Legal Statements

Last updated: 21st May 2018

Terms & Conditions (of using this web site or smartphone app)

By using our web site you are agreeing to comply and be bound by the following terms and conditions of use, which together with our privacy policy govern Chipside Ltd's (and MiPermit branded services) relationship with you in relation to this web site.

Chipside Ltd are the master strategic partner for MiPermit's services in the UK and provide parking solutions to UK local authorities and private parking companies.

The term 'Chipside Ltd', 'Chipside', 'MiPermit' or 'us' or 'we' refers to Chipside Ltd the owner of this web site whose company registration number is 04049461 (registered in England). The term 'you' refers to the viewer or user of this web site.

The use of this website is subject to the following terms of use:

  • The content of the pages of this website is for your general information and use only. It is subject to change without notice.
  • Neither we nor any third parties provide any warranty or guarantee as to the accuracy, timeliness, performance, completeness or suitability of the information and materials found or offered on this website for any particular purpose. You acknowledge that such information and materials may contain inaccuracies or errors and we expressly exclude liability for any such inaccuracies or errors to the fullest extent permitted by law.
  • Your use of any information or materials on this website is entirely at your own risk, for which we shall not be liable. It shall be your own responsibility to ensure that any products, services or information available through this website meet your specific requirements.
  • This website contains material which is owned by or licensed to us. This material includes, but is not limited to, the design, layout, look, appearance and graphics. Reproduction is prohibited other than in accordance with the copyright notice, which forms part of these terms and conditions.
  • All trade marks reproduced in this website which are not the property of, or licensed to, the operator are acknowledged on the website.
  • Unauthorised use of this website may give rise to a claim for damages and/or be a criminal offence.
  • From time to time this website may also include links to other websites. These links are provided for your convenience to provide further information. They do not signify that we endorse the website(s). We have no responsibility for the content of the linked website(s).
  • You may not create a link to this website from another website or document without Chipside's prior written consent.
  • Your use of this website and any dispute arising out of such use of the website is subject to the laws of England, Scotland and Wales.

Disclaimer

The information contained in this website is for general information purposes only. The information is provided by Chipside Ltd and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.

In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website.

Through this website you are able to link to other websites which are not under the control of Chipside Ltd. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.

Every effort is made to keep the website up and running smoothly. However, Chipside Ltd takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.


Schedule One - Privacy Policy

Last updated: 21st May 2018

Overview

We will have a privacy policy that is clear to understand, uses plain English and is delivered in concise sections. We propose to the use the layered approach where possible, with due consideration to the platform being used by the individual user / data subject.

We do not anticipate that children will be using our service. Our products and services are not designed to be marketed or offered to children. That said, we will have trained advisors should any child approach us for help.

https://ico.org.uk/for-organisations/guide-to-data-protection/privacy-notices-transparency-and-control/privacy-notices-in-practice

Privacy Policy

We are a company called Chipside Limited and we use your personal data to provide our services to you. We take seriously our responsibilities to look after your data. Your privacy is very important to us. Our policies and systems are designed to protect your privacy.

There are actions that you can take to protect your privacy - by telling us how you would like your personal data to be processed. These actions are described in this privacy policy.

Who is responsible for your data?

Chipside Limited is responsible for your data. Our registered address is Chipside Limited, Unit 7, Callow Park, Callow Hill, Brinkworth, Wiltshire, UK, SN15 5FD. We are registered as a company in England and Wales. Our company number is 04049461.

We are the Data Controller for any data that we collect from you. We control the ways that your personal data is collected and how we use that data.

Personal data that we collect about you

We might collect the following kinds of information about you during the course of our contacts with you.

Type of Data Description
Your name and contact details (email address, telephone number, address). When you contact us through our telephone lines, our website contact forms and our applications.
Information about services you have asked us to provide. This will include data about services used by you and of services that you have expressed an interest in using.
Sensitive information about you. This is subject to strict controls and will only be requested when absolutely necessary - for example when you ask us to provide services based on a particular need that you have.
Communications that we have with you, including content. When you get in touch with us via email, letter, telephone, internet, social media, verbally or other means.
Information captured via CCTV or ANPR. Our offices are protected by CCTV systems for protection and investigation purposes.
Information about you, your location and how you use our website, mobile applications and telephone contact systems. We will capture data to help us to deliver our services to you. Examples include your preferred browser settings, your choice of mobile device, your location where you have enabled that function in our applications.
Payment card details. We will record payment information when you pay us for any service provided to you. Full card details are not stored.

Sensitive Data

Certain kinds of personal data about your racial or ethnic origin, your physical or mental health, your religious beliefs or alleged commission or conviction of criminal offences, are special categories of personal data which by law require additional protection. In the course our contacts with you, you might tell us for example:

  • You require large fonts for accessibility reasons.
  • You require an interpreter.

By providing any sensitive personal data, you explicitly agree that we may collect it and use it to provide our services to you.

How we use your personal data

The law states that we can only use your personal data if we have a proper legal reason for using it. The law says that we can use your data for one of the following reasons:

  • To fulfil a contract with you.
  • If we are required by law to use your data for a particular reason.
  • When you consent to us using your personal data
  • When it is in our legitimate interests

Many contacts with you fall under more than one reason. We have set out some examples of the reasons we will use when processing your personal data.

Why we use your personal data Legal reasons for use Legitimate reasons for use
To provide services to you and to explain new services to you. To fulfil a contract with you. Processing with your consent Legitimate reasons. To protect security. Innovating our products, services and prices Undertaking our book keeping and audit processes.
To communicate with you about our products and services. To fulfil a contract with you Processing with your consent Legitimate reasons. Using efficient methods to communicate with you, fulfil our contract obligations and keeping records for audit purposes. To respond to customer enquiries and complaints.
To meet our health and safety policies To fulfil a contract with you Processing with your consent Legitimate reasons. Our legal duty. We monitor everything that we do to ensure we provide safe working and customer environments.
To prevent, detect or investigate fraud. To prevent, detect or investigate security matters. To fulfil a contract with you Processing with your consent Legitimate reasons. Our legal duty. To ensure that we provide safe systems and comply with legal duties.
To run our business as efficiently as we can. To protect our business interests. To manage and work with suppliers and third parties. To fulfil a contract with you Processing with your consent Legitimate reasons To maintain our brand advantage, to provide you with a good level of service and to work as efficiently as we can.

How we use your data to personalise the service we offer you

We use the data we collect about you from different sources to so that we can personalise the service we offer to you. We use information you give us directly and from cookies. Cookies are small pieces of information stored on your device by the web browser of your device. We use cookies placed on your devices to collect data about your use of our websites, products and services. Please see more about cookies in our cookie policy below.

Some common ways that we might personalise the service offered to you using your data are:

  • To provide content in the most appropriate language.
  • To identify you when you access our websites from different devices or locations.
  • To monitor the security of our systems.
  • To help you complete an enquiry, purchase or use or services.

How to manage the marketing messages you receive

You have the right to stop us sending you direct marketing messages. We will record your personal data on our systems to assist us carry out your request.

Chipside does not wish to send out mass marketing to its customer base. We might have to send out automated messages to you in the event that we need to communicate with our customers quickly for any reason.

We will ask you to "opt in" to receiving marketing messages, to help us make sure that we only send you information that you have asked to see.

We will continue to send you communications containing information about your contracts with us, or where you have asked us to communicate with you for a particular reason.

How long we keep your data

We keep your data only for as long as we need it. This period will vary according to why we are processing or holding the data. We need to keep records for a long time to fulfil legal requirements, contractual obligations or to protect our legitimate interests.

We actively review the information we hold. When there is no longer a need for us to hold it, we will securely delete. We are allowed to use some data after that time for historical research, scientific, statistical or public interest purposes.

How we protect your data

We design systems by default to protect your personal data against unauthorised access, unlawful use, accidental loss, corruption or destruction.

We consider carefully whether we need the data in first place. Where we do need your data, we use a range of technical measures to protect your data. These include encryption and password protection.

We also use operational measures to protect the data and to limit the number of people who have access to the systems storing your data.

We keep these security measures under review and refer to industry security standards to keep up to date with current best practice.

Sharing your data

When collect, store and process your data, we do so as part of our normal business operations. That data is private to you and to us. We have no wish to sell your data to other companies. We will not pass your data to companies that purely seek to buy data to operate mass marketing campaigns.

We might pass your personal data to third parties as part of our normal business operations. We might also receive data about you from third parties:

  • Government authorities, law enforcement authorities and other parties with legal powers to demand the data.
  • Suppliers who provide services to us, for example in processing your payment for services. that Our suppliers will give us an undertaking to respect your personal data and comply with data protection laws.
  • Other parties as necessary, after careful review of the need. For example, to investigate a complaint from you, to assess network performance, to assess product or service performance

Sending data outside of the European Economic Area

Our systems, products and services are diverse and rely on modern technology systems that are delivered by many global companies.

Your personal information may be processed outside the European Economic Area (EEA). This means that privacy laws may not provide protection to the same level as in the UK.

Before any transfer takes place we will take steps to ensure that your personal information will be adequately protected as required by the UK law.

Automated Decision Making

Our systems, products and services might use algorithms that make decisions for you and us based on rule sets. An example would be where we work out which product to offer based on data that you have input. This process is designed to let us work efficiently and to produce a timely decision. If you disagree with the result, please contact us and we will ensure that the automated decision is reviewed by a human.

Your rights

We respect your rights. We have designed our systems, products and services with that in mind. Our reputation relies on ensuring that we put things right if we have made a mistake.

You are entitled to see copies of all personal data held by us and to amend, correct or delete such data.

You can limit, restrict or object to the processing of your data.

If you gave us your consent to use your data so that we can send you marketing emails, you can withdraw your consent at any time.

To object to us processing your data, you can call us, send an email to us at data.protection@mipermit.com or you can write to us at Data Protection, Chipside Limited, Unit 7, Callow Park, Brinkworth, Wiltshire, SN15 5FD.

Those same contact details can be used to let us know you wish to exercise any of your rights.

Once you have contacted us, the law requires us to respond to you. For most cases, this will be within one month - we will strive to respond much more quickly. We may ask you to verify your identity before we provide any information to you.

If your request is complicated, it may take a little longer to come back to you but we will come back to you within two months of your request.

There is no charge for most requests, but if you ask us to provide a significant amount of data we are allowed by law to ask you to pay a reasonable admin fee.

Privacy Policy Updates

Our privacy policy will continue to evolve to reflect legal requirements, updated best practice, guidance notes from the Information Commissioner's Office and elsewhere. We may also need to update our policy to protect our legitimate interests.

If we decide to change this privacy policy, we may do so at any time. We will post the updated policy to our internet sites.

Complaints

We respect your rights and work hard to ensure we do things correctly. If we make a mistake, we hope that we can put things right quickly. If you want to complain about our processing of your personal data, please email us at data.protection@mipermit.com or write to us at Data Protection, Chipside Limited, Unit 7, Callow Park, Brinkworth, Wiltshire, SN15 5FD.

You have the right to lodge a complaint with the supervisory authority which is responsible for the protection of personal data in the country where you live or work, or in which you think a breach of data protection laws might have taken place.

Customers in the UK can contact the Information Commissioner's Office by telephone on 0303 123 1113, or by using the live chat service which is available through the Information Commissioner's website www.ico.org.uk.

Feedback - Contact Us

We receive feedback on a continual basis. We use feedback to review our policies and procedures. If you would like to let us know something please let us know using any one of the contact points offered by us. For data processing related issues, please email us at data.protection@mipermit.com or write to us at Data Protection, Chipside Limited, Unit 7, Callow Park, Brinkworth, Wiltshire, SN15 5FD.


Schedule Two - Cookie Policy

How we use Cookies

We do not use cookies to log visits that could indentify your device, or track you between this web site and other websites on the internet.

For more information on cookies and how to remove them, please see www.aboutcookies.org

 

Cookies set by this web site:

Cookie Name Purpose Expires
ASP.NET_SesssionId Session information cookie generated by Microsoft's ASP programming language. This is geneterated by the web server and is not used to collect visitor or tracking data. Expires on exit
MiPermitCookieCheck This cookie is in place to remember your acceptance of our cookie policy. You will not see this cookie if you do not agree to the prompt at the top of the page. 1 Year

Schedule Three - Right to Object

You have the right to stop your personal data being used by us for direct marketing. We as a company will not use your data for direct marketing. We will keep a record of any specific request that you make to refuse direct marketing.

We might use your personal data to communicate with you for other reasons - for example to update you about a product or service that you use, or have asked to use.

You can limit, restrict or object to the processing of your data.

To object to us processing your data, you can call us, send an email to us at data.protection@chipside.com or you can write to us at Data Protection, Chipside Limited, Unit 7, Callow Park, Brinkworth, Wiltshire, SN15 5FD. There is also an 'opt out' contact form here.

Once you have contacted us, the law requires us to respond to you. For most cases, this will be within one month - we will strive to respond much more quickly. We may ask you to verify your identity before we provide any information to you.

If your request is complicated, it may take a little longer to come back to you but we will come back to you within two months of your request.

There is no charge for most requests, but if you ask us to provide a significant amount of data we are allowed by law to ask you to pay a reasonable admin fee.


Accessibility Information

Making our Sites and Smartphone Apps Accessible

MiPermit has a core system design for its internet systems. It also works with many car park location operators on specific pages designed to their corporate requirements. The web pages are designed in order to be accessible to all users, and to comply with the Equality Act 2010.

We followed the Priority 1 and 2 guidelines relating to accessibility as set out by the World Wide Web Consortium (W3C) and Web Content Accessibility Guidelines (WCAG) 2.1 Level AA at a miniumum. All pages on this web site have also been validated for HTML and CSS in accordance with the web standards set out by the W3C.

Our smartphone apps for Apple and Android devices also confirm to W3C accessibility guidelines where applicable and where possible.

Main design requirements we have considered:

  • Auditory and visual content must have alternatives (e.g. text)
  • Don't rely on colour alone for content accessibility
  • Markup and style sheets must be used correctly
  • Use plain language in content where possible
  • Ensure that documents are clear and simple
  • Content in tables must transform correctly
  • Pages featuring new technologies must transform correctly
  • Users must be able to control time-sensitive page updates
  • Embedded interfaces must be directly accessible
  • Consider and design for device independence
  • Use W3C design technologies and guidelines
  • Provide clear navigation mechanisms
  • Provide context and orientation information

Design Implementation

  • Nothing in the design stops the user using operating system accessibility functions - magnifiers, on screen keyboards or touch screens
  • The content on all pages is readable without the style sheets, colour, scripts and applets
  • All images, animations and buttons have alternative descriptions that can be read by screen readers
  • Any multimedia containing important information has an alternative or text-only version
  • All tables used for layout have captions to clarify their layout-only use
  • The pages do not rely on colour for navigation - for example 'click the red link'
  • The site uses simple and straight-forward language where possible
  • The site uses style sheets (CSS) to format text and layout
  • Every link has a clear title
  • Pages should resize according to the access method being used
  • All events requiring a mouse do not hinder the user's ability to view information
  • The user is aware when a pop-up or new window is opened
  • All link phrases make sense when read out

Design Feedback

If you have experienced a problem with the design of this website or our smartphone apps, please let us know and we will do our best to help. Contact us via our contact page.


Disability Discrimination Act

The DDA was passed in 1995, and its purpose was to end the discrimination facing many disabled people and covers design of web sites and smartphone applications.

The Web Content Accessibility Guidelines (WCAG) were set out by the World Wide Web Consortium (W3C) in 1999 to assist web site developers to produce internet sites that are accessible to as many people as possible.


Credit & Debit Card Security

Chipside Ltd (and their strategic partnership with MiPermit) systems do not store your credit or debit card number. It is automatically passed to the payment authorisation service (Sage Pay) and only the last four digits of your card and the expiry date are stored for auditing and account verification purposes. This is one of a number of security layers implemented for your protection.

Merchant Number

A merchant number is the way that the banks know who is asking for money from your credit or debit card.

Many of our Local Authority and other clients use their own merchant number supplied directly by their own banks. Our clients may use their own master merchant number to collect payments from you, or can opt to use Chipside's master merchat number as a service to collect payments. We require use of a company called Sage Pay to ask the banks for payment from your credit/debit card. All our partners are required to use a PCI-DSS certified service to ensure the same standards of security.

Payments taken by Chipside's master merchant account will be shown on your statement as 'Chipside Limited'.

Who is Sage Pay?

Sage Pay (formerly called Protx) is the fastest growing independent Payment Service Provider (PSP) and is a division of business software company Sage, one of the UK's most trusted business brands. Sage Pay process over 4 billion secure payments each year, for over 30,000 + UK businesses of all sizes. They all rely on Sage Pay to keep their money moving and help them to tackle online card fraud, ensuring that the payment process is safe and easy.

Is Sage Pay Secure?

Sage Pay provides a secure payment gateway (Level 1 PCI DSS) for processing payments for thousands of online businesses, including ours. It is Sage Pay's utmost priority to ensure that transaction data is handled in a safe and secure way.

Sage Pay uses a range secure methods such as fraud screening, IP address blocking and 3D secure. Once on the Sage Pay systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards.

Sage Pay is PCI DSS (Payment Card Industry ] Standard) compliant to the highest level and maintains regular security audits. They are also regularly audited by the banks and banking authorities to ensure that their systems are impenetrable.

Sage Pay is an active member of the PCI Security Standards Council (PCI SSC) that defines card industry global regulation.

In addition, you know that your session is in a secure encrypted environment when you see https:// in the web site address, and/or when you see the locked padlock symbol alongside the address, but always check that the certificate which is used to create a https connection is valid and from a trusted source.

When making payments through our services, you can be sure that you are completely protected.

More information about paying securely with Sage Pay can be found at www.sagepay.com

PCI DSS Compliance

For your protection and to reduce the possibility of credit card fraud, banks issuing merchant numbers require the holders to be assessed for compliance with banking industry security protocols. Your parking location operator will have decided whether they are charging you directly, or through agents. In any event, each merchant number holder is required to hold a valid PCI certificate for the service.


Data Transfer Security

To operate the MiPermit service efficiently, there are a number of data transfers that occur automatically between our systems, those of our partners, suppliers and those of our customers - for example car park location enforcement teams (to advise that your stay is valid). Each transfer has relevant security protocols applied to them as noted briefly below.

Credit Card Information

Information passes to Sage Pay. All transaction information passed between merchant sites and Sage Pay's systems is encrypted using a minimum of 256-bit SSL certificates. No cardholder information is ever passed unencrypted and communication between our servers and you, and the payment processor Sage Pay are signed using MD5 hashing to prevent tampering. Nothing we pass to Sage Pay's servers can be examined, used or modified by any third parties attempting to gain access to sensitive information.

Permit/Parking Information

Details of your vehicle registration number, parking location and expiry time are transmitted to the car park location operator handheld computers for the purpose of parking enforcement. This is done securely using a number of methods depending on what is chosen by the operator.

Financial Information

Details of your payment value (but not your personal or card details) are transmitted by electronic transfer to car park location operators back office financial systems for audit purposes.

Usage Information

Details of your usage of the service is accessed by the car park location operators using either our management reporting functions or by secure electronic data transfer, depending on the requirements of the operator.

Customer Details

It is important to understand that you are a customer of the car park location operator (be this a Local Authority or privately owned parking provider) in the same way that you are a valued customer of Chipside and the MiPermit service and its partners. Your name and address may be passed to those parties as part of good systems governance.

Worried About Your Data?

We want to ensure that you are comfortable with the use of your data. If you need to speak to us about your data, please email or telephone. We will be pleased to help.


International Access

Transfers of Data Outside Europe

We are required to take steps to satisfy ourselves that any country outside the EEA gives adequate data protection rights to you, before transferring your information to any country outside the European Economic Area (EEA). The EEA currently comprises of the EU countries and Norway, Iceland and Liechtenstein. Countries outside the EEA may not give the same level of protection to your information as those within the EEA. Our website is hosted in the UK and we do not transfer outside the EEA any information submitted by you through the site. However, we do currently allow you to access your account worldwide from many devices including mobile devices.