Privacy Notice
Last updated: May 2026. Effective: May 2026.
1. Who we are
carfaultcodes.co.uk is operated by Cost Savvy Motors Limited, registered in England and Wales (company no. 03706413). Registered office: 5 Parkgate, 117 Liverpool Road, Longton, Preston, England, PR4 5AA. We are the data controller for personal data collected on carfaultcodes.co.uk.
For privacy-related questions:
- Contact form: carfaultcodes.co.uk/contact (select "Privacy / GDPR / data request")
- Post: Data Protection, Cost Savvy Motors Limited, 5 Parkgate, 117 Liverpool Road, Longton, Preston, England, PR4 5AA
2. What carfaultcodes.co.uk does, and does not, do
carfaultcodes.co.uk is a free, read-only fault code information library. You can search for an OBD fault code and read a plain-English explanation. The site does not:
- ask for your vehicle registration mark (VRM)
- generate vehicle valuations or quotes
- collect payment or financial information
- require you to create an account or log in
The only personal data we collect comes from (a) contact form submissions you choose to make, and (b) analytics tools that collect anonymised usage data automatically.
3. The data we collect
| Category | Examples | Source |
|---|---|---|
| Contact data | Name, email address, message content | You, via the contact form |
| Technical data | IP address, device type, browser, OS, time zone, referring URL | Captured automatically on each page request |
| Usage data | Pages visited, fault codes searched, time on page | Captured automatically via analytics tools |
We do not collect special category personal data, financial data, VRMs, or vehicle valuation data on carfaultcodes.co.uk.
4. How we use your data and our lawful basis
| Purpose | Data used | Lawful basis |
|---|---|---|
| Respond to contact form enquiries | Name, email, message | Article 6(1)(b), steps at your request, or Article 6(1)(f), legitimate interests |
| Improve the site, fix bugs, prevent abuse | Technical data, usage data | Article 6(1)(f), legitimate interests |
| Understand how the site is used (analytics) | Anonymised usage and technical data | Article 6(1)(f), legitimate interests / consent where required by PECR |
5. Who we share your data with
| Recipient | What | Why | Role |
|---|---|---|---|
| Netlify Inc. | Technical data (server logs) | Hosting and CDN | Processor |
| Google Analytics (Google Ireland Ltd) | Anonymised usage and technical data | Site performance measurement | Processor |
| Microsoft Clarity (Microsoft Corp) | Session recordings, heatmaps | UX improvement | Processor |
We do not sell your personal data. We do not pass your details to third parties for their own marketing. We do not share contact form data with any third party outside of secure hosting infrastructure.
6. International transfers
Where processors above operate outside the UK, transfers are subject to appropriate safeguards under UK GDPR Article 46 (UK SCCs / IDTA / adequacy decisions where applicable). Netlify and Google operate under standard contractual clauses or equivalent mechanisms.
7. How long we keep your data
| Data type | Retention period | Reason |
|---|---|---|
| Contact form submissions | 24 months | Customer service and follow-up window |
| Technical and usage data | 26 months | Analytics trend analysis (Google Analytics default) |
8. Your rights
- Access, a copy of personal data we hold about you.
- Rectification, correct inaccurate or incomplete data.
- Erasure, delete your data, subject to legal obligations.
- Restrict processing, limit how we use your data while a dispute is resolved.
- Data portability, receive your data in a machine-readable format.
- Object, object to processing based on legitimate interests.
- Withdraw consent, at any time, where processing is based on consent.
To exercise any of these rights, use the contact form and select "Privacy / GDPR / data request". We will respond within one calendar month. You also have the right to complain to the ICO at ico.org.uk or 0303 123 1113.
9. Security
All data in transit is protected by TLS. Our hosting and processing infrastructure uses encryption at rest, access controls, and regular security reviews. If we experience a personal data breach likely to affect your rights, we will notify the ICO within 72 hours and contact you directly where required.
10. Cookies
Read alongside our Cookie Policy. We use strictly necessary cookies for site operation, and analytical cookies (Google Analytics, Microsoft Clarity) which may require your consent under PECR.
11. Changes to this notice
Material changes will be noted on this page. The "Last updated" date above always reflects the current version.