We are committed to protecting your personal data and respecting your privacy. This policy explains how we collect, use, and safeguard your information.
CarDossier is committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy applies to all personal data processed by Joyall Inc. in connection with the CarDossier service.
Joyall Inc. ("we", "us", "our") is the data controller responsible for your personal data collected through the CarDossier website (cardossier.co.uk).
For data protection enquiries, you can contact us at:
We are registered with the UK Information Commissioner's Office (ICO) as required under applicable data protection law.
We collect the following categories of personal data:
| Category | Examples | Purpose |
|---|---|---|
| Contact data | Email address | Report delivery, customer support |
| Transaction data | Payment confirmation, order reference, amount paid | Order fulfilment, financial records |
| Usage data | IP address, browser type, pages visited, time on site | Service improvement, security, analytics |
| Vehicle data | Vehicle registration number (VRN) entered by you | Report generation |
| Communications data | Emails or messages you send to our support team | Customer support, dispute resolution |
| Technical data | Device type, operating system, referral source | Service optimisation, fraud prevention |
We do not collect or store full payment card details. All payment processing is handled by our third-party payment providers (Stripe and PayPal) who are independently responsible for the security of payment data.
We do not collect special categories of personal data (such as health data, biometric data, or data revealing racial or ethnic origin) in the ordinary course of our business.
We collect personal data through the following means:
We use your personal data for the following purposes:
Under UK GDPR, we rely on the following legal bases for processing your personal data:
| Processing Activity | Legal Basis |
|---|---|
| Delivering your report and processing your order | Performance of a contract (Article 6(1)(b)) |
| Maintaining financial and transaction records | Legal obligation (Article 6(1)(c)) |
| Fraud prevention and security | Legitimate interests (Article 6(1)(f)) |
| Service improvement and analytics | Legitimate interests (Article 6(1)(f)) |
| Marketing communications | Consent (Article 6(1)(a)) |
| Responding to legal requests | Legal obligation (Article 6(1)(c)) |
Where we rely on legitimate interests as our legal basis, we have assessed that our interests do not override your fundamental rights and freedoms. You may object to processing based on legitimate interests at any time (see Section 10).
We do not sell your personal data to third parties. We may share your data with the following categories of recipients, only to the extent necessary for the stated purpose:
All third parties with whom we share personal data are required to process it in accordance with applicable data protection law and our instructions.
Some of our third-party service providers may process your data outside the United Kingdom. Where this occurs, we ensure that appropriate safeguards are in place in accordance with UK GDPR, including:
You may request further information about the safeguards we use for international transfers by contacting us at [email protected].
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our standard retention periods are as follows:
| Data Type | Retention Period | Reason |
|---|---|---|
| Email address and order data | 7 years from date of purchase | Financial record-keeping obligations |
| Report content | 2 years from date of purchase | Customer support and guarantee claims |
| Support communications | 3 years from last contact | Dispute resolution and legal claims |
| Website usage / analytics data | 26 months | Service improvement (anonymised after 13 months) |
| Marketing consent records | Until consent is withdrawn + 3 years | Compliance with marketing regulations |
After the applicable retention period, we will securely delete or anonymise your personal data.
Our website uses cookies and similar tracking technologies to enhance your experience, analyse website traffic, and support our marketing activities. Cookies are small text files stored on your device when you visit our website.
When you first visit our website, you will be presented with a cookie consent banner. You can manage your cookie preferences at any time by clicking "Cookie Settings" in the footer of our website, or by adjusting your browser settings. Please note that disabling certain cookies may affect the functionality of our website.
For more information about cookies and how to manage them, visit aboutcookies.org.
Under UK GDPR, you have the following rights in relation to your personal data:
| Right | Description |
|---|---|
| Right of access | You can request a copy of the personal data we hold about you (Subject Access Request). |
| Right to rectification | You can ask us to correct inaccurate or incomplete personal data. |
| Right to erasure | You can ask us to delete your personal data in certain circumstances ("right to be forgotten"). |
| Right to restrict processing | You can ask us to pause the processing of your data in certain circumstances. |
| Right to data portability | You can request your data in a structured, machine-readable format where processing is based on consent or contract. |
| Right to object | You can object to processing based on legitimate interests or for direct marketing purposes. |
| Rights related to automated decisions | You have rights in relation to automated decision-making and profiling that has a significant effect on you. |
| Right to withdraw consent | Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing. |
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one calendar month as required by UK GDPR. We may need to verify your identity before processing your request.
Please note that some rights are not absolute and may be subject to exemptions under applicable law. Where we are unable to fulfil a request, we will explain the reason.
We will only send you marketing emails if you have given your explicit consent to receive them. You can withdraw your consent and unsubscribe from marketing communications at any time by:
Withdrawing your consent will not affect the delivery of transactional emails related to your order (such as your report delivery email).
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, or alteration. These measures include:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, inform you directly without undue delay.
No method of transmission over the internet or electronic storage is 100% secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security.
Our Service is not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected data from a child, please contact us immediately at [email protected] and we will take steps to delete it promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page.
We encourage you to review this policy periodically. Your continued use of our Service after any changes are posted constitutes your acceptance of the updated policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
We aim to respond to all data protection enquiries within 5 business days.
If you are not satisfied with our response, or if you believe we are processing your personal data in a way that does not comply with UK GDPR, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):