Privacy Policy for Vanigator

Effective Date: 12th May 2025

1. Introduction

Vanigator is committed to protecting the privacy and security of personal data processed through our platform. This Privacy Policy explains how we collect, use, share, and safeguard personal data in accordance with UK data protection laws, including the UK General Data Protection Regulation (UK GDPR).

2. Data Controller vs Data Processor

Vanigator operates as a data processor on behalf of our customers, who act as data controllers. Our customers are responsible for determining the purposes and means of processing personal data entered into our platform. We process this data strictly under their instructions.

If you are an individual whose personal information has been entered into Vanigator by one of our customers, please contact the relevant organisation (the data controller) for any queries or data rights requests.

3. Data We Collect

We process the following types of data on behalf of our customers:

• User Data: Names, email addresses, contact details, and billing addresses.

• Payment Tokens: We do not store card details. Payments are processed via secure tokens issued by Stripe.

• User Activity Data: Login times, platform usage, user ID–based metrics, and traces.

• Driver and Vehicle Data: Information provided by customers, including:

  • Full name

  • Full address

  • Date of birth

  • National Insurance number

  • Email

  • Phone number

  • Driving license expiry date

  • Driving license number

  • Points on license

  • Date test passed

  • Vehicle registration numbers

  • VINs

  • Service histories

  • Maintenance records

Note: Customers are solely responsible for the accuracy and legality of the data they input into the platform. Vanigator does not verify or validate this data.

4. Legal Bases for Processing

We process personal data under the following legal bases as defined by UK GDPR:

• Contractual necessity: To deliver our services and manage user accounts.

• Legitimate interests: To operate and improve our platform, monitor usage, and provide support.

• Legal obligations: To comply with financial, accounting, and legal recordkeeping requirements.

• Consent: For optional analytics and tracking tools, where applicable.

5. How We Use Your Data

We use personal data solely for the following purposes:

• Managing accounts and providing access to our platform.

• Processing payments securely via Stripe.

• Providing customer support using Zoho.

• Improving and developing platform features based on usage.

• Retrieving vehicle-related information (e.g., registration and MOT).

• Conducting analytics via Microsoft Clarity (consent-based).

• Application logging, tracing, and performance monitoring via New Relic.

• Generating anonymised usage statistics for internal insights.

6. Data Sharing

We share data only with trusted subprocessors who assist in providing our services and are bound by GDPR-compliant agreements:

• Stripe: Payment processing

• Zoho: Customer support tools

• Microsoft (Clarity): Analytics and session tracking (opt-in)

• New Relic: Logging, metrics, and performance monitoring

• Vehicle Information Providers: For accessing non-identifying vehicle data (e.g., MOT status)

We do not sell or share data for third-party marketing purposes.

7. International Data Transfers

Some subprocessors (e.g., Stripe, Zoho, New Relic, Microsoft) may process data outside the UK or EEA. Where this occurs, we ensure data is protected using safeguards such as:

• Standard Contractual Clauses (SCCs)

• UK International Data Transfer Addendum

These mechanisms ensure compliance with UK GDPR for cross-border transfers.

8. Data Storage & Security

All user data is stored on servers managed by Akamai Technologies, located in UK data centres. We implement strong security practices, including:

• Data encryption in transit and at rest

• Role-based access controls based on tenant, site, and user permissions

• Secure APIs and authentication mechanisms

9. Cookies & Tracking

We use cookies for essential functionality and optional analytics.

• Essential Cookies: Required for login, account access, and secure operation.

• Analytics Cookies: Used by Microsoft Clarity to provide insights into user behaviour. These are only activated with your consent and can be disabled at any time.

10. Data Retention

We retain personal data only as long as necessary to fulfil the purposes outlined above or to comply with legal obligations:

• Customer Account Data: Retained for the duration of the subscription and for a limited period thereafter.

• Billing & Payment Data: Retained for accounting and audit purposes in line with financial regulations.

• Support Records: Retained for customer service purposes.

11. Your Rights Under UK GDPR

If you are located in the UK or subject to UK GDPR, you have the right to:

• Access your personal data

• Rectify incorrect or incomplete data

• Request erasure (“right to be forgotten”)

• Restrict processing

• Object to certain types of processing

• Request data portability

• Lodge a complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk/make-a-complaint/

To exercise these rights, please contact privacy@vanigator.com. We will respond promptly in accordance with legal obligations.

12. Children’s Data

Vanigator is a business-to-business (B2B) platform and is not intended for use by individuals under the age of 18. We do not knowingly process children's data.

13. Contact Us

For questions about this Privacy Policy or data protection practices, please contact:

Email: privacy@vanigator.com

14. Updates to this Policy

We may revise this Privacy Policy to reflect changes in legal requirements, our services, or our data handling practices. The most recent version will always be available on our platform.