IMPORTANT: Please make sure your posts do not contain any personally identifiable information (both your own and that of others). When uploading images, please take care that you have redacted all personal information including number plates, reference numbers and QR codes (which may reveal vehicle information when scanned).

DCB Legal (and possibly other DRAs) - A potential way to get them to drop hands

Thorndorise
Thorndorise Posts: 284 Forumite
100 Posts First Anniversary Photogenic Name Dropper
in Parking tickets, fines & parking

Sharing this as I have been successful at getting DCB Legal to drop hands prior to making a claim via the Courts, but definitely after LbC (LoC).

What I would say, is this does and should not detract from the excellent process that is well established in the Newbies threads, Plan A and so forth...this is an additional feather in your cap.

This has worked with the situation I found myself in with my PPC, and I suspect it may well work with any other that has the same predicament (when I say predicament - I mean shoddy practice in making sure that they can share your personal data with a third party).

I was in two minds about sharing this as they may cotton on to it being done, however it has been 4 years that 'my' PPC have had this situation that they have also been made aware of, and I know of others that have flagged this to them also, but they still have resolved it after months of knowing, so it's likely that the less clever companies won't cotton on at all.

The focus is on their privacy policy and adherence to GDPR and ICO's guidance about what you should and shouldn't have in their company’s privacy policy.

Long story short, they must have ‘recipients’ and/or ‘groups of recipients’ that they will share the acquired personal data with. For example, as members of an ATA, they can use the KADOE service to get your details from your VRM (number plate), if they want to share that with a third party, they must be as explicit as possible about doing so in any ‘notices’ or ‘policies’ (and most do this through their privacy policy). And to share with a third party such as a Debt Recovery Agent (e.g. DCBL limited and their sister company DCB legal) they must, at the very least, include ‘Debt recovery agents’ in their list of third parties they share that info with.

With the PPC I was dealing with, they did not include DRAs, or a named DRA. Thus, they shared that information unlawfully. When I challenged DCB Legal on this point (and pointed out that any Debt recovery they would have performed (or continue to perform)  for this PPC would have been passed to them unlawfully) – they soon informed me they would no longer be representing that client with my PCN and related debt!

I have reviewed the IPC firms that don’t have a privacy policy that covers this aspect, and as such are good candidates for challenging the legality of sharing your personal details with an unlisted third party. I’ve not yet looked at BPA, as their appeals process seems to be slightly better than the IAS – which is utterly pointless.

The firms that don’t appear to have the relevant ‘recipients’ or ‘categories of recipients’ that cover them are;

  1. ES Parking Enforcement Limited
  2. FAAC UK ltd (Trading as FMS (FAAC Mobility Services))
  3. HX Car Park Management Limited (Trading as HX PCN Ltd) (inadequate)
  4. Llawnroc Parking Services Ltd (NB website has been deactivated and they are currently on companies house with a proposal to strike off)
  5. National Parking Control Group Ltd
  6. Parking Charge Collections Ltd
  7. Premier Parking Enforcement Ltd (inadequate)
  8. Total Car Park Management Limited (inadequate)
You will read that most of these companies have the legal basis of ‘Legitimate interest’ to collect your data – the easiest for PPCs to use, but any sharing of data must be transparent, i.e. within their quoted privacy policy link, location or website on any PCN – it must include the ‘Recipients’ or ‘Categories of Recipients’ that will receive said data that included third parties working on behalf of PPC, or their sub-contractors.

If Debt Recovery Agents or similar are not included/listed – The PPC have no legal basis to share the data and would be breaking the law by doing so. One could assume that it might also be useful to include it on any contractual signage that they claim form part of their invoice/PCN contractual terms – however it generally won't be seen there either. I always refer them to the ICO website at https://ico.org.uk/

The idea of having this transparency has been a mandate of the GDPR since it's inception, and working parties have sought to clarify the statement about 'recipients or categories of recipients' more recently (I'm thinking of the GDPR Article 29 Working Party Guidelines on transparency under Regulation 2016/679) who specifically called this element out, stating;

The actual (named) recipients of the personal data, or the categories of recipients, must be provided. In accordance with the principle of fairness, controllers must provide information on the recipients that is most meaningful for data subjects. In practice, this will generally be the named recipientsso that data subjects know exactly who has their personal data. If controllers opt to provide the categories of recipients, the information should be as specific as possible by indicating the type of recipient (i.e. by reference to the activities it carries out), the industry, sector and sub-sector and the location of the recipients.

Now, this applies across the EU, but we're not in that anymore, so...the ICO stated similarly

The UK Information Commissioner's Office (the "ICO") guidance on the right to be informed (which is only applicable in the UK) states that where controllers share personal data, controllers should tell data subjects the names of the organisations or the categories that the recipients fall within. However, the ICO recommends to "be as specific as possible" if only the categories of recipients are disclosed.

In the ICO's previous enforcement decision, the ICO underscored that controllers who decide to provide categories of recipients (rather than named recipients) need to be as specific as possible when identifying recipients of personal data. Generic descriptions such as "business partners" or "analytics providers" did not give data subjects enough information about who was processing their data, where the data was being processed, and what those recipients did with the data.

I hope this provides a little extra support for anyone that needs to nip DCBL/Legal - or indeed any of the other 'legal' ambulance chasers away.

«1

Comments

  • paddyposh
    paddyposh Posts: 516 Forumite
    Part of the Furniture 100 Posts Name Dropper Combo Breaker
    edited 8 January at 6:02PM
    Thought I would check mine (Spring Parking Ltd) as I am due in court tomorrow (Spring/DCBL), can't even find a privacy policy on their website!
  • Gr1pr
    Gr1pr Posts: 6,801 Forumite
    1,000 Posts First Anniversary Photogenic Name Dropper
    paddyposh said:
    Thought I would check mine (Spring Parking Ltd) as I am due in court tomorrow (Spring/DCBL), can't even find a privacy policy on their website!
    Me neither,  even though their complaints pdf mentions it 
  • paddyposh
    paddyposh Posts: 516 Forumite
    Part of the Furniture 100 Posts Name Dropper Combo Breaker
    Gr1pr said:
    paddyposh said:
    Thought I would check mine (Spring Parking Ltd) as I am due in court tomorrow (Spring/DCBL), can't even find a privacy policy on their website!
    Me neither,  even though their complaints pdf mentions it 
    Same. In fact it has 2 small paragraphs on their main page:

    Privacy Policy

    In providing our service, you may be asked to provide Personal Information through online forms, e-mail, payment processing and/or other means of communication. We do not share or store this information with any third parties. We do not sell, trade, or rent your (nor your business) Personal Information to others. Any information that we obtain from you will be used lawfully and in strict accordance with the Data Protection Act 1998.

    Our website sometimes provides links to other websites. Any links are provided for your convenience so as to provide you with further information and assistance. They do not signify that we endorse the websites. We have no responsibility for the content of the linked websites.


    And that is it.

  • paddyposh
    paddyposh Posts: 516 Forumite
    Part of the Furniture 100 Posts Name Dropper Combo Breaker
    Will await further comments from people more clever than me, and to not hijack the thread, but wondering if it’s worth a shot emailing them as a last ditch effort to try and push DCB for a very last minute NoD
  • Thorndorise
    Thorndorise Posts: 284 Forumite
    100 Posts First Anniversary Photogenic Name Dropper
    edited 8 January at 7:36PM
    paddyposh said:
    Will await further comments from people more clever than me, and to not hijack the thread, but wondering if it’s worth a shot emailing them as a last ditch effort to try and push DCB for a very last minute NoD
    Worth a shot, and can't hurt, like I said in my email, it may be late in the day but think it may have legs - both you and Gr1pr did well I couldn't even find that info on their website...

    Edit, found it, was looking for a tab or link agreed, that's rubbish!

  • Thorndorise
    Thorndorise Posts: 284 Forumite
    100 Posts First Anniversary Photogenic Name Dropper
    Thanks @Coupon-mad

    I galls me to my core that the business model (that you always eloquently describe better than I) is so 'minimal effort', with small set-up costs and a conveyor belt approach to their PCNs and their collection. What makes it worse is that they really cannot be bothered to follow the rules, whether it be the letter of the law, well-written English (had 'of') or just general being good people (and to date, I've come across 0 that are).

    So what can we do, keep applying the pressure, be their regulators and call them out (and it'll have to be repeatedly as shown my IPCs inadequate responses) on their poor values and behaviours.

    Totally agree we need to keep making sure we can continue to 'sock it to 'em' even after regulation, as we all know, even then there will be LOT of gaps...

    BTW, with my PPC - they've now been reported to the ICO on their sharing of my personal data with DCB Legal  - even though DCB group have dropped it like a stone - I still want the PPC to act properly. Sadly however I've heard nothing from the ICO and they are well over their normal timelines for report - I'll be chasing.

    And yes, of course will update with the BPA - I must admit until I saw this from Paddyposh I wrongly assumed they were a step up from the IPC - but it appears not...

     

  • paddyposh
    paddyposh Posts: 516 Forumite
    Part of the Furniture 100 Posts Name Dropper Combo Breaker
    Thank you btw @Thorndorise for bringing this up and for helping me privately draft the email to send to them. Sadly I think it's too late for me now as my hearing is in a few hours, I doubt they will even pick my email up before that. And I doubt it's something I can bring up to the judge? Unless it is something I can say towards the claimant in the room to throw a spanner in the works ?
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 349.9K Banking & Borrowing
  • 252.6K Reduce Debt & Boost Income
  • 453K Spending & Discounts
  • 242.8K Work, Benefits & Business
  • 619.6K Mortgages, Homes & Bills
  • 176.4K Life & Family
  • 255.8K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 15.1K Coronavirus Support Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture