← GC.LABLast updated · May 2026

Privacy Policy

This policy explains how GC.LAB ("we", "us") collects and uses your personal data when you visit gc-lab.uk or book a service with us. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. The data controller is GC.LAB. Contact: hello@gc-lab.uk.

1. What we collect

  • Booking form: name, email, phone, BMW model, VIN (optional), preferred slot, timezone, and notes you provide.
  • Technical data: IP address, browser type, device, pages visited, referrer — collected via cookies and server logs (see Cookie Policy).
  • Correspondence: emails you send us and our replies.

2. Why we use it (lawful basis)

  • To deliver the service you requested — Art. 6(1)(b) UK GDPR (contract).
  • To reply to enquiries — Art. 6(1)(f) (legitimate interest in running our business).
  • To meet legal/accounting obligations — Art. 6(1)(c) (legal obligation).
  • Analytics & marketing cookies — Art. 6(1)(a) (your consent, which you can withdraw any time).

3. Who we share it with

We don't sell your data. We share it only with processors necessary to run the site and service: hosting (Lovable / Cloudflare), email (your email provider when you submit the form via mailto:), and, if applicable, payment providers. Affiliate clicks to eBay UK are governed by eBay's own privacy policy — we receive aggregate commission reports, not personal data.

4. How long we keep it

  • Booking enquiries: up to 24 months after last contact, then deleted.
  • Invoiced jobs: 6 years (HMRC requirement).
  • Server logs: 30 days.

5. Your rights

You can ask us, free of charge, to:

  • access a copy of your data;
  • correct inaccurate data;
  • delete your data ("right to be forgotten");
  • restrict or object to processing;
  • port your data to another provider;
  • withdraw consent for analytics cookies at any time via the cookie banner.

Email hello@gc-lab.uk with "Data request" in the subject. We reply within one calendar month.

6. International transfers

Some of our processors are based outside the UK (e.g. US-based hosting). Where data leaves the UK we rely on the UK International Data Transfer Addendum or equivalent safeguards.

7. Security

Connections are encrypted with TLS. Remote coding sessions run on your own laptop — we never store your VIN beyond the booking record.

8. Complaints

If you're unhappy with how we handle your data you can complain to the UK Information Commissioner's Office: ico.org.uk — but please contact us first so we can put things right.

9. Changes

We may update this policy. The "Last updated" date above shows the latest revision.

PrivacyTermsCookies← Back home