Privacy Policy

1. Introduction

This Privacy Policy explains how OwlGMS Ltd (company registration number [COMPANY REGISTRATION NUMBER]), trading as OwlGMS and part of the OwlMOT network ("we", "us", "our"), collects, uses, stores, and protects your personal data when you use our website at beta.owlmot.co.uk, our garage management software platform, and related services (collectively, the "Service").

We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all applicable UK data protection legislation.

By using our Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Data Controller

The data controller responsible for your personal data is:

If you have any questions about this Privacy Policy or our data practices, please contact us at the email address above.

3. What Data We Collect

We collect and process the following categories of personal data:

3.1 Data you provide directly

• Demo request form: Your name, email address, and phone number (optional) when you submit the "Book a Demo" form on our website.
• Account registration: Your name, email address, business name, business address, and phone number when you create an OwlGMS account.
• Communications: Any information you provide when you contact us by email or other means.

3.2 Data generated through garage operations

When you use our garage management software, the following data is processed as part of your workshop operations:

• Vehicle data: Vehicle registration numbers, make, model, mileage, MOT history, and advisory information (including data retrieved via the DVSA MOT History API).
• Customer data: Names, email addresses, phone numbers, and vehicle ownership details of your garage's customers, as entered by you or your staff.
• Job data: Repair descriptions, inspection findings, photographs, videos, technician notes, parts used, invoices, and payment records.
• Approval data: Customer approval or rejection of work items, timestamps, and digital authorisation records.

3.3 Data collected automatically

• Usage data: Pages visited, features used, session duration, and interaction patterns within the Service.
• Technical data: IP address, browser type and version, operating system, device type, and screen resolution.

4. Legal Basis for Processing

We process your personal data on the following legal bases under UK GDPR:

• Performance of a contract (Article 6(1)(b)): Processing is necessary to provide the Service to you, including managing your account, delivering the garage management software, and processing payments.
• Legitimate interests (Article 6(1)(f)): Processing is necessary for our legitimate business interests, such as improving the Service, analysing usage patterns, preventing fraud, and ensuring security. We balance these interests against your rights and freedoms.
• Consent (Article 6(1)(a)): Where you have given us specific consent to process your data, such as when submitting a demo request form or opting in to marketing communications. You may withdraw consent at any time.
• Legal obligation (Article 6(1)(c)): Processing is necessary to comply with our legal obligations, such as maintaining financial records and responding to lawful requests from authorities.

5. How We Use Your Data

We use the personal data we collect for the following purposes:

• To provide, maintain, and improve the OwlGMS platform and its features.
• To process and respond to your demo requests and enquiries.
• To create and manage your account and subscription.
• To process payments and maintain billing records.
• To send transactional communications, including service updates, security alerts, and support messages.
• To send marketing communications where you have opted in (you can unsubscribe at any time).
• To analyse usage patterns and improve the user experience.
• To detect, prevent, and address technical issues, fraud, and security threats.
• To comply with legal obligations and enforce our terms of service.

6. Data Storage and Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL protocols.
• Encryption of sensitive data at rest.
• Regular security assessments and vulnerability testing.
• Role-based access controls and authentication mechanisms.
• Regular data backups with secure storage.
• Staff training on data protection and information security.

Your data is stored on secure servers located within the United Kingdom or the European Economic Area (EEA). If any data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place in accordance with UK GDPR, such as Standard Contractual Clauses or an adequacy decision.

7. Third-Party Data Processors

We share your personal data with the following categories of third-party service providers who process data on our behalf:

• FormSubmit.co: Our demo request form submissions are processed through FormSubmit.co, which handles the delivery of form data to our email. When you submit a demo request, your name, email address, and phone number (if provided) are transmitted through this service.
• Hosting providers: Our servers and infrastructure are managed by third-party hosting providers who may have access to data stored on their systems.
• Payment processors: If you subscribe to a paid plan, your payment details are processed by our third-party payment provider. We do not store full payment card details on our servers.
• Analytics providers: We may use analytics tools to understand how users interact with our website and Service.
• DVSA: We retrieve vehicle MOT data from the DVSA MOT History API using registration numbers entered by our users. This is a publicly available data source.

All third-party processors are contractually obligated to process your data only on our instructions and in compliance with applicable data protection law. We carry out due diligence to ensure our processors maintain appropriate security standards.

8. Cookies

Our website uses cookies and similar technologies to enhance your browsing experience. Cookies are small text files stored on your device that help us recognise you and remember your preferences.

8.1 Types of cookies we use

• Strictly necessary cookies: Essential for the operation of the website. These cannot be disabled.
• Performance cookies: Help us understand how visitors interact with our website by collecting anonymous usage data.
• Functional cookies: Remember your preferences and settings to provide a personalised experience.

8.2 Managing cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling certain cookies may affect the functionality of our website. For more information about cookies and how to manage them, visit allaboutcookies.org.

9. Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law. Our retention periods are as follows:

• Demo request data: Retained for up to 12 months from the date of submission, unless you become a customer, in which case it forms part of your account record.
• Account data: Retained for the duration of your subscription and for up to 24 months after account closure to allow for reactivation and to comply with legal requirements.
• Garage operational data: Retained for the duration of your subscription. Upon termination, you may request an export of your data. We will delete operational data within 90 days of account closure, unless a longer retention period is required by law.
• Financial records: Retained for a minimum of 6 years in accordance with HMRC requirements.
• Technical and usage data: Retained in anonymised form for up to 24 months for analytics purposes.

When personal data is no longer required, it is securely deleted or anonymised so that it can no longer be associated with you.

10. Your Rights

Under UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:

• Right of access: You have the right to request a copy of the personal data we hold about you (a "subject access request").
• Right to rectification: You have the right to request correction of any inaccurate or incomplete personal data we hold about you.
• Right to erasure: You have the right to request deletion of your personal data where there is no compelling reason for its continued processing. This right is not absolute and may be subject to legal obligations requiring us to retain certain data.
• Right to restrict processing: You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest its accuracy.
• Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have it transmitted to another controller where technically feasible.
• Right to object: You have the right to object to the processing of your personal data where we are relying on legitimate interests, or where your data is being processed for direct marketing purposes.
• Rights related to automated decision-making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month, as required by law. In certain circumstances, we may extend this period by a further two months, in which case we will inform you accordingly.

There is no fee for making a request, unless the request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request.

11. Data Processing on Behalf of Garages

When you use OwlGMS to manage your garage operations, you act as the data controller for the personal data of your customers (vehicle owners). In this capacity, OwlGMS Ltd acts as a data processor, processing your customers' data on your behalf and in accordance with your instructions.

As a garage using our Service, you are responsible for:

• Ensuring you have a lawful basis for collecting and processing your customers' personal data.
• Providing appropriate privacy notices to your customers.
• Responding to data subject requests from your customers.
• Ensuring the accuracy of the data you enter into the system.

We will assist you in meeting your obligations under UK GDPR, including responding to data subject requests and reporting data breaches, as set out in our Data Processing Agreement, which forms part of our Terms of Service.

12. Children's Data

Our Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at [email protected] and we will take steps to delete such data.

13. Complaints

If you are unhappy with how we have handled your personal data, we would encourage you to contact us first at [email protected] so that we can try to resolve the matter.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection. You can contact the ICO at:

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Effective date" at the top of this page.
• Notify registered users by email where the changes are significant.
• Post a notice on our website.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: