Privacy Policy

Effective Date: 15th September 2025

AutoChain Limited ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website, mobile application, and services in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

1.1 AutoChain Limited is the data controller for the personal data we process through our platform.

1.2 Our registered office is at: Gladstone Place, Brighton, BN2 3QE, United Kingdom.

1.3 You can contact our Data Protection Officer at: privacy@autochain.co.uk

1.4 We are registered with the Information Commissioner's Office (ICO) under registration number [ICO Registration Number].

2. Information We Collect

2.1 Information You Provide to Us

  • Account Information: Name, email address, phone number, postal address
  • Vehicle Information: Vehicle registration, make, model, year, service history
  • Service Records: Maintenance history, receipts, photographs, service provider details
  • Payment Information: Billing address (payment card details are processed by our payment providers)
  • Communications: Messages, reviews, support requests, and feedback
  • Identity Verification: Documents for identity verification when required

2.2 Information We Collect Automatically

  • Technical Data: IP address, browser type, device information, operating system
  • Usage Data: Pages visited, time spent, features used, click patterns
  • Location Data: General location (with your consent) for finding nearby service providers
  • Cookies and Tracking: See our Cookie Policy for detailed information

2.3 Information from Third Parties

  • Service Providers: Information from garages and service providers in our network
  • Vehicle Data: Publicly available vehicle information from DVLA records
  • Payment Processors: Transaction confirmations and payment status
  • Social Media: If you connect your social media accounts (optional)

3. How We Use Your Information

3.1 Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: To provide our services and fulfill our contractual obligations
  • Legitimate Interests: To improve our services, prevent fraud, and conduct business operations
  • Consent: For marketing communications and optional features (you can withdraw consent anytime)
  • Legal Obligation: To comply with legal requirements and regulations
  • Vital Interests: To protect health and safety in emergency situations

3.2 Purposes of Processing

  • Providing and maintaining our platform and services
  • Creating and managing your account
  • Connecting you with service providers
  • Processing payments and managing billing
  • Storing and managing your vehicle service records
  • Sending service reminders and notifications
  • Improving our services and developing new features
  • Preventing fraud and ensuring platform security
  • Complying with legal obligations
  • Marketing communications (with your consent)

4. How We Share Your Information

We do not sell your personal data. We may share your information in the following circumstances:

4.1 Service Providers

  • Garages and service providers in our network (only relevant service information)
  • Payment processors for transaction processing
  • Cloud hosting and storage providers
  • Customer support and communication tools
  • Analytics and marketing service providers

4.2 Legal Requirements

  • To comply with legal obligations or court orders
  • To protect our rights, property, or safety
  • To investigate fraud or security incidents
  • With your explicit consent

4.3 Business Transfers

In the event of a merger, acquisition, or sale of our business, your information may be transferred to the new entity, subject to the same privacy protections.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption: Data is encrypted in transit and at rest using industry-standard encryption
  • Access Controls: Strict access controls and authentication requirements
  • Regular Security Audits: Regular security assessments and penetration testing
  • Staff Training: All staff are trained on data protection and privacy requirements
  • Incident Response: Procedures in place for detecting and responding to data breaches
  • Data Minimization: We only collect and store data that is necessary for our services

6. International Data Transfers

6.1 Your data is primarily stored and processed within the UK and European Economic Area (EEA).

6.2 Where we transfer data outside the UK/EEA, we ensure appropriate safeguards are in place, including:

  • Adequacy decisions by the UK government or European Commission
  • Standard Contractual Clauses approved by the UK or EU authorities
  • Certification schemes or codes of conduct

7. Data Retention

We retain your personal data only for as long as necessary:

  • Account Data: Until you delete your account plus 30 days for backup purposes
  • Service Records: 7 years or until you request deletion (for warranty and legal purposes)
  • Transaction Data: 7 years for accounting and tax purposes
  • Communications: 3 years unless longer retention is required by law
  • Marketing Data: Until you withdraw consent or 2 years of inactivity
  • Legal Claims: Until the limitation period expires or claims are resolved

8. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

Access & Portability

  • • Right to access your data
  • • Right to data portability
  • • Right to receive data in machine-readable format

Control & Correction

  • • Right to rectify inaccurate data
  • • Right to complete incomplete data
  • • Right to restrict processing

Deletion & Objection

  • • Right to erasure ("right to be forgotten")
  • • Right to object to processing
  • • Right to object to automated decision-making

Consent & Complaints

  • • Right to withdraw consent
  • • Right to lodge complaints with ICO
  • • Right to effective judicial remedy

How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@autochain.co.uk

We will respond to your request within one month. For complex requests, we may extend this period by two additional months.

9. Cookies and Tracking

We use cookies and similar technologies to improve your experience on our platform. For detailed information about our use of cookies, please see our Cookie Policy.

You can control cookie settings through your browser preferences and our cookie management tools.

10. Children's Privacy

10.1 Our services are not intended for children under 18 years of age.

10.2 We do not knowingly collect personal information from children under 18.

10.3 If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

11. Changes to This Policy

11.1 We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws.

11.2 We will notify you of any material changes by email or through a prominent notice on our platform.

11.3 Your continued use of our services after any changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Data Protection Officer: privacy@autochain.co.uk

General Inquiries: help@autochain.co.uk

Address: AutoChain Limited, Gladstone Place, Brighton, BN2 3QE, United Kingdom

Supervisory Authority: If you are not satisfied with our response to your data protection concerns, you can lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk