Privacy Policy

1. Introduction

Welcome to Toweasy. We are committed to protecting your privacy and ensuring that your personal information is handled in a safe and responsible manner. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services at https://toweasy.co.uk.

Toweasy is the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This means we are responsible for deciding how we hold and use personal information about you.

By using our website and services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of your information as described herein.

2. Data We Collect

We may collect, store, and use the following categories of personal information:

Category	Examples
Identity Data	Full name, title, date of birth
Contact Data	Phone number, email address, billing address, delivery address
Vehicle Data	Vehicle registration number, make, model, colour, VIN, location data
Transaction Data	Payment details, bank account information, card details (processed securely via third-party processors)
Technical Data	IP address, browser type, operating system, device information, cookies
Usage Data	Information about how you use our website and services
Marketing Data	Your preferences in receiving marketing from us and your communication preferences

3. How We Collect Data

We collect personal information through the following methods:

• Direct interactions: When you fill in forms on our website, contact us by phone, email, or in person, or book our services.
• Automated technologies: As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns using cookies and similar technologies.
• Third parties: We may receive personal information from third parties such as payment processors, breakdown assistance partners, and publicly available sources.

4. How We Use Data

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

• To provide towing and roadside assistance services you have requested
• To process payments and manage bookings
• To communicate with you about your service requests
• To send you service updates, confirmations, and receipts
• To improve our website and services
• To comply with legal and regulatory obligations
• To prevent fraud and ensure the security of our services
• To send marketing communications (only with your consent)

5. Legal Basis for Processing (UK GDPR)

Under UK GDPR, we must have a legal basis for processing your personal information. We rely on the following legal bases:

Legal Basis	Purpose
Contractual Necessity	To perform our contract with you (e.g., providing towing services you have booked)
Legal Obligation	To comply with applicable laws and regulations (e.g., tax records, insurance requirements)
Legitimate Interests	For our legitimate business interests (e.g., fraud prevention, website security, service improvement)
Consent	Where you have given explicit consent (e.g., marketing communications, certain cookies)

6. Payment Processing

When you make a payment through our website, your payment information is encrypted and transmitted directly to our payment processor. We may retain limited transaction information (such as the last four digits of your card and transaction reference) for record-keeping and fraud prevention purposes.

Our payment processors include reputable services that comply with UK GDPR and maintain appropriate security standards.

7. Cookies and Tracking

Our website uses cookies and similar tracking technologies to enhance your browsing experience. Cookies are small text files that are placed on your device when you visit our website.

We use the following types of cookies:

• Essential cookies: Required for the website to function properly (e.g., session management, security)
• Performance cookies: Help us understand how visitors interact with our website
• Functional cookies: Remember your preferences and settings
• Marketing cookies: Used to deliver relevant advertisements (only with your consent)

You can control cookie settings through your browser. However, disabling certain cookies may affect the functionality of our website.

8. Data Sharing

We may share your personal information with the following parties:

• Subcontractors: When our in-house staff are unavailable, we may engage trusted subcontractors to provide towing services. These subcontractors are contractually obligated to protect your data and use it only for the purpose of providing the requested service.
• Payment processors: To process payments securely
• Insurance providers: Where necessary for claims or coverage
• Legal authorities: When required by law or to protect our rights
• Service providers: IT support, hosting, email services, and other business operations

We do not sell your personal information to third parties. All third parties with whom we share data are required to maintain appropriate security measures and comply with UK GDPR.

9. Data Retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Our retention periods are as follows:

• Customer records: 6 years from the date of last service (for tax and legal purposes)
• Booking information: 3 years from the date of service
• Marketing data: Until you withdraw consent or 2 years from last engagement
• Website analytics: 14 months

After these periods, your data will be securely deleted or anonymised.

10. User Rights

Under UK GDPR, you have the following rights regarding your personal information:

• Right of Access: You can request a copy of the personal information we hold about you.
• Right to Rectification: You can request correction of inaccurate or incomplete personal information.
• Right to Erasure: You can request deletion of your personal information in certain circumstances.
• Right to Restrict Processing: You can request that we limit how we use your personal information.
• Right to Data Portability: You can request transfer of your data to another organisation in a machine-readable format.
• Right to Object: You can object to certain types of processing, including direct marketing.
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, please contact us using the details provided in Section 12. We will respond to your request within 30 days.

11. Data Security

We take the security of your personal information seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction.

Our security measures include:

• Encryption of data in transit (SSL/TLS)
• Secure servers with regular security updates
• Access controls and authentication for staff
• Regular security assessments and audits
• Staff training on data protection
• Incident response procedures

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) as required by law.

12. Contact Information

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues:

ICO Website: https://ico.org.uk

ICO Helpline: 0303 123 1113

13. Updates to Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any changes will be posted on this page with an updated revision date.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our services after any changes constitutes acceptance of the updated Privacy Policy.

For material changes, we will notify you via email or through a prominent notice on our website.