It is also a case of a "double dip" where the "orphan images" from the first exit and the second entry have not been checked. This is breach of the PPSCoP which, under most circumstances would be a god appeal point at POPLA but being an IPC member, that avenue is not available and you would be wasting your time with the corrupt and incestuous IAS.
However, there is a small gem in there that you can use against them and it could possible hurt them very badly should a DVLA investigation show that they failed to comply with the KADOE contract and they have their access to the DVLA date withdrawn. Any breach of the PPSCoP is a breach of the KADOE contract and by requesting the Keepers data (and by connection, the Keeper providing Gemini with your personal data) they are acting unlawfully and you could even sue them for compensation if you were up for it.
For now, you need to submit a DVLA complaint. Here’s how to make a DVLA complaint:
• Go to:
https://contact.dvla.gov.uk/complaints• Select: “Making a complaint or compliment about the
Vehicles service you have received”
• Enter your personal details, contact details, and vehicle details
• Use the text box to summarise your complaint or insert a covering note
• You will then be able to upload a file (up to 19.5 MB) — this can be your full complaint or supporting evidence
That’s it.
The DVLA is required to record, investigate and respond to every complaint about a private parking company. If everyone who encounters a breach took the time to submit a complaint, we might finally see the DVLA take meaningful action—whether that means curtailing or removing KADOE access altogether.
For the text part of the complaint the webform could use the following:
I am submitting a formal complaint against Gemini Parking Solutions Ltd, an IPC AOS member with DVLA KADOE access, for breaching the Private Parking Single Code of Practice (PPSCoP) and unlawfully obtaining and using personal data—initially from the DVLA and subsequently from the vehicle’s Keeper.
This complaint concerns a Parking Charge Notice (PCN) issued to a hire vehicle following an alleged event in February 2025. Gemini requested the registered Keeper’s data from the DVLA via KADOE. The Keeper later provided my details as the Hirer in response to a Notice to Keeper (NtK).
Gemini never had any lawful cause of action to request the Keeper’s data from the DVLA. The PCN was based on false ANPR data arising from a well-documented “double dip” error (i.e. a vehicle entering, leaving, then returning again, but only the first entry and final exit are logged). Clause 7.3(d) of the PPSCoP explicitly requires parking operators to conduct manual quality control checks on ANPR images to detect such errors. Gemini failed to do so.
Had Gemini complied with Clause 7.3(d), they would have discovered the “orphan” ANPR images showing the true visits, and no PCN would have been issued. As such, no breach occurred, and there was no justification to request any data from the DVLA.
This failure rendered Gemini’s KADOE request unlawful, and their misuse of the Keeper’s data set off a direct and foreseeable chain of events that led to the misuse of my own personal data as Hirer. That misuse would not—and could not—have occurred without the DVLA’s initial release of the Keeper’s data in breach of the contractual framework governing such disclosures.
The DVLA remains the data controller for the Keeper’s data and must be held accountable for ensuring that personal data is only released where lawful cause exists. Where that threshold is not met, the DVLA is directly responsible for any subsequent and predictable misuse of data that arises from its original unlawful disclosure.
I attach a supporting statement and request a full investigation. Please confirm receipt and provide a reference number.
Then you could upload the following as a PDF file for the formal complaint itself:
SUPPORTING STATEMENT
Complaint to DVLA – Breach of KADOE Contract and PPSCoP
Operator name: Gemini Parking Solutions Ltd
Date of PCN issue: [INSERT DATE]
Vehicle registration: [INSERT VRM]
I am submitting this formal complaint to report the unlawful release and misuse of personal data by Gemini Parking Solutions Ltd, an IPC AOS operator who obtained Keeper data from the DVLA under the KADOE contract. As a result of this unlawful disclosure, my own data as the Hirer of a hire vehicle was subsequently obtained and misused.
Causal Link – Unlawful DVLA Disclosure Initiated Chain of Data Misuse
The DVLA released the registered Keeper’s data to Gemini following a request made under Regulation 27(1)(e) of the Road Vehicles (Registration and Licensing) Regulations 2002. However, Gemini had no lawful cause of action to request that data. The PCN is based on a well-known ANPR failure known as a “double dip” error—where the vehicle made two separate visits, but the system only recorded the first entry and the final exit, fabricating an overstay.
Clause 7.3(d) of the Private Parking Single Code of Practice (PPSCoP) specifically requires operators to carry out a manual quality control check on all ANPR images to detect such errors. Gemini failed to perform this check. Had they done so, they would have identified the orphan images and correctly concluded that no contravention occurred.
There was no cause of action to justify the KADOE request. The DVLA therefore released the Keeper’s data unlawfully. That unlawful release directly enabled Gemini to contact the Keeper and obtain my personal data as Hirer. The misuse of my data would not—and could not—have occurred without the DVLA’s original breach of its data controller obligations.
Failure to Comply with PoFA – No Lawful Transfer of Liability
Gemini’s subsequent Notice to Hirer fails in two critical respects under Schedule 4 of the Protection of Freedoms Act 2012 (PoFA):
1. It does not state that the operator is seeking to recover the charge from the Hirer under Schedule 4, as required under paragraph 14(1)(a).
2. It fails to include the documents required under paragraph 14(2): a copy of the Notice to Keeper, a copy of the hire agreement, and a copy of the statement supplied under PoFA 13(2).
These omissions mean that no liability has lawfully transferred to the Hirer. The operator has no right to pursue me, and thus no right to process my data.
Threat to Revert to Keeper – Breach of PoFA 13(3) and KADOE Contract
Even more concerning is Gemini’s statement that if the charge remains unpaid, they may use the Keeper’s data “to send any related correspondence and any further notices”. This directly contravenes PoFA 13(3), which prohibits reverting to the Keeper once a valid hirer has been identified. Once the Keeper has discharged liability under 13(2), that data must not be used for any further correspondence or enforcement with the Keeper.
This is a misuse of DVLA-supplied data, a breach of the KADOE contract, and a clear infringement of UK GDPR principles relating to lawful basis and data minimisation.
DVLA's Role and Statutory Reporting Obligation
As the original data controller, the DVLA is responsible under UK GDPR and the Data Protection Act 2018 for ensuring that personal data is only disclosed where a valid cause exists. In this case, the DVLA’s unlawful disclosure to Gemini enabled an entirely avoidable and unlawful chain of personal data misuse.
Under Article 33 of the UK GDPR, the DVLA is now legally obliged to self-report this breach to the Information Commissioner’s Office (ICO), as it constitutes an unlawful disclosure of personal data.
Requested Actions:
I therefore ask the DVLA to:
• Acknowledge the unlawful disclosure and misuse of data in this case
• Confirm that the breach has been reported to the ICO under Article 33 UK GDPR
• Investigate the conduct of Gemini Parking Solutions Ltd
• Consider suspension or termination of Gemini’s KADOE access
• Provide a formal complaint reference number and details of next steps
Please confirm receipt of this complaint and advise accordingly. I am willing to provide further documentation or evidence if requested.
Name: [INSERT YOUR NAME]
Date: [INSERT DATE]
