1. Who We Are
Bolu Car Fix ("we", "us", "our") is a UK-based online marketplace connecting customers with verified vehicle repair and assistance providers. Our registered address is in the United Kingdom. For data protection enquiries, contact us at privacy@bolucarfix.co.uk.
2. What Data We Collect
We collect the following categories of personal data:
- Account data: name, email address, phone number, password (hashed).
- Profile data: vehicle details, address, profile photo.
- Provider data: business name, registration documents, bank account details (for payouts).
- Booking data: service type, location (latitude/longitude or address), booking history.
- Payment data: transaction records. Card details are processed by Stripe and never stored by us.
- Communications: messages sent through our platform, support tickets.
- Technical data: IP address, browser type, device information, cookies.
3. How We Use Your Data
- To provide and operate the Bolu Car Fix platform.
- To verify provider identity and eligibility.
- To process bookings and payments.
- To send booking confirmations, service updates, and support responses.
- To detect and prevent fraud and abuse.
- To improve our services through anonymised analytics.
- To comply with legal and regulatory obligations.
4. Legal Basis for Processing
We process personal data under the following lawful bases (UK GDPR Article 6):
- Contract performance: processing required to deliver the service you signed up for.
- Legitimate interests: fraud prevention, platform security, improving our services.
- Legal obligation: where required by UK law or financial regulation.
- Consent: for marketing communications (you may withdraw at any time).
5. Sharing Your Data
We do not sell your personal data. We share data only where necessary:
- Providers: your name, contact details, and location are shared with the provider you book.
- Payment processors: Stripe processes card payments on our behalf.
- Cloud services: data is stored on secure servers (Aiven for database, Cloudinary for media).
- Legal authorities: where required by law, court order, or to protect rights.
6. Data Retention
We retain personal data for as long as your account is active, plus a reasonable period thereafter to meet legal obligations. Provider financial records are retained for 6 years in accordance with HMRC requirements. You may request deletion of your data at any time (subject to legal retention obligations).
7. Your Rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate or incomplete data.
- Erase your data ("right to be forgotten") where applicable.
- Restrict processing in certain circumstances.
- Data portability — receive your data in a machine-readable format.
- Object to processing based on legitimate interests.
- Withdraw consent at any time where processing is based on consent.
To exercise any right, email privacy@bolucarfix.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
8. Cookies
We use essential cookies to keep you logged in and maintain your session. We may use analytics cookies (with your consent) to understand how users interact with our platform. You can manage cookie preferences in your browser settings.
9. Security
We implement industry-standard security measures including encryption in transit (HTTPS/TLS), hashed passwords, and access controls. No system is 100% secure — if you believe your account has been compromised, contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use of the platform after changes constitutes acceptance of the updated policy.