- Data Security
- What data is processed when you use ParkMaven car parks?
- What if you provide sensitive data within an appeal or correspondence?
- What data is processed when you submit a commercial enquiry?
- What data do we process?
- How will we process your data and why do we process it?
- Who do we share data with?
- What data is processed when you pay a Parking Charge online?
- Data Security
- What are your rights as a data subject?
- How can you contact the Information Commissioner’s Office?
Any changes to this policy will be posted on this webpage. This policy was last updated on 22/01/2021.
This Policy explains:
- Why we process personal data;
- What personal data we collect and process;
- When and why we will share personal data;
- How long we will keep personal data for.
This policy also explains your rights as a data subject, including information about the right to access the information we hold about you. In certain circumstances, you also have the right to object to the processing of your data, to request that processing be restricted, or to request that we rectify or erase the data we hold about you. Further information is provided below.
Under data protection law, if you request that we action any of these rights, we must verify your identity before providing information to you.
We must also provide you with an explanation if we do not agree with your request.
2. Data Security
We look after your personal data by having security that is appropriate for its nature and the harm that might result from a breach of security. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site, any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. Those with whom we share data are also required to process your data in-line with contractual safeguards and data protection law requirements.
With regard to each of your visits to our site, we may automatically collect technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; information about your visit, including the full Uniform Resource Locators (URL) click-stream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page. The information which we collect and store during normal use of the site is used to monitor and analyse how parts of the site are used.
3. What data is processed when you use ParkMaven car parks?
3.1 What data do we collect?
When you use a ParkMaven car park, we collect and process data consisting of images of vehicles entering, exiting or otherwise using the car park and/or the Vehicle Registration Mark (VRM).
If the contractual parking terms and conditions are breached, a Parking Charge Notice will be issued. The data we process when issuing a Parking Charge Notice includes the recipient’s name and address, images of the vehicle, its details and movement whilst using the car park and the Vehicle Registration Mark (VRM).
If you submit an appeal in relation to a Parking Charge, or otherwise correspond with us you may provide us with additional personal data, the data we process may include: the VRM; your name, address, email and phone number, a Parking Charge or other reference number, IP address, the capacity in which you are appealing (e.g. keeper, driver, hirer), and any other information you provide within any correspondence or appeal, including any documentation you share with us. If you correspond with us by post, we may use a third party to scan and categorise the mail and place it onto our systems, to return your documents and to bank payments.
3.b How do we collect data?
Images of vehicles and VRMs are collected via ANPR cameras and/or attendants on-site. Where in operation VRM data may also be collected and processed via the payment and/or terminals systems.
If you have received a Parking Charge Notice and you are the registered keeper of the vehicle, as held by the relevant vehicle licensing agency, then your data has been provided by the Driver and Vehicle Licencing Agency (DVLA) or international equivalent.
If you are not the registered keeper of the vehicle, then your data has been provided by:
- A third party who has confirmed that you were responsible for the vehicle on that date;
- A third party who has confirmed that you were driving the vehicle on that date;
- A third party who has confirmed that the vehicle was on hire or leased to you on that date.
If you no longer live at the address held by the DVLA, then your data has been provided by:
- A third party now living at the property whom has confirmed that you no longer live at that address and has supplied a forwarding address; or
- A third party credit reference agency.
If you submit an appeal or otherwise correspond with us, the data processed by us will be as provided by you within that appeal or correspondence. Where someone appeals or corresponds with us on your behalf with your authority, then the data processed will be as provided within the documentation we receive from them.
4. What if you provide sensitive data within an appeal or correspondence?
Depending upon the nature and content of your appeal or correspondence, the information or documentation provided may be classed as “special category” personal data and will therefore be considered to be more sensitive.
Examples include: personal identity numbers, financial account information, information about an individual’s racial or ethnic origin, sexual orientation, political opinions, religious, philosophical or other similar beliefs, or information about an individual’s physical or mental health.
The information on the correspondence issued by us explains that we and our processors will process any special category data provided based upon your explicit disclosure of that information.
If you wish to withdraw your consent, please contact us using the details provided below.
4.a How will we process your data and why do we process it?
When using ParkMaven car parks, personal data is collected and processed for the purposes of:
- Ensuring you comply with the parking terms and conditions, as displayed on signage throughout each car park, and to enforce those terms and conditions where necessary.
- Issuing a Parking Charge Notice where the parking terms and conditions have been breached.
- Progressing any issued Parking Charge to closure or payment, which includes receipt of, reviewing and responding to appeals (both internal and with POPLA) and seeking payment of the Parking Charge amount. Recovery may include collections undertaken via the use of debt collection agents and/or legal action (where required) and / or verification of your address.
- Providing car park management services, including the prevention and detection of crime, and data analytics.
Our lawful bases for processing data are Performance of a Contract and Legitimate Interests.
If you are the driver of a vehicle using a ParkMaven car park, your data is collected and processed as necessary for the performance of the parking contract. This includes ensuring you comply with the parking terms and conditions, as displayed on signage throughout each car park, and to enforce those terms and conditions where necessary.
We and our third party processors will also process data in pursuit of our, the landowners, and the public’s legitimate interests including:
- The enforcement of breaches of the parking terms and conditions where the recipient of the Parking Charge was not the driver of the vehicle. Enforcement of breaches of the parking terms and conditions ensures a better overall parking experience for all users of the facilities.
- The provision of an effective appeals service, which is provided in line with the British Parking Association’s Code of Practice. This includes an opportunity for all motorists to lodge an appeal with the Parking On Private Land Appeals (POPLA) service should their appeal to us be rejected. Progressing the Parking Charges we issue, either to closure or payment, supports the parking services we offer.
- The provision of an effective car park management service to improve the customer experience.
- Displaying images of vehicles on payment machines and/or terminals to assist car park users to identify their entry time and select the appropriate tariff payment.
- Sharing information with the landowner where they have agreed to provide parking permits to certain individuals (e.g. staff parking permits), or where a payment account for specified vehicles has been agreed. and, where necessary, to assist with the administration of the parking enforcement operation on site.
- Carrying out data analytics, including reporting on vehicle turnover, vehicle type and repeat visits.
- Providing data to the police and other security organisations to assist with the prevention and detection of crime (as appropriate).
- As part of the audit processes undertaken by the DVLA and BPA.
4.b Who do we share data with?
In order to enforce the parking contract where a breach has been identified and to support the legitimate interests explained above, we may share data with the following organisations:
- Vehicle licensing agencies, such as the DVLA or an international equivalent. This includes sharing data to obtain the contact name and address details of a vehicle’s registered keeper, as well as sharing for audit purposes.
- The police or other security organisations for the safety and security of car park users, and in order to prevent and detect crime.
- Vehicle hire and lease companies where they confirm that a vehicle was on hire or leased on the date that that vehicle was captured parked in breach of the parking terms and conditions.
- Other organisations such as the British Parking Association (BPA), the Parking On Private Land Appeals (POPLA) service, Debt Recovery companies, landowners, managing agents, tenants, our press office or agency (where related to media/press query), and any authorised sub-contractors, such as mail service providers, business process outsourcers, credit reference agencies, collection agents, legal advisors, IT service providers, and payment service providers.
5. What data is processed when you submit a commercial enquiry?
This privacy statement applies to all personal data which is submitted:
- When you complete the online “Contact Us” form
- When you download our free ebook
5.a What data do we process?
When you submit a commercial enquiry, we will collect and process all the data you provide.
The data we process may include:
- Your name
- Your organisation/company name
- Car park location, including town and postcode
- Your email
- Your phone number
- The details of your message
5.b How will we process your data and why do we do it?
Personal data is collected and processed for the purposes of:
- Reviewing and responding to your enquiry
- Providing you with a brochure and/or case study via email, where requested
- Adding you to our mailing list for future relevant marketing communications
We will process your data for the purposes specified above on the basis of your consent, which will be confirmed by your completion of the online form and where you tick the relevant box before submission.
You are free to change your mind at any time and withdraw your consent. The consequence might be that we will no longer be able to assist with your enquiry.
5.c Who do we share data with?
We may share data to support the purposes outlined above. Data may be shared with relevant personnel within ParkMaven as well as with our press office.
6. What data is processed when you pay a Parking Charge online?
When you use ECOM6 to make your payment:
ECOM6 is the Merchant Services Provider (MSP) used to securely transfer your payment information to TakePayments and TakePayments is the Merchant Services Acquirer (MSA) who process the payment. ECOM6 is a PCI DSS accredited provider and TakePayments is an FCA regulated processor.
6.a What data will be processed?
The data processed whilst you make payment of a Parking Charge may include a VRM, a parking charge reference, email address, card number, expiry date and security code. The parking charge reference will be used for the purpose of locating the relevant parking charge to enable the MSP / Acquirer or PSP to populate the payment screen with the outstanding amount payable;
Personal data may be processed on the grounds of legitimate interests to allow payments to be made and may also be processed due to it being necessary for us to process the same under a contract between you and ParkMaven.
7. Data Security
ECOM6 is responsible for the collection, security and integrity of such of any data captured from the ePayment web page or portal collected transferred to the payment processor in an encrypted file. They assume responsibility for security and integrity of such transaction data that they may retain in transaction data history files. Where delivery of the transaction data occurs, they assume responsibility for security, integrity and delivery of such transaction data until such delivery occurs.
ECOM6 operates and maintains responsibility for keeping in good working order host authorisation and submission of internet transactions including any encrypted data collected and transferred to TakePayments as part of an authorisation or settlement request originating from the ePayment web site, including (but not limited to) confidential cardholder data such as credit / debit card numbers, CVC codes, card holder name, address details (where AVS is used) and authorisation codes approved by WorldPay as the agreed Acquirer and facilitates upgrades to such systems as agreed between the ECOM6 and TakePayments from time to time.
Although we endeavour to ensure the ECOM6 will do its best to protect your personal data, by having agreed commitments in our contract with the provider, we cannot guarantee the security of your data entered via ePayment web pages, apps, or portals. Any transmission is at your own risk and you should take the appropriate steps in respect of this risk.
8. What are your rights as a data subject?
Data protection law gives you the following rights. For further information, including to make a request or ask a question about your rights, please contact our Privacy Team using the details provided below.
We will review each request we receive. Under data protection law we do not have to agree with your request but if we refuse your request, we will still contact you within one month to explain why.
To object to the processing of personal data.
In certain circumstances, individuals have the right to object to the processing of personal data. Any such objection must be based on your particular situation. We will review each request we receive and if we refuse your request, We will inform you of the reason why We have not taken action.
To access personal data.
Individuals have the right to request a copy of the data held about them. We are required to verify your identity before passing you information and we may contact you upon receipt of your request to clarify your request. We will be unable to process your request until we have all required information.
To be informed about the processing of personal data.
Individuals have the right to be informed about the collection and use of personal data.
To request that the processing of personal data be restricted.
Individuals may have the right to request the restriction or suppression of personal data. This right will only apply in certain circumstances.
To request that personal data is corrected if it is inaccurate.
Individuals may request that inaccurate personal data is rectified, or completed if it is incomplete.
To ask that personal data be erased.
The right to erasure is also known as ‘the right to be forgotten’ and individuals can request that their personal data is erased. This right will only apply in certain circumstances.
To request to move, copy or transfer personal data (“Data Portability”).
The right to data portability allows individuals to move, copy or transfer personal data easily from one IT environment to another. This right will only apply in certain circumstances.
Rights relating to automated decision making, including profiling
Individuals have the right to be given information about such processing, request human intervention or challenge a decision. This right will only apply in certain circumstances.
9. How can you contact the Information Commissioner’s Office?
If you are concerned about our processing of your data or if you have a privacy related query not answered by this policy, please contact our Privacy Team using the contact details below. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO). For further information, please refer to the ICO website, www.ico.org.uk.