GDPR Compliance

How Mekavo protects your data and upholds your rights under the General Data Protection Regulation.

Last updated: 5 March 2026

This page explains how USK DIGITAL LTD (trading as "Mekavo") complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the EU General Data Protection Regulation (EU GDPR).

For full details on what data we collect and how we use it, please read our Privacy Policy.

1. Our Commitment to Data Protection

Mekavo is committed to protecting the personal data of our users and their customers. We have implemented appropriate technical and organisational measures to ensure compliance with data protection laws, including:

  • Data minimisation — we only collect data that is necessary for the Service
  • Purpose limitation — data is used only for the purposes stated in our Privacy Policy
  • Storage limitation — data is retained only as long as necessary
  • Integrity and confidentiality — data is protected through encryption and access controls
  • Accountability — we document our data processing activities and policies

2. Data Controller vs Data Processor

Understanding roles is important under GDPR:

Mekavo as Data Controller

We are the data controller for personal data we collect directly from you, such as:

  • Your account registration information
  • Payment and billing data
  • Support enquiries and communications
  • Website usage and analytics data

Mekavo as Data Processor

When you store your customers' data in Mekavo (names, phone numbers, vehicle details, job records), you are the data controller and Mekavo is the data processor. This means:

  • You decide what data to collect and how to use it
  • You are responsible for having a lawful basis to process your customers' data
  • We process your customers' data only on your instructions, as described in our Data Processing Agreement

3. Lawful Basis for Processing

We process personal data under the following legal bases:

  • Contract (Article 6(1)(b)): To provide the Service you signed up for
  • Legitimate interest (Article 6(1)(f)): Platform improvement, security, fraud prevention
  • Consent (Article 6(1)(a)): Marketing emails and non-essential cookies
  • Legal obligation (Article 6(1)(c)): Tax compliance, regulatory requirements

4. Your Data Subject Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access (Article 15): Request a copy of the personal data we hold about you
  • Right to rectification (Article 16): Request correction of inaccurate data
  • Right to erasure (Article 17): Request deletion of your data ("right to be forgotten")
  • Right to restrict processing (Article 18): Request that we limit how we use your data
  • Right to data portability (Article 20): Receive your data in a structured, machine-readable format (JSON or CSV)
  • Right to object (Article 21): Object to processing based on legitimate interest or direct marketing
  • Right not to be subject to automated decision-making (Article 22): We do not use fully automated decision-making that affects you

5. How to Exercise Your Rights

To exercise any of these rights:

  1. Email us at with the subject "Data Subject Request"
  2. Include your full name and the email address associated with your Mekavo account
  3. Specify which right you wish to exercise

We will verify your identity and respond within 30 days. In complex cases, we may extend this by a further 60 days (we will notify you if this is the case).

There is no fee for exercising your rights, unless the request is manifestly unfounded or excessive.

6. Data Processing Agreement

If you use Mekavo to store your customers' personal data, a Data Processing Agreement (DPA) governs how we process that data on your behalf. The DPA covers:

  • The nature and purpose of processing
  • The types of data processed
  • Security measures we implement
  • Sub-processor obligations
  • Data breach notification procedures
  • Data return and deletion upon termination

To request a copy of our DPA, email .

7. International Data Transfers

Our primary servers are located in the UK and EEA. Where data is transferred outside these regions (e.g., by sub-processors), we ensure GDPR-compliant safeguards:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • UK International Data Transfer Agreement (IDTA)
  • Adequacy decisions where applicable

8. Data Breach Response

In the event of a personal data breach:

  • We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (as required by Article 33)
  • If the breach is likely to result in a high risk to your rights, we will also notify affected individuals without undue delay (Article 34)
  • We maintain an internal breach register documenting all incidents, their effects, and remedial actions taken

9. Data Protection Contact

For all data protection matters, contact us at:

Data Protection Team
USK DIGITAL LTD (trading as Mekavo)
76 Letchworth Rd, Leicester, LE3 6FH, UK

Email:

10. Complaints

If you believe we have not handled your data correctly, we encourage you to contact us first so we can resolve the issue.

If you are unsatisfied with our response, you have the right to lodge a complaint with your local supervisory authority:

  • UK: Information Commissioner's Office (ICO) — ico.org.uk
  • Ireland: Data Protection Commission (DPC) — dataprotection.ie
  • Spain: Agencia Espanola de Proteccion de Datos (AEPD) — aepd.es
  • Germany: Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (BfDI) — bfdi.bund.de

We use cookies to keep you logged in and improve your experience. We don't use tracking or advertising cookies. Cookie Policy