Data rights
GDPR and your data rights
Last updated: 16 June 2026
Summary: Under UK GDPR and the Data Protection Act 2018, you have clear rights over your personal data. Motorproof is committed to upholding those rights. This page explains what they are and how to use them. To make a request, email info@motorproof.co.uk - we will respond within 30 days.
Our legal framework
Motorproof Ltd is a data controller registered under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. These laws apply across England, Scotland, Wales, Northern Ireland, Jersey, Guernsey, and the Isle of Man. We process personal data lawfully, fairly, and transparently, and only for the purposes set out in our Privacy policy.
Your rights under UK GDPR
Right of access
Article 15You have the right to request a copy of all personal data we hold about you. This is called a Subject Access Request (SAR). We will provide your data in a portable, readable format within 30 days.
Right to rectification
Article 16If any personal data we hold about you is inaccurate or incomplete, you have the right to ask us to correct it. We will act on your request within 30 days.
Right to erasure
Article 17Also known as the right to be forgotten. You can request that we delete your personal data where it is no longer necessary for the purpose it was collected, where you withdraw consent, or where you object to processing. Certain legal obligations may require us to retain some data.
Right to restriction of processing
Article 18You can request that we limit how we use your data while a dispute about accuracy or legitimate use is resolved.
Right to data portability
Article 20Where processing is based on consent or contract, you have the right to receive your personal data in a structured, machine-readable format, and to request that we transfer it to another organisation.
Right to object
Article 21You have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will stop immediately.
Rights related to automated decisions
Article 22You have the right not to be subject to decisions made solely by automated processing that significantly affect you. Motorproof does not currently make automated decisions of this nature.
How to make a data request
To exercise any of your rights, email us at info@motorproof.co.uk with the subject line Data Rights Request. Please include:
- Your full name and the email address associated with your Motorproof account
- The specific right you wish to exercise
- Any relevant details to help us locate your data
We will acknowledge your request within 5 working days and respond in full within 30 calendar days. In complex cases we may extend this by a further 2 months, in which case we will notify you and explain why.
Withdrawing consent
Where we process your data based on your consent (for example, marketing communications), you may withdraw consent at any time by emailing info@motorproof.co.uk. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.
How to complain to the ICO
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent data protection authority.
Information Commissioner's Office
Website: ico.org.uk
Phone: 0303 123 1113
Post: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We ask that you contact us first before approaching the ICO, as we may be able to resolve your concern directly and quickly.
Data breach notification
In the event of a personal data breach that poses a risk to your rights and freedoms, Motorproof will notify the ICO within 72 hours of becoming aware of the breach, as required by UK GDPR Article 33. Where the breach is likely to result in a high risk to your rights, we will also notify you directly without undue delay under Article 34.
Data transfers outside the UK
Our infrastructure providers (Supabase, Stripe, Resend) may process data in data centres located in Europe and the United States. All such transfers are subject to appropriate safeguards including Standard Contractual Clauses (SCCs) or adequacy decisions recognised under UK law.