Waverley Borough Council is responsible for the management of the borough's car parks. Parking operations include day-to-day management, maintenance, enforcing parking regulations, administering parking charges, issuing car parking permits, dealing with unauthorised use of car parks and general enquiries.
In order to provide the above services, the Council is required to collect and process personal data and we are committed to protecting your privacy in accordance with the Data Protection Act and the General Data Protection Regulation (GDPR), which came into effect on 25 May 2018.
When do we collect personal information?
We will collect personal information when you request one of the above services. This could be in the form of an email, a letter or a telephone call. We will collect a vehicle registration number when a parking contravention takes place, so that a Penalty Charge Notice (PCN) can be issued.
What is the legal basis for processing the information?
If you have received a Penalty Charge Notice or applied for a parking permit we have a legal obligation to process the information or your application.
If you have contacted us and require us to reply to you, your information is needed to enable us to make contact with you.
How is the information collected?
The council will collect some of the personal information for the provision of the above services.
The council also uses a number of contractors to provide optional and support services and these include:
RingGo - our optional cashless parking service is provided by Cobalt Telephone Technologies Ltd and is branded RingGo. For more information, please see RingGo's service terms and conditions and privacy notice.
What personal information do we collect?
In order to provide parking services, it is necessary for us to collect and use personal data about you. The personal data collected and used will vary and depend on the nature of the service used.
Examples of the parking services for which personal data may be collected include:
- Parking enforcement
- Parking appeals
- Blue badge misuse
- Parking dispensations
- Car park season tickets
- Resident permits
- Card payment for parking
This information may include:
- details about you such as name, address, phone number, email address
- details of your vehicle, such as registration number, vehicle make , model and colour
- location of vehicle
- civil parking offence details
- blue badge serial numbers and expiry dates
- formal parking enforcement notices and Police and Criminal Evidence (PACE) interview forms
- vehicle ownership checks via the DVLA
- images of you if the enforcement officer has activated their body worn video camera
- your credit/debit card details if you have paid for a service by card
- contact we've had with you, such as any correspondence
Details of credit and debit card payments made over the phone will not be retained in accordance with the Payment Card Industry Data Security Standard (PCI DSS)
How do we use your personal information?
The above information will be collected to allow the council to provide specific car parking services and for the effective management of its car parks. In terms of car parking enforcement, the council has a legal obligation to enforce its parking regulations in accordance with the Traffic Management Act 2004 and Civil Parking Enforcement Statutory Guidance. We will not use your personal information for any other purposes such as marketing but reserve the right to use it for fraud investigations and for the prevention and detection of crime.
Do we share your personal information with anyone else?
For parking enforcement, we will securely share information with the DVLA, the Traffic Enforcement Centre, the Traffic Penalty Tribunal (TPT) and the council's appointed bailiff company for the purposes of administering and processing PCNs, in accordance with the council's legal obligations and for the recovery of unpaid PCNs.
We will share information for the investigation of fraud and for the prevention and detection of crime.
We will not share your information with any other organisations unless required to do so by law.
How long will we retain your data?
All personal data is held for six years in accordance with the Limitations Act 1980.
We may share your information with third parties for appeals and enforcement.
For further information about how we process your data, please refer to our main privacy notice.