Privacy Policy

Last Updated: July 1, 2024


Carsu is committed to protecting your privacy and ensuring that your personal data is handled in a safe and responsible manner. This privacy policy outlines how we collect, use, and protect your information in compliance with the General Data Protection Regulation (GDPR), the UK GDPR, and the Data Protection Act 2018.

1. Introduction

Carsu is committed to protecting your privacy and ensuring that your personal data is handled in a safe and responsible manner. This privacy policy outlines how we collect, use, and protect your information in compliance with the General Data Protection Regulation (GDPR), the UK GDPR, and the Data Protection Act 2018.

2. Data Collection

We collect personal data that you provide to us when you use our services through various methods, including website forms, cookies, and direct interactions. This includes:

  • Personal Information: Name, email address, phone number, and other contact details, including make, model and registration information of your vehicles.
  • Usage Data: Information about how you use our services.
  • Transaction Data: Details about payments and transactions.
3. Legal Basis for Processing

The legal basis for processing your personal data is:

  • Transactional Relationship: The end-customer's relationship with the shop.
  • Contractual Necessity: The shop's contract with Carsu to provide them with a SaaS platform to enhance their operations.
  • Legitimate Interests: Where processing is necessary for the purposes of the legitimate interests pursued by Carsu or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
4. Consent Management

Consent by the end customer is given implicitly verbally or by message when they request a service. The shop, as a user of the SaaS platform, confirms that they accept the terms and conditions of the service. Users can withdraw consent at any time by contacting privacy@carsu.com.

5. Data Retention

We retain personal data in line with legal necessity. Where there is no legal necessity, data is retained for as long as the shop holds an account with Carsu. Specific retention periods for each category of data are determined based on regulatory requirements and business needs.

6. Data Transfer

Data is stored on European servers. However, select personnel located outside the EU and UK may work on the data. We ensure that all international data transfers comply with applicable data protection laws and are safeguarded by Standard Contractual Clauses or equivalent measures. Users can request details of these safeguards.

7. Third-party Processors

We may share your data with third-party service providers such as Google, Facebook (Meta), and Azure to support our services. These third-party processors are responsible for ensuring the security and confidentiality of your data. A full list of processors and their roles is available upon request.

8. User Rights

You have the right to access, correct, delete, or port your personal data under both GDPR and UK GDPR. To exercise these rights, you can contact us at privacy@carsu.com or send a letter to our business address in Ermelo. We will respond to your request within one month.

9. Automated Decision-making

We do not use any automated decision-making or profiling systems in our services. Should this change, we will update our policy to ensure full compliance with GDPR Article 22.

10. Security Measures

We implement industry-standard security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include encryption, pseudonymization, regular security audits, and employee training.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on our website and updating the policy's effective date. Significant changes will be communicated directly to users via email or other communication channels.

12. UK Specific Provisions

In compliance with the UK GDPR and the Data Protection Act 2018, we ensure that:

  • Personal data transfers to and from the UK are safeguarded with appropriate measures.
  • UK residents can exercise their data protection rights as described in this policy.
13. Contact Us

If you have any questions about this privacy policy, please contact us at:

Email: privacy@carsu.com
Address: Harderwijkerweg 145, 3852 AB, Ermelo, the Netherlands
Data Protection Officer (DPO): privacy@carsu.com