top of page

Privacy Policy

​

1. Introduction

Thirsk Bodyshop Ltd (“we”, “us”, “our”) is committed to protecting your privacy under UK GDPR. This policy explains how we collect, use, store, and share your personal data when you visit our website or contact us.

2. Data Controller

Thirsk Bodyshop Ltd
Unit E, Alanbrooke Industrial Park, Station Road, Topcliffe, Thirsk, North Yorkshire, YO7 3SE 
Phone: 01845 577771 · Email: info@thirskbodyshop.co.uk 

3. Personal Data Collected

  • Contact form submissions: name, email address, telephone number, vehicle registration and message 

  • Communications: information shared via phone or email regarding enquiries or services

  • Usage data: IP address, device/browser, pages viewed and session duration via cookies

  • Cookies: essential functionality and anonymised performance cookies only (no advertising/profiling cookies)

4. How We Use Your Data

We use your personal data to:

  • Respond to enquiries, provide quotes, and arrange repair/bookings

  • Communicate details about insurance repairs, resprays, dent removal, plastic welding and full restorations 

  • Enhance our website through anonymised analytics

  • Comply with legal obligations, including financial record-keeping

5. Legal Basis for Processing

Processing is based on:

  • Contractual necessity – handling enquiries and repair work

  • Legitimate interests – improving our services and site functionality

  • Consent – for follow-up communications, if given

  • Legal obligations – keeping records for compliance

6. Data Sharing

We do not sell or rent personal data. We may share information with:

  • Service providers (e.g., web host, email system) acting as processors

  • Legal or regulatory authorities, where required by law

7. Cookies & Tracking

  • Essential cookies: needed for website functionality (forms, navigation)

  • Performance cookies: anonymous analytics (e.g. Google Analytics)
    No advertising or profiling cookies are used

8. Data Retention

  • Enquiry and service data: retained for up to 7 years for audit and legal purposes

  • Usage data: session logs deleted after 24 months; aggregated analytics retained

9. Your Rights

Under UK GDPR, you have the right to:

  • Access, correct, or delete personal data

  • Restrict or object to processing

  • Withdraw consent

  • Request data portability
    To exercise your rights, contact us at the contact details above. You may also lodge a complaint with the ICO.

10. Security

We use SSL encryption, secure hosting, and controlled access to protect your data. While we strive for security, no system is fully immune.

11. International Transfers

All personal data is processed and stored within the UK—no international transfers occur

12. Policy Updates

We may revise this policy. Changes will be reflected in the “Effective Date” above.

bottom of page