Privacy policy

Protecting your personal data is very important to Marston Holdings Limited.

We have implemented appropriate technical and organisational measures to protect personal data.

This Privacy notice sets out the basis on which we process personal data in accordance with our legal obligations, your privacy rights and how you can contact us if you have a privacy concern.

  1. What this Privacy notice covers

    This privacy notice covers the personal data we collect in relation to this website (https://www.marstonholdings.co.uk/) and the services we provide to our clients.

    It does not extend to the use of personal data by any other third-party websites that are linked to or from our website, whether we provide those links or whether they are shared by other users. We have no control over how your data is collected, stored or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.

    The personal data that we process directly relates to the reason for processing and we will always establish a lawful basis for processing. As an outsourced provider of transportation and enforcement services it is normally our clients that determine the reason for processing, and this is explained in more detail in section 2.

  2. Information we may collect about you and how we use it

    We may collect your personal information through various means, including via our website, email or other electronic correspondence, by telephone, by direct contact, or if you voluntarily submit it, and where we are required by law to collect personal data.

    As a provider of outsourced transportation and enforcement services we refer to the members of the public that we interact with in order to provide those services to our clients, as ‘customers’. For example, where we enforce a court order on behalf of a client, the customer is the named defendant on the court order, or where we provide outsourced parking permit services for a local authority, the customer is the resident making an application for a parking permit.

    The way in which we will process your personal information will depend on how we interact with you, for example, whether you are our client or a customer, and the nature of the services we are providing.

    The table below explains how we process personal data for the outsourced services we deliver to clients as well as our other activities that involve the use of personal data.

    Outsourced services that we deliver to clients:

    Data subject Why do we process your personal data? Personal data Where we are data controller what is our lawful basis for processing?
    Customer (i.e. defendant)

    To enforce a court order on behalf of our client.

    Examples of court orders:

    • Liability Order
    • Warrant of control
    • Arrest Warrant
    • High Court Writ of Control

    Contact and identity verification:

    • Forename, Surname
    • Address
    • Birth Date
    • Telephone number
    • Email address

    Personal data to support the enforcement process:

    • Details of the offence
    • Amount of fine and fees
    • Inbound and outbound customer correspondence
    • Contact Centre customer telephone call recordings
    • Details of customer’s motor vehicle (if applicable)
    • Previous offences where a risk assessment is required by the enforcement agent.

    Special category personal data:

    • Medical history
    • Evidence of a disability

    We will only process special category personal data where it is provided voluntarily, and we will not process special category data without your explicit consent.

    Our lawful basis for processing personal data is legal and statutory obligation.

    UK enforcement legislation:

    • Tribunal Courts and Enforcement Act 2007, Schedule 12
    • Taking Control of Goods Regulations 2013
    • Taking Control of Goods (Fees) Regulations 2014
    • Traffic Management Act 2004

    Our client has obtained the court order and provided your details to us so that we can enforce it on their behalf.

    We are under contract with our client therefore we also have a legitimate interest to process your personal data.

    Customer (i.e. defendant)

    To identify motor vehicle assets that an Enforcement Agent believes belong to the customer so that he/she can exercise legal powers to take control of goods.

    This activity is strictly limited to the enforcement of a court order on behalf of our client.

    Personal data to support the enforcement process:

    • Vehicle registration number (VRN)
    • Name and address of the registered keeper of the vehicle
    • Photographs of vehicle condition
    • Geo-location of vehicle

    Our lawful basis for processing your personal data is legal and statutory obligation

    UK enforcement legislation:

    • Tribunal Courts and Enforcement Act 2007, Schedule 12
    • Taking Control of Goods Regulations 2013
    • Taking Control of Goods (Fees) Regulations 2014
    • Traffic Management Act 2004

    Our client has obtained the court order and provided your details so that we can enforce it on their behalf.

    We are under contract with our client therefore we also have a legitimate interest to process your personal data.

    Customer(i.e. vehicle owner)

    To process untaxed motor vehicles on behalf of the Driver and Vehicle Licensing Agency (DVLA).

    Contact and identity verification:

    • Vehicle registration number (VRN)
    • Forename, Surname
    • Address

    Personal data to support the taxation of motor vehicles

    • Customer payment details

    Our lawful basis for processing your personal data is legitimate interest.

    Customer(i.e. vehicle owner)

    To process a Penalty Charge Notice (PCN) on behalf of our Local Authority client under the Traffic Management Act 2004.

    Contact and identity verification:

    • Forename, Surname
    • Address
    • Vehicle registration number (VRN)

    Personal data to support PCN processing:

    • Details of the offence
    • Amount of fine and fees
    • Customer appeals and representations
    • Photographs of VRN’s on and off street
    • CCTV footage (yellow box junctions and bus lanes)
    • Customer payment details

    Our lawful basis for processing your personal data is legitimate interest.

    Customer(i.e. Local Authority resident)

    To process a parking permit or disabled parking permit application on behalf of our Local Authority client.

    Contact and identity verification:

    • Forename, Surname
    • Address
    • Vehicle registration number

    Personal data to support permit processing:

    • Cost of the permit
    • Customer payment details
    • Customer correspondence

    Our lawful basis for processing your personal data is legitimate interest.

    The resident has applied for a permit from our Local Authority client and we are processing the application.

    Customer (i.e. taxi driver)

    To process a taxi license permit application on behalf of our client Transport for London (TfL)

    Contact and identity verification:

    • Forename, Surname
    • Address of taxi license holder
    • Vehicle registration number

    Personal data to support permit processing:

    • Name and address of the license holder
    • Insurance documentation
    • Customer correspondence
    • Customer payment details

    Our lawful basis for processing your personal data is legitimate interest.

    The taxi driver has applied for a TfL taxi license permit and we are processing the application on behalf of our client.

    Customer (i.e. Local Authority resident)

    To process environmental enforcement on behalf of our Local Authority client under the Clean Neighbourhood and Environment Act 2005

    Contact and identity verification:

    • Forename, Surname
    • Address

    Personal data to support permit processing:

    • Fixed penalty notice details
    • Customer payment details
    • Appeals and representations

    Our lawful basis for processing your personal data is legitimate interest.

    Customer (i.e. Local Authority resident)

    To undertake city/transport planning consultations on behalf of a Local Authority client and, in some cases, publish the results.

    Personal data to support permit processing:

    • Name and contact information
    • Consultation comments (may include personal data)

    Our lawful basis for processing your personal data is legitimate interest.

    Customer

    To process card payments either face to face or over the telephone.

    Personal data to support payment processing:

    • Card number
    • Name
    • Amount

    Our lawful basis for processing your personal data is legal and statutory obligation.

    Other personal data that we process

    Customer

    To record in-bound and outbound telephone calls for training and monitoring purposes

    Telephone call recordings

    Our lawful basis for processing your personal data is legitimate interest.

    Customer Enforcement Agent

    To protect the health and safety of our Enforcement Agents and Civil Enforcement Officers.

    Body worn video footage – video images and audio recordings

    Our lawful basis for processing your personal data is legitimate interest.

    We do not use customers’ personal data for marketing purposes.

    Please see section 13 on our use of website cookies and our Cookie Policy https://marstonholdings.co.uk/cookie-policy/

  3. Special category personal data

    GDPR defines certain personal data as special category such as personal data regarding your ethnic origin, physical health and mental health.

    When we enforce a court order on behalf of our client, we have a legal obligation to understand whether customers are vulnerable so that we can apply the appropriate enforcement strategy to achieve the best outcome for the customer. This may involve collecting and processing special category personal data, such as data relating to a physical or mental health condition.

    If we identify potential or actual customer vulnerability, we may ask you for details or you may voluntarily provide such personal data during the enforcement process. We will only use this personal data for enforcement of the court order and we will always obtain your explicit consent to process special category personal data.

    We may share special category personal data with our client or other members of the Marston group but only to ensure the enforcement is managed appropriately and in line with our legal obligations.

  4. How and where information is stored and how long do we hold it for?
    • We only keep your personal data for the minimum period necessary to perform the lawful basis for processing in section 2 unless we have a lawful reason to do so. For example, our retention period for body worn video footage is 45 days from the date of recording. We would only keep it for longer if we had a lawful or legal basis to do so such as ongoing legal proceedings
    • We have a system of retention periods which are regularly reviewed by the data protection officer. Where your information is no longer required, we will ensure it is disposed of or deleted in a secure manner.
    • If you have any questions in relation to our retention periods, please contact the data protection officer at Rutland House 8th Floor, 148 Edmund Street, Birmingham, B3 2JR or email dpo@marstonholdings.co.uk
    • The data that we collect from you may be transferred to, and stored at, a destination outside the UK/European Economic Area (“the EEA”) at third party suppliers (the EEA consists of all EU member states, plus Norway, Iceland and Liechtenstein). We will only transfer your data to a recipient outside the UK/EEA where we are permitted to by law (for example (A) where the transfer is based on standard data protection clauses adopted or approved by the European Commission, (B) where the transfer is to a territory that is deemed adequate by the European Commission, or (C) where the recipient is subject to an approved certification mechanism and the personal data is subject to appropriate safeguards, or if an exemption applies)
    • Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through our website or otherwise.
    • Notwithstanding the security measures that we take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting personal data to us via the internet.
  5. Disclosure of your information

    We may share your data with other companies in our Group for the purposes described in this Privacy notice. This includes our holding company and its subsidiaries.

    We will only share personal data with third parties for the specific purposes set out below and where we have confidentiality clauses and confidentiality agreements (including data protection obligations) in place:

    • We may share your data with our client where they have instructed transportation and enforcement activity. Our client is joint data controller for the specific case.
    • We may sometimes contract with third parties to supply services to you on our behalf. These may include payment processing, correspondence management and mailing. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the law.
    • We may also disclose your personal information to third parties in the event that we expand or reduce all or part of our business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets. If our business or substantially all of its assets are acquired by a third party, personal data held by us about our customers, clients and website users will be one of the transferred assets and the new owner or newly controlling party will, use the data for the purposes for which it was originally collected by us.
    • We may compile statistics about the use of our website including data on traffic, usage patterns, user numbers, sales and other information. All such data will be anonymised and will not include any personally identifying information. We may, from time to time, share such data with third parties such as prospective investors, affiliates, partners and advertisers. Data will only be shared and used within the bounds of the law.
    • In certain circumstances we may be legally required to share certain data held by us, which may include your personal information, for example, for compliance purposes, where we are involved in legal proceedings, where we are complying with the requirements of legislation, a court order, or a governmental, investigative or taxation authority. We do not require any consent from you in order to share your data in such circumstances and will comply, as required, with any legally binding request that is made of us. In these circumstances we may be prevented by the police, courts, or a similar authority from pre-notification or being as transparent as with other data processing activities.
    • We may share your data in pursuing a third party’s legitimate interest. This may include situations where we are required to go beyond our specific legal obligations set in laws and regulations to assist law enforcement or private stakeholders in their efforts to combat illegal activities, such as money laundering, fraud prevention or misuse of services. However, the use of personal data in such circumstances will be restricted to data which is relevant to our services and necessary to identify you.
    • We use tracing agencies to ensure enforcement customers receive a statutory notice of enforcement in the post at least 7 days before any enforcement agent visit. This involves disclosing the name and address on the court order to the tracing agency to either confirm residency or provide an up to date postal address. The tracing agencies that we use are Equifax Limited, Experian Limited, TransUnion Limited, GB Group Limited, LexisNexis and Creditsafe Limited.
  6. Complaints
    • When we investigate a complaint, we may need to share personal information with the organisation you have an outstanding debt with and with other relevant bodies (e.g. the Civil Enforcement Association or the Local Government Ombudsman to adjudicate on disputed complaints).
    • Upon receipt of a complaint, we open a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
    • We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We may compile and publish statistics showing information such as the number of complaints we receive, but not in a form which identifies anyone.
    • All complaints will be dealt with in strict confidence; however, we are usually required to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant does not want information identifying him or her to be disclosed, we aim to respect that. However, it may not always be possible to handle a complaint on an anonymous basis.
    • We will keep personal information contained in complaint files in line with our retention policy. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
    • Similarly, where enquiries are submitted to us, we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
    • When we take enforcement action against someone, we may publish the identity of the defendant in our Annual Report or elsewhere. We do not usually identify any complainants unless the details have already been made public.

    If you are not satisfied with the manner in which we have sought to redress your complaint, or if you wish to seek further advice with regard to the use of your data, please contact the data protection officer directly and details of how to do this are in section 15. You can also contact the Information Commissioners Office (ICO), our supervisory body. https://ico.org.uk.

  7. Controlling your personal information
    • When you submit information via our website, you may be given options to restrict our use of your data. In particular, we aim to give our clients and website users strong controls on our use of their data for direct marketing purposes (including the ability to opt-out of receiving emails from us, which you may do by unsubscribing using the links provided in our emails and at the point of providing your details).
    • You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service the Corporate Telephone Preference Service and the Mailing Preference Service. These will help to prevent you receiving unsolicited marketing by phone/mail. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented after signing up.
  8. Your right to withhold information
    • You may access certain areas of our website without providing any data at all. However, to use all features and functions available on our website you may be required to submit or allow for the collection of certain data.
    • You may restrict your internet browser’s use of Cookies. For more information, see section 13 and our Cookie Policy https://marstonholdings.co.uk/cookie-policy/.
  9. Your right to access information
    • You have the legal right to request details and a copy of any personal information we hold about you under the General Data Protection Regulations 2016.
    • There are some exemptions, which means you may not always receive all the personal information we hold, however where this is the case we will clearly explain it to you.
    • If you would like a copy of the information held on you, please write to us using the ‘Contact Us’ page.
    • In order to help us to deal with your request promptly, please address your letter to the Data Subject Access Request Team.
  10. Ensuring the accuracy of your information
    • If you believe that any information we are holding on you is incorrect or incomplete, please contact us as soon as possible using the details provided in section 15 below page. We will promptly correct or remove any information that is incorrect.
    • You have the right to settle or close your customer account and request that your personal information be removed from our website or other records. Upon the closure of your account we are not obliged to retain your information and may delete any or all of your account information without liability unless it is specifically required for legal reasons.
    • If you request an account closure, we may retain residual information about you in our backup and/or archival copies of our database. This will be deleted in accordance with our data retention policy.

    You can ask us to delete your personal data. This is known as a right to erasure (RTE) request. We will process your RTE request in line with applicable privacy laws and regulations. There are legal exceptions where processing is necessary or to comply with a legal obligation. We will explain in writing if any of the exemptions apply and, if so, when your personal data will be securely deleted.

  11. Protecting your information
    • We will use all reasonable efforts to safeguard your personal data. We have put in place strict physical, electronic and managerial procedures to safeguard and secure the information we collect online.
    • You should note that when using the website and our related services, your information may travel through third party infrastructures that are not under our control. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.
    • We use high level encryption software on our IT networks to prevent access to your personal information. Unfortunately, the internet is never a completely secure environment. Therefore, we cannot guarantee that hackers or unauthorised personnel will not gain access to your personal information despite our best efforts.
    • We have put in place confidentiality clauses or confidentiality agreements (including data protection obligations) with our third-party service providers.
  12. Your rights

    You have the right to ask us at any time:-

    • to confirm whether we hold any of your personal data;
    • to send you a copy of any personal data that we hold about you;
    • to correct any inaccuracies in your personal data and to add relevant details where the personal data we hold is incomplete;
    • to delete (to the extent possible) any of your personal data, where we are required by law to do so;
    • to stop or restrict processing your personal data, where we are required by law to do so;
    • to let you or a third party have a portable copy of the personal data we hold about you, where we are required by law to do so;
    • to object to processing any of your personal data that we process on the basis of our legitimate interests; and
    • We do not use your personal data for the purpose of profiling.
    • Where we process your personal data on the basis that you have given us your consent to do so then you may contact us at any time to withdraw your consent
    • If you wish to exercise any of these rights or wish to object to our use of your personal information, please e-mail the data protection officer: dpo@marstonholdings.co.uk or write to us at the address given below.

    Data Protection Officer
    Rutland House 8th Floor, 148 Edmund Street, Birmingham, B3 2JR

  13. Cookies
    • Our website may place and access certain first party Cookies on your computer or device. First party Cookies are those placed directly by us and are used only by us. We use Cookies to facilitate and improve your experience of our website and to provide and improve our services. By using our website, you may also receive certain third-party Cookies on your computer or device. Third party Cookies are those placed by websites, services, and/or parties other than us. For more details, please refer to Our Cookie Policy: https://marstonholdings.co.uk/cookie-policy/.
  14. Changes to our Privacy notice

    We may change this Privacy notice as we may deem necessary from time to time, or as may be required by law. Any changes will be immediately posted on our website together with the version number and date. If the change in Privacy notice materially impacts our data subjects, then we will also communicate with them directly.

    • We recommend that you check this page regularly to keep up to date. This Privacy notice was last updated in July 2019.
  15. Who can I contact if I have queries about this privacy notice?
    • Our data protection registration number is ZA054553
    • You can also contact us directly if you have any questions about this privacy notice or information we hold about you.

    Please write to us at the address below or email dpo@marstonholdings.co.uk

    Data Protection Officer
    Rutland House 8th Floor,
    148 Edmund Street,
    Birmingham,
    B3 2JR

© Marston Holdings Limited

Version 5.0

May 2020

Responsible Approach to Consumers
Learning & Development Impact of the Year
Best Use of Credit Technology
Best Vulnerable Customer Strategy
Excellence in Enforcement
Excellence in Staff Development
Excellence in Innovation
Winner of Winners
Diversity Award
Mobile Project Team of the Year
Parking Team of the Year
Excellence in Treating Customers Fairly
accreditation thumb IIP-platinum
accreditation thumb city-guilds
accreditation thumb irrv-2016
accreditation thumb bpa
accreditation thumb civea
accreditation thumb BSI-9001-1
FS631700
accreditation thumb ISO-14001-2015
EMS 631701
accreditation thumb 18001
OHS 631702
accreditation thumb iso-27001
IS 631703
accreditation thumb ISO22301
BCMS 646878