1. Overview
At My Garage, we are committed to protecting your privacy and ensuring the security of your personal and business data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our Workshop Manager and Commercial Vehicle Manager services.
π‘οΈ Our Commitment
We are fully compliant with the General Data Protection Regulation (GDPR) and UK Data Protection Act 2018. Your data is processed lawfully, fairly, and transparently at all times.
Who We Are
My Garage Ltd is a UK-based company providing cloud-based automotive management software solutions. We are the data controller for the personal data we process in connection with our services.
Scope of This Policy
This policy applies to:
- My Garage Workshop Manager software
- My Garage Commercial Vehicle Manager software
- Our website and customer portals
- Mobile applications (eVHC app)
- All related services and support
2. Data We Collect
We collect and process various types of data to provide our services effectively. This includes data you provide directly and data collected automatically through your use of our services.
π’ Business Information
- Company name and address
- Business registration details
- VAT number
- Industry classification
- Business contact information
π€ User Account Data
- Name and job title
- Email address
- Phone number
- User credentials (encrypted)
- Role and permissions
π Vehicle & Customer Data
- Customer contact details
- Vehicle registration numbers
- Vehicle specifications
- Service history
- MOT and insurance data
πΌ Business Operations
- Job sheets and estimates
- Invoices and payments
- Inventory records
- Staff schedules
- Business analytics
π± Technical Data
- IP addresses
- Browser information
- Device identifiers
- Usage analytics
- System logs
π³ Payment Information
- Billing addresses
- Payment method details
- Transaction history
- Subscription details
- Invoice records
π Important Note: We do not store full credit card details on our servers. Payment processing is handled by certified PCI-compliant payment processors.
3. How We Use Your Data
We process your data for specific, legitimate purposes that are necessary for providing our services and operating our business effectively.
Primary Uses
- Service Delivery: Providing workshop management functionality, customer management, and business analytics
- Account Management: Creating and maintaining user accounts, managing subscriptions, and providing customer support
- Communication: Sending service updates, support responses, and important notifications
- Billing: Processing payments, generating invoices, and managing subscription renewals
- Compliance: Meeting legal obligations, including tax reporting and data protection requirements
Secondary Uses
- Service Improvement: Analyzing usage patterns to enhance our software and user experience
- Security: Monitoring for unauthorized access and protecting against cyber threats
- Marketing: Sending promotional materials (with your consent) and conducting market research
- Analytics: Understanding how our services are used to make informed business decisions
β
Legal Basis: We process your data based on contract performance, legitimate interests, legal obligations, and where applicable, your explicit consent.
4. Data Sharing & Disclosure
We do not sell, rent, or trade your personal data. We only share data in specific circumstances and with appropriate safeguards.
When We Share Data
- Service Providers: Trusted third-party partners who help us deliver our services (hosting, payment processing, support)
- Legal Requirements: When required by law, court order, or regulatory authority
- Business Transfers: In the event of a merger, acquisition, or sale of assets (with data protection guarantees)
- Emergency Situations: To protect the safety of users or prevent illegal activities
Third-Party Integrations
Our software integrates with various third-party services:
- DVLA: For MOT and vehicle registration data
- Accounting Software: Sageβ’, Xeroβ’, QuickBooksβ’ for financial data export
- Parts Suppliers: Alliance Automotive and other catalog providers
- Payment Processors: Stripe and other PCI-compliant payment services
β οΈ Important: All third-party integrations are subject to their own privacy policies. We recommend reviewing these policies for services you choose to use.
5. Data Security
We implement comprehensive security measures to protect your data from unauthorized access, alteration, disclosure, or destruction.
Technical Safeguards
- Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
- Access Controls: Multi-factor authentication and role-based access permissions
- Network Security: Firewalls, intrusion detection, and regular security monitoring
- Regular Audits: Penetration testing and security assessments by third parties
- Secure Infrastructure: Data centers with physical security and environmental controls
Operational Safeguards
- Staff Training: Regular security awareness training for all employees
- Access Management: Strict controls on who can access customer data
- Incident Response: 24/7 monitoring and rapid response to security incidents
- Data Minimization: We only collect and retain data necessary for our services
π Security Certifications
We maintain SOC 2 Type II compliance and follow ISO 27001 guidelines for information security management.
6. Data Retention
We retain your data only for as long as necessary to provide our services and comply with legal obligations.
Retention Periods
- Active Account Data: Retained for the duration of your subscription
- Business Records: 7 years (UK tax and business law requirements)
- Customer Data: 90 days after account termination (for recovery purposes)
- Technical Logs: 12 months for security and troubleshooting
- Marketing Data: Until you withdraw consent or we no longer need it
Data Deletion
When data is no longer needed, we:
- Securely delete all copies from our systems
- Ensure backups are purged according to schedule
- Provide confirmation of deletion upon request
- Maintain deletion logs for compliance purposes
π‘ Good to Know: You can request early deletion of your data at any time, subject to legal retention requirements.
7. Your Rights
Under GDPR and UK data protection law, you have several rights regarding your personal data.
Your Data Rights
- Right to Access: Request copies of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a structured format
- Right to Object: Opt out of certain types of processing
- Right to Withdraw Consent: Remove consent for processing based on consent
How to Exercise Your Rights
To exercise any of these rights:
- Contact us at privacy@My Garage.com
- Provide proof of identity for security
- Specify which right you wish to exercise
- We will respond within 30 days
β
No Cost: Exercising your data rights is free of charge. We may charge a reasonable fee for excessive or repetitive requests.
8. Cookies & Tracking
We use cookies and similar technologies to enhance your experience and analyze how our services are used.
Types of Cookies We Use
- Essential Cookies: Required for basic functionality (login, security, preferences)
- Performance Cookies: Help us understand how users interact with our services
- Functional Cookies: Remember your preferences and settings
- Analytics Cookies: Provide insights into usage patterns (with your consent)
Managing Cookies
You can control cookies through:
- Your browser settings
- Our cookie consent banner
- Account preferences in our software
- Contacting us directly
π Analytics: We use privacy-focused analytics tools and never track personal information without consent.
9. Third-Party Services
Our services integrate with various third-party providers to enhance functionality. Each has its own privacy practices.
Key Third-Party Services
- Cloud Hosting: AWS (Ireland) - Data Processing Agreement in place
- Payment Processing: Stripe - PCI DSS compliant processor
- Email Services: SendGrid - For transactional emails
- Analytics: Privacy-focused analytics tools
- Support System: Zendesk - For customer support tickets
Data Processing Agreements
We maintain Data Processing Agreements (DPAs) with all service providers that process personal data on our behalf, ensuring they meet GDPR requirements.
10. International Transfers
We primarily process data within the UK and EU, but some services may involve international transfers.
Transfer Safeguards
- Adequacy Decisions: Transfers to countries with adequate data protection
- Standard Contractual Clauses: EU-approved contracts for other countries
- Certification Schemes: Providers with recognized privacy certifications
- Binding Corporate Rules: For multinational service providers
β οΈ Brexit Note: We continue to follow EU adequacy decisions and maintain GDPR compliance for all international transfers.
11. Policy Changes
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements.
When We Update This Policy
- Changes to our data processing practices
- New features or services
- Legal or regulatory changes
- Feedback from users or regulators
How We Notify You
- Email notification to account holders
- In-app notifications
- Updates on our website
- 30-day notice for material changes
π
Version Control: We maintain a history of policy changes and their effective dates for transparency.
12. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us.
β
Response Time: We aim to respond to all privacy-related inquiries within 72 hours and will resolve requests within 30 days as required by law.
My Garage CRM