Show Posts - Mark_Fletch13

Good afternoon,Thanks as always for the advice and the template, much appreciated. I have liaised with them as suggested and the church removed the parking charge. Thank you helping.

Good afternoon,I recently parked my car in Christchurch Priory car park, which has recently installed paid parking (the cost of which can be reclaimed by churchgoers, previously this small car park wasn’t chargeable). I used the car park with my family and paid at the machine which has been set up in the car park, £1.80, which was the minimum (2 hours). We didn’t bother reclaiming the money in the end, since there was engineering work going on in the building which made it difficult to access the refund machine and was more hassle than it was worth. We stayed in the car park for 42 minutes, and just to give some background, we had a meeting in the church which I can prove via email etc. if needs be.I received a letter, attached, citing a breach. Unfortunately I binned the receipt 2 days prior to receiving the letter along with a few other  receipts cluttering my wallet… however I paid by card so can see on my bank statement the transaction. The statement includes ‘Christchurch’ as the location of the machine, and the Chelmsford address of ‘Horizon’ as the location (which seems to be their HQ).I haven’t replied to them yet at all, was wondering if there was anything particular I should do in response to them since, unfortunately from experience, I know how stubborn these characters, are despite genuine errors even if it’s on their part..Thanks in advance.https://ibb.co/album/1MpW7F

Thank you, I have fired this across to them as well to ponder upon. Will update agin when they have digested and responded.Cheers!

As always,Thank you for your continued support in this and for the hard work and dedication you always provide, especially with the addition of templated responses. It would be impossible to keep fighting them without this assistance. I have responded to BW Legal and CPM as you have recommended.Out of interest, BW Legal also sent in the meantime a letter to me stating the following:"We write to you in relation to your UK GDPR Article 14 request.Information about Article 14 is available on the Information Commissioner´s Office website at www.ico.org.ukWe were instructed by Our Client, Countrywide Parking Management Limited on 23 May 2025. At this time, we were provided with your data and instructions to collect the outstanding balance. We have a Privacy Notice published on our website www.bwlegal.co.uk (attached for ease of reference). It provides useful information including details of the sources of your data, purposes and legal basis on which we process personal data together with out retention periods".

Good evening,I recieved 2 Responses from BW Legal, one via email and one via letter in the post, the former relates to the data breach I was subjected to, the latter essentially just re-states the parking charge with the original "evidence".I also recieved a response from CPM asserting that they are satisfied that they have submitted all their SAR obligations and also that I firstly stated an address change on 27/09/2025. They have also included an attachment from the ICO relating to the risk to my personal data.I have included below the attachments mentioned above for reference.(On the image platform "imgbb", in each album when viewing images please select "AZ" to arrange in the correct order as were sent to me).Thanks in Advance.BW Legal email date 4th December referring to data breachhttps://ibb.co/album/dJjwMxBW Legal physical letter 14th November 2025 re-stating the original parking chargehttps://ibb.co/album/BLSLcPCPM Attachments to incomplete SAR emailhttps://ibb.co/album/9HWYvGCPM Response to incomplete SAR Challengehttps://ibb.co/album/42wMtW

Thank you for your ongoing support with this case. I have submitted the ICO complaint along with the evidence you suggested. I know that it must consume a significant amount of your time to compile responses to each of the cases that come across your table and to provide the in depth support that you do. I can only extend my sincere and continued thanks regarding the support, hard work and guidance that you have provided to help continue the fight.There seems to be bit of a communications blackout with BW Legal and CPM from any contact coming to me. Do you reckon I should chase them up or take it as a good sign that they must be scratching their puny heads for now?Thank you.

Ok will get on with that thank you. Is there anything specific, other than what you’ve already mentioned I should include in the complaint? I.e. they are in breach of the various articles and took too lo my to inform me of their data breach?

Good evening,It’s now been over 7 days since I sent the letter to CPM without response. Should I now escalate in the form of sending a complaint to the ICO as you suggested?Thanks

Ok thank you, sent. Shall return after 7 days/ if they respond before then.

Okay understood thank you for clarification regarding the time and date requirement which they omitted. Should I also maintain they ‟did not include BW Legal as a recipient in their SAR output”? (They did include them in their email which had the SAR output attached, but NOT in the attachment itself).Sorry for my questions on this I just want to make sure I get it right and they can't come back to me later on and say that I was wrong or misleading.Thank you.

To clarify one point regarding the above, they did not include the dates and times they sent my data to BW Legal in the document bundle they attached via email, they just stated the fact that they did disclosed to BW Legal in the body off their email reply. There was no date or time associated with that statement however

Thank you I will send this today.Regarding the incomplete SAR, as mentioned previously they did include BW Legal in their emailed response on 28th August. Should I therefore remove that part of your responses that references that? If so, should I still however maintain that their SAR still incomplete with regards to articles 12 and 15)(1)(c) because of the following omissions?:4. Incomplete SAR – missing personal data:• Full ANPR event log for my VRM for the material period (all reads/timestamps/camera IDs/retention entries).• RingGo/payment back-office records that reference my VRM/this PCN, including matching/mismatch notes for the material window.• Internal notes, decision records, and portal/web-form audit logs referencing me/this PCN.• DVLA KADOE request/response (single request date/time and address returned) and any address-verification/trace records referencing me, particularly before your Final Notice of 12/05/2025 and before instructing solicitors.• Any data accuracy records explaining continued use of my former address after my DVLA update in early April 2025.

Good evening,I have received an email from CPM which I believe includes some possible serious leverage in my favour. (I have not yet heard back from BW Legal since I sent the letter to them on 3rd October, and also from my previous portal submitted letter previously on 28th August)Interestingly it seems CPM have given my data away 'inadvertently' or as the describe it an ″incident in which personal data relating to you was inadvertently disclosed to an unauthorised individual″.I do note that they did not inform me of this on any earlier occasion, only after the previous email you advised me to send advising them they have not correctly completed the SAR.Below is a copy and paste of their email, ..............................................................................................″Subject: Re: Subject Access Request (SAR) Dear Mr [xxx], We acknowledge receipt of your correspondence. Following a comprehensive review, we confirm that all personal data currently held by Countrywide Parking Management in relation to you and the referenced Parking Charge Notice has been disclosed in full, up to and including today’s date. For your reference, we have attached the RingGo receipts that were submitted with your original appeal, along with a copy of the letter that was generated on 29/08/25.  Please note that our records are maintained in accordance with our data retention policy and statutory obligations. Certain categories of information are retained for a fixed period and are securely purged once that period has expired. As such, data that has been lawfully deleted in line with our retention schedule would no longer be available for disclosure. Having reviewed this matter in full, we are satisfied that we have met all of our obligations and commitments under data protection legislation, and therefore, we are unable to provide any further assistance on this matter. For the avoidance of doubt, you retain the right to raise any concerns with the Information Commissioner’s Office (ICO). We remain committed to ensuring full compliance with all obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Kind regards,Administration TeamCountrywide Parking Management Ltd″..............................................................................................Please find their data breach letter below which they included as an attachment on their latest email. The email was dated 13th October, the data breach was from 29th August. They never sent the letter to me electronically or to my new address, where other threatening letters from BW Legal have been arriving successfully...............................................................................................″29th August 2025Issue date: 03/01/2025I am writing to inform you of an incident in which personal data relating to you was inadvertently disclosed to an unauthorised individual.On 28th August 2025, as part of a Subject Access Request process, we mistakenly shared your personal data, which included your full name, address, contact number and email address, with another individual. The error was identified on 29th August 2025, and we took immediate steps to request the return and secure deletion of the data.We want to assure you that:The error was a genuine administrative mistake and not the result of malicious activity.We have contacted the unintended recipient, who has confirmed that they have deleted the information and will not retain or use it.We have reported this breach in line with our obligations under the UK GDPR and Data Protection Act 2018.We recognise the seriousness of this incident and sincerely apologise for the distress this may cause. We have taken the following steps to prevent this from happening again:Additional staff training on handling Subject Access Requests.Implementing extra checks to ensure responses are only sent to the correct individual.If you have any concerns about this matter, please do not hesitate to contact our Data Protection Officer at [insert contact email/phone number]. You also have the right to raise a complaint with the Information Commissioner’s Office (ICO) should you wish to do so: www.ico.org.uk.Once again, we apologise for this error and thank you for your understanding.Yours sincerely,Benita ExcelData Protection OfficerCountrywide Parking Management Ltd″..............................................................................................P.s. I tried to include the attachments on imager as usual but it seems to have been 'blocked' in the U.K. hence why I copied and pasted it.Thank you in advance.

Thank you, I have sent the letter as you have advised. I did take screenshots so have also included those. I will post again when I have got a response. Thank you once again.

Good morning.I tried to send the message to BW legal, however their online portal is not working. I then tried to start a live chat and they send an automatic response saying that they’re having technical difficulty so cannot reply. Therefore the only option is to phone them. I’d prefer not to do that way since it’s not written down as evidence. Also it’s been now over 30 days since I sent the previous letter to BW legal. I have not had a response from them.Thanks