Privacy Policy

Last updated: 7 May 2026

This Privacy Policy explains how CRM Garage collects, uses, stores and protects personal data when you use our website, desktop application, accounts, subscriptions, SMS reminders, vehicle checks, support and related services.

CRM Garage is operated by Vyacheslav Stoyanov, trading as CRM Garage, as a sole trader / self-employed business.

Freelance / business website: Slavstudio.co.uk
Contact email: Info@crmgarage.co.uk
Business address: Provided on request and on official invoices where required.
VAT status: Not VAT registered.

This Privacy Policy is written to explain our data practices in a clear way. Under UK GDPR, privacy information should explain what personal data is collected, why it is used, the lawful basis, retention periods and who it is shared with.

1. Who this policy applies to

This Privacy Policy applies to:

  • visitors to crmgarage.co.uk
  • people who contact CRM Garage
  • users who create an account
  • garages, workshops, MOT centres and mobile mechanics using CRM Garage
  • customers, vehicle owners or staff whose details are entered into CRM Garage by a garage user
  • people who receive SMS messages sent through CRM Garage

CRM Garage is mainly intended for business use by garages and workshops.

2. Our role: controller and processor

For personal data we collect directly about you, such as account details, payment records, support messages and website enquiries, CRM Garage usually acts as the data controller.

For customer and vehicle data that a garage enters into the CRM Garage system, the garage is usually the data controller and CRM Garage acts as a data processor. This means the garage decides why and how that customer data is used, and CRM Garage processes it to provide the software service.

The ICO explains that whether a business is a controller or processor depends on who decides the purposes and manner of processing the personal data.

3. Personal data we may collect

We may collect and process the following types of personal data.

Account and business details

This may include:

  • name
  • business name
  • email address
  • phone number
  • garage name
  • business location
  • login details
  • subscription plan
  • account settings

Customer and vehicle records entered by garage users

Garage users may enter data such as:

  • customer name
  • customer phone number
  • customer email address
  • customer address, if added
  • vehicle registration
  • vehicle make and model
  • vehicle history
  • MOT or service due dates
  • booking details
  • job card notes
  • invoice details
  • payment status
  • SMS reminder history

Payment and subscription data

We may process:

  • selected plan
  • billing status
  • payment history
  • invoice details
  • subscription status
  • failed payment information

Payment card details are normally handled by our payment provider. We do not aim to store full card details ourselves.

Website and technical data

When you use our website or app, we may collect:

  • IP address
  • device information
  • browser type
  • operating system
  • pages visited
  • app version
  • error logs
  • usage activity
  • security logs

Support and contact data

If you contact us, we may collect:

  • your name
  • email address
  • business name
  • message content
  • support screenshots or files you send
  • details about your issue

4. Why we use personal data

We use personal data for the following purposes:

PurposeData usedLawful basis
To create and manage user accountsName, email, business details, login detailsContract
To provide CRM Garage featuresBookings, job cards, customers, vehicles, invoices, remindersContract / legitimate interests
To manage subscriptions and billingPlan, payment status, invoice detailsContract / legal obligation
To send SMS reminders and updatesCustomer name, phone number, vehicle details, reminder textContract / legitimate interests, depending on garage use
To provide customer supportContact details, support messages, screenshotsContract / legitimate interests
To improve the softwareUsage data, feedback, error logsLegitimate interests
To protect security and prevent abuseIP address, logs, account activityLegitimate interests
To comply with tax, accounting or legal dutiesInvoice and payment recordsLegal obligation
To send service noticesEmail, account informationContract / legitimate interests
To send marketing, if usedEmail, preferencesConsent or legitimate interests, depending on the message

Under UK GDPR, every use of personal data needs a valid lawful basis, and this should be explained in privacy information.

5. SMS reminders and customer messages

CRM Garage may allow garages to send SMS messages to customers, including:

  • booking confirmations
  • MOT reminders
  • service reminders
  • car-ready notifications
  • payment or collection updates
  • follow-up messages

The garage is responsible for making sure it has the correct lawful basis or consent to contact its customers by SMS.

CRM Garage provides the software tools to send or manage these messages, but the garage decides which customers are contacted and what message is sent.

SMS delivery may depend on third-party SMS providers, mobile networks and customer phone numbers. We cannot guarantee that every SMS will be delivered, delivered instantly or read by the customer.

6. Vehicle checks and vehicle data

CRM Garage may include vehicle checks, registration lookups or vehicle-related information.

Vehicle data may come from public records, third-party providers or garage user input. We cannot guarantee that vehicle data is always complete, accurate, current or suitable for every decision.

Garages should verify important vehicle information before relying on it for legal, repair, MOT, safety or financial decisions.

7. Who we share personal data with

We may share personal data with trusted third-party service providers where needed to operate CRM Garage.

This may include:

  • hosting and database providers
  • authentication providers
  • payment processors
  • SMS providers
  • email providers
  • analytics or error monitoring tools
  • vehicle data providers
  • accounting or legal advisers
  • government, tax or regulatory authorities where legally required

We only share personal data where necessary for providing the service, running the business, protecting security, meeting legal obligations or supporting users.

The ICO says privacy notices should explain the recipients or categories of recipients of personal data.

8. International transfers

Some of our service providers may process personal data outside the United Kingdom.

Where this happens, we aim to use appropriate safeguards, such as recognised contractual protections, adequacy decisions or other lawful transfer mechanisms where required.

9. How long we keep personal data

We keep personal data only for as long as reasonably necessary for the purpose it was collected.

Typical retention periods may include:

  • account data – while the account is active
  • customer and vehicle records – while the garage account is active, unless deleted earlier
  • billing and invoice records – normally up to 6 years for tax and accounting reasons
  • support messages – as long as needed to resolve the issue and maintain business records
  • security logs – for a reasonable period to protect the service
  • marketing preferences – until you unsubscribe or object
  • deleted account data – removed or anonymised after a reasonable period, unless we need to keep it for legal, tax, security or dispute reasons

Retention periods are part of the privacy information individuals should receive under UK GDPR.

10. Data security

We use reasonable technical and organisational measures to protect personal data.

This may include:

  • secure authentication
  • restricted access
  • database security
  • encryption where appropriate
  • account access controls
  • monitoring for misuse
  • backups where available
  • trusted service providers

No website, software, database or internet service can be guaranteed 100% secure. Users are responsible for keeping their own login details, devices and staff access secure.

11. Your responsibilities as a garage user

If you use CRM Garage for your garage, you are responsible for:

  • collecting customer data lawfully
  • telling your customers how their data is used
  • making sure customer contact details are accurate
  • having the correct consent or lawful basis for SMS reminders
  • not adding unnecessary or excessive personal data
  • deleting or updating records where appropriate
  • controlling staff access
  • keeping your own business records and backups where needed

You must not use CRM Garage to send spam, harassment, misleading messages or unlawful communications.

12. Your data protection rights

Depending on the situation, individuals may have rights under UK data protection law, including the right to:

  • access their personal data
  • correct inaccurate data
  • request deletion
  • restrict processing
  • object to processing
  • request data portability
  • withdraw consent where consent is used
  • complain to the ICO

Some rights may depend on the lawful basis used for the processing. The ICO explains that the lawful basis can affect which rights apply.

To make a request, contact:

Info@crmgarage.co.uk

If the request relates to customer or vehicle data entered by a garage, we may need to refer the request to the garage because the garage may be the data controller.

13. Marketing emails

We may send marketing emails about CRM Garage where allowed by law.

You can unsubscribe or object to marketing at any time by using the unsubscribe option in the email or by contacting us at:

Info@crmgarage.co.uk

We will not sell your personal data to advertisers.

14. Cookies and analytics

Our website may use cookies or similar technologies to:

  • make the website work
  • understand website traffic
  • improve pages and performance
  • remember preferences
  • protect the website from abuse

If we use non-essential cookies, analytics or tracking tools, we should provide appropriate cookie information and consent options where required.

15. Children

CRM Garage is not designed for children and should not be used by anyone under 18.

We do not knowingly collect personal data from children.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

The latest version will be posted on our website. If we make important changes, we may give notice where practical.

Continued use of CRM Garage after the policy is updated means you have read the updated version.

17. Contact

If you have questions about this Privacy Policy or how personal data is handled, contact:

CRM Garage
Operated by Vyacheslav Stoyanov, trading as CRM Garage
Website: Slavstudio.co.uk
Email: Info@crmgarage.co.uk

You also have the right to complain to the UK Information Commissioner’s Office if you are unhappy with how personal data is handled.