Back to landing

Privacy Notice (UK GDPR and EU GDPR)

This notice explains how Garage7 uses personal data when you browse this website, submit a booking request, and communicate with the workshop.

Who controls your data

Garage7

1234 Any Street, Your City, ST 00000

General contact: hello@garage7.example

Privacy contact: hello@garage7.example

Data We Collect

  • Name, email address, mobile number, requested booking slot, and any notes you submit.
  • Optional vehicle details such as registration plate, make, and model.
  • Security and anti-abuse data including salted hashes derived from IP address and user-agent data.
  • Records of booking status changes, workshop actions, and operational notifications.

Lawful Basis

  • Contractual necessity: handling booking requests and related workshop communications.
  • Legitimate interests: securing the service, preventing abuse, managing operations, and auditing actions.
  • Consent: any optional cookies or similar technologies that are not strictly necessary.

How We Use Data

  • To receive, review, approve, reject, and schedule booking requests.
  • To contact customers about booking status and workshop-related updates.
  • To operate security controls, rate limits, abuse prevention, and audit trails.
  • To comply with legal obligations and defend legal claims where necessary.

Recipients and processors

  • Hosting, database, and infrastructure providers acting on our instructions.
  • Email and messaging providers used to send operational workshop communications.
  • Cloudflare Turnstile when CAPTCHA protection is enabled.

Retention

  • Abuse-prevention hashes are retained for a short period, currently 7 days by default.
  • Audit and notification logs are retained for 365 days by default.
  • Rejected booking requests are retained for 365 days by default, unless legal obligations require longer.
  • Live operational records may be retained for longer where needed to provide services or maintain records.

Your Rights

  • Access, rectification, erasure, restriction, objection, and data portability where applicable.
  • You can withdraw cookie consent at any time through the cookie settings control in the site footer.
  • You can complain to your local supervisory authority, including the UK ICO if UK law applies.

International transfers

Some service providers may process data outside the UK or EEA. Where that happens, appropriate safeguards should be in place, such as adequacy regulations or approved transfer mechanisms.

Last updated: 2026-03-19