Have A Nice Car Park ltd needs to collect and use certain types of information about the Individuals or Service Users who come into contact with Have A Nice Car Park ltd in order to carry on our work. This personal information must be collected and dealt with appropriately whether is collected on paper, stored in a computer database, or recorded on other material and there are safeguards to ensure this under the Data Protection Act 1998.
2. Data Controller
Have A Nice Car Park ltd is the Data Controller under the Act, which means that it determines what purposes personal information held, will be used for. It is also responsible for notifying the Information Commissioner of the data it holds or is likely to hold, and the general purposes that this data will be used for.
Have A Nice Car Park ltd may share data with other agencies such as the local authority, funding bodies and other voluntary agencies. The Individual/Service User will be made aware in most circumstances how and with whom their information will be shared. There are circumstances where the law allows Have A Nice Car Park ltd to disclose data (including sensitive data) without the data subject’s consent.
a) Carrying out a legal duty or as authorised by the Secretary of State
b) Protecting vital interests of a Individual/Service User or other person
c) The Individual/Service User has already made the information public
d) Conducting any legal proceedings, obtaining legal advice or defending any legal rights
e) Monitoring for equal opportunities purposes – i.e. race, disability or religion
f) Providing a confidential service where the Individual/Service User’s consent cannot be obtained or where it is reasonable to proceed without consent: e.g. where we would wish to avoid forcing stressed or ill Individuals/Service Users to provide consent signatures.
Have A Nice Car Park ltd regards the lawful and correct treatment of personal information as very important to successful working, and to maintaining the confidence of those with whom we deal.
Have A Nice Car Park ltd intends to ensure that personal information is treated lawfully and correctly. To this end,
Have A Nice Car Park ltd will adhere to the Principles of Data Protection, as detailed in the Data Protection Act 1998. Specifically, the Principles require that personal information:
a) Shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met.
b) Shall be obtained only for one or more of the purposes specified in the Act, and shall not be processed in any manner incompatible with that purpose or those purposes
c) Shall be adequate, relevant and not excessive in relation to those purpose(s)
d) Shall be accurate and, where necessary, kept up to date,
e) Shall not be kept for longer than is necessary
f) Shall be processed in accordance with the rights of data subjects under the Act,
g) Shall be kept secure by the Data Controller who takes appropriate technical and other measures to prevent unauthorised or unlawful processing or accidental loss or destruction of, or damage to, personal information.
Have A Nice Car Park ltd will, through appropriate management and strict application of criteria and controls:
• Observe fully conditions regarding the fair collection and use of information
• Meet its legal obligations to specify the purposes for which information is used
• Collect and process appropriate information, and only to the extent that it is needed to fulfill its operational needs or to comply with any legal requirements
• Ensure the quality of information used
• Ensure that the rights of people about whom information is held, can be fully exercised under the Act. These include:
o The right to be informed that processing is being undertaken,
o The right of access to one’s personal information
o The right to prevent processing in certain circumstances and
o The right to correct, rectify, block or erase information which is regarded as wrong information)
• Take appropriate technical and organisational security measures to safeguard personal information
• Ensure that personal information is not transferred abroad without suitable safeguards
• Treat people justly and fairly whatever their age, religion, disability, gender, sexual orientation or ethnicity when dealing with requests for information
• Set out clear procedures for responding to requests for information
4. Data collection
When you use a Have A Nice Car Park Ltd car park, we collect and process data comprising of images of vehicles using the car park and/or the Vehicle Registration Mark (VRM).
If the contractual parking terms and conditions are breached, a Parking Charge Notice will be issued. The data we process when issuing a Parking Charge Notice includes the recipient’s name and address, images of the vehicle, its details and movement whilst using the car park and the Vehicle Registration Mark (VRM).
If you submit an appeal in relation to a Parking Charge, or otherwise correspond with us, including on the phone, you may provide us with additional personal data, the data we process may include: the VRM; your name, address, email and phone number; a Parking Charge or other reference number; the capacity in which you are appealing (e.g. keeper, driver, hirer, other); and any other information you provide within any correspondence, phone call or appeal, including any documentation you share with us.
4.1 How we collect your data
Images of vehicles and VRMs are collected via ANPR (Automatic Number plate Recognition) cameras, MNPR (Manual number Plate Recognition) cameras, CCTV cameras and/or attendants on-site. Where in operation VRM data may also be collected and processed via the payment and/or terminals systems.
If you have received a Parking Charge Notice and you are the registered keeper of the vehicle, as held by the relevant vehicle licensing agency, then your data has been provided by the Driver and Vehicle Licencing Agency (DVLA) or international equivalent. If you are not the registered keeper of the vehicle, then your data has been provided by: • A third party who has confirmed that you were responsible for the vehicle on that date; • A third party who has confirmed that you were driving the vehicle on that date; • A third party who has confirmed that the vehicle was on hire or leased to you on that date.
If you submit an appeal or otherwise correspond with us, the data processed by us will be as provided by you within that appeal or correspondence. Where someone appeals or corresponds with us on your behalf, then the data processed will be as provided within the documentation we receive from them.
5. Data processing
What data do we process?
When you submit a media request, we will collect and process all the data you provide. The data we process may include:
• Your name
• Your organisation/company name
• Your email
• Your phone number
• The details of your message
When using Have A Nice Car Park Ltd car parks, personal data is collected and processed for the purposes of:
• Ensuring you comply with the parking terms and conditions, as displayed on signage throughout each car park, and to enforce those terms and conditions where necessary.
• Issuing a Parking Charge Notice where the parking terms and conditions have been breached.
• Progressing any issued Parking Charge to closure or payment, which includes reviewing and responding to appeals (both internal and with the IAS) and seeking payment of the Parking Charge amount. Recovery may include collections undertaken via the use of debt collection agents and/or legal action (where required).
• Providing car park management services, including the prevention and detection of crime, and data analytics.
We will also process data in pursuit of our, the landowners, and the public’s legitimate interests including:
• The enforcement of breaches of the parking terms and conditions where the recipient of the Parking Charge was not the driver of the vehicle. Enforcement of breaches of the parking terms and conditions ensures a better overall parking experience for all users of the facilities.
• The provision of an effective appeals service, which is provided in line with the International Parking Community (IPC) Code of Practice. Where the Parking Charge was issued in England and Wales, this includes an opportunity for all motorists to lodge an appeal with the Independent Appeals Service (IAS) should their appeal to us be rejected.
Progressing the Parking Charges, we issue, either to closure or payment, supports the parking services we offer.
• The provision of an effective car park management service to improve the customer experience.
– Displaying images of vehicles on payment machines and/or terminals to assist car park users to identify their entry time and select the appropriate tariff payment.
– Sharing information with the landowner where they have agreed to provide parking permits to certain individuals (e.g. staff parking permits), or where a payment account for specified vehicles has been agreed.
– Carrying out data analytics, including reporting on vehicle turnover, vehicle type and repeat visits.
– Providing data to the police to assist with the prevention and detection of crime (as appropriate).
• As part of the audit processes undertaken by the DVLA and IPC.
• Data may be processed at a destination outside the European Economic Area but we have implemented and ensured the safeguards required by data protection law.
6. Sharing Data
In order to enforce the parking contract where a breach has been identified and to support the legitimate interests explained above, we may share data with the following organisations:
• Vehicle licensing agencies, such as the DVLA or an international equivalent. This includes sharing data to obtain the contact name and address details of a vehicle’s registered keeper, as well as sharing for audit purposes.
• The police or other security organisations for the safety and security of car park users, and in order to prevent and detect crime.
• Vehicle hire and lease companies where they confirm that a vehicle was on hire or leased on the date that that vehicle was captured parked in breach of the parking terms and conditions.
• Other organisations such as the International Parking Community (IPC), the Independent Appeals Service (IAS) for parking events in England and Wales, Unity Five Limited (trading as ZatPark), landowners, managing agents, tenants, our press office (where related to media/press query), and any authorised sub-contractors, such as mail service providers, business process outsourcers, credit reference agencies, collection agents, legal advisors, IT service providers, and payment service providers.
6.1. Data processed
when you submit a commercial enquiry: This privacy statement applies to all personal data which is submitted:
1. When you complete the online “New Business Enquiry” form
2. When you request a case study
3. When you request a Have A Nice Car Park Ltd brochure
4. When you request a data analytics brochure
7. Data Storage
Information and records relating to service users will be stored securely and will only be accessible to authorised staff. Information will be stored for only as long as it is needed or required statute and will be disposed of appropriately.
It is the responsibility of Have A Nice Car Park ltd to ensure all personal and company data is non-recoverable from any computer system previously used within the organisation, which has been passed on/sold to a third party.
8. Data access and accuracy
To object to the processing of personal data.
In certain circumstances, individuals have the right to object to the processing of personal data. Any such objection must be based on your particular situation. We will review each request we receive and if we refuse your request, We will inform you of the reason why we have not taken action.
To access personal data.
Individuals have the right to request a copy of the data held about them. We are required to verify your identity before passing you information and We may contact you upon receipt of your request to clarify your request. We will be unable to process your request until we have all required information.
To be informed about the processing of personal data.
To request that the processing of personal data be restricted.
Individuals may have the right to request the restriction or suppression of personal data. This right will only apply in certain circumstances.
To request that personal data is corrected if it is inaccurate.
Individuals may request that inaccurate personal data is rectified or completed if it is incomplete.
To ask that personal data be erased.
The right to erasure is also known as ‘the right to be forgotten’ and individuals can request that their personal data is erased. This right will only apply in certain circumstances.
To request to move, copy or transfer personal data (“Data Portability”).
The right to data portability allows individuals to move, copy or transfer personal data easily from one IT environment to another. This right will only apply in certain circumstances.
Rights relating to automated decision making,
including profiling Individuals have the right to be given information about such processing, request human intervention or challenge a decision. This right will only apply in certain circumstances.
All Individuals/Service Users have the right to access the information Have A Nice Car Park ltd holds about them.
Have A Nice Car Park ltd will also take reasonable steps ensure that this information is kept up to date by asking data subjects whether there have been any changes. In addition,
Have A Nice Car Park ltd will ensure that:
• It has a Data Protection Officer with specific responsibility for ensuring compliance with Data Protection
• Everyone processing personal information understands that they are contractually responsible for following good data protection practice
• Everyone processing personal information is appropriately trained to do so
• Everyone processing personal information is appropriately supervised
• Anybody wanting to make enquiries about handling personal information knows what to do
• It deals promptly and courteously with any enquiries about handling personal information
• It describes clearly how it handles personal information
• It will regularly review and audit the ways it hold, manage and use personal information
• It regularly assesses and evaluates its methods and performance in relation to handling personal information
• All staff are aware that a breach of the rules and procedures identified in this policy may lead to disciplinary action being taken against them.
This policy will be updated as necessary to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to the Data Protection Act 1998.
In case of any queries or questions in relation to this policy please contact