How we collect, use and protect your personal information
E&A vehicles Limited trading as Oakstone Motors is the data controller responsible for your personal data. We are registered in England and Wales with company number 15490929.
Address: 143 Tinkers Green Road, Tamworth, B77 5LJ
Email: sales@oakstonemotors.co.uk
Phone: +447384698858
We may collect the following types of personal information:
Name, title, date of birth, driving licence details
Email address, telephone numbers, postal address
Vehicle registration, make, model, mileage (when selling or part-exchanging)
Payment details, finance application information (where applicable)
IP address, browser type, device information, pages visited
We use your personal data for the following purposes:
Under UK GDPR, we rely on the following legal bases:
Processing necessary to perform a contract with you (e.g., vehicle sale)
Processing necessary for our legitimate business interests (e.g., responding to enquiries, improving services)
Processing necessary to comply with legal requirements (e.g., vehicle registration, anti-money laundering)
Where you have given consent for marketing communications
We may share your data with:
We do not sell your personal data to third parties for marketing purposes.
We retain your personal data for as long as necessary to fulfil the purposes for which it was collected:
Under UK GDPR, you have the following rights:
Access - Request a copy of your personal data
Rectification - Request correction of inaccurate data
Erasure - Request deletion of your data (in certain circumstances)
Portability - Request transfer of your data to another organisation
Object - Object to processing based on legitimate interests
Withdraw consent - Where processing is based on consent
To exercise any of these rights, please contact us at sales@oakstonemotors.co.uk.
We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. These measures include:
All data transmitted between your browser and our website is encrypted using TLS/SSL (HTTPS). Data stored in our systems is encrypted at rest.
Access to personal data is restricted to authorised personnel only, using role-based access controls and secure authentication. Staff access is limited to the minimum data necessary for their role.
Our systems are hosted on Google Cloud Platform (Firebase), which provides enterprise-grade security including network protection, regular security audits, and compliance with international security standards (ISO 27001, SOC 2).
Sensitive credentials and API keys are stored securely using Google Cloud Secret Manager. We do not store passwords in plain text; all authentication credentials are securely hashed.
In the event of a data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals without undue delay, in accordance with UK GDPR requirements.
While we implement robust security measures, no method of electronic transmission or storage is 100% secure. We continuously review and update our security practices to protect your personal data.
Our application uses Google APIs to provide calendar-based booking functionality for our staff. The following disclosures apply to data obtained through Google APIs:
When a staff member connects their Google Calendar, we access calendar event data (specifically event times and free/busy status) solely to determine availability for customer booking appointments.
Google Calendar data is used exclusively to check staff availability and to create calendar events for confirmed customer bookings. We cache free/busy time blocks to provide instant availability queries for the booking system.
Google OAuth tokens are stored securely in our database with access restricted to authorised server-side processes only. Cached calendar data is limited to free/busy time blocks and does not include event details, titles, descriptions, or attendee information.
We do not share, transfer, or disclose Google user data to any third parties. Google data is not used for advertising, marketing, or any purpose other than providing the booking functionality described above.
Cached calendar availability data is refreshed regularly and old data is automatically replaced. When a staff member disconnects their Google Calendar, their OAuth tokens and cached calendar data are deleted. Staff members can revoke access at any time through their Google Account settings or through our admin panel.
Google user data is not used to develop, improve, or train generalised or non-personalised AI and/or machine learning models.
Our use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Our website uses cookies to improve your experience. For more information about how we use cookies, please see our Cookie Policy.
If you have concerns about how we handle your personal data, you have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection.
Website: ico.org.uk
Phone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
This policy was last updated in February 2026.