1. About this Policy
Minster Baywatch Ltd is committed to ensuring that your privacy is protected.
We, therefore, take care to safeguard it. This notice outlines what data we collect, how we may use it, how we protect your data and your rights, and how you can exercise those rights.
We regularly check this notice to ensure we provide you with the most up-to date information regarding our data processing activities. We strongly advise you to read this page from time to time to ensure you are happy with any changes that might be made.
If you have any questions about this policy, please contact us using the details in the ‘Contact us’ section below.
2. Why we collect your data
When collecting, processing, sharing and retaining the specified data, Minster Baywatch Ltd is the Data Controller.
When you use one of our car parks, Minster Baywatch Ltd collects, processes, shares and retains data to ensure that you are complying with the terms and conditions of the Parking Contract.
We also use this data to fulfil our contractual obligations with the landowner/landlord in respect of car park management and enforcement.
3. Information we collect/share;
The data we collect comprises images of vehicles using the car park and/or the vehicle registration mark. This is collected via Automatic Number Plate Recognition cameras and/or warden patrols on-site, as well as via payment machines or terminals.
Minster Baywatch Ltd may apply to the DVLA for the registered vehicle keeper details and to support the processes stated in section 2 of this policy. Data may be shared with authorised third parties, including but not restricted to our trade association, the independent appeals service, our payment processor, collection agents and solicitors.
Data may be shared with our suppliers that facilitate payment and services for parking and also with companies that analyse car park use information in order to understand consumer behaviour and improve our car parking service to you.
Data may be shared with Group employees as dictated by our internal policy.
Data may also be shared with police and security organisations in order to prevent or detect crime.
4. Using your personal data
We will keep all your information – DVLA keeper details, written and electronic correspondence and telephone messages – in a confidential record that is specific to you. We use a customer relationship management system (CRM) to record your personal data. This ensures that we provide appropriate and accurate advice or support. We take information security very seriously. No one is allowed access to our system or files unless they need this to provide the service to you.
When you call our office for advice or support, your call will only be recorded if you choose to leave a voicemail. This is to enable us to call you back to help resolve any queries that you may have. Recordings are deleted within 2 weeks.
We may use your data for financial / statistical reports. These reports may include Vehicle Registration Marks, however, will not include any information regarding who is the registered keeper of a specific vehicle.
5. Professional contacts
We may collect data about professional contacts and partners with whom we work, or to whom we provide professional services. Personal data collected in this way will be processed in accordance with data protection legislation and this policy.
We may send our professional partners information and updates about our work (primarily by email). Such contacts can opt out of receiving this information at any time.
6. Our legal basis for processing personal data
The Information Commissioners Office sets out 6 lawful bases for processing data, which are as follows:
1. Consent: an individual has given clear consent for you to process their data for a specific purpose;
2. Contract: processing is necessary to fulfil your obligations under a contract between you and the individual;
3. Legal obligation: the processing is necessary for you to comply with the law;
4. Vital interests: the processing is necessary to protect someone’s vital interests i.e. their life;
5. Performance of a task: the processing is necessary for you to perform a task in the public interest or for your official functions and the task or function has a clear basis in law;
6. Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party.
Four of these lawful bases are relevant to the types of processing that we carry out. This includes information that is processed on the basis of:
1. a person’s consent – for example:
• providing bank account details to enable us to set up an instalment plan for a parking charge notice payment
• confirmation from an appellant to process their appeal
2. a contract – for example:
• to collect and process data to ensure that you are complying with the terms and conditions of the Parking Contract when using one of our car parks
• to fulfil our contractual obligations with the landowner in respect of car park management and enforcement
3. law – for example:
• appellants who are taken to court due to an unpaid Parking Charge Notice
4. legitimate interests – for example:
• correspondence between the appellant and Minster Baywatch
• sharing your vehicle registration mark with our third-party collection agent
• to analyse car park use information in order to understand consumer behaviour and improve our car parking services to you
• sharing with police and security organisations in order to prevent or detect crime
Personal data may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data, if its use is fair and does not adversely impact the rights of the individual concerned.
When we use your personal information, we will always consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair.
If you would like more information on our uses of legitimate interests, or to change our use of your personal data, please get in touch with us using the details in the ‘Contact us’ section below.
7. Disclosure of your personal data
We will not share any of your personal data to any third party – except where:
1. we are required to do so by law, for example to law enforcement or regulatory bodies where this is required or allowed under the relevant legislation
2. we have obtained your consent, for example to our payment processor to set up an instalment plan
3. to our third-party collection agent for the purpose of enforcing a parking contract
4. to our solicitors for the purpose of enforcing a parking contract, responding to a legal query or ensuring we are writing to you at your most recent correspondence address if you have not replied to other correspondence
5. with respective enforcement entities who may carry out authorised enforcement activities on Minster Baywatch’s behalf
6. we are required to do so to fulfil our obligations with the landowner/landlord
We will never share or sell your personal data to a third-party organisation for marketing, fundraising, or campaigning purposes.
8. Security of your personal data
We use appropriate technical and organisational measures and precautions to protect your personal data and to prevent the loss, misuse or alteration of your personal data.
Unfortunately, the transmission of information via the internet and electronically is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website and mailbox.
You should be aware of the following:
When we transfer and receive personal data, we redirect visitors to a web connection that uses SSL encryption (similar to that used for internet banking). We notify visitors of this connection through the use of a padlock symbol, which will appear in your address or status bar.
Some of our forms allow our visitors to ask questions about our products or services. You should be aware that these messages are not sent over an encrypted connection and the possibility exists, however minimal, that an unauthorised individual may be able to intercept this information.
We, therefore, recommend that you do not use unsecure forms and email to send personal data, such as financial information. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We encourage you to review the privacy statements of websites you choose to link to from the Minster Baywatch Ltd website so that you understand how these sites collect, use and share your information. We are not responsible for the privacy statements, security or other contents on sites outside of our own website.
9. Retention of your data
We will retain data for no longer than is necessary to support the purposes set out above.
With regards to parking contraventions, the associated personal data collected will be held for up to a period of 6 years from the Parking Charge Notice issuance date in order to be able to respond to any legal claims made within that period.
Vehicle ANPR reads will be deleted from our systems within 3 months.
10. Your rights
You have many rights under Data Protection legislation. These include:
1. Right of Access
You have the right know what personal data and supplementary information we hold about you. Requests for this data / information needs to be in writing. Reasonable adjustments will be made under the Equality Act 2010 for disabled persons.
Data / information will be supplied as soon as possible, however, this may take up to one calendar month from receipt of the request or longer if your request is complex. We will not charge you for this other than in exceptional circumstances. You will be asked for proof of identity as we need to ensure we are only releasing your personal data to you.
This is called a data subject access, and can be done by:
• emailing firstname.lastname@example.org
• writing to the Data Protection Manager, c/o Minster Baywatch Ltd, PO Box 731, York, YO31 7WP
2. Right to be informed
3. Right to withdraw consent
Where we process your data based on your consent (for example, to send you fundraising or marketing texts or emails), you can withdraw that consent at any time. To do this, or to discuss this right further with us, please contact us using the details in the ‘Contact us’ section below.
4. Right to object
You also have a right to object to us processing data where we are relying on it being within our legitimate interests to do so (for example, to send you direct marketing by email or post). To do this, or to discuss this right further with us, please contact us using the details in the ‘Contact us’ section below.
5. Right to restrict processing
In certain situations, you have the right to ask for processing of your personal data to be restricted because there is some disagreement about its accuracy or legitimate usage. You can make a request for restriction verbally or in writing. We have one calendar month to respond to a request.
6. Right of erasure
In some cases, you have ‘the right to be forgotten’ (i.e. to have your personal data deleted from our system). An individual can make a request for erasure verbally or in writing. We have one calendar month to respond to a request. Please note that this right is not absolute and only applies in certain circumstances.
7. Right of rectification
You have the right, if you believe our records are incomplete to be updated. In certain circumstances you have the right to have inaccurate personal data rectified. You can make a request for rectification verbally or in writing. We have one calendar month to respond to a request for rectification.
8. Right to data portability
You have the right to obtain and reuse your personal data for your own purposes across different service providers. This information will be provided to you in a structured, commonly used and machine-readable form and will be provided free of charge.
If technically feasible, you have the right to request that the data is transferred from us to another organisation. We are, however, not required to adopt or maintain processing systems that are technically compatible with other organisations. If the personal data concerns more than one individual, we will need to consider whether providing the information would prejudice the rights of the other individual. Requests must be provided in writing and whilst we will aim to respond immediately and within one calendar month, this can be extended by two calendar months where a request is complex, or we have received a number of requests. We will, however, inform you within one calendar month of receipt of the request and explain what an extension is necessary.
If you have any complaints about the way in which we have used your data, please get in touch with us using the details in the ‘Contact us’ section below. We would be happy to help and discuss your concerns.
In addition, you are also entitled to make a complaint to the Information Commissioner’s Office.
12. Contact Us
If you have any questions about this policy, would like more information, or want to exercise any of the rights set out in section 10 above, you can get in touch with us in the following ways:
• Minster Baywatch Ltd, PO Box 731, York, YO31 7WP