Verra Mobility Corporation (referred to as “Verra Mobility”, “we“, “us“, and/or “our“) takes its data protection and privacy responsibilities seriously. This notice explains how we collect and use personal information during our business activities in our capacity of data controller for the purposes of applicable data protection legislation.

We have separate privacy notices for our products and services

The Verra Mobility entity responsible for your personal information will be the Verra Mobility company that originally collects information from or about you.  This may also be explained in separate notices made available when your personal information is first collected by that Verra Mobility entity, for example where you or the business you work for engages us to provide a service.

You’ll find more privacy notices when you use our other websites. This Notice supplements – but doesn’t override – them.

You can find out more about Verra Mobility by contacting us using the information in the “Contact Us” section below.

When we collect information

We collect information about you if: (i) you use our website; (ii) use our services; (iii) or contact us by post, telephone or email.

We also process personal information on behalf of our customers when we provide our services to them. When we do this, we act as a “processor” under relevant data protection laws, whilst our customer (or potentially a third party) will be the relevant “controller”.   If you have concerns or questions about our processing of your personal information in the context of Verra Mobility’s services, you should contact us using the information in the “Contact Us” section below. Please note that if you contact us directly, we may need to disclose your request to the relevant customer.

The types of personal information we collect

Depending on the purpose for which we use your data, we may collect and use certain personal information that is disclosed to us including:

  • Your name and contact details;
  • Your marketing preferences;
  • Any other personal information you provide in correspondence with us, for example where this is relevant to a complaint or query.

Through your use of our websites, we will also collect information – such as IP address and browser generated information (browser type, operating system), as well as information about your browsing session.  We do not use this information to identify you as an individual, but to tailor or enhance your browsing experience, or in aggregate with data of other users for statistical purposes. Please see our cookies policy for further information about the cookies we use.

How we use your information and what is the legal basis for our use of your information

Your personal information will be used for the purposes listed in the table below.  We will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. We have also described the legal basis which we rely on, in the table.  The legal basis we rely upon will impact which rights you have in relation to your personal information (see the section below for more details):

How we use your information What is the legal basis for our use of your information
To deliver our services. Where there is a contract in place between you and us, this processing is necessary to perform the contract between you and us.

Where there is no contract in place, or where there is a contract, but this is between us and your employer (for example), this processing is necessary for our legitimate interests.

We consider that we have a legitimate interest in providing our customers with products and services which they have requested, as this is central to our business.

To conduct business with you. Where there is a contract in place between you and us, this processing is necessary to perform the contract between you and us.

Where there is no contract in place, or where there is a contract, but this is between us and your employer (for example), this processing is necessary for our legitimate interests.

We consider that we have a legitimate interest in conducting business with our customers, as this is central to our business, helping us to preserve our business operations and grow our business.

To correspond with you in relation to our services. Where there is a contract in place between you and us, this processing is necessary to perform the contract between you and us.

Where there is no contract in place, or where there is a contract, but this is between us and your employer (for example), this processing is necessary for our legitimate interests.

We consider that we have a legitimate interest in conducting business with our customers, as this is central to our business, helping us to preserve our business operations and grow our business.

To provide Customer Services, including responding to any queries we have received from you. This processing is necessary for our legitimate interests.

We consider that we have a legitimate interest in ensuring that all our customers receive the best possible experience, helping us to preserve our business operations and grow our business. Understanding our customers’ needs is a vital part of ensuring a great customer experience.

To monitor your use of our websites to make improvements to the site and the user experience. This processing is necessary for our legitimate interests.

We consider that we have a legitimate interest in ensuring that we are continually improving our services to preserve our business operations and grow our business and ensuring that you are provided with information of relevance to you.

However, where this activity is carried out using cookies which are not strictly necessary (see our cookie policy for further information) we will, where required by law, obtain your consent to such processing. Where such consent has been obtained, we will rely on this as our basis for processing.

To market to you about our products and services, and otherwise to identify goods and services which we believe may be of interest to you. This processing is necessary for our legitimate interests.

We consider that we have a legitimate interest in ensuring that our customers are kept up to date with information about our products and services, as this helps us to preserve our business operations and grow our business. This could include: receiving and replying to your email, contacting you about your account and our services or service-related issues, fulfilling subscription requests, tracking traffic patterns to make our websites and apps easier to use, planning business activities based on aggregate data analysis, ensuring the security of our websites and apps, customizing your website or app experience, or other administrative, technical or organizational activities for which we have a legitimate interest.

However, where we are required by law to obtain your consent before sending you such information, we will rely upon such consent as our basis for processing.

In any case, if you tell us that you do not wish to receive such communications from us, we will respect your wishes. If you would prefer not to receive marketing-related communications from us, we provide unsubscribe options which will allow you to opt-out of such communications.

To monitor, maintain and improve our IT environment, including security of our systems, and the applications that our customers use and that we use to manage our services. This processing is necessary for our legitimate interests.

We consider that we have a legitimate interest in ensuring that we are continually improving our services to preserve our business operations and grow our business and ensuring that you are provided with information of relevance to you.

For our employee training purposes. This processing is necessary for our legitimate interests.

We consider that we have a legitimate interest in ensuring that we are continually improving our services to preserve our business operations and grow our business and ensuring that you are provided with information of relevance to you.

To enable us to comply with any legal or regulatory requirements. Our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have.

Who we share your information with and transferring information globally

We share your information with (i) third parties who help manage our business and deliver services, including IT service providers who help manage our IT and back office systems; (ii) with other members of the Verra Mobility Group;  (iii) with our regulators and law enforcement organizations; and (iv) If, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose information to a potential or actual third party purchaser of our business or assets.

Accordingly, your personal information may be transferred and stored in countries that are subject to different standards of data protection. We will take appropriate steps ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests.

Storing your personal information

We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this notice. In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements.

Your rights

You have certain rights in relation to our use of your personal information, including the right to request access to, rectify or remove personal information we process; restrict or object to the processing of your personal information, transfer your personal information; and withdraw your consent to the processing of your personal information (where processing is based upon your consent). If you have any questions or comments about how we handle your personal information or wish to exercise any of the rights described above, please communicate via the “Contact Us” section below.

You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information. We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

System Security Requirements

Use of Verra Mobility systems is subject to VM Consolidated operating rules and security controls, including data security, user ids, and password requirements. VM Consolidated will report to customers, as soon as possible any data security breach involving the personal information of the customer and will cooperate with the customer in taking actions to limit the effect of, and investigating the scope of, any security breach. Encryption and strong access control mechanisms are used to protect customer data both at rest and in transit in line with our policies and standards. The system requirements necessary for VM Consolidated to achieve its principal commitments and operational objectives include the following: Management demonstrates a commitment to integrity and ethical values. Management also establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. Logical access to programs, data, and computer resources relevant to Verra Mobility systems is restricted to authorized and appropriate users and such users are restricted to performing authorized and appropriate actions. Changes to application programs and related data management systems are authorized, tested, documented, approved, and implemented to result in the complete and timely processing of transactions relevant to Verra Mobility systems. Network infrastructure is configured as authorized to (1) support the effective functioning of application controls to result in complete and timely processing of Verra Mobility systems ; (2) protect data relevant to Verra Mobility systems from unauthorized changes; and (3) support Verra Mobility systems. Application and system monitoring relevant to Verra Mobility systems are authorized and executed in a complete and timely manner and deviations, problems, and errors that may affect Verra Mobility systems are identified, tracked, recorded, and resolved in a complete and timely manner.  Security incidents that are identified are documented, investigated and resolved, and users are notified as necessary.

CONTACT US:

The primary point of contact for all issues arising from this privacy notice is:

Email: privacy@verramobility.com

Phone: 1-480-596-4566

Postal Address:

Verra Mobility

Privacy Department

1150 Alma School Road

Mesa, AZ 85201