UNIT 5 STAR INDUSTRIAL PARK,BODMIN ROAD CV2 5DB, Coventry +44 7442 109815
Mon-Fri: 8AM-6PM

GDPR Policy

How we protect your personal data under UK GDPR

Last updated: 8 May 2026

This GDPR Policy explains how EDYCAR AUTO BODYREPAIR LTD (trading as Mirage Body Shop) complies with UK GDPR and the Data Protection Act 2018 when processing personal data.

1. Data Controller Details

Data Controller: EDYCAR AUTO BODYREPAIR LTD
Trading name: Mirage Body Shop
Company number: 14618944
ICO registration number: ZB890228
Contact email: Use /contact form
Contact phone: Protected field - use /contact
Address: UNIT 5 STAR INDUSTRIAL PARK,BODMIN ROAD CV2 5DB, Coventry

2. Scope of This Policy

This policy applies to personal data collected through our website, customer enquiries, booking requests, vehicle service communications, and related operational records.

3. Categories of Personal Data

  • Identity and contact information (name, email, telephone, address if supplied).
  • Vehicle and service information (vehicle registration, service requirements, booking history).
  • Communication records (messages, attachments, photos, call or enquiry notes).
  • Technical/usage data relevant to website operation and functional analytics.

4. Lawful Bases for Processing

  • Contract: to provide quotes, bookings, repairs and related customer support.
  • Legitimate interests: to run and improve website functionality, security, fraud prevention and service quality.
  • Legal obligation: to retain records required for accounting, tax, legal and regulatory compliance.
  • Consent: where required for optional cookies/analytics or specific communications.

5. Data Minimisation and Purpose Limitation

We only collect data that is necessary for defined business and legal purposes. We do not sell personal data and do not share personal data with third parties for their own direct marketing.

6. Retention Periods

  • Booking/invoice records: generally up to 6 years.
  • General customer enquiries: normally up to 24 months after last meaningful contact.
  • Website functional analytics and technical logs: only for as long as needed for operational analysis, then deleted, anonymised or aggregated.

We may retain data for longer where required by law or for legal claims.

7. Data Sharing and Processors

We may use trusted service providers (processors) for hosting, infrastructure, and technical support. Where processors handle personal data, they do so under contractual obligations and appropriate security controls.

8. International Transfers

If personal data is transferred outside the UK, we use lawful transfer mechanisms and safeguards (for example, adequacy regulations or approved contractual clauses) as required by UK law.

9. Security Measures

We implement proportionate technical and organisational measures to protect personal data, including access controls, system hardening, and need-to-know access principles.

10. Data Subject Rights

You may have the right to:

  • access your personal data;
  • request correction of inaccurate data;
  • request erasure in certain circumstances;
  • request restriction of processing;
  • object to processing based on legitimate interests;
  • request data portability where applicable;
  • withdraw consent where processing relies on consent.

To exercise your rights, contact us at Use /contact form.

11. Complaints

If you are not satisfied with how we process personal data, please contact us first so we can address your concerns. You also have the right to complain to the UK Information Commissioner's Office (ICO): ico.org.uk.

12. Policy Updates

We may amend this GDPR Policy from time to time. The latest version is always published on this page.

Last updated: 21 February 2026