Skip to content Skip to footer

Terms & Conditions

This website is provided by Corporate Services Parking Management (CSPM). You may use this website if you agree to be legally bound by the terms set out below. If you do not agree to be legally bound by these terms, please do not access and / or use (the CSPM website). The CSPM website is only intended for use by people who live in the UK.

Changes to terms

We may make changes to the CSPM website, including these terms, at any time. You will be legally bound by the updated or amended terms from the first time you access the site after we put the changes online.

Intellectual Property

For non-commercial personal use you may copy, download, or print off copies of the material, information, data and other content included on the CSPM website. You will need to obtain permission in writing from us before you make any other use of the website content.

The rights of images, trademarks, trade names and logos included on the CSPM website and linked resources are owned by us and /or third parties. You will need to obtain permission in writing from the owner before you may use these images, trademarks, trade names and logos in any way.

In using this website, you must respect the intellectual property rights of CSPM and others. Your unauthorised use of content may violate copyright, trademark, privacy, publicity, communications, and other laws, and any such use may result in your personal liability including potential criminal liability.

Third party websites

We do not monitor the content of third party websites. Any link provided on the CSPM website is solely for your convenience. We do not accept any responsibility for any third party website.


We exclude any liability to you should the CSPM website and / or any of the associated resources not be available at any particular time.

We do not accept any liability to you for any of the following types of loss or damage (which you may suffer as a result of your use of the CSPM website) whether the losses were foreseen, foreseeable, unforeseen, unforeseeable, known or otherwise.

  • Loss which arose when you first accessed the CSPM website (even if that loss results from our failure to comply with these terms or our negligence).
  • Any business loss you may suffer, including loss of revenue, loss of profits or loss of anticipated savings (whether those losses are the direct or indirect result of our default).
  • Loss which you suffer other than as a result of our failure to comply with these terms or our negligence or breach of statutory duty.
  • Any loss suffered due to the default of any party other than us.

We do not warrant that the CSPM website or any content will be available uninterrupted or error free, that defects will be corrected, or that the CSPM website or its supporting systems are free of viruses or bugs.

We do not accept any liability to you if we fail, or are interrupted or delayed in the performance of any obligation because of:

  • The non-availability or failure of any telecommunications or computer services, systems, equipment or software operated or provided by you or any third party.
  • Any other event not reasonably within our control.
  • We do not give any commitments or accept any liability to you in respect of the CSPM website content by other users of the website or third parties.


If any of these terms are determined to be illegal, invalid or otherwise unenforceable that the remaining terms shall remain in full force and effect.

These terms and conditions shall be governed by and interpreted in accordance with the laws of England and Wales and you hereby submit to the exclusive jurisdiction of the courts of England and Wales in respect of any dispute arising out of / from these terms and conditions.

Privacy Policy


We are Corporate Services Parking Management (CSPM). This is a trading style of Corporate Services (Hereford) Limited. This division of our company provides car park management to a range of individuals, organisations and businesses.

When collecting the data specified in this privacy policy, we are the Data Controller.

This document explains:

  • Why we process personal data;
  • What personal data we collect;
  • When and why we will share personal data;
  • How long we will keep personal data for.

This policy also explains your rights as a data subject, including information about the right to access the information we hold about you.

In certain circumstances, you also have the right to object to the processing of your data, to request that processing be restricted, or to request that we rectify or erase the data we hold about you. Further information is provided below.

Under data protection law, if you request that we action any of these rights, we must verify your identity before providing information to you.

We must also provide you with an explanation if we do not agree with your request.

Data Security

We look after your personal data by having security that is appropriate for its nature and the risks that might result to you from a breach of security. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site, any transmission is at your own risk.

Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. Those with whom we share data are also required to process your data in-line with contractual safeguards and data protection law requirements.

With regard to each of your visits to our site, we may automatically collect technical information, including the Internet Protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; information about your visit, including the full Uniform Resource Locators (URL) click-stream to, through and from your site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and the methods used to browse away from the page and any telephone number used to call our customer service number. The information which we collect and store during the normal use of the site is used to monitor and analyse how parts of the site are used.

What data is processed when you use car parks which we manage?

What data do we collect?

When you use a car park which CSPM manage, we collect and process data comprising of images of vehicles using the car parks and/or the Vehicle Registration Mark (VRM).

If the contractual parking terms and conditions are breached, a Parking Charge Notice may be issued. The data processed when issuing a Parking Charge Notice includes the recipient’s name and address, images of the vehicle, its details and movement whilst using the car park and the Vehicle Registration Mark (VRM).

If you submit an appeal in relation to a Parking Charge Notice, or otherwise correspond with us, including via the telephone, you may provide us with additional personal data. The data we process may include: the VRM, your name, address, email and telephone number; a Parking Charge or other reference number; the capacity in which you are appealing (e.g. keeper, driver, hirer, other); and any other information you provide within any correspondence, telephone call or appeal, including any documentation you share with us.

How we collect data

Images of vehicles and VRMs are collected via ANPR cameras, Mobile ANPR cameras and attendants onsite. Where in operation VRM data may also be collected and processed via the payment and/or terminal systems.

If you have received a Parking Charge Notice and you are the registered keeper of the vehicle, as held by the relevant vehicle licensing agency, then your data has been provided by the Driver and Vehicle Licensing Agency (DVLA) or international equivalent.

If you are not the registered keeper of the vehicle, then your data has been provided by:

  • A third party who has confirmed that you were responsible for the vehicle on that date;
  • A third party who has confirmed that you were driving the vehicle on that date;
  • A third party who has confirmed that the vehicle was on hire or leased to you on that date.

If you submit an appeal or otherwise correspond with us, the data processed by us will be as provided by you within that appeal or correspondence. Where someone appeals or corresponds with us on your behalf, then the data processed will be provided within the documentation we receive from them.

What if you provide sensitive data within an appeal or correspondence?

Depending upon the nature and content of your appeal or correspondence, the information or documentation provided may be classed as “special category” personal data and will therefore be considered to be more sensitive.

Examples of this type of data include, although are not limited to; personal identity numbers, financial account information, information about an individual’s race or ethnic origin, sexual orientation, political opinions, religious, philosophical or other similar beliefs, or information about an individual’s physical or mental health.

The information on the correspondence issued by us explains that we will process any special category data provided based upon your explicit disclosure of that information.

We will continue to process any “special category” personal data provided by you, as specified above, unless we are notified that your consent to processing has been withdrawn.

You are free to change your mind at any time and withdraw your consent. The consequences might be that we will no longer be able to consider your circumstances in full when reviewing an appeal and then considering whether further action is appropriate should a Parking Charge remain open.

If you wish to withdraw your consent, please contact us using the details on the PCN or via our Contact Us page.

How will we process your data and why do we process it?

When using car parks managed by CSPM, personal data is collected and processed for the purposes of;

  • Ensuring you comply with the parking terms and conditions, as displayed on signage throughout each car park and to enforce those terms and conditions necessary.
  • Issuing a Parking Charge Notice where the parking terms and conditions have been breached.
  • Progressing any issued Parking Charge to closure or payment, which includes reviewing and responding to appeals (both internal and with POPLA) and seeking payment of the Parking Charge amount. Recovery may include collections undertaken via the use of debt collection agents and/or legal action (where required).
  • Providing car park management services, including the prevention and detection of crime, and data analytics.
  • Our lawful basis for processing data are Performance of a Contract and Legitimate Interests.

If you are the driver of a vehicle using a car park managed by CSPM, your data is collected and processed as necessary for the performance of the parking contract. This includes ensuring you comply with the parking terms and conditions, as displayed on signage throughout each car park, and to enforce those terms and conditions where necessary.

We will also process data in pursuit of our, the landowners, and the public’s legitimate interests including;

  • The enforcement of breaches of the parking terms and conditions where the recipient of the Parking Charge was not the driver of the vehicle.
  • Enforcement of breaches of the parking terms and conditions ensures a better overall parking experience for all users of the facilities.
  • The provision of an effective appeals service, which is provided in-line with the British Parking Association’s Code of Practice. Where the Parking Charge was issued in England and Wales, this includes an opportunity for all motorists to lodge an appeal with the Parking on Private Land Appeals (POPLA) service should their appeal to us be rejected.
  • Progressing the Parking Charge we issue, either to closure or payment, supports the parking services we offer.
  • The provision of an effective car park management service to improve the customer experience.
  • Sharing information with the landowner where they have agreed to provide parking permits to certain individuals (e.g. staff parking permits), or where a payment account for specified vehicles has been agreed.
  • Carrying out data analytics, including reporting on vehicle turnover, vehicle type and repeat visits.
  • Providing data to the police to assist with the prevention and detection of crime (as appropriate).
  • As part of the audit processes undertaken by the DVLA and BPA.

Who do we share data with?

In order to enforce the parking contract where a breach has been identified and to support the legitimate interests explained above, we may share data with the following organisations;

  • Vehicle licensing agencies, such as the DVLA or an international equivalent. This includes sharing data to obtain the contact name and address details of a vehicle’s registered keeper, as well as sharing for audit purposes.
  • The police or other security organisations for the safety and security of car park users, and in order to prevent and detect crime.
  • Vehicle hire and lease companies where they confirm that a vehicle was on hire or leased on the date that the vehicle was captured parking in breach of the parking terms and conditions.
  • Other organisations such as the British Parking Association (BPA), the Parking On Private Land Appeals (POPLA) service for parking events in England and Wales, Debt Recovery Plus Limited (DRP), landowners, managing agents, tenants, our press office (where related to media/press query), and any authorised sub-contractors such as mail service providers, business process outsourcers, credit reference agencies, legal advisors, IT service providers, and payment service providers.

What data is processed when you pay a Parking Charge online?

This privacy statement applies to all personal data which is submitted within the online form when you click on the “Pay Your PCN” button within the website.

We use ECom6 payment service providers (PSP) to process payments. When making a payment you will access a separate ePayment web page or portal, hosted and administered by the PSP, and you will leave this website.

What data will be processed?

The data processed whilst you make a payment of a Parking Charge may include a Vehicle Registration Mark (VRM), a parking charge reference, email address, postal address, telephone number, credit or debit card number, expiry date and security code. The parking charge reference and VRM will be used for the purpose of locating the relevant parking charge to enable the PSP to populate the payment screen with the outstanding amount payable and the other details will be used by the PSP to process the transaction.

Data Security

The PSP is responsible for the collection, security and integrity of such data captured from the ePayment web page or portal collected and processed by the PSP in an encrypted file. The PSP assumes responsibility for the security and integrity of such transaction data that it may retain in transaction data history files. Where the delivery of the transaction data occurs, the PSP assumes responsibilty for the security, integrity and delivery of such transaction data until such delivery occurs.

The PSP operates and maintains responsibility for keeping in good working order host authorisation and submission of internet transactions including any encrypted data collected and processed by the PSP as part of an authorisation or settlement request originating from the ePayment web page or portal, including (but not limited to) confidential cardholder data such as credit / debit card number, CSC codes, card holder name, address details (where AVS is used) and authorisation codes approved by the agreed Merchant Services Acquirier (MSA) and facilitates upgrades to such systems as agreed between the PSP and the MSA from time to time.

Although we endevour to ensure the PSP will do its best to protect your personal data, we cannot guarantee the security of your data entered via payment web pages, apps, or portals. These links have their own privacy policies which you should read before transmitting any data and are provided to improve your convenience.

Any transmission is at your own risk and you should take the appropriate steps in respect of this risk.

How long will we keep your data for?

There are certain reasons why we keep hold of some of your data. How long we keep your data for depends upon the type of data we hold and the purpose(s) for which it was collected and processed.

We will store your personal data for no longer than necessary to support the purposes explained above.

We retain the personal data we hold about you for up to 6 years from collection in order to respond to any concerns or claims that may arise in that time. This may be extended if related correspondence or claims are on-going, or where a county court judgment has been issued in CSPM’s favour and remains outstanding.

If you ask us to restrict the way we process your data, we will retain relevant data on suppression lists. This means that we will keep just enough data about you available to ensure that we continue to comply with your reasonable request.

What are your rights as a data subject?

Data Protection Law gives you the following rights. For further information, including how to make a request or ask a question about your rights, please contact our Privacy Team using the details provided below.

We will review each request we receive. Under data protection law we do not have to agree with your request but if we refuse your request, we will still contact you within one month to explain why.

To object to the processing of personal data

In certain circumstances, individuals have the right to object to the processing of personal data. Any such objection must be based on your particular situation. We will review each request we receive and if we refuse your request, we will inform you of the reason why we have not taken action.

To access personal data

Individuals have the right to request a copy of the data held about them. We are required to verify your identity before passing you information and we may contact you upon receipt of your request to clarify your request. We will be unable to process your request until we have all the required information.

To be informed about the processing of personal data

Individuals have the right to be informed about the collection and use of personal data. This information is contained within this privacy policy.

To request that the processing of personal data be restricted

Individuals may have the right to request the restriction or suppression of personal data. This right will only apply in certain circumstances.

To request that personal data is corrected if it is inaccurate

Individuals may request that inaccurate personal data is rectified, or completed if it is incomplete.

To ask that personal data be erased

The right to erasure is also known as ‘the right to be forgotten’ and individuals can request that their personal data is erased. This right will only apply in certain circumstances.

To request to move, copy or transfer personal data (“Data Portability”)

The right to data portability allows individuals to move, copy or transfer personal data easily from one IT environment to another. This right will only apply in certain circumstances.

Rights relating to automated decision making, including profiling

Individuals have the right to be given information about such processing, request human intervention or challenge a decision. This right will only apply in certain circumstances.

How can you contact the Information Commissioner’s Office?

If you are concerned about our processing of your data or if you have a privacy related query not answered by this policy, please contact our Privacy Team using the contact details below.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO). For further information, please refer to the ICO website,

How can you contact us if you have a privacy related query?

If you have a question about our privacy policy, how we use your data or your data rights, you can contact us at:

Privacy Team, CSPM Parking, P.O. Box 26, Hereford, HR4 8ZS

or by email at

Complaints Policy

1. Introduction

CSPM takes complaints seriously as they help us to improve areas of our products and services and to resolve any issues relating to the consistency and quality of our business operations.

Our complaints policy is an opportunity for customers to tell us when we might have fallen short of expectations, and how we can put things right.

CSPM receive, evaluate, make and record its decisions on complaints is a non-discriminatory manner, in accordance with the regulations of the accredited parking association.

2. Policy Scope

The policy is designed to deal with concerns raised in relation to parking enforcement only; complaints that do not relate to matters pertaining to the BPA’s Approved Contractor Code of Practice are not covered under the scope of the policy.

3. Definition of a Complaint

The complaints policy is not intended to be used as a method for motorists to appeal a Parking Charge Notice (PCN). Matters relating specifically to appeals must be made in writing as instructed on the notice itself.

If a complaint is received that is considered to be or includes an appeal against the validity of a PCN, we will treat it as an appeal and advise the customer of this, unless we are informed that the customer does not wish it to be so handled.

Our definition of a complaint is something about the quality of the service provided by an organisation, its processes and/or the behaviour of its staff.

Our definition of an appeal – correspondence shared against the decision of an organisation – in this instance, the decision to issue a Parking Charge Notice – where a change to that decision is required.

4. How to make a Complaint

Customers who wish to make a complaint must do so in writing. This is to ensure we know exactly what the nature of the complaint is and this reduces the possibility of ambiguity or of the customers complaint not being correctly recorded over the telephone. The complaint will then be registered onto our system and a unique reference code generated.

Once the complaint has been received, we will acknowledge the complaint within 14 days and provide the unique reference code. The acknowledgement will then be sent to the name and address or email provided. In the absence of valid contact details, it may not be possible to process a complaint or process it within the published timeframes.

We will respond to complaints within 28 days of receipt. In some cases, however, the allotted timeframe could be extended due to the nature of the complaint and the complexities surrounding any investigation. If we are unable to reply to the complaint within 28 days, the customer will be written to, to advise of progress.

A complaint must be made in writing via email or post:


Postal Address: P.O. Box 26, Hereford, HR4 8ZS

The complaint must be made within 56 days if the incident taking place.

5. How Complaints will be recorded

Complaints will be recorded on a complaints’ register and kept on file for 36 months and these will be available on request to authorised bodies. The details that will be recorded will be:

  • Date of complaint;
  • Copy of complaint;
  • Copy of all correspondence;
  • The outcome;
  • Details of any corrective action required;

All personal data will be redacted in line with GDPR requirements.

The complaints register will be reviewed every six months to identify trends and training opportunities.

6. Escalation Process

6.1 Stage One

In the event that the customer is not satisfied with the handling of the complaint, the complaint can be escalated to the Line Manager. The line manager will acknowledge the escalated complaint within 14 days. A full response to your complaint will be issued within 28 days unless exceptional circumstances have been identified. If more time is needed, the customer will be written to with an update.

6.2 Stage Two

If the customer remains dissatisfied with our complaint, we will provide you with the details to enable you to complain to our Accredited Trade Association (full details will be provided at the appropriate time).

In order to escalate a complaint to our Accredited Trade Association, the customer must supply our Accredited Trade Association with a copy of our final complaint response.

Our Accredited Trade Association will not review escalated complaints where this is not provided by the customer.

7. Confidentiality

All complaints will be dealt with in accordance with the requirements of the Data Protection Act 2018.

Please note, when a complaint concerns the issuing of a PCN issues by us, CSPM are the data controller. As such the customer should be aware that any information provided in connection with the complaint will be used by CSPM to help us deal with it. The customers information may also be passed to CSPM staff who were enforcing any parking restrictions or conditions at the relevant site. Information may also be shared with the landowner and any permit service provider if relevant to allowing the complaint to be investigated and resolved.

For more information on how we use your information you can contact our data protection officer. More information about your rights concerning the use of your personal data is available within our privacy policy found on our website

Protection of Public Policy

Corporate Services Parking Management recognises its responsibility to the wider community and the role it has to play in protecting the public.

To support this all of our frontline and licensed security staff receive appropriate awareness training in the Project Griffin initiative which is designed to encourage members of the community to work in partnership with the police to deter and detect terrorist activity and crime. All of our parking and security officers are empowered to recognise and report suspicious activity and behaviour to the police.

There is also an expectation that is in the course of their day to day duties our officers see evidence of criminal activity or anti-social behaviour they will report it directly to the local police or do so via our control office. In the event that they do identify such incidents the officers are instructed that they must not put themselves at risk of harm or injury. Our officers have also received a similar instruction if they identify vulnerable people that may require protection to ensure their safety.

Members of the management team have received awareness training in Project Argus. This is a NaCTSO led initiative which asks businesses and other organisations to consider their preparedness for a terrorist attack. It explores what it is likely to happen in the event of a terrorist attack and identifies the measures that can assist in preventing, handling and recovering from such an incident.

Our frontline and licensed security officers are trained to identify vulnerable people and know what steps to take to protect them. The aim is to enable our staff to support the police in taking an active role in ensuring the safety of the public.

Corporate Responsibility

Corporate responsibility has long been embedded in the way we do things – not because we feel an obligation to do so, but because we genuinely believe it is the right thing to do. Our key areas of focus are on local communities and businesses, the environment, health and safety and, of course, our people.

Communities and Businesses

Our aim is to provide safe environments for our clients to live and work in where they can be confident that our products and services are keeping them safe. Keeping their personal and business assets protected in order for them to achieve their own goals. This takes many shapes and forms – from leading specific initiatives, to helping drive tangible socioeconomic improvements because of the way we do business.


As the Government sets higher standards to meet the challenges posed by climate change, we are committed to measuring and improving our carbon footprint. We continue to take proactive steps, both on behalf of our clients and within our own organisation, to minimise our impact on the environment.

Health and Safety

We work with our clients, partners, employees and insurers to ensure that we follow best practice throughout our business, and make health and safety our number one priority. We support national health and safety campaigns and work the HSE in order to implement safe working strategies and keep ahead of future safety legislation in order to provide the best possible ‘future proof’ systems for all our clients.


In addition to ensuring our people work in a health and safety environment, we are committed to creating career opportunities whilst promoting equality and diversity. We continue to strive to ensure that our people strategies (both recruitment and development) reflect our commitment to corporate responsibility, which is achieved by our company in-house development training programmes.


Copyright © 2017 – Corporate Services (Hereford) Limited – All Rights Reserved.