Parking Permit Database - Privacy Statement
This Privacy Statement describes the ways in which your personal data is collected and used by the Parking Permit database system held at Aberystwyth University.
It is your responsibility to review and understand this Privacy Statement prior to providing your personal data to us. You must also review our Terms and Conditions. If you do not accept and agree to the Privacy Statement and/or Terms and Conditions, you should not provide your personal data to us and will not be able to use our product/services.
Our Privacy Statement and Terms and Conditions may also change from time to time. Whenever there are changes, the modified policies will be posted on our website and will be effective at that time. Each time they change the information, the version number displayed at the bottom of the page will also change. Consequently, each time you access or use our services or otherwise engage with us, you accept and agree to the most current Privacy Statement and set of Terms and Conditions. It is your responsibility to be aware of any such changes.
Collection of Personal Data
In order to provide our products and services, we collect and process personal data from our customers. We may collect information ("Personal Data") from you such as, but not limited to, your full name, email address, your personal ID relating to the University (staff number or student number) onto our parking permit database. You are not required to provide us with all of the Personal Data listed above, but if you do not do so, we may not be able to effectively provide you with our products, services and information. In certain circumstances, you will need to provide us with specific categories of Personal Data (including name, email address and payment information) in order to enter into a contract with us and for us to perform that contract. We would normally receive your personal data via our internal systems such as Agresso (HR/finance system), Astra (student record system) or via the online Aber shop.
The University complies with the Data Protection Act 1998 and, after May 2018, the General Data Protection Regulation (GDPR). See “Use of Information” section below for further details regarding the ways that we use and process your personal data.
On behalf of Aberystwyth University (AU), Excel Parking (3rd party providers), manage and recover Parking Charge Notices issued on University land. Excel Parking use the DVLA database for identifying and contact vehicle owners for Notices issued. If Excel Parking receive appeals from individuals relating to parking charge notices on AU property, they will then forward details to AU, in order to seek an outcome. A full Privacy Notice can be found via Excel website at: www.excelparking.co.uk/policies/privacy-notice-manual.
Use of Information
Your Personal Data may be used in the following ways:
• To provide our products and services to you.
• To process payments from you.
• To process payments to you (including, but not limited to, refunds or reimbursements).
• Internal purposes, such as website and system administration or internal audits and reviews.
• To communicate with you regarding products/services that may be of interest to you.
• To respond to your requests and enquiries.
• To request your participation in optional surveys, focus groups, or other initiatives which help us to gather information used to develop and enhance our products and service.
We will process your personal data for the purposes identified above on the following bases:
1. Where processing is necessary for the performance of our contract to provide our product, services and information to you, or to take steps before entering into that contract (GDPR, Art.6 (1) (b)).
2. Where processing is necessary for the purposes of the legitimate interests pursued by the University in terms of the provision and enhancements of our products, services and information (GDPR, Art.6 (1)(f)) and
3. As necessary to comply with the legal obligations to which the University is subject, to resolve disputes and enforce contractual agreements (GDPR, Art.6 (1)(c)).
It should be noted that, there may be occasions where your data is subject to automated decision-making processes. However, no information is transferred outside the EU for processing or for any other purposes.
We will retain your information for as long as your parking permit is active, as well as for a short additional period afterwards (3 months) to cover any outstanding issues or queries that may arise in relation to your account. This period of retention is subject to our review and alteration.
Sharing and Disclosure to Third Parties
We may disclose your Personal Data to third parties under the following circumstances:
1. You request or authorise the disclosure of your personal details to a third party.
2. The information is disclosed as permitted by applicable law(s) and/or in order to comply with applicable law(s) (for example, to comply with a search warrant, subpoena or court order).
We strive to provide you with relevant and useful information related to our products and services and you can contact us using the information listed at the bottom of this statement to make any changes to your communication preferences. We will only communicate with you electronically if it directly relates to services or products, which we are supplying or intend to supply to you.
Subject Access / User Rights
As a user, under the GDPR, you are provided with the following rights:
• The right to be informed of the use of your Personal Data
• The right to access your Personal Data
• The right to have Personal Data corrected/rectified
• The right to have Personal Data erased
• The right to restrict processing of your Personal Data
• The right to data portability
• right to object to processing
• Rights in relation to automated decision making and profiling
Further details can be found here: https://www.aber.ac.uk/en/infocompliance/policies/dp/data-subject-rights/.
Depending on the circumstances, you may seek to exercise any of these rights by updating your information, or by sending a written request to the University’s Data Protection Manager using the contact details listed below:
Dr Jonathan Davies
Data Protection Manager
Hugh Owen Library
You are encouraged to report any improvements, suggestions, or any suspected breaches of privacy or security to us by using the contact information above or alternatively contact:
Head of Campus Life
Campus & Commercial Services