The purpose of processing
For further information regarding how JAQU processes your data please visit https://multiple-vehiclecheck-pay.drive-clean-air-zone.service.gov.uk/privacy_notice
We may further be required to process this information should your vehicle be subject to enforcement action for failure to pay a charge. B&NES is the sole data controller for this processing activity.
Data taken from the ANPR is also used for the purposes of traffic management by the Council. For this purpose the Council is the sole data controller.
When the CAZ Central Service checks VRMs against the DVLA database, JAQU and the Council may use and share your:
• Phone Number
• Email address
• Number plate ("vehicle registration mark")
• Determine whether a vehicle entering a CAZ is compliant with the CAZ Framework, and if the vehicle is not compliant, whether it is liable to be charged and, if so, how much: and
• Provide a first point of contact for the resolution of queries and to support assisted digital users.
The CAZ Central Service also allows individual motorists and fleet operators to pay for entry into the CAZ.
An email address will be requested from you to allow a payment transaction receipt to be sent by GOV.UK Notify. The Council will be sent confirmation of the payment including the vehicle number plate that has been paid for. The payment information in the CAZ Central Service is matched with the ANPR feed from local authorities to exchange payment status.
JAQU and the Council will be using the Council's automatic number plate recognition (ANPR) cameras covering the CAZ to record your VRM. Your number plate will also be collected if you use the vehicle checker ("Check if you'll be charged to drive in a Clean Air Zone") service accessible at: https://www.gov.uk/check-clean-air-zone-charge.
Should a charge not be paid within 7 days the Council will take enforcement action and issue a Penalty Charge Notice (PCN).
The data that is captured will also be used by the Council’s Traffic Management Team to determine the most efficient use of the road network and the avoidance, elimination or reduction of road congestion or other disruption to the movement of traffic on the road network.
GDPR condition relied upon for processing personal data:
For the purposes of traffic management, the duties placed upon the data controller under section 16 and 17 of the Traffic Management Act 2004.
GDPR condition relied upon for processing special category data
NO2 Plan Evaluation data
In order to understand the extent to which the programme is meeting its stated aim of reducing nitrogen dioxide concentrations to within legal limits in the shortest possible time, a clear understanding of fleet composition (with reference to Euro Standards) before, during and after implementation of Local Plan measures, is needed.
We will be sharing VRM details with JAQU quarterly for the duration of the evaluation. DfT will match this data with vehicle type and emissions data which will be anonymised, before being sent back to the local authority and 3rd parties (Ricardo Energy and Environment and Ipsos MORI) for further evaluation and reporting.
Local authorities and JAQU won’t retain the VRM data, but DfT will retain pseudonymised data (where identifying details are replaced with a key) for no longer than 12 months.
The Joint Controllers have agreed the following arrangement to determine their respective obligations under the UK GDPR:
• They have jointly prepared this privacy notice.
• They will cooperate with each other in responding to any request each receives from data subjects exercising their rights under data protection legislation in relation to their personal data (a ‘Data Subject Request’). The party which receives the Data Subject Request will fulfil the obligations of the controller to respond to the request in accordance with data protection legislation.
• They will provide reasonable assistance to each other to enable a Data Subject Request to be dealt with in an expeditious and compliant manner.
• Each shall be responsible for fulfilling the controller’s responsibilities under data protection legislation as to security of personal data when that personal data is processed on systems controlled by that party.
• If one Joint Controller discovers a data breach, that party (the ‘Reporting party’) will be responsible for assessing whether the breach constitutes a personal data breach that is required to be notified to the Information Commissioner’s Office and (where applicable) to the data subjects under Articles 33 and 34 of the UK GDPR. The Reporting party shall fulfil the obligations of the controller to give such notice, if it is required, in accordance with data protection legislation.
• They have agreed to provide reasonable assistance to each other in order to facilitate the handling of any data breach in an expeditious and compliant manner.
• In the event of a dispute brought by a data subject or a data protection authority concerning the processing of personal data against either or both of them, the Joint Controllers will inform each other about any such disputes or claims, and will cooperate with a view to settling them amicably in a timely fashion.
Irrespective of the above arrangement, you can exercise your rights under the UK GDPR in respect of and against each of the Joint Controllers if you wish.
No data will be transferred outside of the EU.
For the purposes of traffic management, we will retain details in relation to the vehicle only and will retain this for up to 3 months.