Privacy Notice

Halton Borough Council will oversee the delivery of the merseyflow Scheme by working with its appointed service provider and agent, emovis Operations Mersey Limited.

emovis Operations Mersey Limited are the organisation appointed to manage the toll operation.

merseyflow is the brand name for the Mersey Gateway and Silver Jubilee Bridge toll operation.

We, Halton Borough Council and emovis Operations Mersey Ltd take the privacy of your data seriously and have prepared this Notice, (together with our terms of use, and any other documents referred to in those terms) to set out our data practices which we will use on the merseyflow Scheme and Mobile App.The terms of use for using the merseyflow scheme (www.merseyflow.co.uk/terms-and-conditions) The terms of use for using the Merseyflow Quick Pay App (merseyflow quick pay app terms and conditions).

This Notice sets out the basis for any personal data we collect from you, or that you provide to us, for using the merseyflow scheme or Merseyflow Quick Pay App, how it will be processed by us, our subsidiaries and appointed service providers, including how long it will be retained.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat your data. By emailing us or providing us with any of your personal data you agree that you have read and understood the practices described in this Privacy Notice.

For the purpose of applicable data protection law, Halton Borough Council, are the Data Controller of any personal data collected from or provided by you in connection with the merseyflow Scheme. The term 'personal data' refers to data which identifies or is capable of identifying you as an individual.

What personal data do we collect?

  • Data that you give us

We request and hold three types of personal data which allows us to manage the merseyflow Scheme:

  1. Customer provided data: customers' contact details, your vehicle registration marks, and payment preferences are used to administer accounts and one-off payments for crossings.
  2. Customer contact records – Records of calls, emails and postal interactions with our website and customer centre are maintained for audit, training, and service improvement purposes.
  3. Crossing records – Automatic number plate recognition (ANPR) cameras capture images and record vehicle registrations along with the date, time, and direction of travel whenever a vehicle uses the crossings. These are retained as evidence in the event of a dispute.

Supporting documents may be requested from you to prove your eligibility for the various schemes that we offer. Details of the required documents are set out in the Account/Vehicle Registration application forms which can be found at:

When auto renew is selected on an account, the details of the registered keeper are provided to Emovis Mersey Operations Ltd from various credit reference agencies*. This allows us to automatically renew your plan once the registration fee has been received.

In the event of non-payment of fees due for using the crossing, the details of the registered keeper are provided to Emovis Mersey Operations Ltd from the Driver and Vehicle Licensing Agency (DVLA) as well as from various credit reference agencies*. This allows us to issue penalty charge notices (PCNs) for non-payment of the charge.

*Credit searches performed leave a ‘soft search’ footprint only, which in no way affects your credit rating or score. For more information, please visit https://www.equifax.co.uk/crain/

  • Additional data that we collect from you

When you contact us, we will automatically collect the following data: -

  • technical data including the Internet protocol (IP) address used to connect your device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform and device type.
  • data about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), page response times, download errors, length of visits to certain pages, page interaction data (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.

Not all data collected automatically from your use of the website will be personal data for the purposes of applicable data protection law, and therefore your full rights under the law may not apply to such data. This data is collected through the deployment of cookies, web server logs and associated tracking technologies. Please refer to the cookies section below.

  • Consent

When consent is provided by you, information or marketing will be given to you by merseyflow and/or associated partners.

  • Cookies

The website uses cookies to improve the functionality of the website and to distinguish you from other users of the website. This helps us to provide you with a good experience when you browse the website and allows us to improve the website. For detailed information on the cookies we use and why we use them, please see our cookie policy at https://www.merseyflow.co.uk/cookies .

What legal basis allows us to use your data

The legal basis which allow us to process your data is through the Road User Charging Scheme Order 2020. This applies when:

  • you create an account with merseyflow
  • you cross the Mersey Gateway Bridge or Silver Jubilee Bridge

Full details of the RUCSO can be found at: http://www.merseygateway.co.uk/about-the-mersey-gateway- project/mersey-gateway-planning-applications-legal-orders/

Length of time data will be held

We will only keep your personal data for as long as is necessary to:

  • assess your eligibility and process applications for the Local User Discount Schemes
  • process toll charges and other payments associated with the merseyflow scheme

However, in some circumstances we may retain personal data for longer periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements, or in order to maintain an accurate record of your dealings with us in the event of any complaints or challenges. We will also maintain a record of Scheme participants’ data for the duration of the contract.

How your data is stored

Collected data will be stored within secure electronic records management systems located within the European Economic Area (EEA), with the system being dependant on the nature of data. Additional systems are used to process and store supporting data such as written correspondence and telephone call recordings.

We do not store entire credit/debit card numbers, nor do we retain the security code associated with their use. These details will be requested only during the processing of specific transactions and are processed by service providers that are validated compliant to the Payment Card Data Security Standards as defined by the PCI Security Standards Council (https://www.pcisecuritystandards.org/).

Sharing personal data

To support the prevention and detection of crime, Emovis Operations Mersey Limited provides summary records of all vehicle passages to local police forces. Occasionally, personal data held in relation to merseyflow may be requested by and disclosed to:

  • Driver and Vehicle Licensing Agency (DVLA)
  • Local authorities
  • Police and other statutory law enforcement agencies
  • Traffic Penalty Tribunal (should you appeal our decision if you appeal the issue of a PCN)
  • In the event of an unpaid crossing, debt registration and collection organisations
  • Data Quality Management Software Company to undertake checks on data accuracy
  • With consent, external marketing company to undertake customer surveys.

Personal data may be shared with these organisations when a valid reason to obtain the data under the Data Protection legislation is provided. Such requests are dealt with on a strictly case-by-case basis.Additionally, during our day-to-day operations, we may monitor vehicles using the crossings, including those vehicles which may be exempt or registered for a discount. If we believe we have identified a persistent charge evader, or we observe activity we believe to be fraudulent, we will provide the information to the local authority or the police.

Your rights

Under Data Protection legislation you have various rights which are briefly explained below. In most instances we will need to validate your identity before taking any action and we will respond to legal requests within 30 days of receipt as appropriate.

  • Right to be Informed

You have the right to be informed about the collection and use(s) of your personal data. We provide an explanation, in this Privacy Notice, of the purposes of processing your data, retention periods for that data, who it is shared with and the purpose(s) of this.

  • Rights of Access

You can request access to the data we hold about you (Subject Access Request) There is no charge for this, and you can do this verbally or in writing. Your request will be actioned within 30 days.

  • Rights of Rectification

You can challenge the accuracy of personal data held about you by an organisation and ask for it to be corrected or deleted. If your data is incomplete or inaccurate, you can ask for it to be rectified. (This applies to account holders only. This cannot be done on anonymous accounts)

  • Right to erasure of personal data

You can ask for the data that we hold about you to be removed but this is not an absolute right and only applies in certain circumstances. (This cannot be done for PCN’s – Account holders only)

  • Right to restrict of processing or to object to processing

You have the right to request the restriction or suppression of your personal data. You can request that your data is stored but not used but this only applies in certain circumstances.

  • The right to portability

You have the right to ask to transfer the data that we hold about you to another company (e.g. From one utility provider to another)

  • Right to object

You can object to the processing of your personal data in certain circumstances.

  • Rights relating to automated decision making and profiling

You can challenge where organisations make decisions that have a legal or similar effect upon you without human intervention.

How to access your personal data

If you wish to see full details of the data that the merseyflow scheme holds about you, you can submit a Subject Access Request under the Data Protection legislation. If you have received a PCN, there will be two images of the associated vehicle included on the notice itself. If you wish to obtain any additional images we might hold of your vehicle, or other personal data which we hold, you must submit a formal Subject Access Request.

If you have not received a PCN there are only limited circumstances in which we might retain images of your vehicle. You will still need to submit a Subject Access Request to obtain any such images. To arrange this please email: info@merseyflow.co.uk or telephone merseyflow on 01928 878 878.

Complaints

If you have any questions, comments or concerns about how we use the personal data we hold about you, please telephone merseyflow on 01928 878 878 or by email to info@merseyflow.co.uk.

If merseyflow have been unable to resolve your requests, you can contact the Council’s Data Protection Officer by writing to: Jonathon Greenough, Information Governance Service, Halton Borough Council, Municipal Building, Widnes WA8 7QF, by calling 0151 511 7002 or by email to jonathon.greenough@halton.gov.uk

If you are not satisfied with how we have handled a complaint regarding the processing of your personal data you have the right to raise your complaint with the Information Commissioner’s Office using the following details: The Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Telephone: 08456 30 60 60 or 01625 54 57 45, or via their website: www.ico.org.uk

Changes to our Privacy Notice

Changes to our Privacy Notice will be posted on https://www.merseyflow.co.uk/privacy. Please check back frequently to see any updates or changes.

Version 9
Last Updated: 23/05/2023

Loading animation