GDPR Notice

For vehicle owners and fleet users

Last updated: 13 April 2026

1. Our Commitment to Your Data

This page explains how USK DIGITAL LTD (trading as Mekavo) complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the EU General Data Protection Regulation (EU GDPR) in the vehicle owner and fleet portal.

For full details on what data we collect and how we use it, please read our Privacy Policy.

We are committed to protecting the personal data of vehicle owners and fleet users. We have implemented appropriate technical and organisational measures to ensure compliance with data protection laws, including:

  • Data minimisation — we only collect data needed to manage your vehicles, reminders and account
  • Purpose limitation — your data is used only for the purposes stated in our Privacy Policy
  • Storage limitation — data is retained only as long as necessary
  • Integrity and confidentiality — protected through encryption and access controls
  • Accountability — we document our data processing activities and policies

2. Data Controller and Data Processor

Understanding roles is important under GDPR.

Mekavo as Data Controller

For your vehicle owner account, Mekavo is the data controller for personal data we collect directly from you, such as:

  • Your account registration (name, email, phone, password)
  • Vehicle records you create (registration plate, make, model, MOT/ITV dates, mileage, service history)
  • Inspection records and defect reports
  • Documents and photos you upload to your vehicles
  • Payment and billing data for VIP or fleet subscriptions
  • Support enquiries and portal usage analytics

Fleet Organisations

If you join a fleet organisation as a driver or member, the organisation owner is responsible for managing access to vehicles and inspections within that organisation. Mekavo provides the platform; the organisation decides who in the team can see what.

  • Organisation owners control which members can view vehicles and inspections
  • Vehicle records you create as part of an organisation may be retained by the organisation if you leave
  • Personal account data (your profile, login, personal vehicles) always remains under your sole control

3. Lawful Basis for Processing

We process your personal data under the following legal bases:

  • Contract (Article 6(1)(b)): To run your account, store your vehicle records and send the reminders you signed up for
  • Legitimate interest (Article 6(1)(f)): Portal improvement, security, fraud prevention
  • Consent (Article 6(1)(a)): Marketing emails and non-essential cookies
  • Legal obligation (Article 6(1)(c)): Tax records for paid subscriptions, regulatory requirements

4. Your Data Subject Rights

Under GDPR, you have the following rights regarding the personal data Mekavo holds about you:

  • Right of access (Article 15): Request a copy of the personal data we hold about you, including your vehicle records and service history
  • Right to rectification (Article 16): Request correction of inaccurate data — most account and vehicle data can also be updated directly from your dashboard
  • Right to erasure (Article 17): Request deletion of your account and vehicle data ("right to be forgotten")
  • Right to restrict processing (Article 18): Request that we limit how we use your data
  • Right to data portability (Article 20): Receive your account and vehicle data in a structured, machine-readable format (JSON or CSV)
  • Right to object (Article 21): Object to processing based on legitimate interest or direct marketing
  • Right not to be subject to automated decision-making (Article 22): We do not use fully automated decision-making that affects you

5. How to Exercise Your Rights

To exercise any of these rights:

  • Email us at [email protected] with the subject "Data Subject Request"
  • Include your full name and the email address linked to your My Mekavo account
  • Specify which right you wish to exercise

We will verify your identity and respond within 30 days. In complex cases we may extend this by a further 60 days (we will tell you if this happens).

There is no fee for exercising your rights, unless the request is manifestly unfounded or excessive.

6. International Data Transfers

Our primary servers are located in the UK and EEA. Where data is transferred outside these regions (for example by Stripe for payment processing), we ensure GDPR-compliant safeguards:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • UK International Data Transfer Agreement (IDTA)
  • Adequacy decisions where applicable

7. Data Breach Response

In the event of a personal data breach affecting vehicle owner accounts:

  • We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (as required by Article 33)
  • If the breach is likely to result in a high risk to your rights, we will also notify affected vehicle owners without undue delay (Article 34)
  • We maintain an internal breach register documenting all incidents, their effects, and remedial actions taken

8. Data Protection Contact

For all data protection matters, contact us at:

Data Protection Team
USK DIGITAL LTD
Company No. 16477044
76 Letchworth Road
Leicester, LE3 6FN
United Kingdom

Email: [email protected]

9. Complaints

If you believe we have not handled your data correctly, please contact us first so we can put it right.

If you are unsatisfied with our response, you have the right to lodge a complaint with your local supervisory authority:

  • UK: Information Commissioner's Office (ICO) — ico.org.uk
  • Ireland: Data Protection Commission (DPC) — dataprotection.ie
  • Spain: Agencia Española de Protección de Datos (AEPD) — aepd.es
  • Germany: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) — bfdi.bund.de

We use cookies to keep you logged in and improve your experience. We don't use tracking or advertising cookies. Cookie Policy