Privacy Policy

The purpose of this Privacy Policy is to let you know what to expect when GroupNexus (incorporating CP Plus Limited (company number 02595379); Ranger Services Limited (company number 04797172) and Highview Parking Limited (company number 05541862) together and individually “We”) collect your personal information.

This privacy policy explains how we will use any personal data we collect from you, or that you provide to us, in order to provide parking services.

This privacy policy aims to give you information on how we collect and process your personal data, including any data collected when you enter or remain at one of our car parks, contact us in any way or use our services. 

This privacy policy supplements other notices about privacy.

What do we do?

We are a data controller and offer a complete range of integrated technology solutions for car parking. We are one of the leading providers of Facilities Management and Automatic Number Plate Recognition (ANPR) car park management services to both the private and public sectors.

What data do we collect?

We collect images of your vehicle and your vehicle registration mark (VRM) either by ANPR or parking attendant. When there is a requirement for us to issue a Parking Charge Notice (PCN) your name, address, VRM and vehicle movements within the parking area will be processed.

We also collect personal data from those employees of our clients authorised to access our parking management portal. 

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows: 

  • VRM, images of your vehicle;
  • First name, last name; employee status (if employee of a client authorised to access our portal)
  • Address, email address and telephone numbers;
  • Payment details; limited to the method and amount of the payment; we do not store any bank or credit card details.
  • Any information you provide to us in correspondence;
  • Cookies, IP information;
  • Details of your marketing and communication preferences;
  • We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). However, if you provide us with any of this information, for example within correspondence or as part of an Appeal, we will treat it accordingly. 

All information we collect and receive about you will be processed in accordance with this policy.

How do we collect your data?

  •  Images collected via ANPR or parking attendant;
  • Information provided via a client portal (for permit parking only);
  • Where terms and conditions of parking have not been complied with by requesting registered keeper details of your vehicle from the DVLA;
  • From our clients who employ you and authorise you to assist with car park management by accessing our Portal;
  • You may give us your personal data when you make an appeal or contact us for any other reason; and
  • We collect personal data by using cookies on our website.

What is our Lawful Basis for processing your data?

We process your data as it is necessary under the following lawful bases for processing personal data:

  • Contract – Processing is necessary for performance of the parking contract which has been formed when you entered and remained in the parking area;
  • Legitimate Interests – Processing is required to protect and enable pursuit of legitimate interests in ensuring the car park is effectively managed; pursuing unpaid parking tariffs, charges and sums due; the prevention and detection of crime including the investigation and validation of insurance claims; Vehicle and traffic analytics, and and promoting the safety and security of the parking area; and
  • Legal ObligationIn order to fulfil our statutory or regulatory obligations to HMRC and any other statutory or regulatory requirements. 

We have set out below, a description of the ways we plan to use your personal data, and which of the legal basis we rely on to do so.



Type of data


Lawful basis for processing including basis of legitimate interest


To manage our car parks


(a)     VRM

(b)    Image of vehicle

(c)     Personal details of client employees


(a)     Performance of a contract with you

(b)    Necessary for our legitimate interests

(c)     Necessary for our legitimate interests and those of our client to restrict access to our portal to authorised employees only


(a)     To contact the DVLA or a hire or vehicle company

(b)    In order to issue a PCN

(a)     VRM

(b)    Name and address

(a)     Performance of a contract with you

(b)    Necessary for our legitimate interests (to allow us to contact the vehicle’s keeper and recover debts due to us)


(a)     To review an appeal made to us and respond

(b)    To review and respond to an appeal made to POPLA

(a)     Identity information

(b)    Contact details

(c)     VRM/Images

(d)    Any information provided in your appeal


(a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

(c) Legitimate interests (to improve the parking experience for motorists)


To take payment in respect of a Parking Charge Notice


(a)     Identity information

(b)    Payment information

(a) Performance of a contract with you

(b) Necessary for our legitimate interests (running our business, recover debts due to us)


To share your details with a third party in order to enforce the debt where a Parking Charge Notice remains unpaid (a)     Identity

(b)    Contact details

(c)     VRM/Contravention details

(a)     Performance of our contract

(b)    Legitimate Interests (to enforce the debt, our business interests)

To administer the website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Cookies/technical personal information


(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud)
In order to administer the business, for example:

(a)     our mail service provider

(b)    IT and technical assistance

(c)     Payment service providers

(d)    Credit reference agencies

(e)    Collection agents

(a)     Identity

(b)    Contact details

(c)     Cookie/IP information

(d)    Payment information


(a)     Necessary for our legitimate interests (running a business, provision of support/admin services, to provide a good service for our customers)
To comply with our auditing obligations to the DVLA, HMRC, etc (a)     Identity

(b)    VRM/Contravention information

(a)     For the performance of our contract with the DVLA

(b)    To comply with a legal obligation


We will only use your personal data for the purposes listed above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original reason for capturing your data.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. 


Who do we share data with and why?

We will only share data in a way that is proportionate to the purposes explained above and ensure your information is processed securely. We will only share information about you and/or your vehicle with the types of organisations listed below:

  • DVLA
  • The police and other organisations involved in crime detection and prevention
  • Organisations involved in investigation and validation of insurance claims
  • The landowner and/or their agents
  • Organisations involved in traffic and vehicle analytics
  • Our clients and suppliers
  • Vehicle hire companies
  • Debt collection agents both UK and European for enforcement
  •  British Parking Association (BPA)
  • Parking on Private Land Appeals (POPLA)
  • Internal departments

This data is processed for the purpose of

  • Ensuring compliance with our parking terms, signage is displayed throughout each car park.
  • Issuing a PCN where the parking terms have been breached.
  • Progressing any issued PCN until payment is received
  • Reviewing appeals (both internal and with POPLA)
  • Recovery, including instructing a debt collection agency or another legal process
  • The prevention and detection of crime
  • The investigation and validation of insurance claims
  • Vehicle and traffic analytics

Your rights

Under the GDPR and data protection law, you have rights as an individual which you can exercise in relation to the information that we hold about you.

You have the right to access any personal information that we process about you and to request information regarding:

  • What personal data we hold about you
  • The purposes of the processing
  • The categories of personal data concerned
  • The recipients to whom the personal data has/will be disclosed
  • How long we intend to store your personal data for

If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information, and we will strive to do so as quickly as possible, by writing to the address below in the ‘How to contact us’ section.

Access to personal information

You have the right to obtain a copy of the information that is held about you.  This is known as making a subject access request. This right of subject access means that you can make a request under the Data Protection Act 2018 to any organisation processing your personal data asking that they

  • Provide you with a description of it;
  • Tell you why they are holding it;
  • Tell you who it could be disclosed to; and
  • Let you have a copy of the information in an intelligible form

In order to request a copy of personal information that you believe we may hold about you, please contact us using the details within the ‘How to contact us’ section of this document.  There is no fee involved in making a subject access request, although a reasonable fee may be charged for duplicate, excessive or clearly unfounded requests.

Visitors to our websites

We use and protect any information that you provide when you use the website and any subdomains of  We are committed to ensuring that your privacy is protected.  Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this Privacy Policy.

We also utilise several public-facing websites which provide the facility to pay for or appeal Parking Charge Notices (PCN). These are only accessible by entering both the PCN reference number and the VRM (Vehicle Registration Mark) on the login screen.

We operate several public-facing websites which are only accessible to Clients via a username and password login.

Where appropriate, we distinguish between registered users and visitors to our website.  If you are using any of these services, you must be a registered user. If you are simply visiting our website, you are a visitor.

Registered users – required information

Registered users access the secure portal to enter permit parking details of visitors, staff, contractors and guests, as well as view statistics on car park usage. The personal data entered on the portal is provided by the client, not collected by GroupNexus. The client obtains the consent of the individual to enter all or some of the following personal data onto the portal;

  • Full name;
  • Department;
  • Employee number;
  • Permit type;
  • VRM;
  • Make model and colour of the vehicle;
  • From and to dates that a parking permit covers;
  • Site location and department/tenant; and
  • Free text box for extra information entered only by the client.

On each occasion that you access the website and portal we also automatically collect:

  • IP address;
  • Web browser type and version;
  • Operating system;
  • A list of URLs starting with a referring site and the site you exit to; and
  • Details of all activity undertaken by you when using the website.

Use of cookies by GroupNexus

A cookie is a small file, downloaded to your hard drive, that helps a website to anonymously identify you.  Cookies can be used to personalise website experiences and can make the sites you visit quicker and easier to use.  Cookies can only be accessed by the website that created them.

We may create and access cookies on your computer.  You can delete cookies from GroupNexus, but if you do you may lose information that enables you to access the website more quickly and easily.

How long will we keep your data?

We will keep your personal data for no longer than is necessary to carry out the purposes explained above, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

Security and performance

Data security is of great importance to GroupNexus. To protect your data, we have put in place appropriate physical, electronic and managerial procedures to safeguard and secure data collected online.

We will keep all your information including DVLA keeper details, information provided to us by third parties, your written and electronic correspondence and telephone messages securely and confidentially. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.

We cannot guarantee the security of your data transmitted from our site; any transmission via the internet is at your own risk. Once we have received your information, we will apply our security safeguards to prevent unauthorised access.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.


Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy.  Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.

Third party web sites and services

We may use services provided by third parties for assisting with, but not limited to, the distribution of newsletters, payment handling, search engine facilities, advertising and marketing.  Third party suppliers will have access to certain personal data provided by users of this web site. Any personal data used by third party suppliers can only be used to perform the services requested by GroupNexus.  Use of data for any other purpose is strictly prohibited. All data processed by third parties must be processed within the terms of this Privacy Policy and in accordance with the data protection law.

Links to other websites

This Privacy Policy does not cover any other websites which are linked to from this website. We encourage you to read the privacy statements on the other websites you visit.

Changes to this Privacy Policy

We keep this Privacy Policy under regular review, and it was last updated in March 2020. Any changes to this Policy will be posted on the GroupNexus public website. If there is a material change to the Policy, registered users will be notified and given an opportunity to reaffirm consent.  Visitors are deemed to have accepted the terms of the Policy on their first use of the GroupNexus’ public websites following any alterations.

Complaints or queries

We try to meet the highest standards when collecting and using personal information.  For this reason, we take any complaints we receive about this very seriously. We encourage you to bring it to our attention if you believe that our collection or use of your information is unfair, misleading or inappropriate.

If you want to make a complaint about the way we have processed your personal information, please do so via the contact details.  If you are not satisfied with our response, then you can contact the Information Commissioner’s Office (ICO) at which is the statutory body overseeing data protection law in the UK.

How to contact us

If you would like more information about how we process your data or if you wish to assert any of your rights set out above, please contact our data protection officer/ privacy team by:



Write to us at:

Data Protection Officer
Jack Straws Castle
North End Way
London, NW3 7ES

This Policy was last updated on 1st April 2022

Name: Elli Morris

Appointment: Director 

Date: 06.06.23 Version 3.2