Privacy
Privacy Policy
How Car Deal Expert collects, uses, shares and protects personal data, and the rights you have under UK data protection law.
How Car Deal Expert collects, uses, shares and protects personal data, and the rights you have under UK data protection law.
Who we are and the scope of this policy
Car Deal Expert (“CDE”, “we”, “us”, “our”) is an independent UK publisher covering car buying, car finance, salary-sacrifice electric vehicles, warranty, insurance and consumer protection. This Privacy Policy explains how we handle personal data collected through the website cardealexpert.com and any newsletters or enquiry channels operated from it.
For the purposes of UK data protection law, the data controller is [COMPANY LEGAL NAME], of [REGISTERED ADDRESS]. This policy is governed by the laws of England and Wales. It applies to visitors to the site and to people who contact us, subscribe to a newsletter, or leave a comment. It does not apply to third-party websites we link to, which have their own privacy practices.
The legal framework we follow
We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR), which govern cookies and electronic marketing. Our supervisory authority is the Information Commissioner’s Office (ICO).
Personal data we collect
We aim to collect as little personal data as possible and only what we genuinely need. Depending on how you use the site, this may include:
- Technical and usage data: IP address, approximate location derived from it, browser type and version, device and operating system, referring page, the pages you view, and the date and time of your visit. This is collected automatically by our servers and analytics tools.
- Newsletter sign-up data: the email address you provide, and the date and source of your subscription.
- Contact and enquiry data: your name, email address, and the content of any message you send us when you make an editorial tip, correction request, reader question or commercial enquiry.
- Comment data: if commenting is enabled, the name, email address and content you submit with a comment, together with your IP address and browser data for spam prevention.
- Cookie and measurement data: identifiers set by cookies and similar technologies for analytics, security and advertising or affiliate attribution. See our Cookie Policy for the detail.
We do not deliberately collect special category data (such as health, ethnicity or political opinions), and we ask that you do not send it to us in correspondence unless it is strictly necessary.
Why we use your data and our lawful bases
UK GDPR requires us to have a lawful basis for each use of personal data. The bases we rely on are set out below.
Consent
We rely on your consent to send you our newsletter, to set non-essential cookies (analytics and advertising), and to publish any comment you choose to submit. You can withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
Legitimate interests
We rely on our legitimate interests to operate, secure and improve the website, to understand readership in aggregate, to respond to enquiries you send us, to prevent fraud and abuse, and to maintain affiliate attribution for revenue that funds the site. Where we rely on legitimate interests, we balance them against your rights and only proceed where your interests do not override ours. You can object to this processing at any time (see Your rights).
Legal obligation
We may process data where the law requires it, for example to respond to a valid request from a regulator or court, or to keep records we are legally obliged to keep.
Cookies, analytics and advertising partners
We use cookies and similar technologies for essential site function, for analytics (to understand which articles are read and how the site performs), and, where applicable, for advertising and affiliate measurement. Non-essential cookies are only set after you give consent through our cookie banner.
Our analytics and advertising or affiliate partners may act as separate controllers or as our processors, and may set their own cookies. These can include website analytics providers and advertising or affiliate networks that measure referrals. The specific technologies in use, and how to control them, are described in our Cookie Policy.
Who we share data with
We do not sell your personal data. We share it only where necessary to run the site, and only with parties bound to protect it. This may include:
- Service providers acting on our instructions, such as website hosting, content delivery, security, email delivery and analytics providers.
- Advertising and affiliate partners, for measurement and attribution, where you have consented to the relevant cookies.
- Professional advisers, and regulators or law enforcement, where we are legally required or permitted to disclose.
- A successor entity in the event of a sale or reorganisation of the business, under appropriate confidentiality terms.
International transfers
Some of our service providers may process data outside the United Kingdom. Where personal data is transferred outside the UK, we ensure an appropriate safeguard is in place, such as a UK adequacy decision for the destination country, the International Data Transfer Agreement (IDTA), or the UK Addendum to the EU Standard Contractual Clauses. You can ask us for more detail on the safeguards used.
How long we keep data
We keep personal data only for as long as we need it for the purpose it was collected, after which we delete or anonymise it. In general:
- Newsletter data is kept until you unsubscribe or ask us to remove it.
- Enquiry and correspondence data is kept for as long as needed to deal with the matter and for a reasonable period afterwards in case of follow-up.
- Analytics data is retained in line with the settings of our analytics provider, generally in aggregated or pseudonymised form.
- Comment data is kept for as long as the comment remains published, unless you ask us to remove it.
Your rights under UK GDPR
You have the following rights over your personal data. Most are free to exercise and we will respond within one month, although we may extend this for complex requests and will tell you if we do.
- The right to be informed about how your data is used, which this policy provides.
- The right of access to a copy of the personal data we hold about you.
- The right to rectification of inaccurate or incomplete data.
- The right to erasure (“the right to be forgotten”) in certain circumstances.
- The right to restrict processing in certain circumstances.
- The right to data portability, to receive your data in a structured, machine-readable format.
- The right to object to processing based on legitimate interests, and to object to direct marketing at any time.
- The right to withdraw consent at any time where we rely on consent.
- Rights relating to automated decision-making and profiling. We do not make decisions about you that produce legal or similarly significant effects using automated means.
How to exercise your rights
To exercise any of these rights, email [email protected]. Please tell us which right you wish to exercise and include enough detail for us to find your data. We may ask you to verify your identity before we act, to protect your information. You can unsubscribe from the newsletter at any time using the link in any newsletter email, or by emailing us.
Complaints and the ICO
We would always prefer the chance to resolve a concern directly, so please contact us first at [email protected]. You also have the right to complain to the Information Commissioner’s Office (ICO), the UK regulator for data protection. You can reach the ICO at ico.org.uk, by its helpline on 0303 123 1113, or by post at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
Children
Car Deal Expert is intended for adults making car-buying, finance and insurance decisions. It is not directed at children and we do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, contact [email protected] and we will delete it.
Security
We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss or misuse, including encryption in transit, access controls and reputable hosting. No online service can be completely secure, but we work to reduce risk and to respond promptly to any incident.
Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices or the law. When we make material changes we will update the date below and, where appropriate, draw attention to them on the site. Please check back periodically.
How to contact us
For any privacy question or to make a data rights request, email [email protected]. The data controller is [COMPANY LEGAL NAME], [REGISTERED ADDRESS].
This Privacy Policy was last updated on 17 June 2026.