We collect and process personal data in connection with the use of car parking facilities at the Airport.
This includes the automatic capture of vehicle details (i.e. vehicle registration numbers, metadata such as the vehicle type, colour, make and model, and cropped image of plate number) through License Plate Recognition (LPR) cameras installed at entry and exit points of the parking facilities. Vehicle registration numbers may constitute personal data where they enable the identification of a natural person.
We also collect personal data where you:
register for or hold a Parking Pass, including identification and contact details; and
make payment for parking facilities via cashless methods, including credit or debit cards and mobile payment applications (such as Juice, Blink or similar platforms).
Personal data collected through LPR systems and payment channels is processed for the purposes of:
administering access to and use of parking facilities;
calculating and collecting parking fees;
ensuring the security and proper operation of airport infrastructure; and
preventing fraud and misuse of parking services.
Such processing is carried out in accordance with applicable data protection laws, including the Data Protection Act 2017, and is based on our legitimate interests in the efficient and secure management of parking facilities, and where applicable, the performance of a contract with you.
Digital payment transactions are processed via secure, authorised Payment Gateways (PG) and Payment Service Providers (PSP). We do not store full card details on our systems. Payment transfer data is stored at the level of the PG/PSP platform.
Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, including for legal, regulatory, and operational requirements:
LPR data (i.e., vehicle details, including vehicle registration numbers and images) for standard paid transactions in the database are automatically deleted within 30 days;
LPR data (i.e. Vehicle details, including vehicle registration numbers, metadata and images) locally stored in cameras are automatically deleted within 30 days;
Payment card data stored at the level of the PG/PSP platforms are retained for as long as necessary to fulfil legal and regulatory requirements, i.e. 7 to 10 years.
Data Sharing and Transfers: We do not sell your data. We may share data with law enforcement or regulatory authorities where required by law. Additionally, your data is hosted on secure cloud platforms managed by our partner (SKIDATA) in Europe, in compliance with cross-border data transfer regulations under the Data Protection Act 2017.
You have rights in relation to your personal data, including the right to access, rectify, request erasure of, restrict, and object to certain processing, in accordance with applicable law. To exercise any of your data protection rights, please contact our Data Protection Officer at privacy@atol.aero.
01 June 2026