Skip to content
Carsu – Garage and Car Shop Management Software Logo

Privacy Policy

Effective Date: 12/3/2025
Last Updated: 12/3/2025

1. Introduction

Carsu B.V. (“Carsu”, “Carsu Technologies”, “we”, “our”, or “us”) is committed to protecting your privacy and ensuring that your personal data is handled in compliance with the General Data Protection Regulation (GDPR), UK GDPR, and the Data Protection Act 2018. This Privacy Policy explains how we collect, use, and protect your information when you use our platform and services.

2. Scope

This Policy applies to:

  • Users of our SaaS platform (shops, garages, mechanics).
  • End customers whose data is processed by shops using our platform.
  • Visitors to our website [www.carsu.com, app.carsu.com].

3. Data We Collect

We process:

  • Account Data: Name, email, phone number, billing details.
  • Vehicle Data: Licence plate, make, model, type.
  • Maintenance and Service Data: Planned and completed work, estimates, invoices, service history.
  • Appointment Data: Dates, times, service details.
  • Technical Data: IP address, browser type, device information.
  • Cookies and Tracking Data: See Section 10.

4. Legal Basis for Processing

  • Contractual Necessity: To provide our SaaS services.
  • Legitimate Interests: For platform security, analytics, and service improvement.
  • Consent: For marketing communications and non-essential cookies.

5. How We Use Your Data

  • Provide and maintain our platform.
  • Enable communications via email, SMS, WhatsApp, Viber, and similar channels.
  • Generate anonymised, aggregated analytics for reporting and market insights.
  • Improve user experience and security.
  • Conduct marketing only with your explicit consent.

6. Service-Related Communications

We will send you service-related messages such as:

  • Appointment confirmations.
  • Reminders for scheduled maintenance.
  • Notifications about required services (e.g., MOT or tyre changes).

These messages are sent based on our legitimate interest in providing and maintaining our services. You can opt out of these communications at any time by contacting us at privacy@carsu.com.

7. Marketing Communications

Marketing messages (e.g., promotions, offers) will only be sent with your explicit consent, which you can withdraw at any time.

8. Data Sharing

We may share data with:

  • Sub-Processors: Microsoft Azure, WhatsApp Business API, Twilio, SMS gateways, and others as needed.
  • Analytics and Tracking Providers: Google Analytics, Bing Webmaster Tools, Microsoft Clarity, Meta Pixel, LinkedIn Pixel.
  • Third Parties: Only anonymised, aggregated data for industry insights. We do not sell personal data.

9. International Transfers

Data may be transferred outside the EEA/UK with appropriate safeguards (e.g., Standard Contractual Clauses).

10. Cookies and Tracking Technologies

Our website and platform use cookies and similar technologies to improve functionality, analyse usage, and support marketing activities. These include:

Google Analytics
Purpose: Website analytics and usage tracking
Retention Period: Up to 24 months

Bing Webmaster Tools
Purpose: Site performance and SEO insights
Retention Period: Up to 24 months

Microsoft Clarity
Purpose: Session recording and heatmaps for UX analysis
Retention Period: Up to 12 months

Meta Pixel
Purpose: Advertising and remarketing on Facebook/Instagram
Retention Period: Up to 12 months

LinkedIn Pixel
Purpose: Advertising and remarketing on LinkedIn
Retention Period: Up to 12 months

Essential Session Cookies
Purpose: Platform functionality (login, security)
Retention Period: Session only

Other cookies may be added in the future to improve our services or marketing capabilities. Any new cookies will be included in our consent mechanism and will require your approval before activation.

Managing Cookies:
You can manage your preferences via our cookie banner or browser settings. Blocking cookies may affect functionality. Non-essential cookies (analytics and marketing) are only activated after you provide consent.

11. Data Retention

We retain data as long as necessary for service provision and legal compliance:

  • Account and service data: Deleted or returned within 12 months after termination or when legal retention expires.
  • Cookies: Retention periods vary by type (see table above).

12. Your Rights

You have the right to:

  • Access, correct, delete, or port your data.
  • Withdraw consent at any time.
  • Object to processing for legitimate interests. Contact: privacy@carsu.com.

13. Security

We implement encryption, access controls, audits, and incident response procedures to protect your data.

14. Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours and affected Controllers without undue delay.

15. Communications Responsibility

Carsu acts only as a technical facilitator for communications. Shops are responsible for obtaining consent for marketing and service messages.

16. Children’s Data

Our services are not intended for individuals under 16 years of age. We do not knowingly collect data from minors.

17. UK Representative

If required under UK GDPR, Carsu will appoint a UK representative and notify users.

18. Changes to This Policy

We may update this Policy; significant changes will be communicated via email or platform notifications.

Contact Information

Address:
Harderwijkerweg 145 3852 AB, Ermelo The Netherlands
Privacy Policy - Carsu Technologies | Carsu