top of page

Privacy Policy

Privacy Policy 

​

Privacy Policy

Privacy Policy for South tuningz ltd T/A Apex Performance Edenbridge
Effective date: [21/04/2026]
Website: www.apexperformanceedenbridge.co.uk

1. Who we are

Apex Performance Edenbridge is the controller of the personal data collected through this website and in connection with customer enquiries, bookings, and services. Under UK GDPR, your privacy notice should identify the organisation and provide its contact details. 

Contact details:
Apex Performance Edenbridge
[Apex performance edenbridge, unit 1, 1 fircroft way, TN86EL]
[support@apexperformanceedenbridge.co.uk ]

​

2. The information we collect

We may collect and process the following personal data:

  • name

  • email address

  • phone number

  • vehicle details

  • booking and enquiry details

  • payment and transaction information

  • communications you send us

  • website usage data, such as IP address, browser type, pages viewed, and cookie-related data where used

The ICO says privacy information should explain what personal data is collected and how it is used. 

3. How we collect your information

We collect information:

  • when you fill in a contact or booking form

  • when you call, email, message, or contact us through social media

  • when you buy a service or make a payment

  • when you use our website

  • when cookies or analytics tools are enabled on the site

Privacy information should be provided when personal data is collected directly from the individual, including via forms and online tracking. 

4. Why we use your information

We use your personal data to:

  • respond to enquiries

  • provide quotes

  • arrange bookings and appointments

  • carry out tuning, diagnostic, fabrication, or other workshop services

  • process payments and maintain records

  • communicate with you about your vehicle or booking

  • improve our website and services

  • meet legal, accounting, tax, and regulatory obligations

  • send marketing communications where permitted or where you have consented

The ICO requires privacy notices to explain the purposes of processing. 

5. Our lawful bases for processing

Under UK GDPR, we must have a lawful basis for using your personal data and tell you what that basis is. 

We generally rely on these lawful bases:

Contract
Where processing is necessary to provide a service, take a booking, or provide a quote you requested. ICO guidance says contract can apply when processing is needed to deliver a service or do something at the individual’s request before a contract is entered into, such as providing a quote. 

Legitimate interests
Where processing is necessary for the running of our business, customer service, fraud prevention, record keeping, workshop administration, or improving our website and services, provided your rights do not override those interests. If relying on legitimate interests, the ICO says you should tell people that and explain what those interests are. 

Legal obligation
Where we need to keep records or process information to comply with tax, accounting, consumer, or other legal obligations. The ICO recognises legal obligation as one of the lawful bases under UK GDPR. 

Consent
Where required, for example for certain marketing communications or non-essential cookies. Where consent is your basis, people must be told about their right to withdraw it. 

6. Marketing

We may use your contact details to send you updates, offers, or service-related marketing where allowed by law or where you have given consent. You can opt out of marketing at any time by contacting us or using any unsubscribe method we provide. If consent is relied on, the ICO says your privacy notice should explain the right to withdraw it. 

7. Cookies and analytics

Our website may use cookies and similar technologies to help it function, understand website traffic, and improve user experience. Where non-essential cookies are used, you should be given clear information about them. The ICO’s small business guidance notes that privacy notices and cookies information should explain what data is collected, why, how long it is kept, and who it is shared with. 

You should also add a separate Cookie Policy if your site uses analytics, Meta Pixel, Google Analytics, or other tracking tools.

8. Who we share your information with

We may share personal data with:

  • website hosting providers

  • payment processors

  • email and communications providers

  • analytics providers

  • booking or CRM tools

  • accountants, professional advisers, or insurers

  • legal or regulatory bodies where required

  • third-party service providers who process data on our behalf

The ICO says people should be told who their information is shared with, and processor relationships should be properly governed. 

9. International transfers

Some of our service providers may store or process data outside the UK. If we use such providers, we will take reasonable steps to ensure appropriate safeguards are in place for personal data, as required by data protection law. If this applies to your actual setup, you should name the services where practical in your final version. The ICO says privacy information should explain relevant sharing and safeguards where appropriate. 

10. How long we keep your information

We keep personal data only for as long as reasonably necessary for the purposes we collected it for, including legal, accounting, tax, complaint-handling, and record-keeping requirements. If you do not have a fixed retention period, the ICO says you should explain the criteria you use to decide how long information is kept. 

Typical examples:

  • enquiry data: up to [2 years]

  • customer job and invoice records: up to [3 years]

  • marketing records: until you withdraw consent or opt out

  • analytics/cookie data: according to the relevant platform settings

You should replace these with the periods you actually use.

11. Your rights

Under UK GDPR, you may have the right to:

  • be informed about how your data is used

  • access your personal data

  • have inaccurate data corrected

  • have data erased in some circumstances

  • restrict processing in some circumstances

  • object to processing in some circumstances

  • receive your data in a portable format in some circumstances

  • withdraw consent where consent is the lawful basis

The ICO says privacy notices should explain which rights people have in relation to their data. 

To exercise any of these rights, contact us using the details above.

12. Subject access requests

You can ask for a copy of the personal data we hold about you. The ICO says subject access requests can be made verbally or in writing and should usually be handled without delay and within one month. 

13. How we protect your information

We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or disclosure. This may include secure systems, password protection, limited access, and using reputable service providers. The ICO requires controllers and processors to protect people’s information appropriately. 

14. Complaints

If you have concerns about how we use your personal data, please contact us first so we can try to resolve the issue. The ICO says privacy notices should tell people how they can complain. 

You also have the right to complain to the Information Commissioner’s Office in the UK.

15. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will post the updated version on this page and update the effective date. The ICO guidance expects privacy information to be clear and kept appropriate to the processing being carried out.

​

bottom of page