Welcome to CarVet. We are a UK-based used car history check platform, and we value your privacy. This Privacy Policy explains what personal information we collect from you, why we collect it, how we use and protect it, and your rights. CarVet is committed to handling your data in compliance with the UK General Data Protection Regulation (UK GDPR) and other applicable UK data protection laws. We want to keep things friendly and understandable, so if you have any questions, please feel free to contact us.

We only collect the information we need to provide and improve our services. Here’s what we collect and why:

• Name: We ask for your name so we know what to call you. This helps us personalise our communication with you (for example, when emailing your report or responding to inquiries).
• Email Address: We use your email to send you the vehicle history report you requested, receipts or confirmations of your purchase, and any updates about your order. We may also use it to communicate with you if there’s an issue or you reach out for support.
• Vehicle Registration Number: This is essential for our service – we use the vehicle registration number you provide to fetch the history and details of that car. In short, without it we can’t run the car history check you asked for. We only use it to retrieve the report for you, not for any other purpose.
• Payment Information: When you make a payment, your card details are processed securely by our payment provider, Stripe. CarVet itself does not collect or store your full card details – those are handled by Stripe on our behalf. We only receive basic information about the transaction (like the fact that payment was approved, the amount, and the last four digits of your card or an identifier for the transaction). This allows us to confirm your payment and deliver the service.
• Usage and Analytics Data: Like most websites, we automatically collect some data when you use CarVet. This includes things like your IP address, browser type, device information, and how you navigate our site. We collect this through cookies and our analytics tools (including Google Analytics and our own internal analytics). We use this information to understand how people use our site, to fix problems, and to improve your experience. For example, it helps us find out if a page is slow or if users have trouble at a certain step, so we can make CarVet better. This usage data is generally aggregated and not used to identify you personally.

We promise to only use your personal data for the purposes described above or for other purposes that we explain to you and, if required, get your permission for.

What are cookies? Cookies are small text files that websites save on your device to store information. They’re widely used to make websites work or work more efficiently, and to provide information to the site owners. We also use similar tracking technologies like web beacons or pixels in our analytics. Don’t worry – we’ll break down how we use them:

• Essential Cookies: These are cookies that are necessary for our website to function. For instance, if our site has a login or a checkout, an essential cookie might keep you logged in or remember items in your cart. Without these, the site might not work properly. We do not require your consent for these necessary cookies, as they are needed for the service you requested.
• Analytics Cookies: We use Google Analytics and our own internal analytics tool to understand how visitors use CarVet. These cookies collect information like which pages you visit, how long you stay, and what buttons you click. This helps us see what’s working and what isn’t, so we can improve the site’s performance and design. The data from analytics cookies is aggregated and not used to personally identify you. For example, we might learn that a lot of users drop off on a certain page, telling us we need to improve it.

We do not use advertising or targeting cookies, and we don’t show third-party ads on CarVet. That means we are not tracking you for advertising purposes – no targeted ads or selling your browsing habits. Our focus is just on making the site better for our users.

How can you control cookies? When you first visit our site, you may see a cookies notice or banner. You can choose to allow or refuse non-essential cookies (like analytics cookies). Even if you accept, you can always change your mind:

• Most web browsers let you adjust settings to delete or block cookies. You can delete cookies that have already been set and prevent new ones from being placed. Please note that if you block all cookies (including essential ones), some parts of our site might not work correctly (for example, our history check or login might not remember your session).
• If you want to opt-out of Google Analytics specifically, Google provides an opt-out browser add-on you can install. This lets you prevent your data from being used by Google Analytics on any website. We respect “Do Not Track” signals as well – if your browser is set to DNT, our analytics will try to honor that where feasible.

Your security is extremely important to us. We take a number of measures to keep your personal information safe:

• Secure Hosting (AWS): All of CarVet’s data is stored on Amazon Web Services (AWS) cloud servers. AWS is a trusted and secure hosting provider used by many companies worldwide. Their data centers have strong physical and digital security measures in place. We also choose to host our data in servers located in the UK or European Economic Area (EEA) to comply with data protection requirements, meaning your data stays within regions with strong privacy laws. (If we ever need to store or process data outside the UK/EEA – for example, using a service based abroad – we will make sure appropriate safeguards are in place to protect your information to UK standards)
• Encryption: Our website is secured with HTTPS, which means any data you send us (like when you enter your information) is encrypted in transit. You’ll see a little lock icon in your browser address bar – that indicates the connection is secure. Encryption scrambles data so that no one else can read it as it travels over the internet. Additionally, we encrypt sensitive data at rest (when stored on our servers) whenever applicable, adding another layer of protection in case of any unauthorised access.
• Access Controls: Internally, access to personal data is limited on a need-to-know basis. Only authorised CarVet team members (for example, customer support who might need to look up your order, or IT staff maintaining the system) can access your data, and even then, only what's necessary for their job. All employees or contractors with such access are required to keep your information confidential and are trained on privacy and security.
• Secure Processing: We protect our systems against unauthorised access using firewalls, antivirus software, and monitoring for suspicious activities. We also keep our software up-to-date to patch security vulnerabilities.
• No Storage of Card Details: As mentioned, we do not store your payment card numbers or security codes. Stripe handles that information on their secure systems. This greatly reduces the risk because even in an unlikely event of a breach on our side, your financial details aren’t in our databases.
• Data Retention: We keep your personal data only as long as necessary for the purposes we collected it. For example, if you create an account or purchase a history check, we will retain your information while your account is active or as needed to provide you services. We might keep certain information after you’ve stopped using CarVet if it’s required for legal, accounting, or reporting reasons. For instance, we may retain transaction records for a certain number of years to comply with tax or financial regulations. When we no longer have a legitimate need to keep your data, we will delete it or anonymise it so it can no longer be linked to you.

In summary, we use industry-standard practices and continually work to protect your data from loss, misuse, unauthorised access, disclosure, or destruction. However, if you have any reason to believe that your interaction with us is no longer secure, please contact us immediately (you’ll find contact details at the end of this policy).

We do not sell or trade your personal information with anyone. However, we do share some of your data with trusted third parties in order to run our business and provide our services to you. Here’s who we share info with and why:

• Payment Processor (Stripe): When you purchase a car history check or any paid service on CarVet, the payment is processed by Stripe, a leading online payment platform. This means that the details you enter for payment (like your credit or debit card information) go directly to Stripe. Stripe will process your payment and let us know if it was approved or not. We share with Stripe the information necessary to process the payment, such as the charge amount and perhaps your name and email to associate with the payment. Stripe may also handle additional information like your billing postcode for fraud prevention. Stripe is PCI-DSS compliant, meaning they follow strict industry standards for payment security. The information you provide to Stripe is governed by Stripe’s own privacy policy. If you want more details on how Stripe uses your data, you can refer to Stripe’s Privacy Policy on their website (they have specific sections for UK/EU users). Important: CarVet never sees or stores your full card number or CVC code. That information is securely handled by Stripe. We only receive transaction details (like date, amount, and an confirmation that payment was made) and possibly partial card info (e.g., card type and last 4 digits) for reference. This arrangement helps protect your financial data.

• Analytics Services (Google Analytics): We use Google Analytics to help us understand how users engage with CarVet. Google Analytics will set cookies and collect usage data (as described in the Cookies section) such as your IP address, device info, and browsing actions on our site. Google, as the service provider, processes this information to give us reports on website traffic, usage patterns, and other insights. This information helps us see things like which pages are popular, how users find us (e.g., via Google search), and at what point users might drop off in the process. We primarily see aggregate data (overall trends rather than individual behaviour). Google may process the analytics data on servers outside the UK, typically in the United States. However, Google is part of the EU-US and (expected) UK-US data privacy frameworks that require protecting personal data. We have also configured Google Analytics to anonymise IP addresses where possible, which means the last digits of your IP are masked so it’s not identifiable. Google is not allowed to use the data we collect for any purpose other than providing us these analytics (Google’s terms prohibit them from sharing it or using it for their own advertising, for example). If you still prefer not to be included in Google Analytics tracking, remember you can always opt out as described in the Cookies section.

• Internal Analytics Tool: Besides Google Analytics, we have our own analytics system that we use to track certain usage information. This might be something like an internal dashboard that tells us, for example, how many history checks were run this week, or alerts us to technical errors on the site. The data collected might overlap with what Google Analytics collects (like page views, searches, etc.), but it stays within CarVet’s control on our AWS servers. This internal data helps us debug issues and improve service reliability. It’s only accessed by our team and not shared externally.

• Hosting Provider (AWS): As mentioned under data storage, our website and databases are hosted on Amazon Web Services servers. In a sense, AWS “has” the data on their machines, but AWS is just a storage/processing provider and doesn’t access your data unless needed for maintenance of the service, and even then it’s bound by strict confidentiality. AWS acts as a data processor for us – meaning they only process data under our instructions and not for their own purposes. AWS has a strong security track record and holds certifications like ISO 27001, SOC 2, etc., which demonstrate their commitment to security. We have a contract (terms of service) with AWS that includes data protection addendums to ensure your data is protected while stored on their servers.

• Other Service Providers: We might use other third-party services to help run CarVet – for example, email service providers (to send you confirmation emails), or customer support software if you contact us. If we do, those providers might process some of your personal data on our behalf. We will ensure any such providers are also compliant with data protection laws and only use your data for the specific purpose we require (for example, helping us send you an email, or logging a support request). They are not allowed to use your information for anything else. We will update this Privacy Policy (or otherwise inform you) if we start using any significant new third-party services that handle your personal data.

• Legal Requirements and Protection: We may disclose your personal information if we are legally required to do so – for instance, if a law, regulation, court order, or government authority (like law enforcement) legitimately requires us to share certain data. We may also share information if we believe in good faith that it’s necessary to prevent or address fraud, security issues, or harmful activity, or to protect the rights, property, and safety of CarVet, our users, or the public. For example, if someone attempted fraudulent transactions, we might share data with a fraud prevention service or report details to authorities as required by law. We will only ever do this in accordance with applicable laws.

No Selling of Data: Just to reiterate, we do not sell your personal data to third parties for their own marketing or any other purposes. All third parties who process your data are described above and act either as service providers or in a legal capacity.

As a user of CarVet and thus a “data subject” under the UK’s data protection law, you have several rights regarding your personal data. We want you to know that you’re in control. Here’s a summary of your key rights:

• Right to Be Informed: You have the right to be informed about how we collect and use your data – that’s the whole purpose of this Privacy Policy! We aim to be transparent in telling you what data we have about you and what we do with it. If anything here is unclear, you can always reach out with questions.
• Right of Access: You can request a copy of the personal data we hold about you. This is often called a “Subject Access Request.” We will provide you with a copy of your data, along with details on why we have it, who we might have shared it with, how long we plan to keep it, etc., as required by law. We’ll do this free of charge, and within the legal timeframe (usually within one month).
• Right to Rectification: If you believe any information we have about you is incorrect or incomplete (for example, you mistyped your name or changed your email address), you have the right to have it corrected. If you have an account on CarVet, you may also be able to log in and correct some details yourself. Otherwise, just contact us and we’ll fix it.
• Right to Erasure: This is sometimes known as the “right to be forgotten.” You can ask us to delete the personal data we hold about you in certain circumstances. For instance, if you no longer want to use our service, you can request that we remove your name, contact, and any other info we don’t need to keep. Do note that we can’t always delete everything immediately – sometimes we have to keep certain records for legal reasons (like proof of transactions for tax purposes) or if there’s an ongoing issue. But if that’s the case, we’ll let you know. Otherwise, we will erase what we can and confirm with you once done.
• Right to Restrict Processing: You have the right to ask us to limit how we are using your data in certain situations. For example, if you contest the accuracy of your data or have objected to our use of it (see the right to object below), you can request we “freeze” the use of your data while we sort out the issue. During restriction, we can still store your data, but we won’t use it until we’ve resolved your concern.
• Right to Data Portability: You have the right to get your personal data from us in a format that you can easily take to another service. For example, if you wanted to take some of your information to a different provider or just have it for your own purposes, we will, if applicable, provide your data in a commonly used machine-readable format (like a CSV file). This typically applies to data you provided us directly and that we process by automated means based on your consent or a contract. In practice, this right might be less relevant for a service like CarVet (since we only collect a few pieces of info), but we’ll be happy to help if you need it.
• Right to Object: You have the right to object to certain types of processing. The most common example is you can object to receiving marketing communications. If we were ever to send you marketing emails or newsletters (for example, offering a discount on another car check), you can opt out at any time, and we will stop. You can also object to processing done under “legitimate interests” basis. In our case, that might be analytics – if you really don’t want us to include your data in our analytics calculations, you have the right to object. In such cases, we will review your objection and see if we have any compelling reason to continue that processing. If not, we will stop; if yes, we’ll inform you of our decision. (Note: this right doesn’t apply if the processing is required by law – but for CarVet, we’re not doing any processing on you that’s mandated by law other than keeping transaction records, etc.)
• Right to Withdraw Consent: In cases where we rely on your consent to use your data, you have the right to withdraw that consent at any time. For example, if you consented to optional analytics cookies, you can change your preference and we will stop collecting your data via those cookies. Withdrawing consent won’t affect the lawfulness of any use of your data that happened before you withdrew, and it won’t affect services that don’t rely on consent (for instance, we don’t need consent to use your data when it’s necessary to fulfill your order – that’s contractual). But once you withdraw consent, we will stop the specific activity you previously agreed to, like sending marketing emails or collecting certain data.
• Right to Complain: We hope we can resolve any concern you have, but you also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) if you believe your data protection rights have been violated. The ICO is the independent regulator for data protection in the UK. You can contact the ICO at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, or via their website (ico.org.uk) or helpline. We do ask that you please try to talk to us first, so we have a chance to address your concerns – we genuinely care about your privacy and would like to make things right.

How to exercise your rights: The easiest way is to email us (see the Contact section below) with your request. There’s no fee for making a request regarding your rights (except in very rare cases of excessive or unfounded requests, in which case the law allows a fee or refusal, but we have never had to do that). We will respond as soon as possible, within at most one month. If for some reason we need more time (for example, if a request is complex), we will inform you and explain why.

We’re here to help and answer any privacy questions you might have. If you:

• Have any questions or feedback about this Privacy Policy,
• Want to exercise any of Your Rights described above, or
• Have a concern or complaint about how we’re handling your data,

please don’t hesitate to contact us.

Contact Details:Email: enquiries@carvet.co.uk(You can also use this email to reach our data protection team or privacy officer, if applicable.)

We will do our best to reply promptly and address your concerns. For security and verification, we might ask you for some information to confirm your identity when you make a rights request – this is to ensure we don’t disclose your data to someone else.

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make significant changes, we will notify you either by email (if we have your email address) or by placing a prominent notice on our website. The “last updated” date at the bottom of this policy will always indicate when the latest changes were made. We encourage you to review this policy periodically to stay informed about how we are protecting your information.

This policy is meant to be clear and easy to understand. However, if anything is confusing or you need further clarification, please let us know. Your privacy matters to us, and we are always happy to discuss it with you.

Last Updated: March 30, 2025