Free Traffic Legal Advice

Upon entering the residential road in the evening, the driver found a space that could hold three vehicles, there was a running vehicle in the first space, a parked car that was about to leave and a free space in front. The driver tried to look for signs whether it was allowed to park but couldn't and so the driver parked the car and went to drop something off to a friend. The visit ran over 15 minutes and the driver returned and drove off, there were no more cars parked behind him when he left. A few days later, I, who is the registered keeper of the vehicle, received TWO PCNs through the post, of the same offence within 15 minutes of each other.

Upon inspection of the offence, it seems it was a commercial vehicle loading bay, but the sign was tucked away on a wall somewhere, also as the driver parked in the far end, and there were two other vehicles behind, the writing that says 'loading bay' was not very visible and was quite clearly faint. It was also very dark, the street lights were not very well lit.

This is the street view park https://maps.app.goo.gl/LhgQaqTyRU51VJ8U9.
Here is the signage
I have attached the two PCNs as images.

Would it be possible to contest the second one as a continuous contravention? I know that might work for council PCNs but as this is private I am not sure. Would be even better if I could contest both (if possible).

Please let me know if I am missing anything else, thank you!

[ Guests cannot view attachments ]

Besides the fact that neither Notice to Keeper (NtK) is PoFA compliant, which means that you, the Keeper, cannot be liable for the charge as long as the drivers identity is not revealed, there are several other issues that you can raise, including compensation for breach of your GDPR under the Data Protection Act 2018.

CPM has breached the Private Parking Single Code of Practice (PPSCoP) by issuing two PCNs for the same parking event on the same day. The PPSCoP clearly states that only one PCN can be issued per calendar day for a single event. CPM ignored this rule by issuing two charges for the same incident, which is unfair and against the industry standards.

Section 8.3 of the Private Parking Single Code of Practice (PPSCoP) states:


Additionally, the PPSCoP further clarifies:


This warrants a formal complaint to CPM which is then escalated to the IPC.

Additionally, CPM has breached the Keeper at Date of Event (KADOE) contract with the DVLA by requesting and using the Keeper’s data twice for the same event. The KADOE contract only allows parking companies to request and use Keeper data once per parking event. Issuing two separate PCNs for the same incident means CPM misused DVLA data, which is a serious breach because:


You, the Keeper, also has a claim against CPM for breaching UK GDPR and the Data Protection Act 2018. CPM used the Keeper’s personal data twice for the same event, which is unfair and unlawful. Data must only be used when necessary, but CPM processed it twice without a valid reason. There is no legal basis for issuing two charges.

You should report CPM to the DVLA’s Data Sharing Team and request an investigation. If the DVLA confirms a breach, they can take action against CPM, which could include warnings, fines, or even suspending their access to Keeper data.

Another issue is that you now have grounds to bring a claim against CPM for a breach of UK GDPR and the Data Protection Act 2018 (DPA 2018) due to their unlawful and excessive processing of your personal data.

CPM has used the Keeper’s personal data twice for the same alleged event by issuing two separate Notice to Keepers (NtKs). This violates GDPR’s core principles, particularly:


CPM has therefore breached the Data Protection Act 2018 (DPA 2018) by processing your personal data twice for the same event without a lawful reason. The DPA 2018 applies UK GDPR rules, and CPM’s actions break key parts of the law:


You can report CPM to the Information Commissioner’s Office (ICO) for breaking data protection laws and demand compensation for distress caused by the unlawful use of your data.

So, before any appeal is attempted, you should make a formal complaint to CPM, the DVLA and the ICO. Start with this to UKCPM:

[Your Name]
[Your Address]
[City, Postcode]

[Date]

To: CPM (UK Car Park Management Ltd)
49 Station Road
Polegate
BN26 6EA

By email to: complaints@uk-cpm.com

Subject: Formal Complaint – Breach of the Private Parking Single Code of Practice (PPSCoP) and Data Protection Breach under UK GDPR and the Data Protection Act 2018

Dear Sir/Madam,

I am writing to formally complain about two separate Notice to Keeper (NtK) letters issued to me by UK Car Park Management Ltd (CPM) for the same alleged parking contravention on 1st February 2025 at "Edition, Colindale" (wherever that may be be). The PCNs reference numbers are:

• PCN Reference: [xxxxxxx] – Time: 21:30
• PCN Reference: [xxxxxxx] – Time: 21:48

These two PCNs relate to the same parking event, yet UKCPM has issued two separate charges. This is a clear breach of the BPA/IPC Private Parking Single Code of Practice (PPSCoP) and a violation of data protection laws under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).

1. Breach of the Private Parking Single Code of Practice (PPSCoP) – Section 8.3

The PPSCoP, Section 8.3, explicitly states:

"Parking operators must ensure that they only issue Parking Charges in accordance with their advertised terms on any site. Such terms shall not entitle any operator to issue more than one parking charge in the same calendar day for the same parking event."

Furthermore, the code continues:

"In the event of a new calendar day, the operator must not issue a further Parking Charge for the same parking event within a 12-hour period from when the previous Parking Charge was issued."

UKCPM has ignored this mandatory rule by issuing two separate PCNs for the same event within an 18-minute window, in direct breach of the PPSCoP. There is no justification for issuing multiple charges for the same event, and this demonstrates unfair and unreasonable conduct.

2. Breach of UK GDPR and the Data Protection Act 2018

By issuing two separate NtKs for a single event, UKCPM has unlawfully processed my personal data twice without a valid reason. This breaches the following GDPR and DPA 2018 provisions:

Article 5(1)(a) – Lawfulness, Fairness, and Transparency

• Personal data must be processed fairly and lawfully.
• Issuing two charges for the same event is unfair, misleading, and an abuse of Keeper data.

Article 5(1)(c) – Data Minimisation

• Personal data must be limited to what is necessary for the intended purpose.
• UKCPM only needed my details once to issue a single PCN. Processing my data a second time was excessive and unnecessary.

Article 6 – Lawful Basis for Processing

• Parking companies must have a legal basis for using personal data.
• UKCPM has no valid legal basis to issue two charges for the same event, making the second instance of data processing unlawful.

Under Section 86 and 87 of the Data Protection Act 2018, organisations must process personal data lawfully, fairly, and transparently. UKCPM’s actions have failed to meet these legal obligations, and I now hold you fully accountable for this serious breach.

3. Formal Complaint to the DVLA

At the same time as this complaint, I have submitted a formal complaint to the DVLA’s Data Sharing Team regarding UKCPM’s breach of the Keeper at Date of Event (KADOE) contract. The DVLA only permits parking operators to request and use Keeper data once per parking event. UKCPM’s decision to issue two separate PCNs means my personal data has been used twice without justification, violating the terms of UKCPM’s KADOE contract with the DVLA.

I expect the DVLA to investigate this misuse of my personal data and take appropriate action against UKCPM.

4. Expected Resolution

I require UKCPM to:

1. Immediately cancel both PCNs and confirm in writing that no further action will be taken.
2. Confirm in writing that my personal data has been deleted from any system where it was unlawfully processed a second time.
3. Explain why two separate PCNs were issued in direct violation of the PPSCoP and data protection laws.

5. Next Steps if CPM Fails to Resolve This Complaint

If CPM fails to provide a satisfactory response, I will take the following actions:

• Escalate this complaint to the International Parking Community (IPC) for further investigation, even though I acknowledge their general lack of impartiality in such matters.
• Report CPM to the Information Commissioner’s Office (ICO) for breaching UK GDPR and the Data Protection Act 2018. The ICO has the power to investigate and issue fines for unlawful data processing.
• Pursue legal action against CPM for data protection breaches under Section 168 of the Data Protection Act 2018, seeking compensation for distress caused by the unlawful processing of my personal data.

I expect a full written response within 14 days. If I do not receive a satisfactory resolution, I will proceed with the next steps outlined above.

Yours faithfully,

[Your Full Name]
[Your Address]
[Your Contact Information]

At the same time, you send the following to the DVLA Data Sharing Team:

[Your Name]
[Your Address]
[City, Postcode]

[Date]

To: DVLA Data Sharing Team
Data Protection Queries
DVLA
Longview Road
Morriston
Swansea
SA99 1ZZ

By email to : data.protection@dvla.gov.uk

Subject: Formal Complaint – Breach of KADOE Contract by UK Car Park Management Ltd (CPM) and Unlawful Processing of Keeper Data

Dear DVLA Data Sharing Team,

I am submitting a formal complaint regarding the misuse of my personal data by UK Car Park Management Ltd (CPM), who have breached the terms of the Keeper at Date of Event (KADOE) contract by unlawfully requesting and processing my data twice for the same parking event.

1. Details of the Breach

On [date], I received two separate Notice to Keeper (NtK) letters from CPM relating to the same alleged parking event at "Edition, Colindale" (wherever that may be). These PCNs are as follows:

• PCN Reference: [xxxxxxx] – Time: 21:30
• PCN Reference: [xxxxxxx] – Time: 21:48

Both PCNs relate to the same parking event, meaning that CPM has misused my vehicle Keeper data twice for the same incident.

2. Breach of the KADOE Contract

As you are aware, the KADOE contract sets strict rules on how parking operators can access and use DVLA Keeper data. Operators are only permitted to request and process Keeper data once per parking event.

By issuing two separate PCNs and unlawfully processing my data a second time, CPM has breached the terms of the KADOE contract in the following ways:

• Unlawful Additional Data Processing – CPM had no right to use my personal data a second time, as they are only entitled to obtain my details once per event.
• Misuse of DVLA Data – CPM’s second NtK indicates that they have used my personal data improperly, which is a serious breach of data protection principles.
• Failure to Adhere to the Private Parking Single Code of Practice (PPSCoP) – Under Section 8.3 of the PPSCoP, private parking operators cannot issue more than one Parking Charge Notice for the same event within a single calendar day. CPM has ignored this rule, which should warrant a DVLA investigation.

3. DVLA’s Responsibility to Investigate

As CPM obtained my Keeper data through the DVLA, I expect a full investigation into their unlawful use of my personal information. Specifically, I request that the DVLA:

1. Confirm whether CPM made two separate data requests via KADOE for the same parking event.
2. Explain what action will be taken against CPM for breaching their contract with the DVLA.
3. Confirm whether CPM’s access to DVLA data will be suspended or restricted due to their failure to comply with the KADOE contract and PPSCoP.

4. Next Steps if the DVLA Fails to Act

If I do not receive a satisfactory response, I will be escalating this matter to the Information Commissioner’s Office (ICO) for data misuse. The DVLA is responsible for ensuring that Keeper data is only accessed and processed in line with the law and contractual agreements. A failure to investigate this breach could mean the DVLA itself is complicit in allowing private parking operators to misuse personal data without consequences.

I expect a full written response within 14 days detailing what action will be taken against CPM for their misuse of my data.

Yours faithfully,

[Your Full Name]
[Your Address]
[Your Contact Information]

Send both those as PDF attachments to an email to the respective email address and also make sure you CC in yourself for each.

When you've done that, we can then deal with any appeals. You won't be paying a penny to UKCPM and, if you do want to follow this up, you can seek compensation from them.

What do you mean by:

if the drivers identity was revealed in the letter, does this mean it is PoFA compliant? One of the blacked out parts may reveal "Dear..." would this affect any part of the appeal being declined?

The PCNs are addressed to the Keeper of the vehicle. They have zero knowledge of who the driver was, even if it was the Keeper. The only way they would know the identity of the driver is if the Keeper blabs it to them, inadvertently or otherwise.

The Keeper and the driver are separate legal entities and there is no legal obligation on the Keeper to identify the driver to an unregulated private parking company. They are not allowed to infer or presume that the Keeper was also the driver and should this ever go all the way to a court hearing (extremely unlikely), the burden of proof would be on the operator to prove that the person they were pursuing was the driver. How do you think they could do that unless the Keeper blabs it to them?

Just because the NtK is addressed to the known Keeper, whether the Keeper was the driver or not, the driver remains unknown and there is no obligation on the known Keeper to identify the unknown driver. They most low-hanging fruit on the gullible tree inadvertently identify the driver is by using wording in their appeals such as "I did this or that" instead of referring to the driver in the third person such as "The driver did this or that".

As for there rest of your questions, I have explained very clearly what the PPSCoP says about the issue of PCNs. They re not allowed to issue more than one PCN per alleged contravention per "calendar day". Are your PCNs issued on different days"calendar days"?

You can't complain to the ICO unless you have first complained to the operator and exhausted their complaints process. As for how you send the suggested letters, I explained that you should save them as letters in a Pdf format and send those letters to the respective email addresses and CC in yourself. A letter sent as a PDF attachment, as long as it is not bounced due to an MX error is deemed delivered and thei will be reflected in the sent emails metadata headers. Also, be CCing yourself, the recipient can see that you have done so and your won receipt of the email you send is another proof of sending.

Privacy Policy:

If you wish to contact our Data Protection Manager, please write to:

DVLA SAR Enquiries
DVLA
Swansea
SA6 7JL

Or you can write to the Data Protection Manager by email at: SubjectAccess.Requests@dvla.gov.uk

Ostensibly the SAR inbox, but seems to be listed by DVLA as a way to contact their Data Protection Manager.

The other I found was: kadoeservice.support@dvla.gov.uk, found here.

As an unrelated aside, I've edited your last couple of posts - as a gentle recommendation, please don't use the 'quote' feature unless you're quoting specific parts of another person's reply. Quoting a whole message needlessly repeats the whole thing, and makes the thread very long and difficult to scroll through. Use the 'Reply' button instead.