privacy policy, and by telling you key information about data collection on the signage located on all sites we manage.

International Transfers

We do not transfer data internationally. Your data will not be transferred anywhere outside of the EEA.

How to Contact Us

Our Data Protection Officer can be contacted at: contact@carparksecurities.com

Alternatively, you can write to the Data Protection Officer, the address is, York House 15/17, York Street, Heywood, Lancashire, OL10 4NN.

How to Contact the Information Commissioners Office (ICO)

Information about the General Data Protection Regulations is available within the Information Commissioner’s guidance, available at www.ico.org.uk.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO). For further information, please refer to the ICO website, www.ico.org.uk.

Press Privacy Statement Once a media request is submitted, we will only process the data you have supplied to us.

The data we will process may include the following:

  • Name
  • Email Address
  • Phone Number
  • Job Title
  • The content of the enquiry

It is within our legitimate interest to process this data for the purpose of reviewing and responding to the incoming enquiry.

We may share this data with our clients to confirm information provided but will not share this data with any other third party without your prior consent.

Recruitment Privacy Statement

If you apply for a job position with us and send us a copy of your CV, we will only process the data you have supplied to us. The data we will process may include the following:

  • Contact Details
  • Any other information contained within the CV
  • Any other information contained within a covering letter / email

It is within our legitimate interest to process this data for the purpose of managing the recruitment process.

We will not share your data with any third parties without your prior consent.

Supplier Privacy Statement

This notice is provided for our prospective, existing, and former suppliers and their staff (referred to in this notice as “You” and “Your”).

We collect, hold, and use the following types of data about you:

  • Publicly available information about you, such as your business contact details and information.
  • Data including name, address, email address, company registration number, company VAT number, account details, contact number, position within the company.

We use this information for the following purposes:

  • To manage and facilitate the provision of products and/or services by you to us.
  • To respond to any enquiry or feedback we receive from you.
  • Training purposes.
  • Compliance with legal requirements; and
  • To contact you about placing orders.

We will not share your data with any third parties without your prior consent.