Civil Enforcement Limited (“we” or “us” or “our”) is committed to protecting your privacy. Our Privacy Policy explains how we collect, use, store, process and protect information about you.  This policy has been drafted and implemented in line with the provisions and guidance set out in General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

Topics covered in our privacy policy:

  • Who we are
  • What data we collect
  • How we collect personal data and other information
  • What we use your personal data and other information for
  • Who we share your personal data with
  • Your information
  • Changes to our privacy policy
  • Security, storage and retention of your personal data and other information
  • Transfers outside Europe
  • Cookies and Traffic data
  • Other Sites
  • Further Information

Who we are

We are a limited company registered in England and Wales under company number 05645677. Our registered office is at Horton House, Exchange Flags, Liverpool L2 3PF. We are registered on the Information Commissioner’s Office Register of Data Controllers under registration number Z9389969. This registration covers our different business divisions and group companies. When collecting data in accordance with this Privacy Policy, we are the ‘Data Controller’. 

For further details of how to contact us, please refer to the ‘Contact Us’ page.

How we collect information

We will collect information from you if you:

  • register to use our website; this will include information you willingly and consensually provide, including but not limited to your name, address, email address and telephone number. We may ask you to provide additional information about your business and preferences on a voluntary basis
  • provide your vehicle registration number via one of our parking payment machines.
  • provide your vehicle registration number via one of our permit registration/entry systems, this may include a web login, on-site portable entry system, phone based permit system, QR Code registration portal or other remote parking registration process.
  • use a car park or other premises managed and controlled by us, whether in accordance with the terms and conditions of parking in that car park or otherwise.
  • complete online forms (including call-back requests), take part in surveys, write posts on any message boards, post any blogs, enter any competitions or prize draws, download information such as white papers or other publications, or participate in any other interactive areas that appear on our website or which we offer to you from time to time.
  • provide your contact details to us when registering to use or accessing any product or service we provide (including any Apps we may offer).
  • contact us offline for example by telephone, fax, email or post.
  • visit or browse our website, this will include information about your website visit or use of our products or services using cookies or similar technologies (as described in section 5 below).
  • provide your contact details when using our web-based Parking Charge Notice appeals service, this will include your name, address, email address and telephone number.
  • provide your payment details when using our web-based or telephone-based Parking Charge Notice payment service.

What data do we collect when you use a car park managed by us?

We will collect, store and process images of vehicles and/or the Vehicle Registration Mark (VRM) using the car park. Ordinarily, this is done using ANPR cameras which capture images of the vehicle and/or its VRM or using manual patrol officers. Other camera systems, such as CCTV, may also be used to capture vehicle data using the car parks we manage.

We will also capture other personal data such as telephone numbers and financial/payment data when you use the telephone payment system or the payment machines within the car park, or when you register your VRM and any other personal data when using one of our VRM permit registration/entry systems, including but not limited to a web login, on-site portable entry system, phone-based permit system, QR Code registration portal or other remote parking registration process.

In circumstances where the terms and conditions of parking in a car park are breached, or we have reasonable grounds to believe they have been breached, we will contact the DVLA to obtain the Registered Keeper Details at the date/time of the parking event (KADOE).  A Parking Charge Notice (PCN) will be issued to the Registered Keeper. The data we process when issuing a PCN includes the Registered Keeper’s name and address, images of the vehicle, the make, model and colour of the vehicle, the movement (direction) of the vehicle entering and leaving the car park, the Vehicle Registration Mark (VRM) and details relating to payment for any parking event where relevant. These will ordinarily be set out and detailed on the PCN which is sent to the Registered Keeper. 

We will also collect your personal data if you submit an appeal to us in relation to a PCN, correspond with us in writing, by email or by telephone. You will be deemed to have given this data by consent and in any event, it will be used for the purpose of enforcing the parking contract and/or for the protection of legitimate interests. Data collected when you appeal will include the PCN reference and other details, the VRM; your name, address, email and phone number, the IP address of the computer you use, whether you are the driver, registered keeper, hirer or ‘other’, and any additional information you provide as part of that correspondence. This may include special category or ‘sensitive’ personal information, for example, information about your physical or mental health or if you are disabled, which may be relevant to the circumstances of the parking event. Where such information is provided by you, either unprompted or following a request for corroboration of a health condition you have already disclosed to us, it will be deemed to have been provided with your explicit consent (pursuant to Article 9 of the GDPR or any equivalent provision) and on the understanding that such data will be processed by us for the purpose of assessing your appeal and any other relevant or connected purpose. We will continue to process your special category data unless you withdraw your explicit consent to do so. If consent is withdrawn, we will not be able to take that information into account when considering an appeal or any other circumstances relating to the PCN.

What we use your information for

We use ANPR cameras and manual patrol attendants to manage and monitor vehicle use of the car parks we manage. We may also use CCTV cameras in conjunction with other camera systems to monitor vehicle movements in the car parks. These CCTV cameras are not high definition and are not set up to capture moving images. They do not capture the movement or identity of individual persons using the car park or within the car park premises.

Other personal data is collected form you when you contact us in circumstances detailed above. This information is collected and processed for the following purposes:

  • To ensure compliance with the terms and conditions of parking at the car park
  • To allow us to issue a PCN to the Registered Keeper, Driver or Hirer of the vehicle when those terms and conditions have been breached and the liability to pay the parking charge arises
  • Processing the PCN to payment, appeal, debt recovery and collection, legal action and/or cancellation and all other related activity
  • To contact you in order to enforce the parking contract or take payment for the PCN or provide information about your appeal or communicate information to you about the PCN
  • We may use your personal data for internal purposes such as auditing, data analysis and research to improve our products, services, website and customer communications.

The lawful basis for processing your personal data is:

  • Your express consent when entering into the parking contract or by parking in the relevant car park or by providing your personal data to us in any of the circumstances detailed above; and/or
  • Ensuring that the contract is performed in accordance with the relevant terms and conditions; and/or
  • Legitimate interest

Sharing your Information

In order to enforce the parking contract and/or to support the legitimate interests detailed in this Privacy Policy, we may process your personal data and share it with third parties, including:

  • The DVLA or equivalent government agency or an international equivalent to obtain Registered Keeper details. This includes sharing data for audit purposes.
  • Other statutory and industry associations, such as (but not limited to) the British Parking Association (BPA), the Parking On Private Land Appeals (POPLA) Service and the British Standards Institute (BSI)
  • Where lawfully requested, Law Enforcement Agencies and other statutory bodies with the authority to request data, to prevent and detect crime, enhance public safety and assist with investigations.
  • Vehicle hire and lease companies.
  • Other relevant third parties, e.g. landowners, managing agents, tenants and authorised sub-contractors, such as mail service providers, business process outsourcers, credit reference agencies, collection agents, tracing agents, legal advisors, IT service providers, and payment service providers.
  • In certain circumstances we are obliged to undertake a ‘trace’ or ‘search’ for your up to date address and other contact details in order to contact you and/or serve proceedings on you. In order to do so, we will share your data with credit reference agencies and trace providers who in turn may share with us further personal data about you.  

We may pass collective information about the use of our website, our products and services, general violation rate data and site attendance data to third parties but this will not include information which can be used to identify you and will in all instances be anonymised and not referable to any personal data.

We will disclose your information if we are required to by law. We may disclose your information to enforcement authorities if they ask us to, or to a third party in the context of actual or threatened legal proceedings, provided we can do so without breaching data protection laws.

When we send a PCN to the Registered Keeper, they may pass information to us about the identity of the driver of the vehicle at the date and time of the parking event.

Your Information

You have the right to make the following requests about personal data we may hold:

  • To inform you how and why it is processed; to give you access to it; rectify and incorrect information; to delete it; to restrict our use of it; to ask us to transfer a copy to a third party and object to our use of it.
  • Data protection law requires us to verify your identity before providing information, respond to your request and tell you why, if we do not agree with it.

If we hold any information about you which is incorrect or if there are any changes to your details please let us know so that we can keep our records accurate and up to date. If you would like to update your records or see a copy of the information that we hold about you, you can contact us at Data Protection Officer, Civil Enforcement Ltd, Horton House, Exchange Flags, Liverpool, L2 3PF or by email at dataprotectionofficer@ce-service.co.uk. If you request a copy of your information you will not need to pay any fee.

Changes to our privacy policy

We may change our privacy policy from time to time. We will always update the privacy policy on our website, so please try to read it when you visit the website. This policy is up to date as at 03 July 2023.

Security, storage and retention of information

We will keep your information secure by taking appropriate technical and organisational measures against its unauthorised or unlawful processing and against its accidental loss, destruction or damage.

Some communications sent over the internet, such as email, may not be secured unless they are encrypted. Although we do our best to monitor and improve how we protect your personal data, we cannot guarantee the security of your data which is transmitted to our website or other products and services via an internet or similar connection and any transmission of data to our site is at your own risk. We do however use secure connections in our payment pages.

If we have given you (or you have chosen) a password to access certain areas of our website, product or service please keep this password safe – we will not share this password with anyone.

Data retention Policy

We will retain your data for certain reasons. The period we retain your data for depends upon the type of data we hold and the purpose(s) for which it was collected and processed. Data may be held by or with third parties. Where this is done, we will take the necessary steps to ensure that the data is kept only for as long as is necessary and adhere to our retention and deletion policies.

In accordance with the GDPR, we will retain your personal data for no longer than necessary to support the purposes set out in this privacy policy.

We are obliged to retain certain personal data for a minimum period of 2 years under our agreement with the DVLA. This is so that the DVLA can audit our records and processes and ensure that we are complying with our agreement. We may retain your personal data for up to 6 years from the date of collection in order to respond to any concerns or claims that may arise in that time. This period may be extended if related correspondence or claims are on-going; for example, where a county court judgment has been issued against you in respect of a PCN we have issued and remains outstanding.

Transfers outside Europe

Personal data in the European Union (“EU”) is protected by data protection laws but other countries do not necessarily protect your personal data in the same way. Our website and some of our products or services or parts of them may be hosted in the United States or elsewhere outside of the European Economic Area (“EEA”) (which means all the EU countries plus Norway, Iceland and Liechtenstein) and this means that we may transfer any information which is submitted by you through the website, product or service outside the EEA to the United States/elsewhere. When you send an email to us, this may be stored on email servers which are hosted in the United States or elsewhere. If we do this, we will take steps to ensure that our hosting provider uses the necessary level of protection for your information. Also, where data is transferred outside of the EEA, we will have implemented and ensured the necessary safeguards required by data protection law and embedded these safeguards in the contractual agreements with the parties processing and hosting the data. If you do not want your information to be transferred outside the EEA you should not use our website, product or service or contact us via email. This policy will be updated when the UK leaves the EU.

Cookies and Traffic Data

Cookies are small text files which are transferred from our website, product or service and stored on your computer’s hard drive. They are widely used in order to help websites work, or work more efficiently, as well as to provide general usage information to the owners of the site. We’re currently looking into making further improvements to our privacy policy and how cookies are managed on our website, so please check back here for updates. There are different types of cookies.

Session Cookies – We use session cookies on our websites and in some of our products or services to identify and track users and to remember what is in your shopping basket (where relevant) and we also use session cookies in the VSP Admin reporting system to remember customer information used to complete transactions through the VSP Terminal. Our session cookies may contain your customer account number, company name and email address. These session cookies are deleted when you close your browser or leave your session in the product or service.

Persistent Cookies – Persistent cookies enable our website, product or service to “remember who you are” and to remember your preferences on our website. Persistent cookies will stay on your computer or device after you close your browser or leave your session in the product or service.

Web analytics and similar services – Our website uses web analytics services. Web analytics cookies allow us to recognise and count the number of visitors and see how they move around the website, product or service. This helps us make our service to you better.

We also use cookies and similar software known as web beacons or pixels to count users who have visited our website after clicking through from one of our advertisements on another website or in emails and to collect details of any products purchased. These web beacons collect limited information which does not identify particular individuals. It is not possible to refuse the use of web beacons. However, because they are used in conjunction with cookies, you can effectively disable them by setting your browser to restrict or block cookies.

We keep a record of traffic data which is logged automatically by our server, such as your Internet Protocol (IP) address, the website that you visited before ours, the website you visit after leaving our site. We also collect some site, product and service statistics such as access rates, page hits and page views. We are not able to identify any individual from traffic data or site statistics.

Most web browsers allow some control to restrict or block cookies if you wish, however if you disable cookies you may find this affects your ability to use certain parts of our website, products or services. For more information about cookies and instructions on how to adjust your browser settings, see the Internet Advertising Bureau website www.youronlinechoices.co.uk.

What cookies do we use?

Necessary cookies

Name Purpose Expires
APPSESSIONID Preserves users state across page requests. Session
laravel_session Preserves users state across page requests. Session
XSRF-TOKEN This cookie is used to prevent Cross-Site Forgery Attack. Session

Functional cookies

Name Purpose Expires
ckns_explicit Stores users consent on cookie policy. 1 Year
ckns_policy Stores users preference on cookie policy. 1 Year

Performance cookies

Name Purpose Expires
_gat These are performance cookies used to collect information on how visitors use a website. 60 minutes or end of user session.
_ga These are performance cookies used to collect information on how visitors use a website. 2 Years
_gid These are performance cookies used to collect information on how visitors use a website. 60 minutes or end of user session.
collect These are performance cookies used to collect information on how visitors use a website. 60 minutes or end of user session.
VISITOR_INFO1_LIVE Used to estimate the users’ bandwidth on pages with integrated YouTube videos. 179 Days
PREF Registers a unique ID that is used by Google to keep statistics of how the visitor uses YouTube videos across different websites. 8 Months
YSC Registers unique ID to keep statistics of what videos from YouTube the user has seen. Session

Advertising cookies

Name Purpose Expires
GPS Registers a unique ID on mobile devices to enable tracking based on geographical location. 1 Day
IDE Used by Google DoubleClick to register and report the website user’s actions after viewing or clicking one of the advertiser’s ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user. 1 Year

Other Sites

If you follow a link from our website, product or service to another site or service, this policy will no longer apply. We are not responsible for the information handling practices of third party sites or services and we encourage you to read the privacy policies appearing on those sites or services.

Written Communication Including Electronic Communication

English is our official business language. Written and oral/telephone communications and correspondence with drivers/registered keepers and/or their agents and representatives, and any other external third parties, will be in English only. This includes PCNs, reminders, other notices, and responses to appeals and complaints, whether in email, SMS, or paper format.

Our normal practice will be to ensure that all our written correspondence is provided in appropriate and easily understandable plain English.

Further Information

If you would like further information about data protection, or if you would like to view the register of Data Controllers, you can visit the Information Commissioner’s site at http://www.ico.org.uk/.

Thank you for visiting our website.