Privacy Policy
Last Updated: 12 March 2025
CarSpot (the "Company," "we," "our," or "us") is committed to respecting your privacy and protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard personal data when you visit our website or use our services, in accordance with the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.
1. Who We Are
CarSpot is an online platform that connects car buyers with dealer listings. We are based in Ireland, and all data processing activities take place within the European Union. You can contact us regarding any privacy concerns at [email protected].
2. Data We Collect
For Website Visitors (No Account)
- IP Addresses: We collect IP addresses for legitimate purposes such as counting unique car views, preventing abuse of our forms, and ensuring system security. Your IP address is stored temporarily for these purposes and for anti-abuse protection (up to 24 hours for contact forms, up to 7 days for finance applications).
- Device Identifiers: We use anonymized identifiers to distinguish between different users without personally identifying you. These identifiers are stored in cookies and used for security and anti-abuse purposes.
- Contact Form Data: When you submit an inquiry, we collect your name, email address, phone number (optional), message content, and if applicable, trade-in information you provide.
- Finance Application Data: When you apply for finance, we collect personal information including identification details, contact information, financial information, employment details, and bank account information as required for credit assessment purposes.
Our legal basis for collecting this information is legitimate interests (GDPR Article 6(1)(f)) for analytics and anti-abuse measures, and contract fulfillment (GDPR Article 6(1)(b)) for processing inquiries and finance applications at your request.
For Dealers (With Accounts)
- Account Information: Name, email address, phone number, and organization details.
- Business Information: Organization name, address, contact details, logo, opening hours, and other business information.
- Session Data: IP addresses, login times, and device information for security purposes.
- Car Listing Data: Information about vehicles you list including images, specifications, and pricing.
Our legal basis for collecting dealer information is contract fulfillment (GDPR Article 6(1)(b)) and legitimate interests for security purposes (GDPR Article 6(1)(f)).
Cookies and Similar Technologies
We use cookies for essential website functions, security, and to prevent abuse of our services. These include:
- Essential cookies: Required for site functionality and security.
- Anti-abuse cookies: Used to prevent form submission abuse and protect our services.
These cookies are necessary for the provision of our services and therefore are exempt from the consent requirement under the ePrivacy Directive and the Irish S.I. No. 336/2011 - European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011.
Analytics
We use Plausible for privacy-friendly analytics. Plausible does not collect personal data beyond high-level usage metrics (no cookies), in accordance with the ePrivacy Directive and GDPR. For more details, see Plausible's Data Policy.
Cookies and Tracking
Our site uses the following cookies:
| Name | Purpose | Duration | Type |
|---|---|---|---|
| Authentication cookies | Used to maintain your session when logged in as a dealer | Session / 30 days if "remember me" selected | Essential |
| car_inquiry_user_id | Prevents duplicate car inquiries and finance applications | 30 days | Functional |
| plausible_* | Analytics that respects privacy (no personal information collected) | 24 hours | Analytics |
| cookie-consent | Records your cookie preferences | 6 months | Essential |
We use Plausible Analytics, a privacy-friendly analytics service that doesn't use cookies for tracking visitors and doesn't collect any personal data. All collected data is aggregated and cannot be used to identify individual users.
You can change your cookie preferences at any time by clearing your browser cookies and revisiting our site.
3. How We Use Your Data
- Car View Counting: We temporarily store IP addresses to ensure accurate view counts for each listing. This data is automatically purged after a short period.
- Dealer Inquiries: When you submit a contact form or inquiry, we store these details (name, email, phone, message, and any optional trade-in fields) in our database so the dealer can access them. The relevant dealer has direct access to these inquiries.
- Finance Applications: Finance application data is stored securely and shared with the relevant dealer only. This data is used solely for processing your finance application.
- Anti-Abuse Measures: We create temporary identifiers combining your IP address and other factors (when necessary) to prevent abuse of our services, such as form spamming or excessive submissions. These identifiers help us maintain fair use of our platform while minimizing data collection.
- Security: We process login information and session data for dealer accounts to ensure account security and prevent unauthorized access.
4. Data Retention
- IP addresses for view counting: Stored temporarily and automatically purged after a short period.
- Anti-abuse identifiers: Stored for up to 24 hours for contact form submissions and up to 7 days for finance applications.
- Inquiries: Stored in our database for dealers to review until they are archived or removed by the dealer.
- Finance applications: Stored for the duration required by financial regulations and legal requirements (generally up to 7 years after completion).
- Dealer account information: Maintained for the duration your account is active and for a reasonable period afterward for legal and business purposes.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations. We have implemented appropriate data retention policies to ensure data is not kept longer than needed.
5. Your Rights
Under the GDPR and Irish data protection law, you have the following rights:
- Right of Access (Article 15 GDPR): Request a copy of your personal data.
- Right to Rectification (Article 16 GDPR): Correct inaccurate or incomplete information.
- Right to Erasure (Article 17 GDPR): Request deletion of your personal data in certain circumstances.
- Right to Restriction of Processing (Article 18 GDPR): Request limiting how we use your data.
- Right to Data Portability (Article 20 GDPR): Request transfer of your data in a machine-readable format.
- Right to Object (Article 21 GDPR): Object to our processing of your personal data, particularly for processing based on legitimate interests.
- Rights Related to Automated Decision Making (Article 22 GDPR): We do not currently employ automated decision-making or profiling.
To exercise these rights, please contact us at [email protected]. We will respond to your request within one month as required by GDPR. This period may be extended by up to two additional months if necessary, taking into account the complexity and number of requests.
You also have the right to lodge a complaint with the Data Protection Commission (DPC), the Irish supervisory authority for data protection issues, if you believe we have not handled your data in accordance with applicable law.
6. Security Measures
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption of sensitive data at rest and in transit
- Regular security assessments and penetration testing
- Access controls and strict authentication requirements
- Staff training on data protection
- Secure data storage in Irish/EU facilities
However, no security system is impenetrable, and we cannot guarantee the absolute security of your data. We regularly review and update our security measures to reflect best practices and current technology.
7. Data Sharing
We share your data with:
- Car dealers: When you submit an inquiry or finance application regarding a specific vehicle.
- Service providers: Companies that help us operate our website and services (e.g., EU-based hosting providers, email services).
- Legal requirements: When required by law, court order, or to protect our legal rights.
We do not sell your personal data to third parties. When we engage third-party processors, we ensure they provide sufficient guarantees to implement appropriate technical and organizational measures that meet GDPR requirements and protect your rights.
8. Data Transfers
All our services and data processing activities are conducted within the European Union. Your personal data is stored on servers located within the EU and is not transferred outside the European Economic Area (EEA). This ensures your data is protected by the high standards of data protection required by GDPR and Irish law.
Should any change to this policy become necessary in the future, we will update this Privacy Policy and implement appropriate safeguards in compliance with GDPR requirements.
9. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the updated policy on our website with a new "Last Updated" date.
For material changes to this Privacy Policy, we will make reasonable efforts to provide notice, such as a prominent website notification or, for registered dealers, an email notification when practicable.
10. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Privacy Team
Email: [email protected]
Data Protection Officer
Email: [email protected]