We are registered as a data controller with the Information Commissioner’s Office (“ICO”). Our registration numbers is Z7510045.
This Policy works in tandem with NCP’s terms and conditions.
Our vision is to keep all personal information safe and secure, and comply with all applicable data privacy laws in all jurisdictions within which we operate.
We collect personal information about you in the course of running our business and providing our services to you.
We may collect personal information about you from a variety of sources for example:
• directly from you, our customers and prospective customers, when you complete surveys or are using or enquiring about our products or services
• from our business partners where we provide you with our products or services on their behalf
• from service providers where they provide you with services or products on our behalf or where we use them to help us provide our products or services to you
• from cookies (for information regarding cookies, please see the cookie and profiling section below)
• and from government agencies such as the DVLA where lawfully allowed or required
The personal information we collect ourselves may include your:
- contact details (telephone number, email address, address)
- date of birth
- banking and financial details in order to facilitate payment
- CCTV images (which may capture ethnicity and health conditions)
- other images, such as, visual call images or documents provided for photographic identification purposes
- our website collects information about your computer, including (where available) your IP address, operating system and browser type, for system administration, to filter traffic, to look up user domains and to report on statistics
- details of your visits to our website, the pages you view and resources you access or download, including but not limited to, traffic data and location data
- health information (in relation to incidents that occur at our car parks and to administer the use of blue badges)
- and vehicle details (including vehicle registration marks or numbers (VRM))
- the date and time you used the service
- the places you’ve visited and the length of your visit
- any information within correspondence you send to us
We use personal information for the purpose for which it has been provided or obtained.
We use your personal information on one or more of the following legal basis:
- with your express consent
- legal obligation
- for legitimate business purposes;
- and/or to perform a contract or an agreement with you
This enables us to use your personal information:
- to provide the service or product you’ve requested or purchased
- to manage our relationships with you, and with our business partners
- to contact you, if any issues arise in our premises or with your booking
- to market our services and products to you
- to understand the way people use our services and products so we can improve them
- to conduct free prize draws
- for employee recruitment
- to assess and analyse our market, customers, products and services
- to pursue and collect outstanding monies owed to NCP
- for the apprehension and prosecution of offenders
- for the prevention or detection of crime; and
- to comply with our legal obligations
We also use your information to analyse and profile your purchasing preferences (e.g. market, customer and product analysis) to enable us to provide you with a personalised customer service experience, make decisions about you using computerised or automated technology. For example, automatically selecting products and/or services which we think will interest you from the information we have.
We may supplement the information that you provide to us with information that we receive from third parties. In particular, we will carry out searches with credit reference agencies and any information provided to us may be passed to these credit reference agencies for the purposes of confirming credit worthiness.
It is our policy to use information that cannot directly identify an individual wherever possible.
We may record telephone and intercom calls to verify content which may then be used together with other customer records we hold for regulatory compliance, quality control and staff training, preventing or detecting criminal activity and for complaint resolution.
We may share information about you:
- with other companies in the NCP group
- with third party service providers/companies that provide services for us on our behalf including IT services and mailing services e.g. website host, auditors, event organisers an individual has registered for; and/or
- with our business partners who may use your information to provide you with the services you request, analyse and asses their market, customers, products and services
There may also be instances when we disclose your information:
- if we have a duty pursuant to the law to do so, or if the law allows us to do so
- to verify or enforce compliance with the policies and terms governing our services
We may share your information with the relevant company that your car parking booking relates to. For example, customer data for bookings made with Birmingham Airport are sent securely to Birmingham Airport to fulfil the service you have requested and for marketing purposes.
Other carefully selected partners include but not limited to:
- Norwich Airport
- Birmingham Airport
- Glasgow Airport
- Gatwick Airport
- Avanti West Coast Trains
Transfer outside of the European Economic Area (EEA)
We rarely transfer personal information outside of the EEA, we only do this in order to carry out the activities listed in “the information we collect” and “how we use your information” sections. In some instances where we need to send personal data outside the EEA, we put in place regulatory approved international data transfer contract clauses
We’ll treat your information in strict confidence and we’ll endeavour to take all reasonable steps to keep your personal information secure once it’s been transferred to our systems.
Personal data submitted through our service(s) are stored securely and protected by multiple anti-malware firewalls. However, the internet is not a secure medium and we can’t guarantee the security of any information you disclose online.
We use Direct Payment Gateways to process your card payments. These Direct Payment Gateways adhere to the standards set by the Payment Card Industry Data Security Standard (PCI-DSS) as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements, help ensure the secure handling of credit card information by our Service and its service providers. Your payment data is stored only if necessary to complete your purchase transaction.
If we are providing services to you, we will retain your personal information for the duration of the services, unless otherwise agreed.
- Phone calls/ intercom calls, which are recorded, for 12 months
- CCTV recordings for up to 30 days
- Parking Charge Notice (PCN) records for 3 years
"Cookies" may be used by us to provide you with customised information from the website.
A cookie is an element of data that a website can send to your browser, which may then store it on your system. Cookies allow us to understand who’s seen which pages and advertisements, to determine how frequently particular pages are visited and to determine the most popular areas of the website. Non-personal information such as browser type, operating system and domain names, may be collected during visitors' use of the website and this information may be used by us to measure the number of visitors to the website.
What types of cookies do we use
We use four types of cookies and similar tools across our website to improve its performance and enhance your user experience.
- First party cookies: we set these cookies and they can only be read by us
- Persistent cookies: we use persistent cookies which will be saved on your computer for a fixed period (usually one year or longer). They won’t be deleted when the browser is closed. We use persistent cookies to recognise your device for more than one browsing session
- Session cookies: we use session cookies which are only stored temporarily during a browsing session and will be deleted from your device when the browser is closed
- Third party cookies: we use a number of third-party suppliers who also set cookies on our website in order to deliver the services that they are providing. These cookies are known as third party cookies. If you would like more information about the cookies used by these suppliers, as well as information on how to opt-out, please see individual third-party cookies listed below
Cookies used on the website and their functions
The cookies used on the website and their functions are set out in the following table:
How to reject cookies
If you don’t want to receive cookies, you can alter your browser settings. The procedure for doing so varies from one browser application to another. If you wish to reject cookies from our site, but wish to accept those from other sites, you may choose the option in your browser settings to receive a notice before a cookie is stored on your device. Please consult the “Help” section of your browser for more information.
To find out more, please consult the following: http://www.allaboutcookies.org/manage-cookiies and www.youronlinechoices.com. By disabling cookies, you may be prevented from accessing some features of our site and some content or functionality may not be available.
Our HTML emails contain a single, unique tracking tag to tell us whether the email is opened and verify any click-throughs to links on our website within the email. We use this information to determine which of our emails are more interesting to our customers, to find out which customers wish to continue receiving emails and to inform our third party advertisers how many customers have clicked on their advertisements. The pixel will be deleted when you delete the email.
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
You have the right to ask for a copy, transfer, update, erasure, correction, stop the processing or be informed about the processing of any information we hold about you. If you wish to do this, please contact us at:
The Data Protection Officer
National Car Parks Limited
14b St Cross Street
Some of these rights are qualifying rights (not absolute rights). Therefore, can only be applied in certain circumstances.
How can I get my name removed from NCP mailing list(s)
You can ensure your details are removed from our mailing lists in the following ways:
- If you’ve received an email from us you can click unsubscribe on that email
- You can send an email to [email protected] with the words 'remove from marketing database' in the subject line and the email address that you wish to be removed within the email. Please note that it may take up to 7 days to action your request
- You can log onto the “Manage My Account” section of the NCP website and change your marketing preferences so that you no longer receive marketing emails from us
How do I change any details stored on www.ncp.co.uk
To change any of your registered details on www.ncp.co.uk, you should:
- log onto the ‘Manage My Account’ section of the website using your username and password, or
- amend your details using the ‘User Details’ menu option on the website
The Data Protection Officer
National Car Parks Limited
14b St Cross Street
Our services are not intended for audiences under 16 years of age. It is the sole responsibility of parents and guardians to monitor their children’s use of our services.
We keep our policy under regular review and place any updates on our website. This policy was last updated in August 2021.
Jonathan Scott, Chief Executive Officer, August 2021
December 2020 - updated to include Saffron Court office address, review and amendments of Partners and Cookies provider list.
August 2021 – reference to Manchester office address replaced with Saffron Court address.