Privacy Notice

Last updated: 22 May 2026

1. Who we are

This service ("VehicleRights", "we", "us") is operated by Nyex Ltd, a company registered in England and Wales, trading as VehicleRights. Nyex Ltd is the data controller for personal data processed through this site. You can contact us at any time via our contact page.

2. Personal data we collect

  • Account data: email address and password hash used to create and access your account.
  • Complaint data: the information you enter into the questionnaire (vehicle details, dealer details, dates, fault descriptions, free-text narrative) and any documents you upload as evidence (e.g. invoices, MOTs, photographs, message screenshots).
  • Payment confirmation: transaction ID, amount, currency, status, and customer reference returned to us by our payment processor. We do not receive or store your full card details.
  • Technical data: IP address, browser/device identifiers, and usage telemetry (pages visited, actions taken) collected via cookies and server logs for security, debugging and product improvement.
  • Support data: any messages you send us through the contact form or email.

3. How we use your data and the legal basis

  • To provide the service (generating, delivering and storing your complaint pack) - legal basis: performance of a contract with you.
  • To process your payment - legal basis: performance of a contract, via our Merchant of Record (see Section 4).
  • To secure the service (fraud and abuse prevention, rate limiting, security logging) - legal basis: legitimate interests.
  • To improve the product (aggregate analytics, error monitoring) - legal basis: legitimate interests.
  • To provide customer support - legal basis: legitimate interests / performance of a contract.
  • To comply with legal obligations (accounting, tax, lawful requests from authorities) - legal basis: legal obligation.

4. Who we share data with

We share personal data only with the following categories of recipient:

  • Paddle.com Market Ltd - our Merchant of Record. Paddle handles checkout, payment processing, billing, sales tax/VAT, invoicing, subscription management and refund handling. Their processing is governed by the Paddle Privacy Notice.
  • Hosting and infrastructure providers (cloud hosting, managed database, file storage, transactional email) acting as our processors under written agreements.
  • Analytics and error-monitoring providers acting as processors.
  • Professional advisers (legal, accounting, insurance) where strictly necessary.
  • Authorities and regulators where required by law or to defend our legal rights.

We do not sell your personal data, and we do not share it with advertising networks.

5. International transfers

Some of our processors are located outside the UK/EEA. Where personal data is transferred internationally, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, EU Standard Contractual Clauses, or transfers to jurisdictions covered by a UK or EU adequacy decision.

6. How long we keep your data

  • Account and complaint data: retained while your account is active and for up to 24 months after your last activity, so you can revisit and update your pack.
  • Payment and invoicing records: retained for 7 years to meet UK accounting and tax obligations.
  • Support correspondence: retained for up to 24 months.
  • Server and security logs: retained for up to 90 days.

You can request deletion at any time (see Section 7); we will then delete or irreversibly anonymise your data, subject only to records we are legally required to keep.

7. Your rights

Subject to UK GDPR, you have the right to:

  • Access the personal data we hold about you;
  • Rectify inaccurate or incomplete data;
  • Request erasure ("right to be forgotten");
  • Restrict or object to our processing;
  • Receive your data in a portable format;
  • Withdraw consent at any time where processing is based on consent;
  • Lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, contact us via the contact page. We will respond within one month.

8. Security

We use industry-standard technical and organisational measures to protect your data, including encryption in transit (TLS), encryption at rest for the database and file storage, access controls and least privilege, hardened authentication, audit logging, and regular review of third-party processors.

9. Cookies

We use a small number of cookies and similar technologies:

  • Strictly necessary: authentication and session, CSRF protection, load balancing. These cannot be disabled.
  • Analytics: aggregate, pseudonymous usage measurement to improve the product.
  • Payment: cookies set by Paddle during checkout to process your transaction securely.

You can clear cookies at any time through your browser settings.

10. Changes to this notice

We may update this notice from time to time. Material changes will be flagged on this page with an updated "last updated" date.

Questions? Contact us.