Data Protection Summary

This summary explains how CarSpot approaches data protection for Dealers and does not replace any separate data processing agreement that may be required by law.

• Roles: Where we process personal data on a Dealer's documented instructions (for example, forwarding a lead), we act as a processor. For our own platform operations (including account management, analytics, fraud prevention, and service improvement), we act as an independent controller.
• Processing Purpose: We process personal data to operate the Platform, facilitate communications, provide the Sell My Car service, and meet legal and security obligations, as described in our Privacy Policy.
• Dealer Obligations: Dealers must comply with applicable data protection laws when handling personal data received through our Platform, including providing appropriate privacy notices to customers.
• Security Measures: We implement appropriate technical and organisational measures to protect personal data as detailed in our Privacy Policy.
• Sub-processors: We may engage sub-processors (such as hosting providers) to fulfil our services. Where we act as a processor, we will ensure any sub-processors are bound by appropriate data protection terms.
• Data Subject Rights: We will provide reasonable assistance to Dealers in responding to data subject rights requests relating to data processed on their behalf.
• Data Breach: We will notify Dealers without undue delay upon becoming aware of a personal data breach affecting dealer customer data.
• Further Terms: If a formal Article 28 data processing agreement is required, we will provide it separately and incorporate it by reference.

For more detail, please review our Privacy Policy.