Privacy Policy for BookMyGarage

BookMyGarage is a trading name of The Motorists Organisation Ltd (“TMO”) and takes the privacy of your information very seriously. We are committed to protecting and respecting your personal data.

Our privacy policy explains how we will collect and use your personal data through your use of this website. We may vary this policy from time to time and the current version will be that published on this site. The word 'we' refers to BookMyGarage, unless otherwise indicated.

TMO is the controller and responsible for your personal data (collectively referred to as "we", "us" or "our" in this privacy policy).

What information do we collect?

From time to time, you will be asked to submit personal information about yourself in order to receive or use services on our platform. The information includes name, email address, phone number, postal address, vehicle registration number.

We collect, use and are responsible for certain personal data about you. When we do so we are subject to the Data Protection Act 2018 and the UK GDPR (“Data Protection Law”).

We do not collect or request Sensitive Personal Data from you. Sensitive Personal Data includes personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership; genetic and biometric data (when processed to uniquely identify an individual) and data concerning health or sexual orientation.

Users aged 16 years and under

If you are 16 or under you must have permission from a parent or guardian before you give us personal information. If we find that we have received information from you without the appropriate consent, we reserve the right to cancel all transactions and services and remove all personal data that you have supplied. You will be able to re-submit the information when you have the required permission.

How do we collect information from you?

We ask you for information about you, your location and your vehicle when you use our platform, email or call us.

How and why your personal information will be used?

The Data Protection Law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:

  • Performance of a contract with you: Where we need to perform the contract, we are about to enter into or have entered into with you.
  • Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
  • Legal obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.
  • Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to an email newsletter.

We will use information collected when you use the website for price enquiry and/or make a booking on our platform:

  • to present you with garages and services relevant to you;
  • to ensure that the service you have asked for is correctly delivered and managed;
  • to maintain your account on BookMyGarage;
  • to ask you to review the service you received. You are under no obligation to respond to this invitation.

The table below explains in more detail what we use your personal data for and why.

What we use your personal data forOur reasons
Providing services to youTo perform our contract with you or to take steps at your request before entering into a contract
Preventing and detecting fraud against you or usFor our legitimate interests or those of a third party, i.e. to minimise fraud that could be damaging for you and/or us
Ensuring business policies are adhered to, e.g. policies covering security and internet useFor our legitimate interests or those of a third party, i.e. to make sure we are following our own internal procedures so we can deliver the best service to you
Operational reasons, such as improving efficiency, training and quality controlFor our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service to you at the best price
Ensuring the confidentiality of commercially sensitive informationFor our legitimate interests or those of a third party, i.e. to protect trade secrets and other commercially valuable information to comply with our legal and regulatory obligations
Statistical analysis to help us manage our business, e.g. in relation to our financial performance, customer base, product range or other efficiency measuresFor our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service to you at the best price
Preventing unauthorised access and modifications to systemsFor our legitimate interests or those of a third party, i.e. to prevent and detect criminal activity that could be damaging for you and/or us to comply with our legal and regulatory obligations
Updating customer recordsTo perform our contract with you or to take steps at your request before entering into a contract to comply with our legal and regulatory obligations for our legitimate interests or those of a third party, e.g. making sure that we can keep in touch with our customers about existing orders and new products

Marketing our services to:

  • existing and former customers;
  • third parties who have previously expressed an interest in our services;
  • third parties with whom we have had no previous dealings.
For our legitimate interests or those of a third party, i.e. to promote our business to existing and former customers

Marketing

We may use your personal data to send you updates (by email, text message, telephone or post): -

  • about our products and services that we think may be of interest to you including exclusive offers, promotions or new services; and
  • to provide you with reminders when your car’s next service or MOT is due.

During the registration process on our website when your personal data is collected, you will be asked to indicate your preferences for receiving direct marketing communications from TMO.

You will receive marketing communications from us if you have requested information from us or purchased services from us and you have not opted out of receiving the marketing.

We will get your express consent before we share your personal data with any third party for their own direct marketing purposes.

You have the right to opt out of receiving marketing communications at any time by:

  • contacting us at info@bookmygarage.com
  • using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts

We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

If you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or customer service purposes.

Where do we store your data?

Personal data may be held at our offices and those of our service providers such as our data storage service providers and email marketing provider.

Our service providers may be based outside the UK/EEA.

Under data protection law, we can only transfer your personal data to a country or international organisation outside the UK/EEA where:

  • the UK government has decided the particular country or international organisation ensures an adequate level of protection of personal data (known as an ‘adequacy decision’);
  • there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for data subjects; or
  • a specific exception applies under data protection law.

These are explained below.

Adequacy decision

We may transfer your personal data to certain countries, on the basis of an adequacy decision. These include:

  • all European Union countries, plus Iceland, Liechtenstein and Norway (collectively known as the ‘EEA’);
  • Gibraltar; and
  • Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay.

The list of countries that benefit from adequacy decisions will change from time to time. We will always seek to rely on an adequacy decision, where one exists.

Other countries we are likely to transfer personal data to do not have the benefit of an adequacy decision. This does not necessarily mean they provide poor protection for personal data, but we must look at alternative grounds for transferring the personal data, such as ensuring appropriate safeguards are in place or relying on an exception, as explained below.

Transfers with appropriate safeguards

Where there is no adequacy decision, we may transfer your personal data to another country if we are satisfied the transfer complies with data protection law, appropriate safeguards are in place, and enforceable rights and effective legal remedies are available for data subjects.

The safeguards will usually include using legally approved standard data protection contract clauses.

To obtain a copy of the standard data protection contract clauses and further information about relevant safeguards please contact us (see ‘How to contact us’ below).

Transfers under an exception

In the absence of an adequacy decision or appropriate safeguards, we may transfer personal data to a third country or international organisation where an exception applies under relevant data protection law, e.g.:

  • you have explicitly consented to the proposed transfer after having been informed of the possible risks;
  • the transfer is necessary for the performance of a contract between us or to take pre-contract measures at your request;
  • the transfer is necessary for a contract in your interests, between us and another person; or
  • the transfer is necessary to establish, exercise or defend legal claims.

We may also transfer information for the purpose of our compelling legitimate interests, so long as those interests are not overridden by your interests, rights and freedoms. Specific conditions apply to such transfers, and we will provide relevant information if and when we seek to transfer your personal data on this ground.

Who Do We Share Your Data With?

When you make a booking or make an enquiry including but not restricted to the entry of a registration number and postcode, we may share this data with: -

  • a garage with which you have had a previous relationship; or
  • where required, to make a booking with a garage for services.

Any further personal information you have provided will be passed to your chosen garage.

The garage receiving either the registration number, post code or other personal data is responsible for handling your information in accordance with the Data Protection Law. We remind all garages subscribing to our platform of their responsibilities to you.

With the exception of garages, we may share your data with service providers, suppliers and sub-contractors.

We may share your information with others/third parties, where lawful to do so, to enable them to meet their legitimate interests.

We may transfer your personal information and car registration number to a third party as part of a sale of some or all of our business and assets to any third party, or if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to enforce or apply our terms of use or to protect the rights, property or safety of our customers. In such case, we will take steps to ensure that your privacy rights continue to be protected.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

How Long Do We Keep Your Data?

When you create an account on BookMyGarage, we retain your personal data until such time as you close your account or the personal data which we have collected from you is no longer required in order to perform the action or supply the service which you originally requested. Thereafter, we will keep your personal data for as long as is necessary:

  • to respond to any questions, complaints or claims made by you or on your behalf;
  • to show that we treated you fairly;
  • to keep records required by law.

We will delete or anonymise your personal data within a reasonable period where you have not created an account.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

What are your data protection rights?

We would like to make sure you are fully aware of all your data protection rights. Every user is entitled to the following:

The right to access - You have the right to request us for copies of your personal data.

The right to rectification - You have the right to request that we correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is incomplete.

The right to erasure - You have the right to request that we erase your personal data, under certain conditions.

The right to restrict processing - You have the right to request that we restrict the processing of your personal data, under certain conditions.

The right to object to processing - You have the right to object to our processing of your personal data, under certain conditions.

The right to data portability - You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you would like to exercise any of these rights, please contact us at our email address: info@bookmygarage.com

Or write to us at:

The Data Controller,
The Motorists' Organisation Ltd,
1000 Lakeside,
North Harbour,
Portsmouth,
PO6 3EN

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Cookies

Like many other providers, our platform uses cookies. Cookies are small pieces of text data sent from a platform and stored on your browser. This allows our platform to recognise you when you visit the site again. They are used to collect statistical information about visits to our platform, or to remember your preferences from previous visits. Cookies do not store personally identifiable information.

If you refuse a cookie, it may prevent the proper operation of the site or even prevent your access to certain areas.

For more details, please see our Cookie Policy.

Links to other platforms

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

Your Responsibilities

Please do not email us with confidential or sensitive information such as your credit card details. We cannot accept responsibility for unauthorised access to your information that is outside our control.

When you create an account on BookMyGarage, you should use a password that provides an adequate level of security. You are responsible for keeping your password safe, and we ask you not to share your password with anyone. We do provide the option for you to add two factor authentication to your account for added security.

We do not have access to your password, but if you lose it, you may ask us to reset the password on your account.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.

How to access your personal information

If you believe that any of the data we hold about you is incorrect or being misused or want further information you may contact us at the below address:

The Data Controller,
The Motorists' Organisation Ltd,
1000 Lakeside,
North Harbour,
Portsmouth,
PO6 3EN

How to contact the appropriate authority

Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact the Information Commissioner's Office.

Website: https://ico.org.uk/

Address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Policy Date

We review our Privacy Policy regularly. This Policy was updated in October 2025.