ZZPS LIMITED PRIVACY POLICY

Privacy Policy & Cookies

ZZPS Limited (‘ZZPS’) respect your privacy and is committed to protecting your personal data. This Privacy Policy will inform you as to how we look after your personal data, tell you about your privacy rights and how the law protects you. In addition, this Privacy Policy is intended to provide information about how we will use, collect, maintain, and disclose information from users of our websites www.zzps.co.uk, www.PayMyParkingCharge.com, www.ipaymybill.co.uk and www.gctt.co.uk.

By using this site, you confirm you have read and understood this Notice. This Notice provides a summary of how we, ZZPS, use your information.

If you do not agree to this, you are advised to exit our website(s) and refrain from usage. Your continued use of the site following the posting of changes to this policy will be deemed as your acceptance of those changes.

 

ZZPS as a Joint Data Controller

ZZPS is a joint data controller under the UK General Data Protection Regulation and the Data Protection Act 2018 and a data processor when acting as a link provider under our DVLA KADOE contract.

Our Registered Office is: ZZPS Limited, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ.

Parking Admin Centre, GCTT Certificated Enforcement Agents, www.PayMyParkingCharge.com, www.ipaymybill.co.uk, and www.gctt.co.uk are trading styles of ZZPS Limited.

 

How to contact us

Our contact centre opening hours are Monday-Friday from 8:30 am to 5:30 pm (excluding bank holidays).

Please contact us if you have any questions about our Privacy Policy or the information we hold about you; if you have any comments or concerns please contact us by:

 

ZZPS has a legal basis for processing personal data

Our industry is such that processing a data subject’s data is essential for carrying out our business activities and we use the statutory powers afforded to us which underpin the legal bases that apply for the purposes of the UK GDPR.

The legal basis for the majority of our processing is:

  • Article (6)(1)(f) – processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.

ZZPS may also process personal data under:

  • Article (6)(1)(b) – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Article 6(1)(c) – processing is necessary for compliance with a legal obligation to which the controller is subject.

 

Who is a Data Subject?

The term ‘Data Subject’ refers to any living individual whose personal data is collected, held or processed by an organisation. Personal data is any data that can be used to identify an individual, such as a name, home address, email address, contact number etc.

 

ZZPS processes:

  • Customer data – this includes data passed to us by our Clients. The data may include information pertaining to a breach of contract, parking laws and/or trespass. The type of information ZZPS processes can include: Registered Keeper or drivers details, Hirers details and may include, name, address, vehicle registration number, make and model of their vehicle, location of event, photographic evidence of the event, email address, telephone numbers, previous comments, client notes, or bank details.
  • Client data – this includes companies who have retained the services of ZZPS under a separate SLA (Service Level Agreement) or contract.
  • Third Parties’ data.
  • Location data – while using our app, ZZPS MNPR.

 

Personal Identifiable Information (PII) and non-identifiable information

ZZPS collects identifying information from users in a variety of ways which can include, although not limited to, when a user visits our websites, fills in a form, enters personal information etc. This information in these instances is voluntary information submitted by the data subject. ZZPS can also be passed data subjects’ personal information and data from their clients and third parties.

Users may access our websites anonymously too and users can refuse to supply PII. There may be restrictions on access without required information as a result.

A user’s location is requested while using the app when connecting a device to a mobile printer. The location is then used to remain connected to the printer.

 

Data Subject Rights – Your rights explained

The availability of some of these rights depends on the legal basis that applies in relation to the processing of your personal data, and there are some other circumstances in which we may not uphold a request to exercise a right – in the event we refuse to comply with a request, we will write to you explaining our reasons. Your rights and how they apply are described below.

Right to be informed
Your right to be informed is met by the provision of this Privacy Notice and notifying you of its existence in our initial correspondence, and similar information when we communicate with you directly.

Right of access – Subject Access Requests (‘SAR’)
You have the right to obtain a copy of personal data that we hold about you and other information specified in the GDPR, although there are exceptions to what we are obliged to disclose, such as when ZZPS believe it is ‘manifestly unfounded or excessive’.

Requests may be made by telephone, post or email and all requests will be recorded; you must be able to provide information to verify your identity and enable us to locate the information.

When a request under the GDPR is received, we have one calendar month to respond. The timeframe begins on the date the request is received unless the due date falls on a non-working day, i.e. a weekend or bank holiday – in which case the response will be due by the end of the next working day.

Unless otherwise specified, our response to a request/enquiry made under the GDPR will be sent in the form in which it has been received. For example, if we receive a request by post, we will respond via post.

When making a request over the telephone we will, if we hold a valid email address, send our response by email, unless you request this to be sent by other means. When responding to you by email, we will send your request in an encrypted form which is only accessible with a valid password which we will supply to you in a separate email, unless we believe your email to be compromised in which case, we will write to you by post. When responding by email the link to your SAR will automatically expire after 30 days.

Right of rectification
You have the right to ask us to rectify any inaccurate or incomplete data that we hold about you.

Right to be forgotten (erasure)
You have the right to request that we erase personal data about you that we hold. This is not an absolute right, and depending on the legal basis that applies, we may have overriding legitimate grounds to continue to process the data.

Right of portability
You have the right to access your data which allows you to reuse your personal data for your own purposes across different services.

Right to restrict processing
You have the right to request that we restrict processing of personal data about you that we hold. You can ask us to do this for example where you contest the accuracy of the data.

Right to object
You have the right to object to processing of personal data about you on grounds relating to your particular situation. The right is not absolute, and we may continue to use the data if we can demonstrate compelling legitimate grounds.

Right related to automated decision-making including profiling
You have the right to object to being subject to a decision based solely on automated (deciding solely by automated means without any human involvement) processing, including profiling (automated processing of personal data to evaluate certain things about an individual). Should we perform any automated decision-making, we will record this in our privacy notice, and ensure that you have an opportunity to request that the decision involves personal consideration.

Along with these rights, a data subject has the right to lodge a complaint with the Information Commissioner’s Office “ICO” or another supervisory authority, and if you so choose, you may seek to enforce this right through a judicial remedy.

There is no existence of automated decision-making (including profiling) save for the process an account takes when this is loaded onto our system; this is not affected by the specific details (PII) of a data subject.

 

Retention policy

The emphasis under the GDPR is data minimisation, both in terms of the volume of data stored on individuals and how long it is retained.

To summarise the legal requirements, Article 5 (e) of the GDPR states personal data shall be kept for no longer than is necessary for the purposes for which it is being processed. There are some circumstances where personal data may be stored for longer periods, for instance, should there be on-going legal claims.

ZZPS do not intend to store your data for any longer than is necessary to support our services and conduct our business as explained above. Our retention period is in keeping with current legislation whereby the default retention period is, currently, six years after the last date of entry to an account.

This time period covers:

  • County Court proceedings issued by us or against us
  • The time you can seek a refund with your bank
  • Our accounting obligations as required by HMRC

A County Court claim can be brought against our company for a period of up to six years after the event takes place and it can take up to 120 days to revert a charge back through the bank. Furthermore, as a limited company, we also have an obligation with HMRC to retain records of all payments for inspection that are made for a period of up to six years.

If a claim is brought against us, or vice versa, we would be required to provide evidence to the court to support our claim/defence which would include, all correspondence sent, the history of events, photographic evidence, etc. which would inevitably contain your PII. In the event of a chargeback, we would need to be able to contact you.

If your account has been closed due to payment being made or as a client instruction, we may retain your data for a period of up to six years from the date of the last entry.

If your appeal has been accepted, we may retain your data for a period of up to six years.

This retention period may not apply if there has been an administrative error; if it is brought to our attention there has been an error, your personal data will be permanently deleted immediately upon notification.

Calls are recorded where you contact us by phone. Calls are recorded in order to allow us to maintain a record of our conversation which we can return to if we need to check any of the queries we receive. They are also recorded for the purposes of training and improving our services. You will be notified at the beginning of the call that it is being recorded. We will retain this call recording for a period of no more than one-hundred and twenty (120) days following the call.

 

Special Category Data

When appealing to or contacting ZZPS or its trading styles, you give consent for us to process the data contained therein – this consent can be withdrawn at any time by contacting us as detailed above.

 

How is your data stored and protected?

ZZPS holds data on a Notice Processing Software provided and supported by Indigo Cloud Limited in data centres supplied by Microsoft Azure. Both are located in Amsterdam and Ireland.

The ‘Client 360° Application’ is supported by Power BI and is stored in UK South (London).

Some data is stored outside the European Economic Area. These American suppliers, such as, Microsoft Corporation, Salesforce, and Google LLC and all either covered by Binding Corporate Rules (or “BCRs”) and/or Standard Contractual Clauses “SCCs”. The files stored using Dropbox Inc have been migrated to be within the European Economic Area.

Data that is stored as listed above will be accessible by our chosen external call-handling provider which may be based outside of the European Economic Area.

Protecting your data is still our upmost priority and your rights remain unaffected under the GDPR.

Data exchanges over internet communications (between website and user) happen using a cryptographic protocol and the data is encrypted using Secure Sockets Layer (SSL).

ZZPS adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our systems.

 

How we use your information

We use personal data to enable us to process payments for notice processing and debt recovery and in order to do this we may send to you:

  • Periodic emails
  • Periodic text messages

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose (our Retention Policy as stated above refers).

Information we obtain from you may include the following:

  • Your company name/address
  • Your name/address
  • Your date of birth
  • Vehicle registration number
  • Your email, fax, and phone numbers
  • Bank Details

The information you provide may also be used to help combat fraud and to identify you before disclosing any confidential information. We are continually developing products and services based on information and feedback we receive from visitors to our website.

 

Sharing your personal information and third parties

ZZPS respects your data and promises not to sell, trade or rent your PII to others. However, we may share your data, if it becomes necessary with:

  • Our printing supplier – Postworks Limited (as of 05/05/2023);
  • HMCTS (HM Courts & Tribunals Service);
  • Our data appending and tracing agents – LexisNexis Risk Solutions;
  • Our solicitors – Wright Hassall Solicitors (also t/a QDR Solicitors);
  • Our external South African call handling service – Sigma Connected (Pty) Ltd;
  • Process Servers;
  • Automated Payment Services – including Barclays Bank, Barclaycard, Global Pay, and Key IVR Limited;
  • Direct Debit Service Provider – Eazy Collect Services Ltd;
  • Civil Enforcement Agents and High Court Enforcement Officers;
  • Counsel and other approved Court Advocates;
  • Our business partners including data storage.

Contractual arrangements are in place so that they are obliged to protect your personal information.

Except as provided above, we will not share personal information with any other third parties without informing you beforehand unless required by, or in connection with, law and/or regulatory requirements.

 

Third-party websites

Our websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

 

Web browser cookies

ZZPS’s sites may use cookies to enhance user experience. User’s web browsers places cookies on their hard drive for recordkeeping purposes and sometimes to track information. Users may choose to set their web browser to refuse cookies, or to alert them when cookies are being sent. If they do so, note that some parts of the site may not function properly. More information on our use of cookies can be located at www.zzps.co.uk/legal-notices.

 

Reporting Breaches & Your right to complain

If you are unhappy with how we handle your personal information/data you can write to us using the contact details noted above and/or you have the right to complain to the Information Commissioner’s Office if you are not happy about the way in which ZZPS have processed your data, responded to you, or if you do not believe we are meeting our obligations as a data controller.

Please visit https://ico.org.uk/make-a-complaint or write to:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

 

Data Protection

At ZZPS, we have a dedicated team ready to answer your questions regarding all aspects of Data Protection. If you feel you need to contact one of our officers, please do so as detailed above.

Our Data Protection Number is: ZA047124

ZZPS reserve the right to amend and update this Privacy Policy at any time. We encourage users to frequently check this policy for any changes and to stay informed about how we are helping to protect the personal information we collect.

This Privacy Policy was last updated in April 2024.