Privacy Policy
Last updated: May 2026
1. Who We Are
SimpleMOT operates the website https://simplemot.co.uk and provides an MOT cancellation finder and booking service for customers in Northern Ireland. SimpleMOT is the data controller for the personal data collected through this website and our service.
If you have any questions about this privacy policy or how we handle your personal data, you can contact us at: [email protected]
SimpleMOT is not affiliated with the Driver & Vehicle Agency (DVA) – Northern Ireland or NIdirect.
2. What Personal Data We Collect and Why
We collect personal data that is necessary to provide our MOT cancellation finder service to you. The types of data we collect depend on how you interact with us.
2.1 When You Submit a Booking Request
When you fill in our MOT cancellation finder form, we collect:
- your name
- your email address
- your phone number (mobile)
- your vehicle registration number or trailer ID
- your existing MOT booking reference number
- your preferred MOT test centre location
- your preferred date range for the appointment
Why: This information is necessary for us to perform the service you have requested — namely, to search for MOT cancellations and book a new appointment on your behalf. The lawful basis for this processing is contractual necessity (UK GDPR Article 6(1)(b)) — we need this data to fulfil our contract with you.
2.2 Authentication Codes
As part of our service, you will receive authentication codes (via SMS) from the DVA booking system which you forward to us. These codes are used solely to gain temporary access to your MOT booking so we can search for and secure cancellation appointments on your behalf. Authentication codes are time-sensitive and are deleted immediately after the authentication process is complete or upon expiry, whichever occurs first.
2.3 Payment Information
When you pay for our service, your payment is processed by our third-party payment provider. SimpleMOT does not directly collect or store your full credit/debit card details. We may receive and retain a transaction reference, confirmation of payment, and basic billing information from our payment provider for tax, accounting, and dispute resolution purposes.
2.4 When You Contact Us
If you contact us by email, phone, or through our website contact form, we collect the information you provide in your message (such as your name, email address, phone number, and the content of your enquiry). We use this to respond to your enquiry and to manage your booking.
Why: This processing is based on contractual necessity (if related to an active booking) or our legitimate interest in responding to enquiries and maintaining records for dispute resolution (UK GDPR Article 6(1)(f)).
2.5 Website Usage Data
When you visit our website, we may automatically collect certain technical data, including:
- your IP address
- browser type and version
- operating system
- pages visited and time spent on those pages
- referring website address
Why: This data helps us maintain and improve our website, ensure security, and understand how visitors use our site. The lawful basis is our legitimate interest in operating and improving our website (UK GDPR Article 6(1)(f)).
3. Cookies
Our website uses cookies — small text files placed on your device — to help the site function properly and to understand how visitors use it.
3.1 Essential Cookies
These are necessary for the website to function and cannot be switched off. They include cookies that remember your session and any form data you have entered.
3.2 Analytics Cookies
We may use analytics tools (such as Google Analytics) to understand how visitors interact with our website. These cookies collect information anonymously and help us improve the site. You can opt out of analytics cookies through your browser settings or through the cookie consent mechanism on our website.
3.3 Managing Cookies
You can control and delete cookies through your browser settings. Please note that disabling certain cookies may affect how our website functions. For more information about cookies and how to manage them, visit www.aboutcookies.org.
4. Who We Share Your Data With
We do not sell your personal data to any third party. We may share your data with the following categories of recipients where necessary to provide our service:
- DVA booking system: We access the DVA online booking system on your behalf using the authentication credentials you provide, in order to search for and book MOT cancellation appointments. SimpleMOT is not affiliated with the DVA.
- Payment providers: Your payment information is processed by our third-party payment provider in order to complete your transaction.
- Hosting and IT service providers: Our website and systems are hosted by third-party providers who may process data on our behalf under appropriate data processing agreements. These providers may be located in the United Kingdom, the European Economic Area, or other countries covered by a UK adequacy decision or appropriate safeguards (see Section 8 below).
- SMS/messaging services: We use third-party messaging services to communicate with you about your booking and the authentication process.
- Legal or regulatory authorities: We may disclose your data if required to do so by law, regulation, or court order, or to protect our rights or the rights of others.
- Professional advisors: We may share data with our accountants, legal advisors, or auditors where necessary for the management of our business, subject to appropriate confidentiality obligations.
All third-party service providers are required to process your data securely and in accordance with applicable data protection law. Where we engage processors, we ensure appropriate data processing agreements are in place.
5. How Long We Keep Your Data
We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. The maximum retention periods for each category of data are set out below.
SimpleMOT reserves the right to securely delete or anonymise your personal data at any time before the maximum retention period expires if we determine that the data is no longer required for any of the purposes described in this policy. The periods below represent the maximum we may retain your data — not a commitment to retain it for the full duration.
| Data type | Maximum retention period | Justification |
|---|---|---|
| Booking request details (name, email, phone, vehicle registration, booking reference, preferred location and dates) | Up to 6 years from the date the service is completed or the request expires | To defend or pursue legal claims under the Limitation (Northern Ireland) Order 1989 (6-year limitation period for contract claims) and to resolve customer disputes |
| Authentication codes | Deleted immediately after use or expiry | No ongoing purpose; codes are temporary by nature |
| Payment and financial records (transaction references, invoices, payment confirmations) | Up to 6 years from the end of the financial year in which the transaction occurred | Required by HMRC for tax and accounting purposes; Companies Act 2006 record-keeping obligations |
| Customer correspondence (emails, SMS messages, support enquiries) | Up to 6 years from the date of the last communication | To resolve disputes, defend legal claims, and maintain service quality records |
| Records relating to suspected misuse or abuse of SimpleMOT’s service (see Terms and Conditions, Section 11.5) | Up to 6 years from the date of the incident | To protect SimpleMOT’s systems and to defend legal claims; legitimate interest in preventing fraud and abuse |
| Website usage data and analytics | Up to 26 months | Standard analytics retention; legitimate interest in understanding website usage patterns |
| Cookie data | Varies by cookie type (session cookies are deleted when you close your browser; persistent cookies up to 12 months) | Website functionality and analytics purposes |
After the applicable retention period, your data will be securely deleted or anonymised. Where data has been anonymised so that it can no longer be linked to any individual, we may retain it indefinitely for statistical or analytical purposes, as anonymised data is no longer considered personal data under UK GDPR.
6. How We Protect Your Data
We take the security of your personal data seriously and use appropriate technical and organisational measures to protect it against unauthorised access, loss, misuse, or alteration. These measures include:
- encrypted connections (SSL/TLS) on our website
- restricted access to personal data on a need-to-know basis
- secure storage of customer records
- regular reviews of our security practices
- data processing agreements with all third-party service providers
While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.
7. Your Rights Under UK GDPR
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the following rights in relation to your personal data:
- Right of access: You can request a copy of the personal data we hold about you.
- Right to rectification: You can ask us to correct any inaccurate or incomplete data.
- Right to erasure: You can ask us to delete your personal data, subject to certain legal exceptions (for example, where we are required to retain it for tax purposes or to defend legal claims).
- Right to restrict processing: You can ask us to limit how we use your data in certain circumstances.
- Right to data portability: You can request that we provide your data in a structured, commonly used, machine-readable format.
- Right to object: You can object to our processing of your data where we rely on legitimate interest as the lawful basis.
- Right to withdraw consent: Where we process your data based on your consent, you can withdraw that consent at any time without affecting the lawfulness of processing carried out before the withdrawal.
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. In exceptional circumstances, we may extend this by a further two months, in which case we will inform you within the first month. In some cases, we may need to verify your identity before processing your request. There is no fee for exercising your rights, unless your request is manifestly unfounded or excessive.
Please note that where we retain data for the purposes of defending legal claims or complying with legal obligations (such as HMRC requirements), we may not be able to fulfil an erasure request until the relevant retention period has expired.
8. International Data Transfers
Your personal data is primarily processed and stored within the United Kingdom. However, some of our third-party service providers (such as hosting, analytics, or messaging services) may process or store data in countries outside the UK.
Where we transfer personal data outside the UK, we ensure that appropriate safeguards are in place to protect your data in accordance with UK GDPR requirements. These safeguards may include:
- UK adequacy decisions: We may transfer data to countries that the UK Government has determined provide an adequate level of data protection (including EEA countries, and countries covered by existing UK adequacy regulations).
- International Data Transfer Agreement (IDTA) or Addendum: Where no adequacy decision applies, we use the ICO-approved International Data Transfer Agreement or the international data transfer addendum to the EU Standard Contractual Clauses to ensure your data is protected to UK standards.
- Data Privacy Framework: For transfers to the United States, we may rely on providers certified under the UK Extension to the EU-US Data Privacy Framework.
We carry out a data protection assessment for any restricted transfers to ensure that the level of protection for your personal data is not materially lower than under UK law. You may contact us at [email protected] if you would like further information about the specific safeguards applied to any international transfer of your data.
9. Children’s Privacy
Our service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us and we will take steps to delete that information.
10. Changes to This Privacy Policy
We may update this privacy policy from time to time to reflect changes in our practices, our service providers, legal requirements, or for other operational reasons. Any changes will be posted on this page with an updated “Last updated” date. We encourage you to review this policy periodically. Where changes are significant, we may notify you directly (for example, by email) where we hold your contact details and it is appropriate to do so.
11. How to Complain
If you are unhappy with how we have handled your personal data, we would like the chance to resolve it. Please contact us at [email protected] and we will do our best to address your concerns.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection.