Privacy

Privacy notice

This privacy notice is a launch template. It must be completed with the final legal entity, contact details, processors, retention periods, and lawful bases before public launch.

Data collected

The booking form can collect name, phone, email, vehicle details, registration, partner club, preferred date, tee time, collection time, and service notes. Server logs may also record IP address and request time.

How data is used

Booking data is used to respond to enquiries, confirm availability, estimate work, prepare vehicle handover, send confirmations, process payments, and maintain business records.

Processors

The backend is prepared for Stripe payments, OpenAI assistant responses, SMTP email, and Twilio SMS or WhatsApp notifications. These processors should be named here once live credentials are added.

Retention

Retention periods must be confirmed before launch. Booking enquiries should be retained only as long as needed for service delivery, accounting, insurance, dispute handling, and legal obligations.

Customer rights

Customers can request access, correction, deletion, restriction, or objection where applicable under UK GDPR. The final business contact email must be added before launch.

Security

API keys are kept server-side. Payment card data should be handled by Stripe Checkout rather than stored on this server.