MiPermit (and their strategic partner) systems do not store your credit card number. It is automatically passed to the payment authorisation service and then we delete the number. This is one of the security layers implemented for your protection.

Merchant Number
A merchant number is the way that the banks know who is asking for money from your credit or debit card.

Many of our Local Authority and other customers use their own merchant number supplied directly by their own banks. Our strategic partners (for example Chipside Limited) may use their own master merchant number as a service to many different parking location operators. We require use of a company called Sage Pay to ask the banks for payment on your credit card. All our partners are required to use the same service, to ensure the same standards of security.

Who is Sage Pay?
Sage Pay is the fastest growing independent Payment Service Provider (PSP) and is a division of business software company Sage, one of the UK's most trusted business brands. Sage Pay process over 4 billion secure payments each year, for over 30,000 + UK businesses of all sizes. They all rely on Sage Pay to keep their money moving and help them to tackle online card fraud, insuring that the payment process is safe and easy.

Is Sage Pay Secure?
Sage Pay (formerly Protx) provides a secure payment gateway (Level 1 PCI DSS), processing payments for thousands of online businesses, including ours. It is Sage Pay's utmost priority to ensure that transaction data is handled in a safe and secure way.

Sage Pay uses a range secure methods such as fraud screening, IP address blocking and 3D secure. Once on the Sage Pay systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards.

Sage Pay is PCI DSS (Payment Card Industry Data Security Standard) compliant to the highest level and maintains regular security audits. They are also regularly audited by the banks and banking authorities to ensure that their systems are impenetrable.

Sage Pay is an active member of the PCI Security Standards Council (PCI SSC) that defines card industry global regulation.

In addition, you know that your session is in a secure encrypted environment when you see https:// in the web address, and/or when you see the locked padlock symbol alongside the URL.

So when buying through our site, you can be sure that you are completely protected.

More information about shopping securely with Sage Pay can be found at www.sagepay.com/shoppers

PCI DSS Compliance
For your protection and to reduce the possibility of credit card fraud, banks issuing merchant numbers require the holders to be assessed for compliance with banking industry security protocols. Your parking location operator will have decided whether they are charging you directly, or through agents. In any event, each merchant number holder is required to hold a valid PCI certificate for the service.

To operate the MiPermit efficiently, there are a number of data transfers that occur automatically between our systems, those of our partners, suppliers and those of our customers - for example car park location enforcement teams (to advise that your stay is valid). Each transfer has relevant security protocols applied to them as noted briefly below.

Credit Card Information
Information passes to Sage Pay. All transaction information passed between merchant sites and Sage Pay's systems is encrypted using 128-bit SSL certificates. No cardholder information is ever passed unencrypted and any messages sent to our servers from Sage Pay are signed using MD5 hashing to prevent tampering. Nothing we pass to Sage Pay's servers can be examined, used or modified by any third parties attempting to gain access to sensitive information.

Stay Information
Details of your registration, location and expiry time are transmitted to the car park location operator securely using a number of methods depending on what is chosen by the operator.

Financial Information
Details of your payment value (but not your personal details) are transmitted by electronic transfer to car park location operators back office financial systems for audit purposes.

Usage Information
Details of your usage of the service is accessed by the car park location operators using either our management reporting functions or by electronic data transfer, depending on the requirements of the operator.

Customer Details
It is important to understand that you are a customer of the car park location operator in the same way that you are a valued customer of the MiPermit service and its partners. Your name and address may be passed to those parties as part of good systems governance.

Worried About Your Data?We want to ensure that you are comfortable with the use of your data. If you need to speak to us about your data, please email or telephone. We will be pleased to help.

Transfers of Data Outside Europe
We are required to take steps to satisfy ourselves that any country outside the EEA gives adequate data protection rights to you, before transferring your information to any country outside the European Economic Area (EEA) The EEA currently comprises of the EU countries and Norway, Iceland and Liechtenstein. Countries outside the EEA may not give the same level of protection to your information as those within the EEA. Our website is hosted in the UK and we do not transfer outside the EEA any information submitted by you through the site. However, we do currently allow you to access your account worldwide from many devices including mobile devices.