Privacy Policy

Last updated: 20 May 2026

This Privacy Policy explains how eSolutions 88, LLC ("we", "us", "our", or the "Company") collects, uses, stores, shares, and protects your personal data when you visit our website at reviewcar.co.uk (the "Website") and use our UK vehicle data lookup service (the "Service"). This policy is designed to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Please read this Privacy Policy carefully. By using the Website or the Service, you acknowledge that you have read and understood this policy.

1. Who We Are

For the purposes of UK data protection law, the data controller responsible for your personal data is:

  • Company Name: eSolutions 88, LLC
  • Company Type: US Limited Liability Company, registered in the State of Florida
  • Registered Address: 390 Northeast 191st Street, Miami, FL 33179, USA
  • Privacy Contact Email: [email protected]
  • Website: reviewcar.co.uk

As a US-based company offering services to individuals in the United Kingdom, we are subject to the UK GDPR by virtue of Article 3(2), as we offer goods and services to data subjects in the UK. We take our obligations under UK data protection law seriously and are committed to protecting your privacy.

2. What Personal Data We Collect

We collect and process the following categories of personal data:

2.1 Data You Provide to Us

  • Email Address: Provided when you purchase a Report, used to deliver your Report and for order-related communications.
  • Vehicle Registration Number (VRN): The UK vehicle registration number you submit to generate a Report. While a VRN relates to a vehicle rather than directly to an individual, it may constitute personal data where it can be linked to an identifiable individual (the registered keeper). We process VRNs solely for the purpose of generating the requested Report.

2.2 Payment Data

All payment processing is handled directly by our payment processor, Stripe, Inc. When you make a purchase, your payment card details (card number, expiry date, CVV) are entered directly into Stripe's secure payment form and are transmitted directly to Stripe. We do not collect, store, process, or have access to your full payment card details at any time.

We receive from Stripe only limited transaction information, including: a transaction reference, the last four digits of your card, the card brand, the payment amount, the payment status, and the currency. This limited data is used for order management, customer support, and accounting purposes.

2.3 Data Collected Automatically

  • IP Address: Your Internet Protocol address is collected automatically when you visit the Website. This is used for security monitoring, fraud prevention, and to help us understand the geographic distribution of our Users.
  • User Agent: Information about your browser type, version, and operating system is collected automatically through HTTP request headers. This helps us optimise the Website for different devices and browsers.
  • Access Logs: Our web servers automatically record details of requests made to the Website, including timestamps, URLs accessed, HTTP status codes, and referring URLs. These logs are used for security monitoring and technical troubleshooting.
  • Cookies and Similar Technologies: We use cookies and similar tracking technologies as described in Section 8 below.

3. Lawful Basis for Processing

Under Article 6 of the UK GDPR, we must have a lawful basis for processing your personal data. The lawful bases we rely on are:

3.1 Performance of a Contract — Article 6(1)(b)

The primary lawful basis for processing your personal data is that the processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract. When you purchase a Report, we enter into a contract with you to provide that Report. Processing your email address (to deliver the Report) and the VRN (to generate the Report) is necessary to fulfil that contract.

3.2 Legitimate Interests — Article 6(1)(f)

We process certain data on the basis of our legitimate interests, where those interests are not overridden by your rights and freedoms. This includes:

  • Processing IP addresses and user agent data for website security, fraud prevention, and protection against abuse.
  • Processing server access logs for technical troubleshooting and performance monitoring.
  • Retaining limited transaction records for accounting and business administration purposes.

3.3 Legal Obligation — Article 6(1)(c)

We may process and retain certain personal data where it is necessary to comply with a legal obligation, including tax record-keeping requirements and responding to lawful requests from authorities.

4. Third-Party Data Sharing

We share your personal data with the following categories of third parties, only to the extent necessary to provide the Service and operate our business:

4.1 Stripe, Inc.

Our payment processor. When you make a purchase, your payment card details are submitted directly to Stripe for payment processing. Stripe acts as an independent data controller for the payment data it collects. Stripe's privacy policy is available at stripe.com/privacy. Stripe is certified under the PCI DSS and maintains robust security measures.

4.2 Driver and Vehicle Licensing Agency (DVLA)

A UK government executive agency. We submit VRNs to DVLA systems to retrieve vehicle registration data, tax status, and related information. The DVLA is a UK government body and processes data in accordance with its own policies and UK law.

4.3 Driver and Vehicle Standards Agency (DVSA)

A UK government executive agency. We query DVSA systems to retrieve MOT test history data, including test results, advisories, failure reasons, and recorded mileage. The DVSA is a UK government body and processes data in accordance with its own policies and UK law.

4.4 UK Vehicle Data (UKVD)

An authorised third-party vehicle data provider. We submit VRNs to UKVD's API to retrieve supplementary vehicle data, including enhanced vehicle specifications, finance checks, and write-off data (depending on the Report tier purchased). UKVD acts as a data processor on our behalf for these queries.

4.5 Email Service Provider

We use a third-party email service provider to deliver Report emails and transactional communications to you. Your email address and Report data are shared with this provider solely for the purpose of email delivery. Our email provider acts as a data processor on our behalf under a data processing agreement.

We do not sell, rent, or trade your personal data to any third parties for marketing purposes. We will never share your personal data with third parties for their own independent marketing purposes.

5. International Data Transfers

eSolutions 88, LLC is a US-based company. As a result, personal data we collect may be transferred to, stored in, and processed in the United States, which the UK has not recognised as providing an adequate level of data protection under UK GDPR.

To ensure that your personal data receives an adequate level of protection when transferred outside the UK, we rely on the following safeguards:

  • Standard Contractual Clauses (SCCs): Where personal data is transferred from the UK to the US (or to any other country without an adequacy decision), we use the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, as approved by the UK Information Commissioner's Office (ICO), to provide appropriate safeguards for the transfer of personal data.
  • Supplementary Measures: In addition to the Standard Contractual Clauses, we implement appropriate technical and organisational measures, including encryption of data in transit (TLS) and at rest, access controls, and regular security assessments, to further protect personal data transferred internationally.

You may request a copy of the safeguards we have in place by contacting us at [email protected].

6. Data Retention

We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law. Our specific retention periods are:

Data Category Retention Period Reason
Order records (email, VRN, transaction reference, amount) 7 years from date of purchase Required for tax and accounting compliance under applicable tax laws
Generated Reports (viewable online) 30 days from date of purchase To provide you with reasonable access to your purchased Report
Server access logs (IP, user agent) 90 days Security monitoring and technical troubleshooting
Support correspondence 2 years from last communication To provide ongoing customer support and resolve disputes

After the applicable retention period expires, personal data is securely deleted or anonymised so that it can no longer be associated with you.

7. Your Rights Under UK GDPR

Under the UK GDPR, you have the following rights in relation to your personal data. These rights are not absolute and may be subject to certain exemptions or limitations:

7.1 Right of Access (Article 15)

You have the right to request a copy of the personal data we hold about you, along with information about how we process it. We will respond to your request within one month.

7.2 Right to Rectification (Article 16)

You have the right to request that we correct any inaccurate personal data we hold about you, or complete any incomplete personal data.

7.3 Right to Erasure (Article 17)

You have the right to request that we delete your personal data in certain circumstances, for example where it is no longer necessary for the purpose for which it was collected. Please note that we may be required to retain certain data for legal or accounting obligations (for example, order records retained for 7 years for tax purposes), even after you request deletion.

7.4 Right to Restriction of Processing (Article 18)

You have the right to request that we restrict the processing of your personal data in certain circumstances, for example while we verify the accuracy of data you have contested.

7.5 Right to Data Portability (Article 20)

Where processing is based on consent or contract performance and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format (such as JSON or CSV), and to transmit that data to another controller.

7.6 Right to Object (Article 21)

You have the right to object to processing of your personal data where we rely on legitimate interests as the lawful basis, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms.

7.7 Exercising Your Rights

To exercise any of the above rights, please contact us at [email protected]. We may need to verify your identity before processing your request. We will respond to all legitimate requests within one calendar month. In exceptional circumstances, we may extend this period by up to two additional months, but we will inform you of any extension and the reasons for it.

7.8 Right to Complain to the Supervisory Authority

If you are unhappy with how we have handled your personal data or responded to your requests, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent supervisory authority for data protection:

  • Website: ico.org.uk
  • Telephone: 0303 123 1113
  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom

We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first at [email protected].

8. Cookies & Similar Technologies

Our Website uses cookies and similar technologies to ensure the Website functions correctly, to enhance your experience, and to help us understand how the Website is used.

Cookies are small text files placed on your device by your web browser when you visit a website. They are widely used to make websites work more efficiently and to provide information to website operators.

We use the following types of cookies:

  • Strictly Necessary Cookies: These are essential for the Website to function and cannot be disabled. They include session cookies, CSRF protection tokens, and cookies required for the payment process.
  • Functional Cookies: These remember your preferences and choices (such as your selected Report tier) to provide a more personalised experience.
  • Analytics Cookies: These help us understand how visitors interact with the Website by collecting information about pages visited, time spent, and any errors encountered. This data is aggregated and anonymised.

For full details about the specific cookies we use, their purposes, and how to manage your cookie preferences, please see our Cookie Policy.

9. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

We aim to respond to all privacy-related enquiries within 5 business days and to all formal data subject requests within the statutory one-month period.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page.
  • Where appropriate, notify you by email or via a prominent notice on the Website.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data. Your continued use of the Service after changes to this Privacy Policy constitutes your acknowledgement of the updated policy.