Privacy Policy

1. Introduction

This Privacy Policy explains how MotNorwich collects, uses, shares, and protects your personal data when you visit and use https://www.motnorwich.net (the “Website”), make enquiries, book services, or otherwise interact with us. We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

By using the Website or providing your personal data, you acknowledge that you have read this Privacy Policy.

2. Who we are and how to contact us (Data Controller)

MotNorwich is the data controller responsible for the personal data processed in connection with this Website and our services.

Contact details for privacy queries:

  • Primary contact method: use the contact form available on our Website and state that your message relates to “Privacy”.
  • Telephone: you may call the telephone number published on our Website.
  • Postal: you may write to our trading address as shown on our Website.

We review and respond to all privacy enquiries and rights requests submitted via the above methods.

3. Data Protection Officer (DPO) and privacy contact

We are not required to appoint a Data Protection Officer under UK GDPR. However, we have a designated privacy contact who handles data protection matters. Please use the contact methods in section 2 and mark your query “For the attention of the privacy contact”.

4. Personal data we collect

We only collect data that is relevant and necessary for the purposes set out in this policy. This may include:

  • Identity and contact data: name, email address, telephone number, postal address.
  • Vehicle and service data: vehicle registration number, make/model, mileage, service history you provide, booking date/time, work requested/approved.
  • Communications: enquiries, messages, feedback, and records of communications with us (including date, time, and content).
  • Transaction data: details of services purchased, amounts, dates; if you pay using a third-party payment service, the provider processes your card details—MotNorwich does not store full card numbers or CVV.
  • Technical and usage data: IP address, device identifiers, browser type and version, time zone, operating system, pages viewed, referring/exit pages, and interactions with the Website, collected via cookies and similar technologies.
  • Marketing preferences: your choices regarding receiving updates, service reminders, and promotions.

We may also receive personal data from third parties where lawful to do so (for example, analytics providers, payment processors, referral partners, or publicly available sources) to help us operate our business and respond to your requests.

5. Purposes and legal bases for processing

We process personal data for the following purposes and under the following legal bases:

  • To provide our services, manage bookings, perform diagnostics/repairs, and communicate with you about your appointment or enquiry (legal basis: performance of a contract or steps prior to entering into a contract).
  • To take and process payments, issue invoices, and manage accounts (legal basis: performance of a contract; legal obligation for accounting and tax).
  • To send service-related communications, such as appointment confirmations, updates, and safety notices (legal basis: performance of a contract or legitimate interests in keeping customers informed).
  • To send service reminders and customer updates about similar services you previously purchased (legal basis: legitimate interests, with the ability to opt out at any time; compliance with PECR).
  • To send marketing communications where you have opted in (legal basis: consent; you may withdraw consent at any time).
  • To maintain and improve our Website, including analytics, troubleshooting, and security monitoring (legal basis: legitimate interests in operating a secure and efficient service; analytics cookies rely on consent where required by PECR).
  • To prevent and detect fraud or misuse and to protect our rights (legal basis: legitimate interests; legal obligation where applicable).
  • To comply with legal and regulatory obligations and to respond to lawful requests from authorities (legal basis: legal obligation).

Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms and concluded that our interests are not overridden. You can object to processing based on legitimate interests (see section 10).

6. Cookies and similar technologies

We use cookies and similar technologies to operate the Website, measure performance, and, where you consent, improve and personalise your experience.

  • Strictly necessary cookies: required for core functions such as page navigation, session management, and security. These are set without your consent.
  • Analytics/performance cookies: help us understand how the Website is used so we can improve it. These are set only with your consent.
  • Functionality cookies: remember choices you make to provide enhanced features. Set with your consent where required.
  • Advertising/targeting cookies: if used, these help deliver relevant adverts. These are set only with your consent.

Cookie durations vary: session cookies expire when you close your browser; persistent cookies may last up to 24 months unless you delete them earlier.

Managing cookies: you can accept, reject, or adjust non-essential cookies via the consent options presented when you first visit the Website. You can also manage cookies in your browser settings. If you clear cookies, the cookie banner may reappear so you can update your choices.

7. Sharing your personal data

We may share your data with trusted recipients for the purposes described in this policy:

  • Service providers acting on our instructions (for example, website hosting, IT support, analytics, communications, booking and scheduling tools, and payment processors).
  • Professional advisers (such as accountants, auditors, insurers) where necessary for our business.
  • Law enforcement, regulators, courts, or other authorities where we are legally required to do so or to protect our rights or the rights of others.
  • Business transferees in connection with a merger, acquisition, or sale of assets, in which case personal data would be transferred as part of the transaction.

We require recipients to protect your data and use it only for the agreed purposes. We do not sell your personal data.

8. International transfers

Your personal data may be transferred to and processed in countries outside the UK (and the European Economic Area) where our service providers are located. In such cases, we ensure appropriate safeguards are in place, such as:

  • UK adequacy regulations for the destination country, or
  • UK-approved International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses with the UK Addendum, plus additional technical and organisational measures as needed.

You can contact us for more information about the safeguards used for international transfers.

9. Data retention

We keep personal data only for as long as necessary for the purposes set out in this policy and to meet legal, accounting, or reporting requirements. Typical retention periods are:

  • Enquiries and correspondence: up to 24 months after last contact.
  • Customer and service records (including vehicle-related service information on work we performed): up to 7 years from the end of our relationship, to meet legal and tax obligations and maintain records of services provided.
  • Invoices and transaction records: 7 years.
  • Marketing preferences and consent records: for the duration of your subscription and up to 24 months after you unsubscribe, to maintain suppression lists.
  • Cookie and analytics data: session up to 24 months, depending on cookie type.

We may anonymise data for statistical purposes, in which case we may use it indefinitely without further notice to you.

10. Your rights

Subject to applicable law and certain exemptions, you have the following rights:

  • Right of access: to obtain a copy of your personal data and information about how we process it.
  • Right to rectification: to have inaccurate or incomplete data corrected.
  • Right to erasure: to ask us to delete your data in certain circumstances.
  • Right to restriction: to request we limit processing in certain cases.
  • Right to data portability: to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller where technically feasible.
  • Right to object: to processing based on legitimate interests, including profiling, and to direct marketing at any time.
  • Right to withdraw consent: where processing is based on consent, you can withdraw it at any time (this does not affect processing prior to withdrawal).
  • Rights related to automated decision-making: we do not make decisions based solely on automated processing that produce legal or similarly significant effects about you.

11. How to exercise your rights

To exercise your rights, please contact us using the methods in section 2 and describe the right you wish to exercise. We may need to verify your identity before fulfilling your request. We aim to respond within one month. If your request is complex or numerous, we may extend by up to two further months and will inform you of the extension.

12. Marketing communications

You can opt out of marketing emails or texts at any time by following the instructions in the message or by contacting us. We may still send essential service messages (for example, booking confirmations or information about ongoing work) as these are not marketing.

13. Data security

We implement appropriate technical and organisational measures to protect personal data, including encryption in transit (TLS), access controls, role-based permissions, secure configuration, staff confidentiality obligations, and regular monitoring. No system is completely secure; if we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant authority where required by law.

14. Children’s privacy

Our services are not directed to children and we do not knowingly collect personal data from anyone under 16 years of age. If you believe a child has provided us with personal data, please contact us so we can delete it where appropriate.

15. Links to third-party sites

The Website may refer to third-party websites or services. Those sites have their own privacy policies. We are not responsible for their content or privacy practices.

16. Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technologies, legal or regulatory requirements. We will post the updated version on this page and adjust the effective date below. We encourage you to review this Policy periodically to stay informed about how we protect your data.

17. Complaints and contacting the ICO

If you have concerns about our use of your personal data, please contact us first so we can try to resolve the issue. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

  • Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
  • Telephone: +44 303 123 1113
  • Website: ico.org.uk

18. Effective date

Effective date: 14 December 2025

About The Editorial Team Terms of Service Legal Notice Privacy Policy Sitemap Contact
© 2026 MotNorwich