Privacy Policy

Last Updated: January 2026
1. Introduction
Suffolk Clutch Centre (“we”, “us”, or “our”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our services or visit our website.
We are the data controller responsible for your personal data. This means we determine how and why your data is processed.
This policy should be read in conjunction with our Terms and Conditions.
2. Information We Collect
2.1 Personal Information You Provide
We collect personal information that you voluntarily provide when you:

  • Request a quote or service
  • Make a booking or appointment
  • Contact us via phone, email, or contact form
  • Visit our premises
  • Make a payment
  • Subscribe to marketing communications
  • Leave a review or feedback

This information may include:

  • Contact details: Name, email address, phone number, postal address
  • Vehicle information: Registration number, make, model, year, mileage, VIN
  • Service history: Details of repairs, parts fitted, dates of service
  • Payment information: Bank details, card information (processed securely through payment processors)
  • Communication records: Correspondence via email, phone calls, or messages
  • Marketing preferences: Your consent to receive promotional communications

2.2 Information We Collect Automatically
When you visit our website, we automatically collect:

  • Technical data: IP address, browser type and version, operating system, device information
  • Usage data: Pages visited, time spent on pages, referral sources, clickstream data
  • Location data: General location based on IP address
  • Cookies: See our Cookie Policy below for details

2.3 Information from Third Parties
We may receive information from:

  • Parts suppliers: When ordering parts for your vehicle
  • Payment processors: Payment confirmation and transaction details
  • DVLA or vehicle databases: Vehicle registration and specification information
  • Credit reference agencies: When extending credit facilities (with your consent)

2.4 Special Category Data
We do not routinely collect special category data (such as health information, racial or ethnic origin, political opinions, religious beliefs, or sexual orientation). If such information is disclosed during our interactions, it will be processed only where necessary and with appropriate safeguards.
3. How We Use Your Information
3.1 Legal Basis for Processing
We process your personal data on the following legal bases:
Contract Performance: To provide our services, including:

  • Processing and fulfilling service requests
  • Communicating about your vehicle and repairs
  • Managing appointments and bookings
  • Processing payments and invoicing
  • Managing warranties and guarantees

Legitimate Interests: For business operations, including:

  • Improving our services and customer experience
  • Managing customer relationships
  • Preventing fraud and maintaining security
  • Responding to enquiries and complaints
  • Maintaining business records and accounts
  • Training staff

Legal Obligation: To comply with legal requirements, including:

  • Maintaining financial records for tax purposes
  • Complying with health and safety regulations
  • Responding to legal requests or court orders
  • Maintaining insurance records

Consent: With your permission for:

  • Sending marketing communications
  • Using testimonials or reviews
  • Placing non-essential cookies on your device

3.2 Specific Uses
We use your information to:

  • Provide quotations and estimates
  • Schedule and manage appointments
  • Order parts and materials for your vehicle
  • Carry out repairs and services
  • Process payments and maintain financial records
  • Contact you about your vehicle or service
  • Send service reminders and MOT notifications (if applicable)
  • Handle complaints and resolve disputes
  • Improve our website and services
  • Send marketing communications (with your consent)
  • Comply with legal and regulatory requirements
  • Protect against fraud and ensure security

4. Marketing Communications
4.1 Our Marketing
With your consent, we may send you:

  • Special offers and promotions
  • Service reminders and maintenance tips
  • News about our services
  • Customer satisfaction surveys

4.2 Your Preferences
You can:

  • Opt-in to marketing communications when you use our services
  • Opt-out at any time by clicking “unsubscribe” in our emails
  • Contact us to update your marketing preferences
  • Choose which types of communications you receive

We will not send marketing communications without your consent, except for service-related messages about your vehicle or booking.
4.3 Third-Party Marketing
We do not sell or rent your personal information to third parties for their marketing purposes.
5. Sharing Your Information
5.1 When We Share Information
We may share your personal data with:
Service Providers: Including:

  • Parts suppliers (to order components for your vehicle)
  • Payment processors (to process transactions securely)
  • IT service providers (website hosting, email services)
  • Courier services (for parts delivery)
  • Professional advisors (accountants, solicitors, insurers)

Legal Requirements: We may disclose information when:

  • Required by law, regulation, or legal process
  • Necessary to protect our rights or property
  • Required to prevent fraud or crime
  • Requested by law enforcement or regulatory authorities

Business Transfers: In the event of a sale, merger, or acquisition of our business, your data may be transferred to the new owner.
5.2 Third-Party Service Providers
Third parties who process data on our behalf are required to:

  • Process data only on our instructions
  • Maintain appropriate security measures
  • Keep data confidential
  • Comply with data protection laws

We do not permit third parties to use your data for their own purposes.
5.3 International Transfers
We do not routinely transfer personal data outside the UK or European Economic Area (EEA). If such transfers occur, we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by the UK Information Commissioner’s Office
  • Transfers to countries with adequate data protection laws
  • Your explicit consent

6. Data Security
6.1 Security Measures
We implement appropriate technical and organizational measures to protect your personal data, including:

  • Secure socket layer (SSL) encryption for website transmissions
  • Encrypted storage of sensitive data
  • Access controls and password protection
  • Regular security assessments and updates
  • Staff training on data protection
  • Secure disposal of data when no longer needed

6.2 Payment Security
Payment card details are processed securely through PCI-DSS compliant payment processors. We do not store complete card details on our systems.
6.3 Data Breaches
In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner’s Office within 72 hours
  • Inform affected individuals without undue delay
  • Take immediate steps to contain and remedy the breach

7. Data Retention
7.1 Retention Periods
We retain personal data only for as long as necessary for the purposes stated in this policy:

  • Customer records: 7 years from last transaction (for tax and accounting purposes)
  • Service and repair records: 7 years (for warranty and liability purposes)
  • Financial records: 7 years (legal requirement)
  • Marketing consent: Until withdrawn or 3 years of inactivity
  • CCTV footage: 30 days (unless required for investigation)
  • Website analytics: 26 months

7.2 Deletion
After the retention period expires, we will:

  • Securely delete or anonymize personal data
  • Remove data from backup systems in line with backup schedules
  • Retain only anonymized data for statistical purposes where appropriate

8. Your Rights
Under UK GDPR and the Data Protection Act 2018, you have the following rights:
8.1 Right of Access
You can request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR).
8.2 Right to Rectification
You can request correction of inaccurate or incomplete personal data.
8.3 Right to Erasure
You can request deletion of your personal data in certain circumstances, such as:

  • Data is no longer needed for its original purpose
  • You withdraw consent (where processing is based on consent)
  • You object to processing and there are no overriding legitimate grounds
  • Data has been unlawfully processed

This right is not absolute and may not apply where we have legal obligations to retain data.
8.4 Right to Restriction
You can request restriction of processing in certain circumstances, such as when:

  • You contest the accuracy of data
  • Processing is unlawful but you don’t want data deleted
  • We no longer need the data but you need it for legal claims
  • You have objected to processing pending verification

8.5 Right to Data Portability
You can request transfer of data you provided to us in a structured, commonly used, machine-readable format.
8.6 Right to Object
You can object to:

  • Processing based on legitimate interests
  • Direct marketing at any time
  • Processing for research or statistical purposes

8.7 Rights Related to Automated Decision Making
We do not use automated decision-making or profiling that produces legal or similarly significant effects.
8.8 Right to Withdraw Consent
Where processing is based on consent, you can withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.
8.9 Exercising Your Rights
To exercise any of these rights:

  • Contact us using the details at the end of this policy
  • Provide proof of identity (for security purposes)
  • Specify which right you wish to exercise

We will respond to requests within one month. This may be extended by two months for complex requests, and we will inform you if this is the case.
There is no charge for exercising your rights unless requests are manifestly unfounded or excessive.
9. Cookies and Website Tracking
9.1 What Are Cookies?
Cookies are small text files stored on your device when you visit our website. They help us provide a better user experience.
9.2 Types of Cookies We Use
Essential Cookies: Required for the website to function properly. These include:

  • Session cookies for maintaining your connection
  • Security cookies for protecting against fraud
  • Load balancing cookies for website performance

Analytics Cookies: Help us understand how visitors use our website, including:

  • Google Analytics (anonymized IP addresses)
  • Page views and navigation patterns
  • Device and browser information

Marketing Cookies: Used with your consent to:

  • Remember your preferences
  • Track effectiveness of advertising
  • Provide relevant content

9.3 Managing Cookies
You can control cookies through:

  • Your browser settings (to block or delete cookies)
  • Our cookie consent tool on first visit
  • Opting out of Google Analytics

Note: Blocking essential cookies may affect website functionality.
9.4 Third-Party Cookies
Our website may contain content from third parties (such as embedded videos or social media buttons) that may set their own cookies. We do not control these cookies.
10. Children’s Privacy
Our services are not directed at children under 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will delete it promptly.
11. Links to Other Websites
Our website may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to read the privacy policies of any website you visit.
12. CCTV and Surveillance
We operate CCTV cameras at our premises for security and safety purposes. Signage is displayed to inform you of CCTV monitoring. Footage is:

  • Stored securely for up to 30 days
  • Accessed only by authorized personnel
  • Disclosed to law enforcement if required for crime prevention or investigation
  • Available to you upon request (Subject Access Request)

13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in:

  • Our practices
  • Legal requirements
  • Technology

When we make significant changes, we will:

  • Update the “Last Updated” date at the top of this policy
  • Notify you via email (if we have your email address)
  • Display a prominent notice on our website

Continued use of our services after changes constitutes acceptance of the updated policy.
14. Complaints
14.1 Contact Us First
If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the issue.
14.2 Information Commissioner’s Office
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s data protection regulator:
Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
Helpline: 0303 123 1113 Website: www.ico.org.uk
15. Contact Information
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

Developed by Blueprint Web Ltd