Traffic and Transportation - privacy notice

Who we are

Derby City Council is the local government unitary authority for Derby city. Our address is the Council House, Corporation Street, Derby, DE1 2FS. You can contact our Data Protection Officer on 01332 640763 or by email at data.protection@derby.gov.uk.

You can contact the department directly by email at traffic.management@derby.gov.uk.

How do we collect information from you?

We collect information from you when you visit www.derby.gov.uk, when you fill in any forms using our customer portals or on our website, including myAccount and our MiPermit system for cashless parking and the parking permit payments in the city. Also when you contact us in writing, speak to us on the phone, by email or any other type of electronic communication, or talk to us face to face.

Vehicle Registration Markers are also collected using our traffic enforcement camera system which are located across the city, more information can be found in our camera enforcement section.

What types of information do we collect from you?

We collect different categories of information about you, depending on the service you want from us and/or the reason why we need to process information relating to you. This could be personal information (for example your name and address), or other more sensitive data that we would only collect and use in very particular circumstances that are set out in law.

Details of information obtained from third parties?

We may receive personal information about you in order to carry out our statutory duties and other functions of the service. We may receive from the following organisations:

• Blue Badge Improvement Service
• Traffic Penalty Tribunal for appeals processes
• Driver and Vehicle Licensing Agency to trace registered keeper details in the pursuance of Penalty Charge Notices
• Police
• Enforcement agencies for the collection of unpaid debts
• Schools and colleges will provide registers of those pupils taking part in cycle training

What is the lawful basis?

The legal basis for data processing we are relying on comes from Article 6 of the UK General Data Protection Regulations (UK GDPR). The following sections apply;

• Article 6(1)(c) Legal Obligation - Processing is necessary for compliance with a legal obligation to which the controller is subject;
• Article 6(1)(e) Public task - the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.

We may also ask for your consent in certain circumstances in accordance with:

• Article 6(1)(a) the data subject has given consent to the processing of his or her personal data for one or more specific purpose
• We rely on the following conditions as per Article 9 (2) of the UK GDPR:
  • (a) the data subject has given explicit consent to the processing of those personal data for one or more specified purposes
  • (g) processing is necessary for reasons of substantial public interest, on the basis of domestic law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject
  • (f) processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity

If we have asked for your consent you will be able to opt out any time by emailing traffic.management@derby.gov.uk.

We process all information in accordance with our legal obligations and public tasks arising from the following statutory powers:

• Highways Act 1980
• The Health Act 2005
• The Bus Lane Contraventions (Approved Local Authorities) England (Amendment) (No.2) Order 2006
• The Road Traffic (Permitted Parking Area and Special Parking Area) (City of Derby) Order 2006
• the Transport Act 2000
• Traffic Management Act 2004
• The Civil Enforcement of Road Traffic Contraventions (Approved Devices, Charging Guidelines and General Provisions) (England) Regulations 2022
• The Civil Enforcement of Road Traffic Contraventions (Representations and Appeals) (England) Regulations 2022
• The Digital Economy Act (2017)
• Environment Act 1995 (Derby City Council) Air Quality Direction 2019

How is your information used?

We may use your information in the following ways:

• register your support for, or objection to a proposed Traffic Regulation Order under The Local Authorities' Traffic Orders (Procedure) (England and Wales) Regulations 2012
• inform you of the outcome of a Traffic Regulation Order under The Local Authorities' Traffic Orders (Procedure) (England and Wales) Regulations 2012
• clarify information with you about the nature of an enquiry or complaint you have made
• process payments made using MiPermit for cashless parking and permits across the city who re-direct the user to their payment provider, Opayo Ltd who independently process your payment
• process payments made directly to the Council for parking and permits when using paper forms.
• carry out collision recovery investigation for damage to highway assets, where the registered vehicle owner can be established through other Council CCTV and enforcement systems or through other organisations, such as the Police
• recover the cost of parking contraventions under Section 4 of the Civil Enforcement of Parking Contraventions (England). This may be through traditional Civil Enforcement foot patrols or through the use of legally approved traffic enforcement camera systems.
• your information may be transferred securely to the Traffic Enforcement Centre who process warrants for unpaid penalty charge notices.
• inform you of any changes to cycling activities either you or your child have been booked onto
• keep a register of attendance of children taking part in the council’s Bikeability courses
• inform you of any relevant cycling courses if you have previously taken part in one of Cycle Derby’s activities
• process any request made by you under section 50 of the Highways Act 1980
• process any Temporary Traffic Regulation Order required by you under The Local Authorities' Traffic Orders (Procedure) (England and Wales) Regulations 2012
• transport entitled students using contracted transport under the Education Act 1996.
• transport looked-after children or young people to Court-directed contact visits, as detailed in Court Orders.
• carry out enhanced Disclosure Barring Service checks under the Safeguarding Vulnerable Groups Act 2006 where required
• contact debtors and recover money owed for parking and/or traffic contraventions.
• Council Civil Enforcement Officers may photograph any vehicle found in contravention of a parking restriction and uploaded to the Council’s Case Management System, Chipside.
• Vehicle registration marks data will be used to establish the engine type and size of vehicles travelling through Derby, this will be used to predict changes to air quality which will be used in national and local air quality monitoring.
• Journey data will be used in statistical analysis to inform highway network management and transport planning for example the impact of planned road closures.

COVID-19/Coronavirus

Coronavirus has been added as a notifiable disease under the Health Protection (Notification) Regulations 2010. Under the Public Health (Control of Disease) Act 1984 and associated Regulations; the Council has a legal duty to store, process and share personal information. The information will be stored, processed and shared as part of investigations into COVID-19 cases and outbreaks and issues of non-compliance with the acts and associated regulations. The information will also be used; interrogated and mapped to inform the Councils actions and decision-making processes. Any such storage, processing or sharing of information will be done in the public interest in order to promote health and wellbeing.

During the investigation of cases and/or outbreaks of Coronavirus, information which is gathered may be shared between departments within Derby City Council; with other Councils associated with an outbreak; other health services or with other government bodies associated with the control of the Coronavirus. The Council has a duty to notify national Government bodies, such as the UK Health Security Agency and the relevant local authority where an individual resides (if different), where there are suspected Coronavirus cases. The Council will disclose the information under Article 9(2)(j) of the UK GDPR (processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health), and confidential information may be lawfully disclosed in the public interest, without consent, where the benefits to an individual or to society outweigh both the individual’s and the public interest in maintaining the confidentiality of such data.

The Council may contact staff, service users, residents, patients, businesses and premises with messages relating to Coronavirus by text, phone, letter or email. This contact is not direct marketing; therefore we do not need your Consent before contacting you. There is more information available on the Information Commissioners Office's website.

We may use contact details held in Council systems to ensure that we are able to contact you, and to ensure that we are working from accurate and up to date information. Such information will be accessed and processed where it is necessary to comply with our legal obligations and public tasks arising from the Coronavirus Act 2020, the Health Protection (Notification) Regulations 2010 and the Public Health (Control of Disease) Act 1984, the Care Act 2014 and associated Regulations.

Research and statistics

Anonymised and pseudonymised data may be used for research and statistical purposes. Any data collected may be used for research and statistical purposes that are relevant and compatible with the purpose that the data was collected for.

Who has access to your information?

We may share your information in the following way for the reasons detailed;

• At times we may share information with other Derby City Council departments. This may be for the purpose of debt recovery or administrative tasks.
• We may share with, or seek to obtain your information from, statutory agencies, such as the Police and HM Courts and Tribunal Service, in line with our legal obligations and/or in completion of our public tasks. This includes recovering costs for damage to public highway assets.
• We may share with external organisations and administration systems, such as vehicle leasing companies, to the process of recovering debts
• We may share your information with Enforcement Agents where necessary to recover unpaid debts to the Council for parking and/or traffic contraventions.
• You information will be shared with MiPermit, if you use our cashless parking and permit payment options across the city. This will also include Opayo Ltd, who provide the online payment service. They act as independent Data Controllers of the personal data you provide to them to process any payments. For more information on how they process data please see their privacy notice here; https://www.opayo.co.uk/policies/privacy-policy
• In some cases information will be shared with Chipside Ltd, who provide our Penalty Charge Notice case management system.
• We will share vehicle registration mark information with the Joint Air Quality Unit for use in national air quality modelling.
• Statistics, including traffic volume and journey time, will be shared with external organisations, this will not include any personal data and we will not share vehicle registration marks.
• Our Journey Time Monitoring Camera system provider will have access for maintenance purposes.

We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.

What are your rights?

• Access – you can request copies of any of your personal information that is held by the Council.
• Rectification – you can ask us to correct any incorrect information.
• Deletion – you can ask us to delete your personal information. The Council can refuse to delete information if we have a lawful reason to keep this.
• Portability – you can ask us to transfer your personal data to different services or to you.
• Right to object or restrict processing – you have the right to object to how your data is being used and how it is going to be used in the future.
• Right to prevent automatic decisions – you have the right to challenge a decision that affects you that has been made automatically without human intervention, for example an online form with an instant decision.

How long will we keep your information for?

We keep and dispose of all records in line with our record retention schedule. We will comply with Data Protection legislation.

What security precautions are in place to protect the loss, misuse or alteration of your information?

We are strongly committed to data security and will take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic, and managerial procedures to safeguard the information you provide to us. However, we cannot guarantee the security of any information you transmit to us. We recommend that you take every precaution to protect your personal information.

Keeping your data up to date

We want to ensure any information we hold is accurate. You can help us by promptly informing us of any changes to the information we hold about you.

Details of any automated decision processes

N/A.

Under 13

If you are accessing online services and are under the age of 13‚ please ask for your parent or guardian's permission beforehand whenever you provide us with personal information

Cookies

Cookies are small text files which identify your computer to our servers. They are used to improve the user experience. View what cookies we use and how you can manage them.

IP addresses

Internet Protocol (IP) addresses are collected when our site is used:

• for statistical or analytical purposes
• to identify any malicious activity.

Complaints

If you would like to make a complaint regarding the use of your personal data you can contact our Data Protection Officer:

• By post: Information Governance, Council House, Corporation Street, Derby, DE1 2FS
• By phone: 01332 640763
• By email: data.protection@derby.gov.uk

For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner's Office (ICO):

• By post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
• By phone: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number

Alternatively, visit ico.org.uk or email casework@ico.org.uk.