At Millers Recovery, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, share, and safeguard your information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It applies to all individuals and businesses who interact with our services, including breakdown assistance, vehicle maintenance, MOT testing, and call management.

1. Who We Are

Millers Recovery is a breakdown, recovery, and maintenance service provider based in Preston, Lancashire, operating across the UK and parts of Europe. We are the data controller responsible for your personal data.
Contact Details:

• Address: Millers Recovery, [Insert Address], Preston, Lancashire, [Insert Postcode]

• Phone: [Insert Phone Number]

• Email: [Insert Email Address]

2. Data We Collect

We may collect and process the following types of personal data:

• Identity and Contact Data: Name, company name, phone number, email address, and postal address.

• Service Data: Vehicle registration, location of breakdown or service, details of the issue, and service history.

• Communication Data: Records of calls, emails, or messages sent to our 24/7 control centre or customer service team.

• Payment Data: Billing information, such as invoicing details or payment references (we do not store full card details).

• Technical Data: IP address, browser type, and device information if you interact with our website or digital services.

3. How We Collect Your Data

We collect data:

• Directly from You: When you request services, book an MOT, contact our control centre, or submit inquiries.

• Automatically: Via our website (e.g., cookies, subject to your consent where required) or call recordings for quality and training purposes.

• From Third Parties: Such as fleet operators or subcontractors acting on your behalf, where applicable.

4. How We Use Your Data

We process your data for the following lawful purposes under UK GDPR:

• To Provide Services (Contract): To coordinate breakdowns, repairs, maintenance, MOTs, and call management, including dispatching technicians or subcontractors.

• To Manage Payments (Contract): To issue invoices and process payments for our services.

• To Communicate (Legitimate Interest): To provide updates on technician arrival times, repair statuses, or respond to inquiries.

• To Improve Services (Legitimate Interest): To analyse service performance and train staff, using anonymised data where possible.

• To Meet Legal Obligations (Legal Obligation): To comply with tax, safety, or data protection laws.

• Marketing (Consent): To send promotional offers or updates about our services, only with your explicit consent.

5. Data Sharing

We may share your data with:

• Subcontractors: Our network of over 1,000 vetted subcontractors across the UK to deliver services (e.g., recovery or repairs). They act as data processors under our instructions.

• Service Providers: IT, payment, or communication providers who support our operations, bound by strict confidentiality agreements.

• Legal Authorities: Where required by law, such as for road safety investigations or tax compliance.
  We do not sell your data to third parties or share it for unrelated purposes.

6. International Transfers

If services extend to Europe (e.g., via subcontractors), we may transfer data outside the UK. We ensure such transfers comply with UK GDPR, using safeguards like Standard Contractual Clauses approved by the UK Information Commissioner’s Office (ICO).

7. Data Retention

We retain your data only as long as necessary:

• Service Records: Up to 6 years after the last service, to meet contractual and legal obligations (e.g., tax records).

• Call Recordings: Up to 12 months for training and quality purposes, unless longer retention is legally required.

• Marketing Data: Until you withdraw consent or it becomes outdated.
  After these periods, data is securely deleted or anonymised.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Access: Request a copy of the data we hold about you.

• Rectification: Ask us to correct inaccurate or incomplete data.

• Erasure: Request deletion of your data where there’s no lawful reason to retain it.

• Restriction: Ask us to limit processing in certain circumstances.

• Objection: Object to processing based on legitimate interests (e.g., marketing).

• Portability: Request your data in a transferable format where applicable.

• Withdraw Consent: Opt out of marketing at any time.
  To exercise these rights, contact us at [Insert Email Address]. We’ll respond within one month, free of charge, unless requests are complex or excessive.

9. Data Security

We use appropriate technical and organisational measures to protect your data, including encryption, secure servers, and restricted access. Our subcontractors and staff are trained to handle data securely. In the unlikely event of a data breach, we will notify you and the ICO if required under UK GDPR.

10. Cookies and Website Use

Our website may use cookies to enhance functionality and analyse usage. You can manage preferences via your browser or our cookie consent tool. Essential cookies (e.g., for site operation) do not require consent, but non-essential ones (e.g., analytics) do.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our services or legal requirements. The latest version will be available on our website or upon request. This policy was last updated on March 25, 2025.