top of page
Screenshot 2025-11-24 142636.png

As a UK based business our handling of your information is controlled by the UK Data Protection Act 2018 and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (known as UK GDPR).

 

We take your privacy and data protection seriously and are committed to handling your personal data responsibly, securely, and transparently. This Privacy Policy explains how the Box Doctor Ltd trading as The Box Doctor accessible at https://theboxdoctor.co.uk / ("we", "us", "our") collects, uses, stores, discloses and protects personal data in connection with our truck repair services and the use of our website.

 

For any privacy related inquiries, please contact us at admin@theboxdoctor.co.uk

                                    

What Is The Purpose Of This Policy?

This Privacy Policy describes how The Box Doctor Ltd collects, uses, and discloses your personal information when you visit, or use our services, available at https://theboxdoctor.co.uk/ (the "Site") or otherwise communicate with us regarding the Site (collectively, the "Services").

 

The Box Doctor process all User’s data in accordance with the UK Data Protection Act 2018 and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (known as UK GDPR) and the EU Consumer Rights Directive (2011/83/EU).

 

  1. When you Use our service

  2. When you visit our website.

  3. When you visit our social media pages.

  4. When you visit our offices.

  5. When you receive communications such as emails.

  6. When you interact with us via phone calls, these calls may be recorded for training and monitoring purposes.

 

Nothing in this policy affects your rights under applicable Data Protection Legislation. Finally, our website may contain links to other websites for your ease and convenience, we are not responsible for them, or how they operate or their security provision.

Applicable Legal Framework

The applicable legal framework for our Privacy Policy procedure is the EU General Data Protection Regulation (EU) 2016/679 (GDPR), the UK GDPR and the Data Protection Act 2018.

 

We take privacy and security seriously. Our internal policies, access controls, and security systems adhere to industry standard safeguards, including encryption, access limitation, and continuous monitoring. While no system is completely immune to risk, we regularly test and update our security measures to reduce the likelihood of unauthorized access or misuse.

3.Your Consent

In accordance with Article 9(2) (a) GDPR, you hereby give your explicit and informed consent to the processing of any related personal data submitted through the Website.

 

This consent is given voluntarily and can be withdrawn at any time by emailing admin@theboxdoctor.co.uk. As a User of the Website, you accept the conditions and consent to the processing of your submitted data for the sole purpose of providing the service.

Data Controller

For purposes of the data protection law, we are the "data controller", meaning we are responsible for how we handle your data.

 

The Box Doctor Ltd

Unit 5 Webber Estates,

Webber Rd, Liverpool,

L33 7SQ.

Email: admin@theboxdoctor.co.uk
website: https://theboxdoctor.co.uk/

 

The Box Doctor Ltd ("the Legal Entity with legal information defined in this section ") owns and operate the Website located at https://theboxdoctor.co.uk/

5. What Data We Collect

When you use the Box Doctor website. We only collect the information necessary to operate our platform, communicate with you, and improve our services. Below is the types of data we collect, how we collect it;

 

  1. Contact & identity data: name, email, phone, billing address.

  2. Service data: course notes, training materials, client materials you provide.

  3. Payment data: invoicing information (we do not store full card numbers; payments processed by third-party processors).

  4. Technical & usage data: IP address, browser, device, cookies and analytics for website performance and security.

  5. Marketing preferences and communications consents.

 

This data collection framework ensures transparency, necessity, and proportionality, principles central to GDPR compliance’ while enabling The Box Doctor to deliver relevant services and maintain a secure, high-quality user experience.

6. How We Collect Your Personal Information

The information that we collect and use varies depending on how you interact with us. We may collect the following categories of personal data from you when you:

 

  1. Contact details (such as name, email address, telephone number)

  2. Vehicle information (including registration number, vehicle condition, repair history, and diagnostic data)

  3. Billing and payment information

  4. Communications with us relating to enquiries or repair services.

  5. To Ensure Data Security and Fraud Prevention: we monitor log analysis to detect suspicious behaviour.

 

We rely on legitimate interests as a legal basis, to ensure your interests are balanced against your privacy rights. So such collection or processing does not override your fundamental rights and freedoms. You may object to processing based on legitimate interests at any time (see “Your Rights” section). We do not collect personal data through user accounts or online payments via the Website.

How We Use Your Information

We use your personal data only for clearly defined and lawful purposes that are necessary for the operation of our platform and the fulfilment of our relationship with you. We do not use your data for any unrelated or undisclosed purposes, and we do not sell your data to third parties.

                                        

  1. To assess, diagnose, and carry out vehicle repair and maintenance services

  2. To communicate with customers regarding repairs, approvals, invoicing, and collection

  3. To issue invoices and receive payments

  4. To comply with legal, regulatory, and accounting obligations.

  5. If you have opted in to receive communications, we may use your contact details to send you product updates, new deals, and relevant offers. (You can withdraw your consent at any time).

  6. We may process or disclose your personal information if required to comply with a lawful governmental, judicial, or regulatory order.

  7. To pursue our legitimate business interests

 

Where required by law or where we rely on your consent, we will process your data only for the specific purposes outlined above. We will not use your personal data for any purposes beyond those listed above without first notifying you and, where required, obtaining your explicit consent.

Confidentiality and Disclosure

All personal data and customer information is treated as confidential and handled in accordance with applicable UK data protection law. We will not disclose personal data to third parties except where disclosure is:

  • Necessary for the provision of our services, including engagement with parts suppliers, insurers, or service partners;

  • Required by law, regulation, or a competent authority; or

  • Necessary to establish, exercise, or defend our legal rights.

 

Lawful Basis for Processing

We process your personal data based on one or more of the following lawful grounds:

 

Purpose

Activities

Legal Basis (GDPR Art. 6)

Explanation / Notes

To provide and operate our platform and services

Contact us Form, and access to the service

Performance of a contract (Art. 6(1)(b))

Necessary to deliver the services you request and maintain platform functionality

To process transactions and manage billing

Payments via service providers; sending invoices or receipts

Performance of a contract / Legal obligation (Arts. 6(1)(b),(c))

Required to process payments and comply with financial/tax laws

To communicate with you about your account or requests

Responding to contact forms, support tickets, or feedback

Legitimate interest (Art. 6(1)(f))

Necessary to respond to inquiries and maintain user relationships

To send newsletters, and marketing offers

Email campaigns, product recommendations, partner promotions

Consent (Art. 6(1)(a))

Sent only if you have opted in; you can withdraw consent anytime

To personalize and improve our website

Analytics, A/B testing, optimizing layout or deal recommendations

Legitimate interest / Consent (Arts. 6(1)(f),(a))

Our interest in maintaining system integrity and security outweighs minimal data impact

To comply with legal obligations

Record-keeping, responding to lawful requests from authorities

Legal obligation (Art. 6(1)(c))

Required under EU and national laws (e.g., financial, tax, data protection)

Cookie Policy

Like other websites, we use Cookies on our Site. We use Cookies to power and improve our Site and our Services (including to remember your actions and preferences), to run analytics and better understand user interaction with the Services (in our legitimate interests to administer, improve and optimize the Services). We may also permit third parties and services providers to use Cookies on our Site to better tailor the services, products and advertising on our Site and other websites.

 

Most browsers automatically accept Cookies by default, but you can choose to set your browser to remove or reject Cookies through your browser controls. Please keep in mind that removing or blocking Cookies can negatively impact your user experience and may cause some of the Services, including certain features and general functionality, to work incorrectly or no longer be available. Additionally, blocking Cookies may not completely prevent how we share information with third parties such as our advertising partners.

Who We Share Your Information With

At The Box Doctor, we value your privacy and handle your personal information responsibly. We do not sell, rent, or trade your personal data to third parties.
We share your information only when necessary to operate our business, fulfil our obligations to you, comply with the law, or enhance our services always under strict data protection and confidentiality controls. All third parties that receive User submitted data act as independent data controllers under the GDPR.

 

We may share your data with:

 

Category

Purpose/Function

Example Providers

Service Providers

To allow us to perform our services, we may share relevant vehicle or customer information with trusted third parties, including parts suppliers, diagnostic service providers, or insurers.

AWS, Google Analytics, Parts Suppliers, etc.

Professional Advisors

To obtain legal, accounting, or consulting services necessary for compliance and business operations

Legal counsel, auditors, data protection advisors

Business Partners and Vendors

To deliver or promote specific Services that you access through The Box Doctor website.

Verified vendors, affiliate networks

Legal and Regulatory Authorities

To respond to lawful requests, investigations, or court orders in accordance with applicable law.

UK or EU regulatory bodies, courts

 

Successors in Corporate Transactions

To enable continuity of service if ownership of The Box Doctor or its assets changes.

Acquiring or merging entities (subject to this Policy)

 

All sub processors:

 

  1. Are bound by written data processing agreements (DPAs);

  2. Must act only on our documented instructions;

  3. Are prohibited from using your data for their own purposes; and

  4. Must maintain appropriate security and confidentiality standards.

 

A current list of our sub processors is available when you send us a message. We will provide advance notice of any new sub processors via email or account notification, as required under our DPA, before any change becomes effective. You agree to give your Consent for the use and Sharing of your data, notwithstanding you reserve the right to revoke your consent by sending us an email.

International Transfers

Some of our processors are located, or may store data, outside the UK and the European Economic Area (EEA). In such cases, The Box Doctor ensures that appropriate safeguards are in place for international data transfers, including one or more of the following:

  1. Standard Contractual Clauses (SCCs) approved by the European Commission or the Italian Information Commissioner’s Office (ICO);

  2. Data Privacy Framework (DPF) participation, where applicable;

  3. Binding Corporate Rules (BCRs) for intra-group transfers; or

  4. Other mechanisms recognized under Articles 45–49 GDPR.

 

For further details on our transfer mechanisms, please see our Data Processing Addendum (DPA).  The Box Doctor remains the Data Controller for personal data processed on its behalf and retains overall responsibility for ensuring that its sub processors comply with applicable data protection standards. We conduct periodic reviews and audits to verify compliance with our security and privacy requirements.

Security Measures

We maintain a comprehensive information security management framework that includes the following safeguards:

  • Encryption. All data in transit is protected by TLS 1.2+ encryption, and all stored data is encrypted at rest using AES-256 or equivalent.

  • Access Controls. Personal data access is strictly limited to authorised employees and service providers with a legitimate business need, protected through role-based access controls (RBAC) and multi-factor authentication (MFA).

  • Data Minimisation and Pseudonymisation. We process only the personal data necessary for defined purposes and apply pseudonymisation or anonymisation techniques wherever feasible.

  • Network and Infrastructure Security. The Box Doctor employs secure cloud infrastructure hosted primarily on AWS and other certified environments compliant with ISO 27001, SOC 2, and GDPR Article 28 requirements.

  • Vulnerability Management. Regular security audits, penetration testing, and continuous vulnerability scanning are conducted to identify and mitigate emerging risks.

  • Employee Training. All staff undergo mandatory data protection and cybersecurity training as part of our compliance programme. Article 7(1) GDPR

 

If you have any further questions about our security and processing activities, please contact us via email.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, to comply with our legal obligations, and to protect our legitimate interests.
Retention periods are determined by considering

 

Category of Data

Purpose of Processing

Retention Period

Legal Basis / Notes

Profile Data (Vehicle Information)

Service access and authentication

Retained for the duration of the account and up to 12 months after closure

Contractual necessity / legitimate interests

Billing and Transaction Data

Accounting and tax compliance

7 years (EU legal requirement)

Legal obligation

Marketing and Communication Data

Promotional communications and user engagement

Until withdrawal of consent or 24 months after last interaction

Consent / legitimate interests

Support and Correspondence Logs

Customer support records

Up to 3 years after resolution

Legitimate interests

Technical and Log Data (IP, usage analytics)

Security monitoring and service performance

Up to 12 months, unless extended for security reasons

Legitimate interests

Backup and Archival Data

Business continuity

Maximum 90 days after deletion request

Legal and operational necessity

 

After these periods, personal data is securely deleted, anonymised, or aggregated for statistical purposes, ensuring it can no longer identify an individual.

Your Rights

Under the General Data Protection Regulation (EU) 2016/679 (GDPR), and other global data protection laws, you are recognised as a Data Subject and enjoy specific rights concerning your personal data. These rights apply irrespective of your nationality or place of residence, as long as your data is processed within the scope of applicable data protection laws. You can exercise any of your rights by contacting our Data Protection Officer (DPO) at admin@theboxdoctor.co.uk.

 

  1. Right to access: You have the right to obtain confirmation as to whether we process your personal data, and, where applicable, (art. 15 GDPR),

  2. Right to rectification: You may request correction or completion of any personal data that is inaccurate or incomplete. (art. 16 GDPR),

  3. Right to erasure: You have the right to request the deletion of your personal data (art. 17 GDPR),

  4. Right to restrict processing: You may request that we temporarily suspend the processing of your data (art. 18 GDPR),

  5. Right to object: You may object at any time to the processing of your personal data (art. 21 GDPR);

  6. Right to data portability: You may request a copy of your personal data that you have provided to us, in a structured, commonly used, and machine readable format (such as CSV or JSON) (art. 20 GDPR).

  7. Right to withdraw your consent: you can revoke your consent at any time by contacting us at admin@theboxdoctor.co.uk. Withdrawal of consent does not affect the lawfulness of processing conducted before withdrawal.

  8. Right to Lodge a Complaint. If you believe that we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with a Supervisory Authority in the country where you reside, work, or where the alleged infringement occurred.

 

Link to lodge a complaint:

  • For UK residents: contact the Information Commissioner’s Office (ICO)
    https://ico.org.uk/make-a-complaint/

Children's Privacy

Our services are not directed to children, and we do not knowingly collect or process personal information from anyone under the legal age of digital consent:

 

  • EU: under 16 (may vary 13–16 by Member State)

  • UK: under 13

If we discover that a child’s data has been collected without verified parental consent, we will delete or anonymise it within 30 days of notice, unless required by law to retain it. Parents or guardians who believe their child has shared personal data with us should contact admin@theboxdoctor.co.uk. We will verify the request and promptly erase the data.

 

Where age verification is required, we may use age-gating tools or parental consent workflows, ensuring no unnecessary data is collected. We comply with GDPR, Data Protection Act 2018, COPPA, and other global child privacy laws to maintain a safe, age-appropriate environment for all users.

Amendments and Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other operational reasons. The latest version will always be available on this page and marked with its last updated date.

 

If we make material changes that affect your rights or the way we process your personal data, we will notify you in advance by email, in product notice, or other reasonable means before the update takes effect. Your continued use of our website or services after any changes have been published means you accept the revised Policy. All modifications comply with GDPR, UK GDPR, and other applicable global data protection laws.

18.Supervisory authorities & further information

If you are in the United Kingdom and wish to file a complaint you may contact your local supervisory authority

                                               

For queries and complaints please email: admin@theboxdoctor.co.uk

bottom of page