Privacy Policy

Effective Date: November 6, 2025

M6 Truckstop Limited ("we", "us", or "our") operates the website http://m6truckstop.com/ (the "Site"). We are committed to protecting your privacy and ensuring that your personal data is handled in a way that is fair, transparent, and compliant with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR) (as applicable), and the Data Protection Act 2018.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our Site or use our services. By using the Site, you consent to the practices described in this policy. If you do not agree, please do not use the Site.

For the purposes of data protection law, M6 Truckstop Limited is the data controller, with its registered office at [Insert Registered Address, e.g., Junction 14-15, M6 Motorway, Stafford, ST18 0XX, United Kingdom]. Our Data Protection Officer can be contacted at enquiries@m6truckstop.com or by post at the address above.

1. Information We Collect

We collect personal data in the following ways:

1.1 Data You Provide Directly

Contact Forms and Enquiries: When you submit a query via our contact form (built using WordPress), we may collect your name, email address, phone number, company name, and message details.
Parking Bookings: Through our integration with Parkflow.io (a third-party booking platform), we collect booking-related data such as your name, email address, vehicle details (e.g., registration number, type), arrival/departure dates, payment information (handled securely by Parkflow), and any special requirements.

1.2 Data Collected Automatically

Website Usage Data: Using cookies and similar technologies (detailed in Section 8), we collect information about your device, browser type, IP address, pages visited, time spent on the Site, and referral sources. Our Site is built on WordPress with the Breakdance page builder, which may use standard WordPress analytics plugins (e.g., for performance monitoring).
Log Files: Server logs automatically record access details, including IP addresses and timestamps, for security and maintenance purposes.

1.3 Data from Third Parties

We may receive data from Parkflow.io for booking confirmations or support queries.
If you interact with us via social media or linked services, we may access publicly available profile information.

We do not collect sensitive personal data (e.g., health, racial, or political information) unless explicitly required for a booking (e.g., accessibility needs) and only with your consent.

2. How We Use Your Personal Data

We use your personal data for the following purposes:

Purpose	Examples	Lawful Basis (UK/EU GDPR)
To provide services	Processing parking bookings via Parkflow.io; responding to enquiries.	Contract (necessary for performance of booking agreement).
To improve the Site	Analysing usage patterns with WordPress tools to enhance user experience.	Legitimate interests (Site optimisation and functionality).
To communicate	Sending booking confirmations, newsletters (with opt-in), or support responses.	Consent (for marketing); Contract (for bookings).
To ensure security	Monitoring for fraud or unauthorised access using log files.	Legitimate interests (protecting our systems and users).
To comply with law	Responding to legal requests or audits.	Legal obligation.

We will only use your data for these purposes or compatible ones. If we need to use it differently, we will seek your consent or rely on another lawful basis.

3. Sharing Your Personal Data

We share personal data only when necessary and under strict confidentiality:

Service Providers: With trusted third parties like Parkflow.io for booking processing (they act as a data processor under our instructions; see their privacy policy at https://parkflow.io/privacy for details). WordPress hosting providers (e.g., for Site maintenance) may access anonymised logs.
Legal Requirements: If required by law, regulators, or to protect our rights (e.g., in disputes).
Business Transfers: In the event of a merger or acquisition, data may be transferred as an asset.

We do not sell your personal data. All processors are bound by data processing agreements ensuring UK/EU GDPR compliance.

4. International Data Transfers

Our primary operations are in the UK, and data is stored within the UK or EEA. If data is transferred outside (e.g., to Parkflow.io servers, if located outside the UK/EEA), we use Standard Contractual Clauses (SCCs) or adequacy decisions to ensure equivalent protection. You can request details of transfers by contacting our DPO.

5. Data Retention

We retain personal data only as long as necessary:

Enquiries: 2 years after resolution.
Bookings: 6 years post-booking (for accounting/tax purposes under UK law).
Usage Data/Cookies: As per cookie settings (see Section 8); logs for 12 months.

After retention periods, data is securely deleted or anonymised. You can request earlier deletion under your rights (Section 6).

6. Your Rights Under UK/EU GDPR

As a data subject, you have the following rights, which you can exercise free of charge (subject to exceptions):

Right	Description	How to Exercise
Access	Request a copy of your personal data.	Contact DPO.
Rectification	Correct inaccurate data.	Update via account or contact us.
Erasure ("Right to be Forgotten")	Delete data where no longer needed.	Submit request; note this may affect bookings.
Restriction	Limit processing during disputes.	Contact DPO.
Portability	Receive data in a structured format.	For booking data only.
Object	Oppose processing based on legitimate interests or for marketing.	Opt-out link in emails or contact us.
Withdraw Consent	Where processing relies on consent.	Easy opt-out at any time.

We respond to requests within one month (extendable if complex). For complaints, contact the Information Commissioner's Office (ICO) at https://ico.org.uk/ or your local EU data protection authority.

7. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

Encryption for sensitive data (e.g., payments via Parkflow).
Access controls and regular security audits for WordPress/Breakdance setup.
Breach notification within 72 hours to authorities and affected individuals if required.

Despite these efforts, no system is impenetrable; we cannot guarantee absolute security.

8. Cookies and Similar Technologies

Our Site uses cookies to enhance functionality. Breakdance and WordPress may set essential cookies for page building and site performance.

Cookie Type	Purpose	Duration	Managed By
Essential	Site navigation and security.	Session	WordPress/Breakdance
Analytics	Usage tracking (e.g., Google Analytics if enabled).	2 years	Third-party (with consent)
Third-Party	Booking via Parkflow.io.	As per their policy	Parkflow.io

You can manage cookies via browser settings or our cookie banner. Disabling may limit Site features. For full details, see our Cookie Policy [link if separate].

9. Children's Privacy

Our Site is not intended for children under 16. We do not knowingly collect data from children. If we discover such data, we will delete it promptly.

10. Changes to This Privacy Policy

We may update this policy to reflect changes in our practices or law. We will notify you via the Site or email (for registered users) at least 30 days in advance of material changes. Continued use after changes constitutes acceptance.

11. Contact Us

Questions about this policy? Email enquiries@m6truckstop.com or write to M6 Truckstop Limited, [Registered Address].

This policy was last reviewed on November 6, 2025.