Parking Enforcement Database - Privacy Statement

This Privacy Statement describes the ways in which your personal data is collected and used by the parking enforcement database system held at Aberystwyth University.

Aberystwyth University, are the Data Controller of all Notices issued on University land. The Notices are owned, and controlled by the University. 

On behalf of Aberystwyth University, Excel Parking are the Data Processor, they manage and recover Parking Charge Notices issued on University land.
Excel Parking use the DVLA database for identifying and contacting vehicle owners for Notices issued.
A full Privacy Notice can be found via Excel website at: www.excelparking.co.uk/policies/privacy-notice-manual.

• Images will be captured of any vehicle, observed in breach of site regulations or terms and conditions. These images will include the recording of the vehicles number plate and may also include images of any person(s) associated with the vehicle. Images are collected for the purpose of identifying the driver or keeper responsible for any charge arising from failure to follow the contractual terms and conditions of the site.

It is your responsibility to review and understand this Privacy Statement prior to providing your personal data to us. You must also review our Terms and Conditions. If you do not accept and agree to the Privacy Statement and/or Terms and Conditions, you should not provide your personal data to us and will not be able to use our product/services.
 
Our Privacy Statement and Terms and Conditions may also change from time to time. Whenever there are changes, the modified policies will be posted on our website and will be effective at that time. Each time they change the information, the version number displayed at the bottom of the page will also change. Consequently, each time you access or use our services or otherwise engage with us, you accept and agree to the most current Privacy Statement and set of Terms and Conditions. It is your responsibility to be aware of any such changes.

Collection of Personal Data

In order to provide our products and services, we collect and process personal data from our customers. We may collect information ("Personal Data") from you such as, but not limited to, your full name, email address, your personal ID relating to the University (staff number or student number), mailing address, phone number, date of birth, gender, employment information. You are not required to provide us with all of the Personal Data listed above, but if you do not do so, we may not be able to effectively provide you with our products, services and information. In certain circumstances, you will need to provide us with specific categories of Personal Data (including name, email address and payment information) in order to enter into a contract with us and for us to perform that contract.

The University complies with the Data Protection Act 1998 and, after May 2018, the General Data Protection Regulation (GDPR). See “Use of Information” section below for further details regarding the ways that we use and process your personal data.

Use of information

Your Personal Data may be used in the following ways: 

• To provide our products and services to you
• To process payments from you
• To process payments to you (including, but not limited to, refunds or reimbursements)
• Internal purposes, such as website and system administration or internal audits and reviews
• To communicate with you regarding products/services that may be of interest to you
• To respond to your requests and enquiries
• To request your participation in optional surveys, focus groups, or other initiatives which help us to gather information used to develop and enhance our products and service.

We will process your personal data for the purposes identified above on the following bases:

1. Where processing is necessary for the performance of our contract to provide our product, services and information to you, or to take steps before entering into that contract (GDPR, Art.6 (1) (b)).
2. Where processing is necessary for the purposes of the legitimate interests pursued by the University in terms of the provision and enhancements of our products, services and information (GDPR, Art.6 (1)(f)) and
3. As necessary to comply with the legal obligations to which the University is subject, to resolve disputes and enforce contractual agreements (GDPR, Art.6 (1)(c)).

It should be noted that, currently, none of this data is subject to automated decision-making processes, and none is transferred outside the EU for processing or for any other purposes.
We will retain your information for as long as your parking permit is active, as well as for a short additional period afterwards to cover any outstanding issues or queries that may arise in relation to your account. This period of retention is subject to our review and alteration.

Sharing and Disclosure to Third Parties

We may disclose your Personal Data to third parties under the following circumstances:
1. You request or authorize the disclosure of your personal details to a third party.
2. The information is disclosed as permitted by applicable law(s) and/or in order to comply with applicable law(s) (for example, to comply with a search warrant, subpoena or court order).

Communication Preferences

We strive to provide you with relevant and useful information related to our products and services and you can contact us using the information listed at the bottom of this statement to make any changes to your communication preferences. We will only communicate with you electronically if it directly relates to services or products, which we are supplying or intend to supply to you.

Subject Access / User Rights

As a user, under the GDPR, you are provided with the following rights: 

• The right to be informed of the use of your Personal Data. 
• The right to access your Personal Data.
• The right to have Personal Data corrected/rectified. 
• The right to have Personal Data erased.
• The right to restrict processing of your Personal Data. 
• The right to data portability.
• right to object to processing.
• Rights in relation to automated decision making and profiling.

Further details can be found here: https://www.aber.ac.uk/en/infocompliance/policies/dp/data-subject-rights/  

Depending on the circumstances, you may seek to exercise any of these rights by updating your information, or by sending a written request to the University’s Data Protection Manager using the contact details listed below:

Dr Jonathan Davies


Data Protection Manager
Hugh Owen Library
Aberystwyth University
Penglais
Aberystwyth
Ceredigion
SY23 3DZ


infocompliance@aber.ac.uk

 

Contact Information

You are encouraged to report any improvements, suggestions, or any suspected breaches of privacy or security to us by using the contact information above or alternatively contact:

Thomas Bates


Head of Campus Life
Campus & Commercial Services
Y Sgubor
Fferm Penglais
Aberystwyth University
Penglais
Aberystwyth
Ceredigion
SY23 3BY

efastaff@aber.ac.uk