Privacy Policy

Last updated: April 2026. UK GDPR & Data Protection Act 2018 compliant.

1. Who We Are

Prestige Motors ("we", "us", "our") is the data controller responsible for your personal data. We are a used car dealership based in York, England. If you have questions about this policy or wish to exercise your data rights, contact our Data Protection Officer at privacy@prestigemotors.co.uk or write to us at 123 Motor Row, York, YO1 1AA.

2. What Personal Data We Collect

We collect and process the following categories of personal data depending on how you interact with us:

Vehicle Enquiries & Purchases

Name, email address, telephone number, postal address, and details of the vehicle(s) you are interested in. If you complete a purchase, we also collect proof of identity, proof of address, and payment information.

Test Drive Bookings

In addition to contact details, we collect your driving licence number, date of birth, and a copy of your driving licence. This is required by our insurance provider and for our legal obligations under road traffic legislation.

Finance Applications

When you apply for vehicle finance through us, we collect additional information including your employment status, income, residential history, and financial commitments. This data is shared with our FCA-authorised finance partners to process your application. We act as a credit broker, not a lender.

Part-Exchange Valuations

Vehicle registration number, make, model, mileage, condition details, service history, and your contact details. We may share your vehicle registration with third-party valuation services to provide an accurate quote.

Sell Your Car

When you request a valuation to sell your vehicle to us, we collect vehicle details, your contact information, and V5C logbook details. If we proceed with a purchase, we collect bank details for payment and proof of ownership.

Technical & Website Data

IP address, browser type and version, device information, operating system, referring URL, pages visited, time spent on pages, and click data. This is collected automatically via cookies and similar technologies.

3. How We Use Your Data

We process your personal data for the following purposes and legal bases under UK GDPR:

• Contract performance: Processing vehicle purchases, arranging deliveries, managing test drive bookings, processing part-exchange transactions, and handling warranty claims.
• Legal obligation: Verifying your identity for test drives, complying with FCA regulations for finance applications, maintaining financial records for HMRC, and responding to law enforcement requests.
• Legitimate interest: Sending you updates about vehicles matching your search criteria, improving our website and services, fraud prevention, and maintaining our customer relationship management system.
• Consent: Sending marketing communications about new stock, promotions, and dealership news. You can withdraw consent at any time by clicking "unsubscribe" or contacting us.

4. Payment Processing

Online payments and deposits are processed securely by Stripe. We never see or store your full card details. Stripe is PCI DSS Level 1 certified and processes your payment data in accordance with their own privacy policy. For bank transfers and in-person payments, your bank details are stored securely and deleted once the transaction is complete.

5. Data Sharing

We share your personal data with the following categories of third parties, only to the extent necessary:

• Finance providers: FCA-authorised lenders to process your finance applications (e.g. Black Horse, MotoNovo, Close Brothers).
• Payment processors: Stripe for secure online payment processing.
• Vehicle data providers: HPI/Experian for vehicle history checks, and DVLA for vehicle registration verification.
• Insurance providers: For test drive insurance and warranty provision.
• IT service providers: Our hosting provider and email platform, who process data on our behalf under data processing agreements.
• Professional advisors: Accountants, solicitors, and auditors where necessary.
• Law enforcement: Where required by law or to protect our legal rights.

We do not sell your personal data to any third party. All third-party processors are UK GDPR compliant and process data only on our documented instructions.

6. Cookies

Our website uses the following types of cookies:

• Essential cookies: Required for the website to function, including session management, security, and cookie consent preferences. These cannot be disabled.
• Analytics cookies: Help us understand how visitors use our website, which pages are most popular, and how users navigate between pages. Used only with your consent.
• Functional cookies: Remember your preferences such as saved vehicles, search filters, and comparison lists.

You can manage your cookie preferences through the cookie consent banner shown on your first visit, or by adjusting your browser settings. Disabling certain cookies may affect website functionality.

7. Data Retention

We retain your personal data only for as long as necessary for the purposes for which it was collected:

• Vehicle enquiries: 12 months from your last interaction, unless you become a customer.
• Purchase records: 6 years from the date of sale, as required by HMRC and consumer protection legislation.
• Finance application data: Retained by finance providers in accordance with FCA requirements. Our copies are deleted 3 months after the application decision.
• Test drive records: 3 years from the test drive date for insurance and liability purposes.
• Marketing data: Until you withdraw consent or 24 months of inactivity, whichever is sooner.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data. To exercise any of these rights, email privacy@prestigemotors.co.uk or write to our postal address. We will respond within one calendar month.

• Right of access: Request a copy of the personal data we hold about you (Subject Access Request).
• Right to rectification: Request correction of inaccurate or incomplete personal data.
• Right to erasure: Request deletion of your personal data, subject to our legal retention obligations.
• Right to restrict processing: Request that we limit how we use your data in certain circumstances.
• Right to data portability: Receive your data in a structured, commonly used, machine-readable format.
• Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
• Rights related to automated decision-making: We do not make any solely automated decisions that have legal or significant effects on you. Finance decisions are made by the lender, not us.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encrypted data transmission (TLS/SSL), secure access controls, regular security assessments, and staff training on data protection. In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform you without undue delay.

10. International Transfers

Your personal data is primarily stored and processed within the United Kingdom. Where data is transferred outside the UK (for example, to cloud service providers), we ensure adequate safeguards are in place, such as Standard Contractual Clauses or an adequacy decision by the UK Government.

11. Children's Data

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this privacy policy from time to time. The latest version will always be available on this page with the "last updated" date shown above. Material changes will be communicated via email where appropriate.

13. Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). You can contact the ICO at ico.org.uk or by calling 0303 123 1113. We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first at privacy@prestigemotors.co.uk.

14. Contact Us

Data Controller: Prestige Motors
Address: 123 Motor Row, York, YO1 1AA
Email: privacy@prestigemotors.co.uk
Phone: 01234 567 890