← Back to Home

Privacy Policy

Company information

UNLIMITED WASHING LTD
Company Number: 16789513
Registered Office: 45 Leopold Street, Derby, England, DE1 2HF
Wash Site: Turner Road, Worksop, S81 7AE
ICO Registration Number: ZC041906

Data Protection Contact: support@unlimitedwashing.co.uk
Website: https://www.unlimitedwashing.co.uk
Customer Portal: https://app.unlimitedwashing.co.uk

1. Introduction

At Unlimited Washing, we are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our unlimited car wash subscription service.

This Privacy Policy should be read together with our Terms and Conditions and Cookie Policy.

1.1 Who we are

Unlimited Washing Ltd is the data controller responsible for your personal data. This means we determine how and why your personal information is processed.

1.2 Legal basis for processing

We process your personal data in compliance with:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • Privacy and Electronic Communications Regulations (PECR)

2. What personal data we collect

2.1 Information you provide to us

When you register for our Service, create an account, or use our platform, we collect:

Account information:

  • Full name
  • Email address
  • Phone number (mobile)
  • Username and encrypted password
  • Account preferences and settings

Vehicle information:

  • Vehicle registration number (number plate)
  • Vehicle make and model
  • Vehicle color
  • Vehicle type (Standard Car, Crossover, 4x4/Large)
  • History of vehicle changes (for the 90-day restriction)

Subscription details:

  • Subscription plan type (Monthly or Annual)
  • Vehicle type selection and pricing tier
  • Number of vehicles on your account
  • Subscription start date and renewal date
  • Payment history and billing records
  • Additional vehicle discounts applied
  • Subscription status (active, suspended, cancelled)

Payment information:

  • Billing address
  • Payment card details (last 4 digits only - full card details are processed and stored securely by our payment provider Stripe, not by us)
  • Payment transaction history
  • Invoices and receipts

2.2 Information we collect automatically

Service usage data:

  • Wash history (dates and times you used the service)
  • Wash Pass (QR code) scans and access records
  • Site location visits
  • Frequency of service usage

Technical information:

  • IP address
  • Browser type and version
  • Device type (mobile, tablet, desktop)
  • Operating system
  • Referring website
  • Pages visited on our website
  • Time and date of visits
  • Login timestamps

This information is collected through cookies and similar technologies. See our Cookie Policy for more details.

2.3 Information from third parties

We receive limited information from:

  • Stripe (payment processor): Payment confirmation, transaction status, and payment method details
  • Email service providers: Email delivery status, open rates (for service emails only)
  • Faretext Limited (SMS provider): SMS delivery status and confirmation for account verification and service notifications

3. How we use your personal data

3.1 Providing the service

We use your personal data to:

  • Create and manage your account
  • Verify your identity and vehicle registration
  • Process your subscription and grant access to the car wash service
  • Generate your unique Wash Pass (digital QR code) for site access
  • Track service usage and wash history
  • Manage vehicle changes and enforce the 90-day restriction
  • Apply additional vehicle discounts correctly
  • Process upgrades and downgrades to vehicle types

Legal basis: Performance of contract - we need this information to provide the Service you have subscribed to.

3.2 Payment processing and billing

We use your personal data to:

  • Process monthly or annual payments
  • Manage automatic billing for monthly subscriptions
  • Calculate and apply additional vehicle discounts
  • Process pro-rated charges for vehicle upgrades
  • Issue refunds or credits for vehicle downgrades
  • Send invoices and payment receipts
  • Handle failed payments and payment disputes
  • Maintain accurate financial records for accounting and tax purposes

Legal basis: Performance of contract and legal obligation (tax and accounting laws require us to keep financial records for 7 years).

3.3 Customer support and communications

We use your personal data to:

  • Respond to your enquiries, questions, and support requests
  • Send important service updates and notifications
  • Notify you of payment issues or subscription changes
  • Inform you of site closures, weather-related unavailability, or service interruptions
  • Send subscription renewal reminders
  • Process cancellation requests
  • Handle complaints and resolve disputes

Email and SMS communications:

  • We communicate with you via email and SMS text message
  • SMS messages are used for:
    • Account verification: Confirming your mobile number when you register
    • Important service updates: Urgent notifications about your subscription or account
    • Site availability alerts: Informing you of wash site closures, weather-related disruptions, or operational issues
    • Payment notifications: Alerts about failed payments or billing issues
  • These are essential service communications necessary to provide the Service to you

Marketing communications via SMS (with your consent):

  • We will ONLY send you marketing messages by SMS if you have explicitly opted in to receive them
  • Marketing SMS may include special offers, promotions, or information about new services
  • You can opt out at any time by replying STOP to any marketing SMS or by contacting us
  • You cannot opt out of essential service SMS messages as they are necessary for providing the Service

Legal basis: Performance of contract (for essential communications) and legitimate interests (providing good customer service). Consent is required for marketing SMS.

3.4 Service improvement and business operations

We use your personal data to:

  • Analyze service usage patterns to improve efficiency
  • Understand customer preferences and behavior
  • Monitor site capacity and peak usage times
  • Improve our website and customer portal functionality
  • Develop new features and services
  • Conduct internal training for customer service staff

Legal basis: Legitimate interests (improving our services and business operations).

3.5 Fraud prevention and security

We use your personal data to:

  • Prevent fraudulent subscriptions and payment fraud
  • Detect and prevent subscription abuse (e.g., Wash Pass/QR code sharing)
  • Monitor for unusual account activity
  • Protect our systems and infrastructure from cyber threats
  • Enforce our Terms and Conditions
  • Investigate suspected violations or misuse

Legal basis: Legitimate interests (protecting our business and customers from fraud) and performance of contract.

3.6 Legal compliance

We use your personal data to:

  • Comply with legal and regulatory requirements
  • Respond to lawful requests from authorities, courts, or regulators
  • Establish, exercise, or defend legal claims
  • Maintain records required by law (financial records, tax records)

Legal basis: Legal obligation and legitimate interests (defending legal claims).

3.7 Marketing (with your consent)

With your consent, we may send you marketing communications via email and SMS, including:

  • Information about new services or features
  • Special offers or promotions for existing customers
  • Service updates and improvements
  • Exclusive deals and discounts

Important: We do NOT share your data with third-party marketing companies. All marketing communications come directly from Unlimited Washing Ltd only.

How to opt out of marketing:

Legal basis: Consent - you can withdraw consent and opt out at any time using the methods above.

Service emails and SMS are NOT marketing: Communications about your subscription, payments, account security, and service availability are essential service communications, not marketing. You cannot opt out of these as they are necessary for the Service.

4. We do not share your personal data

4.1 No third-party marketing or data sales

Your privacy is our priority

We want to be absolutely clear:

  • We do NOT sell your personal data to anyone
  • We do NOT rent or lease your data to third parties
  • We do NOT share your data with marketing companies
  • We do NOT share your data with advertisers
  • We do NOT share your data with data brokers
  • We do NOT use your data for third-party advertising networks
  • We do NOT provide your information to other businesses for their marketing purposes

4.2 Limited sharing for essential services only

We only share your personal data in the following very limited circumstances:

Payment processing (Stripe):

  • To process payments, we share necessary payment information with Stripe, our payment processor
  • Stripe processes credit/debit card payments securely on our behalf
  • We do NOT store full credit card details - only Stripe does, in encrypted form
  • Stripe is bound by strict data protection and PCI-DSS security standards
  • Stripe's privacy policy: https://stripe.com/gb/privacy

SMS communications (Faretext Limited):

  • To send SMS text messages, we share your mobile phone number with Faretext Limited, our SMS service provider
  • Faretext Limited processes SMS delivery on our behalf for account verification, service updates, and site availability alerts
  • They only receive the information necessary to deliver text messages (your mobile number and message content)
  • Faretext Limited is bound by strict data protection agreements and UK GDPR compliance
  • They are prohibited from using your mobile number or data for any purpose other than delivering SMS messages on our behalf
  • Faretext Limited's privacy policy: https://www.faretext.co.uk/privacy

Cloud hosting and infrastructure:

  • Our website and customer portal are hosted on secure cloud servers
  • Hosting providers have access to data solely for the purpose of maintaining server infrastructure
  • All hosting providers are bound by strict confidentiality and data protection agreements
  • They are prohibited from using your data for any purpose other than providing hosting services to us

Email delivery services (Mailjet):

  • To send automated emails, we use Mailjet as our email service provider
  • Mailjet processes email delivery on our behalf for service emails, invoices, and (with your consent) marketing emails
  • They only receive the information necessary to deliver emails (your email address, name, and message content)
  • Mailjet is bound by strict data protection agreements and UK GDPR compliance
  • They are contractually bound to protect your data and use it only for email delivery on our behalf
  • They do not use your data for their own purposes
  • Mailjet's privacy policy: https://www.mailjet.com/privacy-policy/

Legal requirements:

  • We may be required by law to disclose personal data to:
  • Courts, tribunals, or judicial authorities
  • Law enforcement agencies (police, NCA, etc.)
  • Regulatory bodies (ICO, HMRC, Companies House)
  • Government departments when legally obligated
  • We will only disclose the minimum data necessary to comply with the legal requirement

4.3 Data protection agreements

Any third party that processes data on our behalf (called "data processors") is required to:

  • Sign a data processing agreement with us
  • Only process your data according to our instructions
  • Implement appropriate security measures
  • Comply with UK GDPR and Data Protection Act 2018
  • Not use your data for their own purposes
  • Delete or return your data when we request it

5. International data transfers

5.1 Data storage location

Your personal data is primarily stored on servers located in the United Kingdom and the European Economic Area (EEA).

5.2 Transfers outside the UK/EEA

Some of our service providers (such as Stripe and cloud hosting providers) may process data outside the UK/EEA. Where this occurs:

  • We ensure appropriate safeguards are in place
  • Transfers are protected by:
    • EU/UK Standard Contractual Clauses (SCCs), or
    • Adequacy decisions (where the destination country is deemed to provide adequate data protection), or
    • Other approved transfer mechanisms
  • We verify that recipients comply with UK GDPR-equivalent standards

6. How long we keep your data

6.1 Data retention periods

We only keep your personal data for as long as necessary for the purposes set out in this Privacy Policy:

While your account is active:

  • We retain all account data, vehicle information, subscription details, and usage history
  • This is necessary to provide the Service to you

After your subscription ends:

  • Account and personal details: Retained for 2 years after account closure
  • Reason: Customer service (in case you have queries), legal claims, and business records

Financial records:

  • Payment history, invoices, transaction records: Retained for 7 years after the transaction date
  • Reason: Legal requirement for tax, accounting, and Companies Act compliance

Marketing data:

  • If you consented to marketing: Retained until you withdraw consent or request deletion
  • If you unsubscribe: Your email address is added to a suppression list (to ensure we don't accidentally email you again) but other marketing data is deleted

Legal claims and disputes:

  • If there is an ongoing legal claim, dispute, or investigation, we may retain relevant data for longer until the matter is resolved

CCTV and security footage (if applicable):

  • Retained for up to 30 days, then automatically deleted
  • May be retained longer if required for an investigation or legal claim

6.2 Deletion of data

After the retention period expires, we securely delete or anonymize your personal data. Anonymized data (which cannot identify you) may be retained indefinitely for statistical analysis.

7. Your rights under UK GDPR

You have important rights regarding your personal data. These rights are:

7.1 Right of access

What it means: You can request a copy of all the personal data we hold about you.

How to exercise: Email us at support@unlimitedwashing.co.uk with "Subject Access Request" in the subject line.

Timeframe: We will respond within 30 days (1 month) of receiving your request.

What you'll receive: A copy of your personal data in a commonly used electronic format, along with information about how we use it.

Cost: Free (unless your request is manifestly unfounded or excessive).

7.2 Right to rectification

What it means: You can ask us to correct inaccurate or incomplete personal data.

How to exercise:

Timeframe: We will correct inaccurate data within 30 days.

7.3 Right to erasure ("right to be forgotten")

What it means: You can request that we delete your personal data in certain circumstances.

When this applies:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent (where consent was the legal basis)
  • You object to processing and there are no overriding legitimate grounds
  • The data was unlawfully processed
  • The data must be erased to comply with a legal obligation

When we may refuse:

  • We have a legal obligation to retain the data (e.g., financial records for 7 years)
  • The data is needed to establish, exercise, or defend legal claims
  • You still have an active subscription (data is needed to provide the Service)

How to exercise: Email support@unlimitedwashing.co.uk with "Deletion Request" in the subject line.

7.4 Right to restrict processing

What it means: You can ask us to limit how we use your data in certain situations.

When this applies:

  • You contest the accuracy of the data (restriction applies while we verify accuracy)
  • Processing is unlawful but you don't want the data deleted
  • We no longer need the data but you need it for a legal claim
  • You have objected to processing (restriction applies while we verify our legitimate grounds)

Effect: We can still store the data but not use it (except with your consent, for legal claims, or to protect another person's rights).

How to exercise: Email support@unlimitedwashing.co.uk

7.5 Right to data portability

What it means: You can receive your personal data in a machine-readable format and transfer it to another service provider.

When this applies:

  • The processing is based on consent or performance of contract, AND
  • The processing is carried out by automated means

What you'll receive: Your data in CSV, JSON, or similar structured format.

How to exercise: Email support@unlimitedwashing.co.uk with "Data Portability Request".

7.6 Right to object

What it means: You can object to processing of your personal data in certain circumstances.

Object to marketing:

  • You can opt out of marketing emails at any time by clicking "unsubscribe" or emailing us
  • We must stop marketing to you immediately

Object to processing for legitimate interests:

  • You can object to processing based on our legitimate interests (e.g., service improvement, fraud prevention)
  • We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests

How to exercise: Email support@unlimitedwashing.co.uk

7.7 Right to withdraw consent

What it means: Where we process your data based on consent (e.g., marketing emails), you can withdraw that consent at any time.

Effect: We will stop processing your data for that purpose. This does not affect the lawfulness of processing before you withdrew consent.

How to exercise:

7.8 Right to lodge a complaint

What it means: You have the right to complain to the UK data protection authority if you believe we have mishandled your personal data.

How to complain:

Information Commissioner's Office (ICO)
Website: https://ico.org.uk/make-a-complaint/
Phone: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We encourage you to contact us first: If you have concerns about how we handle your data, please contact us at support@unlimitedwashing.co.uk so we can try to resolve the issue.

7.9 Exercising your rights

How to make a request:

  • Email: support@unlimitedwashing.co.uk
  • Include: Your name, email address, account details, and clearly state which right you wish to exercise
  • Identity verification: We may ask for proof of identity to protect your data from unauthorized access

Timeframe: We will respond to all requests within 30 days (1 month). For complex requests, we may extend this by up to 2 months and will inform you of the extension.

Cost: Exercising your rights is free, unless requests are manifestly unfounded or excessive (e.g., repetitive requests).

8. Data security

8.1 How we protect your data

We implement appropriate technical and organizational security measures to protect your personal data from unauthorized access, loss, misuse, alteration, or destruction:

Technical security measures:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using SSL/TLS (HTTPS)
  • Password security: Passwords are hashed using bcrypt (industry-standard one-way encryption)
  • Database encryption: Sensitive data is encrypted at rest in our databases
  • Secure servers: Hosted on secure, professionally managed cloud infrastructure
  • Firewall protection: Network firewalls to prevent unauthorized access
  • Regular security updates: Software and systems are kept up-to-date with security patches
  • Access controls: Multi-factor authentication for staff accessing systems
  • Secure backups: Regular encrypted backups with secure storage

Organizational security measures:

  • Staff training: All staff are trained on data protection and security
  • Access restrictions: Only authorized personnel can access personal data, on a need-to-know basis
  • Confidentiality agreements: All staff and contractors sign confidentiality agreements
  • Security policies: Documented policies and procedures for data handling
  • Incident response plan: Procedures to respond quickly to any security incidents
  • Regular audits: Periodic security reviews and vulnerability assessments

8.2 Payment security

We use Stripe, a PCI-DSS Level 1 certified payment processor (the highest security standard for payment processing):

  • We do NOT store full credit card numbers on our servers
  • We only store the last 4 digits of your card for identification purposes
  • Stripe handles all card data using bank-level security and encryption
  • All payment transactions are encrypted end-to-end

8.3 Your responsibility

You also play an important role in keeping your data secure:

  • Keep your password secure: Use a strong, unique password and don't share it
  • Log out: Always log out of your account on shared or public devices
  • Protect your Wash Pass: Don\'t share your Wash Pass (QR code) with others
  • Report suspicious activity: Contact us immediately if you suspect unauthorized access to your account
  • Keep your email secure: Your email account should also be protected with a strong password, as it can be used to reset your account password

8.4 Data breach notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms:

  • We will notify the ICO within 72 hours of becoming aware of the breach (as required by UK GDPR)
  • If the breach poses a high risk to you, we will notify you directly without undue delay
  • We will provide information about the nature of the breach and steps we are taking

9. Children's privacy

Our Service is not intended for children under the age of 18. We do not knowingly collect personal data from individuals under 18.

If we become aware that we have collected personal data from a child under 18 without parental consent, we will take steps to delete that information as soon as possible.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@unlimitedwashing.co.uk.

10. Cookies and tracking technologies

Our website uses cookies and similar technologies. For detailed information about what cookies we use, why we use them, and how you can control them, please see our Cookie Policy.

In brief:

  • Essential cookies: Required for the website and customer portal to function (login, session management)
  • Analytics cookies: Help us understand how visitors use our website (Google Analytics)
  • Functional cookies: Remember your preferences and settings

We do NOT use advertising or tracking cookies for third-party marketing purposes.

11. Automated decision-making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

The following automated processes are used but do not constitute automated decision-making under GDPR:

  • 90-day vehicle change restriction: The system automatically prevents vehicle changes within 90 days, but this is a straightforward application of our Terms and Conditions
  • Additional vehicle discount calculation: Automated pricing calculations based on transparent criteria
  • Wash Pass access: Automated verification of your Wash Pass (QR code) for site access
  • Payment processing: Automated billing on your payment date

All of these are simple, rule-based processes with transparent criteria. You have the right to request human intervention, express your point of view, or contest any decision.

12. Third-party websites

Our website may contain links to third-party websites (e.g., Stripe privacy policy, ICO website, social media platforms if you choose to contact us there).

We are not responsible for the privacy practices of third-party websites. When you click a link to a third-party website, you are leaving our site and this Privacy Policy no longer applies.

We encourage you to read the privacy policies of any third-party websites you visit.

13. Changes to this privacy policy

We may update this Privacy Policy from time to time to reflect changes in:

  • Our business practices
  • Legal or regulatory requirements
  • New features or services
  • Technology or security improvements

How we notify you:

  • We will post the updated Privacy Policy on this page
  • The "Last Updated" date at the bottom will be revised
  • For significant changes, we will email you or display a prominent notice on our website
  • Continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy

We encourage you to review this Privacy Policy periodically.

14. Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

Email: support@unlimitedwashing.co.uk (for data protection enquiries, subject access requests, and exercising your rights)

Email: info@unlimitedwashing.co.uk (for general enquiries)

Postal address:
Unlimited Washing Ltd
45 Leopold Street
Derby
England
DE1 2HF

We aim to respond to all enquiries within 3 working days, and all formal requests (subject access requests, deletion requests, etc.) within 30 days.

15. Related documents

This Privacy Policy should be read together with:

Last Updated: 17 November 2025

Version: 1.0