Privacy Policy

Last Updated: October 14, 2025

1. Introduction

Cymru Autokeys ("we", "our", "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller: Cymru Autokeys
Contact: [Your Email Address]
Address: [Your Business Address]

2. Information We Collect

2.1 Personal Information

When you use our services, we may collect:

  • Contact Details: Name, email address, phone number, postal address
  • Account Information: Username, password (encrypted), account preferences
  • Vehicle Information: Make, model, year, registration, engine details
  • Booking Information: Service requests, appointment dates, customer notes
  • Payment Information: Processed securely via Stripe (we do not store card details)
  • Communication Data: Your communications with us via email, phone, or chat

2.2 Automatically Collected Information

  • Technical Data: IP address, browser type, device information, operating system
  • Usage Data: Pages visited, time spent, links clicked, referring website
  • Cookies: See our Cookie Policy for detailed information

3. How We Use Your Information

3.1 Lawful Basis for Processing

We process your personal data under the following lawful bases:

  • Contract Performance: To provide services you've requested
  • Legal Obligation: To comply with legal requirements (e.g., tax, accounting)
  • Legitimate Interests: To improve our services and prevent fraud
  • Consent: Where you've given explicit consent (e.g., marketing emails)

3.2 Purposes of Processing

  • To process your bookings and provide our services
  • To communicate with you about your appointments
  • To process payments and prevent fraud
  • To send service updates and important notifications
  • To improve our website and customer experience
  • To comply with legal obligations
  • To send marketing communications (with your consent)

4. Data Security

We take data security extremely seriously and have implemented industry-leading security measures:

  • Encryption: All personal data is encrypted at rest using AES-256-GCM encryption
  • Secure Transmission: All data transmitted is protected by SSL/TLS encryption
  • Access Controls: Strict role-based access controls and authentication
  • Regular Security Audits: Continuous monitoring and security assessments
  • Audit Logging: All access to personal data is logged and monitored
  • Payment Security: PCI DSS compliant payment processing via Stripe

Despite our security measures, no system is 100% secure. If you suspect any security breach, please contact us immediately.

5. Data Sharing and Third Parties

We may share your data with:

  • Payment Processors: Stripe (for secure payment processing)
  • Cloud Hosting: [Your hosting provider] (for secure data storage)
  • Email Service: [Your email provider] (for transactional emails)
  • Analytics: [If applicable] (anonymized data only)
  • Legal Requirements: When required by law or to protect our rights

We do not sell your personal data to third parties.

All third-party processors are carefully selected and bound by data processing agreements ensuring GDPR compliance.

6. International Data Transfers

Your data is primarily stored in the UK/EU. If data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the UK ICO
  • Adequacy decisions recognizing equivalent data protection
  • Your explicit consent where required

7. Data Retention

We retain your personal data only for as long as necessary:

  • Account Data: Until you request deletion or account becomes inactive (7 years)
  • Booking Records: 7 years (for tax and legal compliance)
  • Payment Data: As required by financial regulations (minimum 7 years)
  • Marketing Consent: Until you withdraw consent or 3 years of inactivity
  • Website Cookies: As specified in our Cookie Policy

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right to Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data (subject to legal obligations).

Right to Restrict Processing

Request limitation on how we use your data.

Right to Data Portability

Request your data in a machine-readable format.

Right to Object

Object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent

Withdraw consent for processing at any time (where consent is the legal basis).

Right to Lodge a Complaint

Complain to the Information Commissioner's Office (ICO) if you believe your rights have been violated.

To exercise any of these rights, please contact us at:
Email: help@autokeys.cymru
We will respond to your request within one month.

9. Cookies

We use cookies to improve your experience on our website. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

10. Children's Privacy

Our services are not intended for children under 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

11. Marketing Communications

With your consent, we may send you marketing emails about our products and services. You can opt out at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Updating your preferences in your account settings
  • Contacting us directly

Note: You will still receive essential service-related communications (e.g., booking confirmations, password resets).

12. Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the ICO within 72 hours of becoming aware
  • Notify affected individuals without undue delay
  • Take immediate steps to contain and remedy the breach
  • Conduct a thorough investigation and implement preventive measures

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Posting the updated policy on our website
  • Updating the "Last Updated" date
  • Sending you an email notification (for material changes)

Please review this policy periodically to stay informed about how we protect your data.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Cymru Autokeys

Email: help@autokeys.cymru

Phone: 07796 505497

Address: 113 Bolgoed Rd, Pontarddulais, Swansea. SA4 8JP

Information Commissioner's Office (ICO):
If you are not satisfied with our response, you can contact the ICO:
Website: https://ico.org.uk
Phone: 0303 123 1113

15. Legal Compliance

This Privacy Policy complies with:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • Privacy and Electronic Communications Regulations (PECR) 2003
  • Payment Card Industry Data Security Standard (PCI DSS)

Your Privacy Matters: We are committed to transparency and protecting your personal information. If you have any questions or concerns, please don't hesitate to reach out.