Privacy Policy

Who We Are

Manchester Unlocked is a mobile auto locksmith service operated as a sole trader business based in Manchester, United Kingdom. The data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 is:

As a sole trader operating in the UK, Manchester Unlocked is subject to UK data protection law. Where jobs involve vehicles registered in EU member states, the processing will also be considered in light of EU GDPR requirements.

What Data We Collect

We collect only the information necessary to provide the auto locksmith service you have requested or enquired about. This includes:

• Contact details: your name, phone number, and email address
• Vehicle information: make, model, year, and registration number of your vehicle
• Location information: the address or location where you need the service carried out
• Proof of ownership documents: a photograph or copy of your V5C logbook, insurance certificate, or other ownership documentation (required by law before certain restricted key work is carried out — see Section 5)
• Job details: a description of the issue, the type of service requested, and any relevant security system information needed to complete the work
• Payment information: we do not store card details — payments made in person are cash or bank transfer, and no card data is retained
• Communications: records of messages sent via the website contact form, WhatsApp, email, or SMS
• Technical data: if you visit our website, standard server logs may record your IP address, browser type, and pages visited (see Section 8 on cookies)

We do not collect any special category data (such as health information, biometric data, or political opinions) and do not knowingly collect data from children under the age of 18.

How We Collect It

Data is collected when you interact with us through any of the following channels:

• Website contact form: powered by WPForms on manchesterunlocked.co.uk — form submissions are stored in the WordPress database and sent to our business email
• Phone calls: when you call 07515 603427 directly — notes may be taken to record job details
• WhatsApp: messages sent to our WhatsApp number (wa.me/447515603427) — conversation records are held within the WhatsApp platform
• Email: messages sent to help@manchesterunlocked.co.uk
• On-site at the job: when you provide proof of ownership documents in person or by sending a photograph
• Google Business Profile: if you leave a review on Google, your name and review content are governed by Google's own privacy policy

Why We Use It — Legal Basis

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:

• Contract (Article 6(1)(b)): processing is necessary to carry out the service you have requested — without your contact details, vehicle information, and location, we cannot provide the locksmith service
• Legal obligation (Article 6(1)(c)): certain processing is required by law — in particular, SERMI regulations require us to verify vehicle ownership before carrying out restricted key programming work on modern vehicles. We are legally required to retain evidence of these checks
• Legitimate interests (Article 6(1)(f)): we retain basic job records (vehicle make/model, type of work carried out, date) for our own business administration, invoicing, and insurance purposes. We have assessed that this processing does not override your interests or rights

We do not use your personal data for direct marketing, profiling, or any automated decision-making that affects you. We do not send marketing emails or text messages. If you have requested a quote and not proceeded, we may follow up once — after which we will not contact you again unless you initiate contact.

SERMI and Proof of Ownership

Manchester Unlocked is SERMI registered. SERMI (Security Related Repair and Maintenance Information) is a European and UK scheme that regulates access to vehicle security and immobiliser data. Under SERMI rules, we are legally required to:

• Verify your identity and confirm you are the registered keeper or have authorisation from the registered keeper before carrying out all-keys-lost programming, EIS replacement, or other restricted security work
• Retain records of the identity verification we have performed, including details of the documentation provided, for a minimum period specified under SERMI regulations
• Make these records available for SERMI audit if required

Proof of ownership documents (such as a V5C photograph) provided for SERMI compliance purposes are used only for identity verification and are not shared with any third party other than SERMI auditors where legally required. They are retained for the minimum period required by SERMI and then securely deleted.

You can read more about SERMI registration at sermi.eu.

Who We Share It With

We do not sell, rent, or trade your personal data to any third party for marketing or commercial purposes. Your data may be shared in the following limited circumstances only:

• Technology service providers: our website is hosted on WordPress with WPForms for contact forms. These providers process data on our behalf under their own data processing agreements. Our website is hosted in the UK or EU
• WhatsApp / Meta: if you contact us via WhatsApp, your messages are processed by Meta Platforms under their own privacy policy and terms of service
• Google: we use Google Business Profile and Google Maps. Reviews left on Google are processed by Google under their own privacy policy
• SERMI auditors: as described in Section 5, identity verification records may be made available to SERMI auditors if required under our registration obligations
• Legal requirement: we may disclose personal data if required to do so by law, court order, or a lawful request by a public authority (such as the police)
• Insurance: in the event of an insurance claim arising from a job, relevant job details may be shared with our public liability insurer

No personal data is transferred outside the United Kingdom except where the service providers listed above operate internationally under appropriate data transfer safeguards (such as adequacy decisions or Standard Contractual Clauses).

How Long We Keep It

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law:

• Contact and job records: retained for 6 years from the date of the job — this reflects the standard limitation period for civil claims in England and Wales, and satisfies our insurance and HMRC record-keeping obligations
• SERMI identity verification records: retained for the minimum period specified under SERMI regulations (currently a minimum of 3 years), then securely deleted
• Enquiries that did not result in a booking: retained for 3 months from the date of the last communication, then deleted
• Website form submissions: stored in WordPress for up to 12 months and then deleted from the database
• WhatsApp and email communications: retained in the relevant platform for up to 2 years unless you request earlier deletion

When data is no longer required it is securely deleted or permanently anonymised.

Cookies and Website Analytics

Our website at manchesterunlocked.co.uk may use cookies — small text files stored on your device — to support basic website functionality and understand how visitors use the site.

• Essential cookies: required for the website to function correctly (e.g. WordPress session cookies, security tokens). These cannot be disabled without breaking the site
• Analytics: if we use Google Analytics or similar tools to understand website traffic, anonymised aggregate data is collected. No personally identifiable information is used for analytics purposes. You can opt out using your browser settings or a tool such as the Google Analytics opt-out browser add-on
• Contact forms: WPForms may set a cookie to prevent duplicate form submissions

A cookie consent banner will appear on your first visit to the website. Accepting analytics cookies is optional. You can change your cookie preferences at any time by clearing your browser cookies and revisiting the site.

For more information on managing cookies, visit the ICO's guide to cookies.

Your Rights

Under UK GDPR, you have the following rights in relation to your personal data. To exercise any of these rights, contact us using the details in Section 11. We will respond within one calendar month.

You also have the right to withdraw consent at any time where we have relied on consent as the legal basis for processing — though this does not affect the lawfulness of processing carried out before withdrawal.

Complaints

If you have a concern about how we handle your personal data, please contact us first using the details in Section 11 and we will do our best to resolve it promptly.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) — the UK's independent data protection authority:

You may also contact the ICO online at ico.org.uk/make-a-complaint.

Contact Us

For any questions about this Privacy Policy, to exercise your data rights, or to make a Subject Access Request, please contact us by any of the following methods:

We aim to respond to all data rights requests and privacy queries within 5 working days and will fulfil Subject Access Requests within one calendar month as required by UK GDPR.

This privacy policy was last reviewed and updated in May 2026. We will update it if our data practices change and post the revised version on this page with an updated date.