Privacy Policy

Matei Motors (trading name of M&M'S Recovery LTD) operates this website. We are a family-run MOT centre and garage based at Unit 3, 38 Northampton Road, Scunthorpe, DN16 1UJ. For any privacy-related queries, contact us at [email protected] or call 07440 228 656.

We collect the following types of personal data:

• Account Information: Name, email address, phone number, and encrypted password when you create an account.
• Vehicle Information: Registration number, make, model, year, mileage, VIN, engine number, and MOT expiry date.
• Booking Information: Service requests, preferred dates and times, and any notes you provide.
• Contact Form: Name, email, phone (optional), and message content.
• MOT Inspection Records: Inspection results, defects, advisory items, odometer readings, brake test results, and emissions data.
• Usage Data: If you accept cookies, we collect anonymous browsing data via Google Analytics (pages visited, time on site, device type).

• Contract Performance: To provide our garage services, manage bookings, and maintain service records.
• Legal Obligation: MOT inspection records must be retained as required by DVSA regulations.
• Legitimate Interest: To communicate with you about your vehicle, send service reminders, and improve our services.
• Consent: For analytics cookies (Google Analytics) — you can accept or reject these via our cookie banner.

• To create and manage your customer account.
• To process bookings and provide requested services.
• To maintain accurate vehicle and MOT inspection records.
• To respond to contact form enquiries.
• To send service-related notifications (welcome emails, booking confirmations).
• To improve our website and services through anonymised analytics.

We take data security seriously and implement the following measures:

• Encryption: All passwords are hashed using bcrypt. Data is transmitted over HTTPS (TLS encryption).
• Access Control: Role-based access ensures only authorised staff can view customer data.
• Security Headers: Our website uses Content-Security-Policy, HSTS, and other protective HTTP headers.
• Rate Limiting: Login attempts and contact form submissions are rate-limited to prevent abuse.
• Input Sanitisation: All user inputs are sanitised to prevent injection attacks.
• Database Security: Our database is hosted with encrypted connections and restricted access.

We do not sell your personal data to third parties. We may share data with:

• DVSA: MOT test results are submitted as legally required.
• Service Providers: We use secure cloud hosting (Abacus AI) to store data. These providers act as data processors under contract.
• Google Analytics: If you consent to cookies, anonymised browsing data is shared with Google for analytics purposes.

Our website uses the following types of cookies:

• Essential Cookies: Required for login sessions and website functionality. These cannot be disabled.
• Analytics Cookies (Optional): Google Analytics cookies that help us understand how visitors use our site. These are only loaded after you give consent via our cookie banner.

You can change your cookie preferences at any time by clearing your browser cookies and revisiting our site — the consent banner will reappear.

Under the UK General Data Protection Regulation, you have the right to:

• Access: Request a copy of all personal data we hold about you.
• Rectification: Ask us to correct any inaccurate data.
• Erasure: Request deletion of your personal data (subject to legal retention requirements).
• Restriction: Ask us to limit how we process your data.
• Portability: Receive your data in a machine-readable format.
• Object: Object to processing based on legitimate interest.
• Withdraw Consent: Withdraw cookie consent at any time.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

• Account Data: Retained as long as your account is active. You can request deletion at any time.
• MOT Records: Retained for a minimum period as required by DVSA regulations.
• Contact Messages: Retained for up to 12 months, then deleted.
• Analytics Data: Google Analytics data is retained for 14 months by default.

Our services are not directed at individuals under 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated date. We encourage you to review this page periodically.

If you are not satisfied with how we handle your data, you have the right to complain to the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Phone: 0303 123 1113