Privacy policy.

Parts Resolve Ltd is the data controller for personal data we collect about account holders, prospective customers and visitors to our websites.

For DVLA vehicle data passed through our API on your behalf, you (the trade customer) are the controller for the use you make of that data; Parts Resolve acts as a processor for that flow.

Account data: name, business name, role, business email, telephone, billing address, VAT number where relevant.

Usage data: pages viewed, searches run, orders placed, devices and IP addresses, captured for security, fraud prevention and product improvement.

Vehicle lookup data: VRMs and the DVLA records they return, kept on a least-privilege basis. Raw DVLA responses are not logged at info level.

Communications: emails, support messages, partnership enquiries.

To operate the platform, route orders, verify trade accounts, prevent fraud, comply with legal obligations and improve the product.

To send service emails (account updates, security notices, important changes). We will only send marketing emails where you have opted in, and you can unsubscribe at any time.

Performance of contract: when we process data to provide you the service you signed up for.

Legitimate interest: for fraud prevention, platform security, low-risk product improvement and limited business-to-business marketing.

Consent: for optional marketing communications, non-essential cookies and similar.

Legal obligation: where we must process data to meet UK legal or regulatory requirements.

We share personal data with: suppliers and buyers as needed to fulfil your orders; payment processors; identity-verification and Companies House data providers; cloud hosting providers; and professional advisers (legal, accounting).

We do not sell personal data. We do not share VRM lookup history with third parties for marketing.

Personal data is stored in UK or EEA regions by default. Where a vendor is outside the UK / EEA, we rely on adequacy decisions or UK International Data Transfer Agreements / SCCs to safeguard the transfer.

Account data is retained while the account is active and for up to seven years after closure to meet UK accounting and tax obligations.

VRM lookup logs are retained for 24 months by default and then deleted or aggregated. Customers on enterprise plans can configure tighter retention.

Marketing data is deleted promptly on unsubscribe or after 24 months of no engagement, whichever comes first.

Under UK GDPR you have the right to access, rectify, erase, restrict, port and object to the processing of your personal data, and to withdraw consent where consent is the lawful basis. To exercise any of these, email privacy@partsresolve.co.uk.

You can complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk if you believe we have not handled your data properly. We would prefer the chance to put it right first.

We use industry-standard security: TLS in transit, encryption at rest for sensitive fields, role-based access, MFA for staff with access to production data, and audit logs on sensitive operations.

No platform is invulnerable. If we ever suffer a data breach affecting your data we will notify you and the ICO in line with UK GDPR.

Privacy questions: privacy@partsresolve.co.uk. Data subject requests: privacy@partsresolve.co.uk. We respond within one calendar month, faster where we can.