Home > Privacy Policy
Privacy Policy
Creative Car Park Ltd
Privacy Policy
Creative Car Park Limited (“we’ or “us” or “our”) is committed to protecting your privacy. Our Privacy policy explains how we collect, use and protect information about you in the scenarios that are described below. By taking any of the actions listed within that section, you agree that we may collect and use your information in the ways described in this privacy policy.
Topics covered in our privacy policy:
- Who we are
- How we collect information
- What we use your information for
- Sharing your information
- Cookies and Traffic data
- Your information
- Changes to our privacy policy
- Security and storage of information
- Transfers outside Europe
- Other Sites
- Further Information
Who we are
We are a limited company registered in England and Wales under company number 05571660. Our registered office is at Athene House Suite Q, 86 The Broadway, London, England, NW7 3TD. We are registered on the Information Commissioner’s Office Register of Data Controllers under registration number Z9864675. This registration covers all of our different business divisions.
For details of how to contact us, please refer to the Contact Us page.
How we collect information
We will collect information from you if you:
- register to use our website; this will include your name, address, email address and telephone number. We may ask you to provide additional information about your business and preferences on a voluntary basis
- provide your vehicle registration number via one of our parking payment machines.
- provide your vehicle registration number via one of our permit entry systems, this may include a web login, on-site portable entry system, phone-based permit system.
- Apply for a job or consultancy role with us – please refer to our specific
employment privacy notice section below. - complete online forms (including callback requests), take part in surveys, write posts on any message boards, post any blogs, enter any competitions or prize draws, download information such as white papers or other publications, or participate in any other interactive areas that appear on our website or which we offer to you from time to time.
- provide your contact details to us when: registering to use or access or contacting us to enquire about any product or service we provide (including any Apps we may offer); when contacted by one of our business development or client liaison team; requesting details of our services or products; you provide these details to us by consent or where the details are available publicly and you have provided your consent to collect the details.
- contact us offline for example by telephone, fax, email or post.
- visit or browse our website, this will include information about your website visit or use of our products or services using cookies or similar technologies (as described in section 5 below).
- provide your contact details when using our web-based Parking Charge Notice appeals service, this will include your name, address, email address and telephone number.
- provide your payment details when using our web-based or telephone based Parking Charge Notice payment service.
What we use your information for
We will use your personal information to provide any information on services that you have requested or any products or services that you have ordered. We may also contact you for feedback on your use of our products, services or our website.
We may use your personal data for internal purposes such as auditing, data analysis, and research to improve our products, services, website, and customer communications.
Sharing your information
We may share your information with:
- Other organisations such as the British Parking Association (BPA), the Parking On Private Land Appeals (POPLA) service for parking events in England and Wales, landowners, managing agents, tenants and any authorised sub-contractors or business partners, such as mail service providers, business process outsourcers, credit reference agencies, debt recovery and collection agents, legal advisors, IT service providers, bailiffs, other Court officers and payment service providers. Where you (either as a business entity or an individual, and either as a new or potential client) have contacted us to enquire about our services, and we are not able to assist you but in circumstances where another business entity may be able to assist in the provision of those requested services to you, we may share your details with such an appropriate third party entity and as a paid for lead. This may include sharing personal data for contact purposes, such as a personal or work email address, or the address of the car park or premises where you work and will be done on a consent and/or legitimate interest basis.
We may pass collective information about the use of our website or our products or services to third parties but this will not include information that can be used to identify you.
We will disclose your information if we are required to by law. We may disclose your information to enforcement authorities if they ask us to, or to a third party in the context of actual or threatened legal proceedings, provided we can do so without breaching data protection laws.
Cookies and Traffic Data
Cookies are small text files which are transferred from our website, product or service and stored on your computer’s hard drive. They are widely used in order to help websites work, or work more efficiently, as well as to provide general usage information to the owners of the site. We’re currently looking into making further improvements to our privacy policy and how cookies are managed on our website, so please check back here for updates.
There are different types of cookies
Session Cookies – We use session cookies on our websites and in some of our products or services to identify and track users and to remember what is in your shopping basket (where relevant) and we also use session cookies in the VSP Admin reporting system to remember customer information used to complete transactions through the VSP Terminal. Our session cookies may contain your customer account number, company name and email address. These session cookies are deleted when you close your browser or leave your session in the product or service.
Persistent Cookies – Persistent cookies enable our website, product or service to “remember who you are” and to remember your preferences on our website. Persistent cookies will stay on your computer or device after you close your browser or leave your session in the product or service.
Web analytics and similar services – Our website uses web analytics services. Web analytics cookies allow us to recognise and count the number of visitors and see how they move around the website, product or service. This helps us make our service to you better.
We also use cookies and similar software known as web beacons or pixels to count users who have visited our website after clicking through from one of our advertisements on another website or in emails and to collect details of any products purchased. These web beacons collect limited information which does not identify particular individuals. It is not possible to refuse the use of web beacons. However, because they are used in conjunction with cookies, you can effectively disable them by setting your browser to restrict or block cookies.
We keep a record of traffic data which is logged automatically by our server, such as your Internet Protocol (IP) address, the website that you visited before ours, the website you visit after leaving our site. We also collect some site, product and service statistics such as access rates, page hits and page views. We are not able to identify any individual from traffic data or site statistics.
Most web browsers allow some control to restrict or block cookies if you wish, however if you disable cookies you may find this affects your ability to use certain parts of our website, products or services. For more information about cookies and instructions on how to adjust your browser settings, see the Internet Advertising Bureau website www.youronlinechoices.co.uk.
Necessary cookies
Name | Purpose | Expires |
APPSESSIONID | Preserves users state across page requests. | Session |
laravel_session | Preserves users state across page requests. | Session |
XSRF-TOKEN | This cookie is used to prevent Cross-Site Forgery Attack. | Session |
Functional cookies
Name | Purpose | Expires |
ckns_explicit | Stores users consent on cookie policy. | 1 Year |
ckns_policy | Stores users preference on cookie policy. | 1 Year |
Performance cookies
Name | Purpose | Expires |
_gat | These are performance cookies used to collect information on how visitors use a website. | 60 minutes or end of user session. |
_ga | These are performance cookies used to collect information on how visitors use a website. | 2 Years |
_gid | These are performance cookies used to collect information on how visitors use a website. | 60 minutes or end of user session. |
collect | These are performance cookies used to collect information on how visitors use a website. | 60 minutes or end of user session. |
VISITOR_INFO1_LIVE | Used to estimate the users’ bandwidth on pages with integrated YouTube videos. | 179 Days |
PREF | Registers a unique ID that is used by Google to keep statistics of how the visitor uses YouTube videos across different websites. | 8 Months |
YSC | Registers unique ID to keep statistics of what videos from YouTube the user has seen. | Session |
YSC | Registers unique ID to keep statistics of what videos from YouTube the user has seen. | Session |
YSC | Registers unique ID to keep statistics of what videos from YouTube the user has seen. | Session |
zab_g_{exp_key} (stores a random alphanumeric string of length 7 or 32) | Used to track successful custom/pageview goal conversions obtained in the same domain. | 1 year |
zabUserID | Used for identifying individual visitors along with the status of new and returning visitors. | 1 year |
zabVisitID | Used for identifying every visit made by the user on the web page. | 1 year |
zabSplit | Used for sending the experiment and visitor information to the server upon redirection. | 5 secs |
zabBucket | Used to consistently serve visitors the same variation of the test they’ve seen before. | 1 year |
zabHMBucket | Used for identifying the exact heatmap experiment to be tracked on the web page. | 1 year |
zpsfa_{exp_key} (stores a random alphanumeric string of length 7 or 32) | Used for deriving the path taken by the visitor and the number of visitors that dropped off while traversing through the funnel. | 1 month |
zfa{exp_key} (stores a random alphanumeric string of length 7 or 32) | Used for tracking actual user conversions. | 1 hour |
zsr {expkey} (stores a random alphanumeric string of length 7 or 32) | Used for mapping all the user actions performed within a session. | 2 hours |
zabme | Used for serving the same experiment within a mutually exclusive group, the user has seen before. | 1 year |
zsd{sessionId} (stores a random alphanumeric string of length 32) | Used for identifying the start time, last interacted time, and number of pages visited for a session. | 2 hours |
ps_payloadSeqId: | Used to keep track of duplicate payloads (session data). | 2 hours |
zabPZBucket | Used to consistently serve visitors the same experience they have seen before. | 1 year |
zPersonalization | Used for sending the experiment and visitor information to the server upon redirection. | 1 year |
zia_ {projectkey} | Used to avoid sending the same visitor data multiple times to the server. | 1 year |
zpc< projectkey> | Used to ensure that the banner does not reappear to the same visitor on your website. | 1 year |
zps_permission_status | Used to identify and update the push notification status of the subscriber on your website. | 1 year |
{exp_id}+”popup” (stores a random alphanumeric string of length 7 or 32) | Used to track user impressions and whether they respond to a popup. | 1 year |
zps-tgr-dts | Used for activating your experiment based on a given trigger condition. | 1 year |
zpspolls_” +{exp_id} | Used for tracking user actions such as impressions, answered/unanswered polls, and other poll parameters. | 1 year |
zpsPollsBucket | Used for identifying the polls experiment to be served on the web page. | 1 year |
“zpspb” + {exp_id} | Used for tracking user actions like impressions and answered/unanswered popups. | 1 year |
zpsPopupBucket | Used for identifying the popup experiment to be served on the web page. | 1 year |
“zpssr” + {current time in milliseconds} | Used to identify the top level domain in your session recording experiment. | 1 year |
_clck | Persists the Clarity User ID and preferences, unique to that site is attributed to the same user ID. | 1 year |
_clsk | Connects multiple page views by a user into a single Clarity session recording. | 1 day |
CLID | Identifies the first-time Clarity saw this user on any site using Clarity. | 1 year |
ANONCHK | Indicates whether MUID is transferred to ANID, a cookie used for advertising. Clarity doesn’t use ANID and so this is always set to 0. | 1 year |
MR | Indicates whether to refresh MUID. | 1 year |
MUID | Identifies unique web browsers visiting Microsoft sites. These cookies are used for advertising, site analytics, and other operational purposes. | 1 year |
SM | Used in synchronizing the MUID across Microsoft domains. | 1 year |
Advertising cookies
Name | Purpose | Expires |
GPS | Registers a unique ID on mobile devices to enable tracking based on geographical location. | 1 Day |
IDE | Used by Google DoubleClick to register and report the website user’s actions after viewing or clicking one of the advertiser’s ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user. | 1 Year |
Your information
You have the right to make the following requests about personal data we may hold:
- To inform you how and why it is processed; to give you access to it; rectify and incorrect information; to delete it; to restrict our use of it; to ask us to transfer a copy to a third party and object to our use of it.
- Data protection law requires us to verify your identity before providing information, respond to your request and tell you why, if we do not agree with it.
If we hold any information about you which is incorrect or if there are any changes to your details please let us know so that we can keep our records accurate and up to date. If you would like to update your records or see a copy of the information that we hold about you, you can contact us at Data Protection Officer, Creative Car Park Ltd, Athene House Suite Q, 86 The Broadway, London, England, NW7 3TD or by email at dataprotectionofficer@creativecarpark.co.uk. If you request a copy of your information you will not need to pay any fee.
Your Consent:
Changes to our privacy policy
We may change our privacy policy from time to time. We will always update the privacy policy on our website, so please try to read it when you visit the website.
Security and storage of information
We will keep your information secure by taking appropriate technical and organisational measures against its unauthorised or unlawful processing and against its accidental loss, destruction or damage.
Some communications sent over the internet, such as email, may not be secured unless they are encrypted. Although we do our best to monitor and improve how we protect your personal data, we cannot guarantee the security of your data which is transmitted to our website or other products and services via an internet or similar connection and any transmission of data to our site is at your own risk. We do however use secure connections in our payment pages.
If we have given you (or you have chosen) a password to access certain areas of our website, product or service please keep this password safe – we will not share this password with anyone.
Transfers outside Europe
We do not ordinarily transfer data outside of the UK. Our data hosting servers are based in the UK. Should any transfer of data outside the UK take place, the transfer will be compliant with UK GDPR, any other relevant data protection law and we will ensure that data is secure. In most cases, we will rely on standard data protection clauses which have been approved by the Information Commissioner’s Office and/or the European Commission in accordance with the applicable laws and regulations. Personal data in the UK is protected by data protection laws and reciprocal data sharing agreements/adequacy decisions with the European Union (which, along with other countries such as Argentina, Switzerland, Israel and New Zealand have been deemed to have sufficiently secure data protection regulations in place) but other countries do not necessarily protect your personal data in the same way. Our website and some of our products or services or parts of them may be hosted in the United States and this means that we may transfer any information which is submitted by you through the website, product or service outside the European Economic Area (which means all the EU countries plus Norway, Iceland and Liechtenstein) (“EEA”) to the United States. When you send an email to us, this may be stored on email servers which are hosted in the United States, if we do this, we will take steps to ensure that our hosting provider uses the necessary level of protection for your information but if you do not want your information to be transferred outside the EEA you should not use our website, product or service or contact us via email.
Employee and Employment Privacy Policy Notice
This notice details how the personal data of job applicants and prospective employees will be used, and your associated rights. Personal data is defined by the ICO as information from which individuals may be identified.
This policy applies to all job applicants to Creative Car Park, whether for permanent, temporary or consultancy roles, and is published in accordance with the UK GDPR and other data protection laws and authorities.
What Data will we collect:
We will usually obtain the following minimum information (personal data) from you, some of which may be classed as sensitive personal data:
- Your name, present address and other contact details;
- previous employment details, educational details, and your skills and experience;
- your training and qualifications;
- information relating to your health and health conditions;
- race and ethnicity, religion;
- unspent criminal convictions;
- publicly available information, including via social networking sites and public profiles;
- other personal biographic data; and
- salary expectations/negotiations and information on preferred working arrangements
The data we obtain may not be limited to the categories set out above.
Retaining your personal data and other information provided to us:
We are required to keep your personal data for no longer than is necessary. We have generally deemed this to be up to 2 years, unless you agree to a longer period. You can apply to have your data deleted sooner than this, and in some exceptional cases, we may retain your data for longer than this. Where you are required to make a presentation to us as part of the interview process, we will retain that information and unless otherwise agreed, you will have no proprietary rights in any presentation material that you provide to us.
If you become and employee of Creative, any data provided will be stored and retained on our HR system in line with your contract of employment and our employee policy published in the staff handbook.
How will we use your personal data:
We will use your personal data to screen and assess your application and facilitate the selection and interview process, and for other purposes, which include but are not limited to the following:
- activities relating to the selection and interview process (and maintaining
related records, anonymised wherever appropriate); - in relation to employment opportunities which may be available in the future;
- managing legal disputes;
- ensuring that we have complied with employment legislation and regulations;
- to protect our legal rights and responsibilities; and
- prevention or detection of fraud, crime, or other unlawful or inappropriate conduct.
Our lawful basis for processing your data:
In general, when you apply for a role and disclose personal data, we have legitimate interest in processing your data. We also process your data on the basis of consent and where this is the sole basis for processing, you have the right to
withdraw your consent and request deletion/erasure of that data.
We may also process your data for the following bases:
- it is required to identify or keep under review the existence or absence of equality of opportunity or treatment and to enable equality and diversity to be promoted or maintained
- to fulfil our obligations or exercise our rights under statute or regulation, such as employment rights, social security, Equality Act 2010 issues and social protection law
- it is required in connection with formal legal proceedings; or
- it is necessary for preventing or detecting unlawful acts
Disclosing your data to third parties:
Data will generally be shared internally with the directors, senior management and the people who are directly involved with the selection and interview process. This may include our board of directors and others employed by companies within the Creative group. Where it is required, necessary and justified, we may disclose your data to other entities, including but not limited to the following categories:
- our professional advisers, e.g. lawyers, accountants, auditors, and consultants;
- government departments;
- Other executive government agencies, such as the DVLA
- ‘Competent Authorities’ under the DPA, such as the police and law enforcement agencies;
- courts and tribunals; and
- Other Creative partners, suppliers, agents and service providers.
Third Party Processors
Our carefully selected partners and service providers may process personal information about you on our behalf as described below:
Digital Marketing Service Providers
We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include:
(i) Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io. Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io
(ii) Campaign and Digital Intelligence Ltd (trading as Canddi ) Reg. UK Co. 07066939. You can contact Canddi and view their privacy policy here: https://canddi.com Canddi is registered with the ICO Reg: Z2721392 their Data Protection Officer can be emailed at: help@canddi.com
International transfers and automated decision making:
We do not ordinarily transfer employee and prospective employee data outside of the UK. Our data hosting servers are based in the UK.Should any transfer of data outside the UK take place, the transfer will be compliant with UK GDPR, any other relevant data protection law and we will ensure that your personal data is secure. In most cases, we will rely on standard data protection clauses which have been approved by the Information Commissioner’s Office and/or the European Commission in accordance with the applicable laws and regulations.
We do not use automated decision making in our application process. This policy will be updated and you will be informed if that changes. Where any decision is made about you is made solely on the basis of an automated decision, you will be informed and can request a review of that decision if you wish. You should notify us in writing
if that is the case.
Your rights:
You can request the following under the UK GDPR/DPA 2018, namely:
- Delete information under relevant circumstances (the right of erasure);
- Provide a copy of any personal data we hold in a readily accessible, readable format;
- Correct any information (the right of correction)
If you are not happy with the way Creative has dealt with your personal data, you can complain in writing to the Data Protection Officer on dataprotectionofficer@creativecarpark.co.uk or directly to the ICO on link set out below.
Other Sites
If you follow a link from our website, product or service to another site or service, this policy will no longer apply. We are not responsible for the information handling practices of third party sites or services and we encourage you to read the privacy policies appearing on those sites or services.
Written Communication Including Electronic Communication
English is our official business language. Written and oral/telephone communications and correspondence with drivers/registered keepers and/or their agents and representatives, and any other external third parties, will be in English only. This includes PCNs, reminders, other notices, and responses to appeals and complaints, whether in email, SMS, or paper format.
Our normal practice will be to ensure that all our written correspondence is provided in appropriate and easily understandable plain English.
Further Information
If you would like further information about data protection, or if you would like to view the register of Data Controllers, you can visit the Information Commissioner’s site at https://ico.org.uk/.
This policy was updated on 03 May 2024.
Thank you for visiting our website.