Privacy Policy
How VFindR collects, uses, stores and protects your personal information — in plain English, in full compliance with UK GDPR.
Who We Are
VFindR Ltd ("VFindR", "we", "us", "our") is a company registered in England and Wales. We operate the website at vfindr.co.uk ("the Site") — a community platform for reporting stolen vehicles, logging suspicious vehicle sightings, and connecting the public with trusted vehicle trade businesses.
VFindR Ltd is the Data Controller for personal data collected through this Site. This means we determine the purposes and means of processing your personal data and are responsible for it being handled lawfully.
Data Protection enquiries: privacy@vfindr.co.uk
What Data We Collect
We are committed to data minimisation — we only collect information that is strictly necessary for a specific, stated purpose. The data we collect depends on how you use the Site:
2.1 Data you provide voluntarily
| Where Collected | Data Collected | Personal Data? |
|---|---|---|
| Contact Form | Name, email address, selected subject, message content | Yes |
| Business Listing Form | Business name, category, description, town, postcode, phone (optional), business email, website (optional), logo image (optional) | Partially — business email may be personal |
| Stolen Vehicle Report | Vehicle make, model, colour, registration, location/area description | No — no user identity collected |
| Sighting Report | Vehicle make, model, colour, registration, location/incident description | No — no user identity collected |
2.2 Data collected automatically
When you visit the Site, our hosting provider (Fasthosts) may automatically record standard server log data, including your IP address, browser type, operating system, referring URL, and pages visited. This data is collected for security and server performance purposes and is not used to identify you personally.
2.3 Data stored locally in your browser
Stolen vehicle reports and sighting reports that you submit are stored in your own browser's localStorage — they are not transmitted to any VFindR server. This data never leaves your device unless you choose to share it. You can delete it at any time using the controls on the Site or by clearing your browser data.
How We Collect Data
We collect personal data through the following means:
- Directly from you when you complete and submit the Contact Us form or the Business Directory listing form.
- Automatically via server logs maintained by our hosting provider when you access the Site.
- Via your browser when you submit stolen vehicle or sighting reports — this data is stored locally on your device only and not received by us.
- Via cookies and localStorage for functionality and consent preferences (see Section 7).
We do not purchase data from third parties, use data brokers, or obtain personal data from social media platforms about Site visitors.
Legal Basis for Processing
Under UK GDPR, we must have a lawful basis for processing any personal data. The following table sets out the legal basis we rely on for each type of processing:
| Processing Activity | Legal Basis | Detail |
|---|---|---|
| Responding to contact form enquiries | Legitimate Interest (Art. 6(1)(f)) | We have a legitimate interest in responding to people who contact us. |
| Contact form — data storage | Consent (Art. 6(1)(a)) | You check an explicit, unchecked consent box before submitting. |
| Business directory listings | Consent (Art. 6(1)(a)) | You check an explicit consent box acknowledging public display of your listing. |
| Server access logs | Legitimate Interest (Art. 6(1)(f)) | Security monitoring and protection of the Site from abuse. |
| Cookie consent preference | Consent (Art. 6(1)(a)) | Your selection on the cookie banner is stored to remember your preference. |
Where we rely on legitimate interest, we have conducted a Legitimate Interest Assessment (LIA) to ensure our interests do not override your rights and freedoms. You can request a copy of our LIA by emailing privacy@vfindr.co.uk.
How We Use Your Data
We use the personal data we collect for the following specific purposes:
- To respond to your enquiry when you contact us via the Contact form.
- To review and publish your business listing on the Vehicle Business Directory, following your consent and our review process.
- To maintain the security and integrity of the Site using server log data.
- To remember your cookie preference so we do not show the consent banner on every visit.
- To comply with our legal obligations, including responding to lawful requests from law enforcement or courts.
We do not use your data for automated decision-making or profiling. We do not use your data for direct marketing unless you have given separate, explicit consent for this purpose.
Data Sharing
We do not sell, rent, or trade your personal data to any third party, ever. We may share data only in the following limited circumstances:
6.1 Service Providers (Data Processors)
We use a small number of trusted third-party service providers who process data on our behalf:
- Fasthosts Internet Ltd — our UK-based web hosting provider. Server access logs are stored on their infrastructure. Fasthosts are GDPR-compliant and process data in the UK/EU.
- Email service provider — used to send responses to contact form submissions. No data is stored permanently by the email provider beyond delivery.
All service providers are bound by Data Processing Agreements (DPAs) and may only use your data for the specific purpose for which it was shared.
6.2 Business Directory — Public Display
If you submit a business listing, the information you provide (business name, category, description, town, postcode, phone, business email, website) will be displayed publicly on the Site. Do not include personal residential information in any listing field.
6.3 Legal Compliance
We may disclose personal data to law enforcement authorities, courts, or regulatory bodies if we are legally required to do so, or if we reasonably believe disclosure is necessary to protect the rights, property, or safety of VFindR, our users, or the public.
6.4 International Transfers
All data we collect is stored and processed within the United Kingdom. We do not transfer personal data to countries outside the UK. Our use of Google Fonts CDN involves your browser making a connection to Google's servers — see Section 7 for details.
Cookies & Local Storage
7.1 What we use
| Name / Type | Purpose | Duration | Essential? |
|---|---|---|---|
vfindr_cookie_consent (localStorage) |
Stores your cookie consent preference (Accept All or Essential Only) | Until cleared | Yes |
vfindr_stolen_vehicles (localStorage) |
Stores stolen vehicle reports you have submitted, locally in your browser only | Until you delete them or clear browser data | Yes (functional) |
vfindr_sightings (localStorage) |
Stores sighting reports you have submitted, locally in your browser only | Until you delete them or clear browser data | Yes (functional) |
| Google Fonts (CDN request) | Your browser fetches font files from Google's servers. Google may log the request IP. We do not control this processing. | Browser cache (typically 1 year) | No (aesthetic) |
7.2 What we do NOT use
- Advertising or retargeting cookies
- Third-party analytics tracking (e.g. Google Analytics)
- Social media tracking pixels
- Session cookies that identify you personally
7.3 Managing your preferences
You can change or withdraw your cookie consent at any time by clearing your browser's localStorage for this Site. You can also manage cookies through your browser settings. Instructions for common browsers:
Data Retention
We retain personal data only for as long as is necessary for the purpose for which it was collected, or as required by law. Our retention periods are:
| Data Type | Retention Period | Reason |
|---|---|---|
| Contact form enquiries (name, email, message) | 12 months from receipt, then securely deleted | To handle follow-up queries; beyond this there is no legitimate need |
| Business listing information | Until you request removal, or the listing becomes inactive for 24 months | Required to maintain the directory |
| Server access logs | 90 days, then automatically purged | Security monitoring — standard hosting provider practice |
| Stolen vehicle / sighting data (localStorage) | Controlled entirely by you — stored locally until you delete | Never held on our servers |
Your Rights Under UK GDPR
Under the UK General Data Protection Regulation and the Data Protection Act 2018, you have the following rights in relation to your personal data:
Right of Access (Article 15)
You have the right to request a copy of the personal data we hold about you, along with information about how we process it. We will respond within one calendar month.
Right to Rectification (Article 16)
You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
Right to Erasure (Article 17)
You have the right to request that we delete your personal data where there is no longer a legitimate reason for us to hold it. This right applies in certain circumstances — for example, where you withdraw consent and there is no other legal basis for processing.
Right to Restrict Processing (Article 18)
You have the right to request that we suspend processing of your data in certain circumstances — for example, while we verify the accuracy of data you have disputed.
Right to Data Portability (Article 20)
Where processing is based on consent or a contract, and is carried out by automated means, you have the right to receive your data in a structured, commonly used, machine-readable format.
Right to Object (Article 21)
You have the right to object to processing based on legitimate interest. We will stop processing unless we can demonstrate compelling legitimate grounds that override your rights, or processing is for legal claims.
Right to Withdraw Consent (Article 7)
Where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
Data Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, disclosure, alteration, or destruction. These measures include:
- HTTPS encryption across the entire Site (TLS/SSL)
- Restricted access to any personal data we hold
- UK-based hosting with Fasthosts Internet Ltd, a GDPR-compliant provider
- Honeypot and spam-prevention measures on all forms
- Regular review of our data handling practices
No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours and will inform you without undue delay.
Children's Privacy
This Site is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has submitted personal information to us, please contact us at privacy@vfindr.co.uk and we will delete that information promptly.
Users aged 13–17 should obtain parental or guardian consent before submitting any personal information through the Site.
Third-Party Links
This Site contains links to third-party websites, including vfindr.store and external social media platforms (Facebook, X, Instagram). This Privacy Policy applies only to vfindr.co.uk.
We are not responsible for the privacy practices of any third-party websites. We encourage you to read the privacy policies of any external sites you visit. The presence of a link does not constitute our endorsement of that site's privacy practices.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Display a notice on the Site homepage for a reasonable period
- Where required by law, notify you directly
Continued use of the Site after the effective date of any changes constitutes your acceptance of the revised Policy. We encourage you to review this page periodically.
Contact & Complaints
Contact Us
For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact our Data Protection lead:
Right to Complain to the ICO
If you are unhappy with how we have handled your personal data and we have been unable to resolve your concern, you have the right to lodge a complaint with the UK's supervisory authority:
Website: ico.org.uk
Helpline: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
We would appreciate the opportunity to resolve any concern you have before you contact the ICO, so please get in touch with us first.