Template notice: this is a starting point. Have it reviewed by a qualified data-protection adviser before production use, especially if you process special-category data or operate across multiple EU jurisdictions.
1. Who we are
Monitoro.NET ("we", "us", "our") operates the software-as-a-service platform at monitoro.net. For the purposes of UK GDPR and the EU GDPR, we are the data controller for account-holder data (you, our customer) and a data processor for the data you upload about your end customers and vehicles.
2. What we collect
2.1 Account data (controller)
- Name, email address, telephone (optional)
- Company name, address, country, VAT number, registration number
- Hashed password
- IP address and user-agent on each session
- Billing information (handled by our payment processor; we do not store full card numbers)
2.2 Operational data (processor)
The records you create while using the Service — customers, vehicles, estimates, repair orders, invoices — may contain personal data of your customers. We process this only on your instructions and under our Data Processing Addendum.
3. Why we process it
| Purpose | Legal basis |
|---|---|
| Provide the Service | Contract performance |
| Send transactional emails (password reset, invoices) | Contract performance |
| Security, fraud prevention, abuse detection | Legitimate interest |
| Comply with tax, accounting and other legal obligations | Legal obligation |
| Product marketing (opt-in) | Consent |
4. How long we keep it
- Active accounts: for as long as the account is open.
- After termination: a full backup is retained for 30 days, then permanently deleted, except where law requires longer retention (e.g. financial records — typically 6 years in the UK).
- Server logs: 90 days.
5. Who we share it with
We use a small number of sub-processors to run the Service. A current list is available on request from office@monitoro.net. Categories include:
- Hosting and database providers (in the UK or EU)
- Email delivery (transactional)
- Payment processor
- Error monitoring
We do not sell personal data. We do not share it with advertisers.
6. International transfers
Where data must leave the UK/EU (rare), we rely on Standard Contractual Clauses and additional safeguards as appropriate.
7. Your rights
Under UK GDPR / EU GDPR you have the right to:
- Access the personal data we hold about you
- Have inaccurate data corrected
- Have your data erased (where applicable)
- Restrict or object to certain processing
- Receive your data in a portable format
- Withdraw consent at any time (for consent-based processing)
- Lodge a complaint with the UK ICO or your national supervisory authority
To exercise these rights, email office@monitoro.net. We respond within one month.
8. Security
We protect your data with:
- TLS encryption in transit
- Strong password hashing (bcrypt)
- Per-tenant data isolation by company ID
- Role-based access control
- Regular security reviews and prompt patching of known vulnerabilities
No system is 100 % impenetrable. In the event of a personal-data breach affecting your data, we will notify you and the relevant supervisory authority as required by law.
9. Cookies
See our separate Cookie Policy.
10. Changes
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notice.
11. Contact
Data Protection enquiries: office@monitoro.net