Privacy Policy

Introduction

This Privacy Policy explains how Parking Permit Costs ("we", "us", "our") collects, uses, and protects your personal data when you use our website at parkingpermitcosts.co.uk (the "Service").

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller: If you have any questions about this Privacy Policy or our data practices, please contact us at [email protected].

Last Updated: January 2025

What Data We Collect

Data You Provide

When you use our Service, we may collect the following personal data:

• Postcodes: You may enter your postcode to look up your local council and parking permit costs.
• Vehicle Registration Marks (VRM): You may optionally provide your vehicle registration mark to look up vehicle details (CO₂ emissions, fuel type) via the DVLA API.
• Vehicle Details: If you don't use VRM lookup, you may manually enter your vehicle's CO₂ emissions and fuel type.

Data Collected Automatically

When you visit our website, we automatically collect certain information:

• IP Addresses: Your IP address may be collected by our hosting provider (Netlify) and by Google AdSense for advertising purposes.
• Browser Information: Your browser type, version, and device information may be collected.
• Cookies: We use cookies and similar technologies for advertising (Google AdSense), consent management (Google CMP), and admin authentication. See our Cookies Policy section for more details.
• Consent Preferences: Your cookie consent preferences are stored via Google CMP.
• Usage Data: Information about how you interact with our website, including pages visited and time spent on pages, may be collected by Google AdSense.

Data We Do Not Collect

We do not collect:

• Names or contact details (unless you contact us directly)
• Payment information
• Sensitive personal data (special categories of personal data)

How We Use Your Data

Service Provision

We use your data to provide our Service:

• Postcode Lookup: We use your postcode to identify your local council and provide parking permit cost information.
• Vehicle Lookup: If you provide a VRM, we transmit it to the DVLA Vehicle Enquiry Service API to retrieve vehicle details (CO₂ emissions, fuel type). Your VRM is not stored on our servers.
• Calculator Functionality: We use your vehicle details and postcode to calculate estimated parking permit costs based on council pricing structures.

Advertising

We use Google AdSense to display advertisements on our website. Google AdSense uses cookies and similar technologies to:

• Show you relevant advertisements based on your interests
• Measure the effectiveness of advertisements
• Prevent fraud and abuse

For more information about how Google uses your data, please see Google's Privacy Policy.

Consent Management

We use Google's Consent Management Platform (CMP) to manage your cookie consent preferences. This allows you to:

• Choose which cookies you accept or reject
• Manage your consent preferences at any time
• Revoke your consent for advertising cookies

Admin Authentication

If you access our admin area, we use secure cookies to authenticate your session. These cookies are essential for the admin area to function.

Legal Compliance

We may use your data to comply with legal obligations, including:

• Responding to legal requests or court orders
• Protecting our rights and property
• Preventing fraud or abuse

Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal bases:

• Consent: We process your data for advertising (Google AdSense) and consent management (Google CMP) based on your consent. You can withdraw your consent at any time by managing your cookie preferences.
• Legitimate Interests: We process your data for service provision (postcode lookup, vehicle lookup) based on our legitimate interest in providing the Service to you.
• Legal Obligation: We may process your data to comply with legal obligations, such as responding to legal requests.

Data Sharing

We may share your personal data with the following third parties:

Google AdSense

We use Google AdSense to display advertisements on our website. Google AdSense may collect your IP address, browser information, and usage data. For more information, see Google's Privacy Policy.

Google CMP

We use Google's Consent Management Platform to manage your cookie consent preferences. Google CMP may process your consent preferences and IP address. For more information, see Google CMP Documentation.

DVLA Vehicle Enquiry Service API

If you provide a VRM, we transmit it to the DVLA Vehicle Enquiry Service API to retrieve vehicle details. Your VRM is not stored on our servers and is used only for the immediate lookup request. For more information, see the DVLA API Terms and Conditions.

Netlify (Hosting Provider)

Our website is hosted on Netlify, which may collect your IP address and usage data in server logs. For more information, see Netlify's Privacy Policy.

Data Processors

We may share your data with service providers who act as data processors on our behalf, including:

• Hosting providers (Netlify)
• Advertising networks (Google AdSense)
• Consent management platforms (Google CMP)

These service providers are contractually obliged to process your data only for the purposes we specify and in accordance with this Privacy Policy.

Legal Requirements

We may disclose your personal data if required by law or in response to valid legal requests, such as court orders or government investigations.

Data Retention

We retain your personal data for the following periods:

• VRM Data: We do not store VRM data. Your VRM is transmitted directly to the DVLA API and is not retained on our servers.
• Postcode Data: Postcodes entered in the calculator are stored in your browser's sessionStorage and are cleared when you close your browser session.
• Cookies: Cookies are retained according to Google's cookie policy (typically 1-2 years for advertising cookies). You can manage your cookie preferences at any time.
• Consent Preferences: Your consent preferences are stored via Google CMP and can be managed or revoked at any time.
• Server Logs: Server logs containing IP addresses are typically retained for 30-90 days by our hosting provider (Netlify).
• Admin Authentication: Admin authentication cookies are session-based and expire when you log out or after a period of inactivity.

We will delete your personal data when it is no longer necessary for the purposes for which it was collected, unless we are required to retain it for legal purposes.

Your Rights Under UK GDPR

Under the UK GDPR, you have the following rights regarding your personal data:

• Right to Access: You have the right to request a copy of the personal data we hold about you.
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
• Right to Erasure: You have the right to request that we delete your personal data in certain circumstances.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
• Right to Data Portability: You have the right to request that we provide your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: You have the right to object to the processing of your personal data for certain purposes, such as direct marketing.
• Right to Withdraw Consent: If we process your data based on consent, you have the right to withdraw your consent at any time. You can do this by managing your cookie preferences.
• Right to Lodge a Complaint: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have violated your data protection rights.

To exercise any of these rights, please contact us at [email protected].

For more information about your rights, please see the ICO's guidance on individual rights.

Cookies Policy

We use cookies and similar technologies to enhance your experience on our website. Cookies are small text files that are stored on your device when you visit a website.

Types of Cookies We Use

We use the following types of cookies:

• Essential Cookies: These cookies are necessary for the website to function properly. They include admin authentication cookies.
• Advertising Cookies: These cookies are used by Google AdSense to display relevant advertisements and measure their effectiveness. These cookies are only set with your consent.
• Consent Management Cookies: These cookies are used by Google CMP to remember your cookie consent preferences.

Third-Party Cookies

We use third-party services that may set cookies on your device:

• Google AdSense: Uses cookies for advertising purposes. For more information, see Google's Cookie Policy.
• Google CMP: Uses cookies to manage your consent preferences. For more information, see Google CMP Documentation.

Managing Cookies

You can manage your cookie preferences at any time:

• Cookie Consent Banner: When you first visit our website, you will see a cookie consent banner where you can choose which cookies to accept or reject.
• Browser Settings: You can also manage cookies through your browser settings. Most browsers allow you to block or delete cookies. However, blocking cookies may affect the functionality of our website.
• Google CMP: You can manage your consent preferences at any time by clicking on the consent management link in the cookie consent banner.

For more information about managing cookies, please see the ICO's guidance on cookies.

International Transfers

Some of our service providers, including Google AdSense and Google CMP, may transfer your personal data outside the UK and European Economic Area (EEA).

When we transfer your data outside the UK/EEA, we ensure that appropriate safeguards are in place to protect your data, including:

• Standard contractual clauses approved by the UK government
• Adequacy decisions by the UK government
• Other appropriate safeguards as required by UK GDPR

For more information about international transfers, please see Google's Privacy Policy.

Data Security

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it, including:

• Encryption: We use HTTPS encryption to protect data in transit.
• Secure Hosting: Our website is hosted on Netlify, which implements industry-standard security measures.
• Access Controls: Access to personal data is restricted to authorized personnel only.
• PII Redaction: We use PII (Personally Identifiable Information) redaction in logs to protect your privacy.
• No VRM Storage: We do not store VRM data on our servers. VRM data is transmitted directly to the DVLA API and is not retained.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have collected personal data from a child under 13, please contact us at [email protected].

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Updating the "Last Updated" date at the top of this Privacy Policy
• Posting a notice on our website if the changes are material

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your personal data.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: [email protected]
• Data Controller: Parking Permit Costs

If you wish to exercise your rights under UK GDPR, please contact us at [email protected].

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• ICO Website: https://ico.org.uk
• ICO Helpline: 0303 123 1113