From time to time, you will be asked to submit personal information about yourself in order to receive or use services on our platform. The information includes: name, email address, phone number, postal address, vehicle registration number.
We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR).
We do not collect or request Sensitive Personal Data from you. Sensitive Personal Data includes personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership; genetic and biometric data (when processed to uniquely identify an individual) and data concerning health or sexual orientation.
If you are 16 or under you must have permission from a parent or guardian before you give us personal information. If we find that we have received information from you without the appropriate consent, we reserve the right to cancel all transactions and services and remove all personal data that you have supplied. You will be able to re-submit the information when you have the required permission.
We ask you for information about you, your location and your vehicle when you use our platform, email or call us.
Under data protection law, we can only use your personal data if we have a proper reason, e.g.:
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
We will use information collected when you use the website and/or make a booking on our platform:
The table below explains in more detail what we use your personal data for and why.
|What we use your personal data for||Our reasons|
|Providing services to you||To perform our contract with you or to take steps at your request before entering into a contract|
|Preventing and detecting fraud against you or us||For our legitimate interests or those of a third party, i.e. to minimise fraud that could be damaging for you and/or us|
|Ensuring business policies are adhered to, e.g. policies covering security and internet use||For our legitimate interests or those of a third party, i.e. to make sure we are following our own internal procedures so we can deliver the best service to you|
|Operational reasons, such as improving efficiency, training and quality control||For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service to you at the best price|
|Ensuring the confidentiality of commercially sensitive information||For our legitimate interests or those of a third party, i.e. to protect trade secrets and other commercially valuable information to comply with our legal and regulatory obligations|
|Statistical analysis to help us manage our business, e.g. in relation to our financial performance, customer base, product range or other efficiency measures||For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service to you at the best price|
|Preventing unauthorised access and modifications to systems||For our legitimate interests or those of a third party, i.e. to prevent and detect criminal activity that could be damaging for you and/or us to comply with our legal and regulatory obligations|
|Updating customer records||To perform our contract with you or to take steps at your request before entering into a contract to comply with our legal and regulatory obligations for our legitimate interests or those of a third party, e.g. making sure that we can keep in touch with our customers about existing orders and new products|
Marketing our services to:
|For our legitimate interests or those of a third party, i.e. to promote our business to existing and former customers|
We may use your personal data to send you updates (by email, text message, telephone or post):-
We have a legitimate interest in using your personal data for marketing purposes. This means we do not usually need your consent to send you marketing information. However, where consent is needed, we will ask for this separately and clearly.
You have the right to opt out of receiving marketing communications at any time by:
We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
Personal data may be held at our offices and those of our service providers such as our data storage service providers and email marketing provider.
Our service providers may be based outside the UK/EEA.
Under data protection law, we can only transfer your personal data to a country or international organisation outside the UK/EEA where:
These are explained below.
We may transfer your personal data to certain countries, on the basis of an adequacy decision. These include:
The list of countries that benefit from adequacy decisions will change from time to time. We will always seek to rely on an adequacy decision, where one exists.
Other countries we are likely to transfer personal data to do not have the benefit of an adequacy decision. This does not necessarily mean they provide poor protection for personal data, but we must look at alternative grounds for transferring the personal data, such as ensuring appropriate safeguards are in place or relying on an exception, as explained below.
Where there is no adequacy decision, we may transfer your personal data to another country if we are satisfied the transfer complies with data protection law, appropriate safeguards are in place, and enforceable rights and effective legal remedies are available for data subjects.
The safeguards will usually include using legally-approved standard data protection contract clauses
To obtain a copy of the standard data protection contract clauses and further information about relevant safeguards please contact us (see ‘How to contact us’ below).
In the absence of an adequacy decision or appropriate safeguards, we may transfer personal data to a third country or international organisation where an exception applies under relevant data protection law, e.g.:
We may also transfer information for the purpose of our compelling legitimate interests, so long as those interests are not overridden by your interests, rights and freedoms. Specific conditions apply to such transfers and we will provide relevant information if and when we seek to transfer your personal data on this ground.
When you make a booking or make an enquiry including but not restricted to the entry of a registration number, we share this data and where required to make a booking any personal information you have provided with a garage. The garage receiving either the registration number or personal data is responsible for handling your information in accordance with the law. We remind all garages subscribing to our platform of their responsibilities to you. By submitting your registration number and any personal data to us, you consent to such transfers taking place.
With the exception of garages we may share your data with service providers, suppliers and sub-contractors. Where any data is shared we will have in place agreements that require them to keep your data secure under the required data laws.
When you create an account on BookMyGarage, we retain your personal data until such time as you close your account or the personal data which we have collected from you is no longer required in order to perform the action or supply the service which you originally requested. Thereafter, we will keep your personal data for as long as is necessary:
We will delete or anonymise your personal data within a reasonable period where you have not created an account.
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
The right to access – You have the right to request us for copies of your personal data.
The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is incomplete.
The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email address:
Or write to us at:
The Data Controller, The Motorists’ Organisation Ltd, 1000 Lakeside, North Harbour, Portsmouth, PO6 3EN
If you refuse a cookie it may prevent the proper operation of the site or even prevent your access to certain areas.
If you communicate with us by email over the Internet you should be aware that the nature of the Internet is such that unencrypted communication may not be secure and may pass through several different countries en route to us. Please do not email us with confidential or sensitive information such as your credit card details. We cannot accept responsibility for unauthorised access to your information that is outside our control.
When you create an account on BookMyGarage, you should use a password that provides an adequate level of security. You are responsible for keeping your password safe, and we ask you not to share your password with anyone.
We do not have access to your password, but if you lose it you may ask us to reset the password on your account.
If you believe that any of the data we hold about you is incorrect or being misused or want further information you may contact us at the below address:
The Data Controller, The Motorists’ Organisation Ltd, 1000 Lakeside, North Harbour, Portsmouth, PO6 3EN
Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office.
Information Commissioner’s Office