Privacy Policy

1. Data Controller Information

The data controller responsible for your personal information is:

• Company name: Automation Partners Ltd (trading as RevAssist)
• Registered in: England and Wales
• Website: revassist.co.uk
• Email: hello@revassist.co.uk
• Phone / WhatsApp: +44 7442 303217
• ICO Registration: Pending registration with the Information Commissioner's Office

For any data protection queries, contact us at hello@revassist.co.uk or call +44 7442 303217.

2. What Personal Data We Collect

We collect different categories of personal data depending on your relationship with us:

2.1 Website Visitors

• IP address and browser/device information (via cookies and analytics)
• Pages visited, time on site, referral source
• Any information voluntarily submitted via contact or enquiry forms

2.2 Prospective Customers (Demo Requests)

• Name, job title, and business name
• Email address and phone number
• Details of your dealership and requirements
• Communication records (emails, calls, WhatsApp messages)

2.3 RevAssist Platform Customers

• Business contact details (name, email, phone, address)
• Billing information (processed via secure third-party payment processors — we do not store card data)
• Usage data: how your team uses the platform, features accessed, frequency
• Support and communication records
• Any data you input into the platform relating to your customers and vehicles

2.4 End-Users (Dealership Customers Contacted via RevAssist)

When RevAssist is used by a dealership to communicate with their customers, we act as a data processor on behalf of that dealership (the data controller). The dealership is responsible for ensuring they have the legal right to process their customers' data. The data we process may include:

• Name, phone number, and email address
• Vehicle registration numbers and V5C/logbook data
• Communication content (WhatsApp messages, SMS, emails)
• Complaint and case management records

3. How We Use Your Personal Data

We use personal data for the following purposes:

• Providing our services: Setting up and running your RevAssist account, delivering the platform, and providing customer support
• Account management: Managing your subscription, processing payments, and sending invoices
• Communication: Responding to enquiries, providing updates, and delivering service notifications
• Marketing (with consent): Sending information about new features, promotions, or related services where you have given consent or there is a legitimate interest
• Security and fraud prevention: Detecting and preventing abuse, unauthorised access, or fraudulent activity
• Legal compliance: Meeting our obligations under applicable law, including tax, accounting, and regulatory requirements
• Platform improvement: Analysing usage patterns (in aggregate and anonymised form) to improve our products

4. Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases:

• Contract (Article 6(1)(b)): Processing necessary to fulfil our contract with you — setting up your account, providing the platform, billing
• Legitimate Interests (Article 6(1)(f)): Improving our services, preventing fraud, direct marketing to existing customers, analytics
• Consent (Article 6(1)(a)): Where we ask for your explicit consent, such as for marketing emails or non-essential cookies
• Legal Obligation (Article 6(1)(c)): Where we are required to process data to comply with UK law, such as HMRC reporting requirements

5. Who We Share Your Data With

We do not sell your personal data. We may share it with the following categories of third parties:

• Technology providers: Cloud hosting, database, and infrastructure providers who process data on our behalf under data processing agreements
• AI and communication providers: Third-party AI APIs and communication platforms (WhatsApp Business API, SMS gateways, email providers) used to power RevAssist features
• Payment processors: Stripe or equivalent PCI-DSS compliant processors for billing
• Professional advisors: Accountants, lawyers, and auditors under strict confidentiality obligations
• Regulatory authorities: Where required by law (e.g. HMRC, ICO, courts)

All third-party processors are required to process data only on our documented instructions and are subject to appropriate data processing agreements.

6. International Data Transfers

Some of our technology providers may be based outside the UK. Where data is transferred outside the UK, we ensure adequate safeguards are in place in accordance with UK GDPR, including standard contractual clauses or adequacy decisions where applicable. We will not transfer your data to countries without an adequate level of protection without your explicit consent.

7. Data Retention

We retain your personal data only for as long as necessary for the purposes set out in this policy:

• Customer account data: For the duration of your subscription plus 6 years (UK statutory limitation period for commercial contracts)
• Financial and billing records: 7 years (HMRC requirement)
• Marketing data: Until you opt out or withdraw consent
• Support and communication records: 3 years from last contact
• Website analytics data: 26 months (standard analytics retention)
• CCTV / call recordings (if applicable): 30 days unless required for legal purposes

After the applicable retention period, data is securely deleted or permanently anonymised.

8. Cookies

Our website uses cookies to improve your experience. We use:

• Essential cookies: Required for the website to function — no consent needed
• Analytics cookies: To understand how visitors use our site (e.g. Google Analytics) — consent required
• Marketing cookies: For retargeting and conversion tracking — consent required

You can manage your cookie preferences at any time by clicking "Cookie Settings" or by adjusting your browser settings. Refusing non-essential cookies will not affect your use of the website.

9. Your Rights Under UK GDPR

As a data subject, you have the following rights. To exercise any of these, contact us at hello@revassist.co.uk or +44 7442 303217. We will respond within 30 days.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage. These measures include:

• Encryption of data in transit (TLS/HTTPS) and at rest
• Access controls and role-based permissions
• Regular security assessments and penetration testing
• Employee training on data protection and information security
• Secure data deletion procedures
• Incident response and breach notification procedures

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay where required by law.

11. Children's Privacy

RevAssist is a B2B platform intended for use by businesses. We do not knowingly collect or process personal data from children under the age of 18. If you believe a child has provided us with personal data, please contact us immediately at hello@revassist.co.uk.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by email (if you are a customer) or by posting a prominent notice on our website. The "Last Updated" date at the top of this page indicates when the policy was last revised. Continued use of our services after changes have been posted constitutes acceptance of the updated policy.

13. Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us: