Privacy Statement
The Combined Services Provider - Privacy Notice
Who are we?
We are Combined Services Provider (CSP) of Unit 1, Abloy House, Hatters Lane, Croxley Park,
Watford, WD18 8AJ +44 (0)20 8900 2405
We design and manage event car parking of every scale and complexity, with a focus on enhancing
the experience of visitors, delivering a professional service and being sensitive to the wider impact of
our operations on the venue’s local residents and business community.
We use your information as further explained in this Privacy Notice. We will be the “data controllers”
of the information you provide to us.
Our representative under the GDPR is kanta.hirani@gotocsp.com
What does this Privacy Notice cover?
We at CSP take your personal data seriously. This policy:
•details the types of personal data that we collect about you;
•explains how and why we collect and use your personal data;
•explains how long we retain your personal data for;
•explains when, why and with who we may share your personal data;
•sets out the legal basis we have for collecting and using your personal data;
•explains the effect of refusing to provide the personal data when requested;
•explains where we store your personal data and whether we transfer any of your data outside
of the European Economic Area (EEA);
•explains the different rights and choices you have as the data subject when it comes to your
personal data; and explains how you can contact us.
What personal data do we collect about you?
We will collect certain personal information about you in the course of your relationship with us.
This information includes your name, address, email address, IP address, and information provided
by cookies or similar technology.
How and why do we use your personal data?
We use your personal data for the following purposes:
•To share news about events and products and services offered by CSP.
•Additionally, the IP address helps us to understand geographic information about our website
visitors better so that we can improve our website for everyone.
Caring, Safe, Professional
1 | Privacy Notice•CSP uses the data we collect to provide you with the services we offer. We also use the data
to communicate with you, for example, informing you about your account, new products, or
services available, security and other types of updates.
We will not use your information for any other purposes unless we are specifically required to do so
by law.
How long do we keep your personal data?
How long we keep your information will depend on the purpose for which we use it.
CSP retains personal data for as long as necessary to provide services and fulfil the transactions you
have requested, or for other essential purposes such as complying with our legal obligations and
resolving disputes and enforcing our agreements. Because these needs can vary for different data
types in the context of different services, actual retention periods can vary significantly.
However, if you are concerned about our retention period for your personal data, you can contact us
directly for more information.
Where do we collect personal data about you from?
•Directly from you. This is information you provide to us.
•Cookies or similar technology.
Who do we share your personal data with?
We may share your personal information with third parties who perform functions on our behalf and
who also provide services to us, such as professional advisors, IT consultants conducting testing and
development work on our business technology systems, research and mailing houses and function
co-ordinators.
As we continue to develop as a business, we may sell or purchase assets. If another company
acquires us or merges with us your personal data will be disclosed to this entity.
If any bankruptcy or reorganisation proceeding is brought by or against us, all such information will
be considered an asset of ours and as such it is possible they will be sold or transferred to third
parties. We may need to disclose your personal information to third parties in certain situations: to
meet legal requirements, when mandated by law, at the request of government agencies investigating
matters, for fraud detection and security purposes, during emergencies, or to safeguard the rights,
property, safety, or security of others, including our website visitors and our business. All involved
data processors adhere to the obligations outlined in Article 28 of the General Data Protection
Regulation.
Caring, Safe, Professional
2 | Privacy NoticeWhat legal basis do we have for using your personal data?
We process your information:
•To deliver our services as outlined in our Terms & Conditions on the CSP website.
•To fulfil contractual obligations with you or to prepare for entering into a contract upon your
request.
•To meet legal requirements that apply to us.
•To safeguard your vital interests or those of others.
•To carry out our official functions or tasks in the public interest, including any related profiling
activities.
•In accordance with our legitimate interests, including any related profiling activities, we
acknowledge there are inherent risks. However, we are confident that the benefits outweigh
these risks, and we have established measures to safeguard your rights.
If you have objections to the processing of your personal data based on legitimate interests or wish to
withdraw consent for special category data processing, you have the right to do so. Further details on
these rights and how to exercise them are provided below.
What happens if you do not provide us with the information we request or ask
that we stop processing your information?
If you do not provide the requested information or ask us to stop processing your information, we may
be unable to offer services, enter into agreements, or fulfil our obligations to you.
Do we make automated decisions concerning you?
No, we do not carry out automated decision making or automated profiling.
Do we use Cookies to collect personal data on you?
To ensure an enhanced service is available to you on our websites, we use cookies to collect your
personal data when you browse. For more in-depth information about how we use our cookies and
how to decline them or turn them off please read our cookie policy available here:
https://www.gotocsp.com/cookie-page/.
Where do we store your personal data? Do we transfer your personal data
outside the EEA?
Personal data collected by CSP may be stored and processed in any country where CSP or its affiliates,
subsidiaries or service providers maintain facilities. CSP uses the Office 365 EU (London) Region to store
and maintain data.
Caring, Safe, Professional
3 | Privacy NoticeAll information you provide may be transferred or accessed by entities around the world as described in
this Statement. CSP uses approved Standard Contractual Clauses for the international transfers of personal
information collected in the European Economic Area and Switzerland.
How do we keep your personal data secure?
We ensure the security of your personal data by implementing robust hardware and software
measure across our infrastructure including Firewalls, Encryption software, user access controls and
protected data networks. We also protect the end users’ devices with security software, encryption
and user account control. Where possible and available MFA is enabled for all users. CSP also
undergo the Cyber Essentials and Cyber Essentials Plus Certification to ensure that we remain
compliant and secure with the latest available standard of security.
We also take steps to ensure all our subsidiaries, agents, affiliates, and suppliers employ adequate
levels of security.
What rights do you have in relation to the personal data we hold on you?
By law, you have a number of rights when it comes to your personal data. Further information and
advice about your rights can be obtained from the data protection regulator in your country.
Rights What does this mean?
1.The right to be informed You have the right to be provided with clear, transparent,
and easily understandable information about how we use
your information and your rights. This is why we’re providing
you with the information in this Privacy Notice.
2.The right of access You have the right to obtain access to your information (if
we’re processing it), and certain other information (similar
to that provided in this Privacy Notice).
This is so you’re aware and can check that we’re using your
information in accordance with data protection law.
3.The right to rectification You are entitled to have your information corrected if it’s
inaccurate or incomplete.
4.The right to erasure This is also known as ‘the right to be forgotten’ and, in
simple terms, enables you to request the deletion or
removal of your information where there’s no compelling
reason for us to keep using it. This is not a general right to
erasure; there are exceptions.
5.The right to restrict processing You have rights to ‘block’ or suppress further use of your
information. When processing is restricted, we can still
store your information, but may not use it further. We keep
lists of people who have asked for further use of their
information to be ‘blocked’ to make sure the restriction is
respected in future.
Caring, Safe, Professional
4 | Privacy NoticeRights What does this mean?
6.The right to data portability You have rights to obtain and reuse your personal data for
your own purposes across different services. For example,
if you decide to switch to a new provider, this enables you to
move, copy or transfer your information easily between our
IT systems and theirs safely and securely, without affecting
its usability.
7.The right to object to processing You have the right to object to certain types of processing,
including processing based on our legitimate interests and
processing for direct marketing (i.e. if you no longer want to
be contacted with potential opportunities).
8.The right to lodge a complaint You have the right to lodge a complaint about the way we
handle or process your personal data with your national
data protection regulator.
9.The right to withdraw consent If you have given your consent to anything we do with your
personal data, you have the right to withdraw your consent
at any time (although if you do so, it does not mean that
anything we have done with your personal data with your
consent up to that point is unlawful). This includes your
right to withdraw consent to us using your personal data for
marketing purposes.
How can you make a request to exercise your rights?
To exercise any of the rights above, or to ask a question, contact us directly at
privacy@gotocsp.com
How will we handle a request to exercise your rights?
We’ll respond as soon as we can. Generally, this will be within one month from when we receive your
request but, if the request is going to take longer to deal with, we’ll come back to you and let you
know.
We usually act on requests and provide information free of charge, but may charge a reasonable fee
to cover our administrative costs of providing the information for:
•baseless or excessive/repeated requests, or
•further copies of the same information.
Alternatively, the law may allow us to refuse to act on the request.
Caring, Safe, Professional
5 | Privacy NoticeHow can you contact us?
If you have questions on the processing of your personal data, would like to exercise any of your rights,
or are unhappy with how we’ve handled your information, please contact us here:
Our address: Unit 1, Abloy House, Hatters Lane, Croxley Business Park, Watford, Hertfordshire
WD18 8AJ.
Telephone number: +44 (0)20 8900 2405
Email address: privacy@gotocsp.com
Our appointed Data Protection representative is Kanta Hirani:
Email address: kanta.hirani@gotocsp.com
If you’re not satisfied with our response to any complaint or believe our processing of your information
does not comply with data protection law, you can make a complaint to the data protection regulator
in your country.
Policy Updated: November 2024
Review Due: November 2025
OUR VISION
To be the 1st choice supplier to our partners and the 1st choice employer to our team by ensuring a
caring, safe and professional approach is adopted in all that we do.
15 October 2024
13 September 2024
© CSP 2024 - All Rights Reserved 2024
