GDPR Compliance
Last updated: January 2026
Our Commitment to GDPR
MotorWorks is committed to helping you comply with the General Data Protection Regulation (GDPR). As an Irish company, we understand the importance of data protection and have built our platform with privacy in mind.
Your Role and Ours
You are the Data Controller — You determine why and how personal data is processed. You're responsible for ensuring you have a lawful basis for processing your customers' data.
We are the Data Processor — We process data on your behalf according to your instructions. We implement technical and organisational measures to protect that data.
How We Help You Comply
Data Minimisation
MotorWorks only collects the data necessary for garage operations. We don't require unnecessary personal information.
Data Export (Portability)
Export customer data in standard formats (CSV) to fulfil data portability requests from your customers.
Data Deletion
Delete individual customer records to fulfil "right to erasure" requests. Note: Some data may need to be retained for legal/accounting purposes.
Data Access
Generate reports showing all data held about a specific customer to fulfil subject access requests.
Security
We implement appropriate security measures including encryption, access controls, and regular security assessments.
Data Location
All MotorWorks data is stored within the European Union (Ireland, EU-West-1 region). We do not transfer data outside the EEA without appropriate safeguards.
Sub-Processors
We use the following sub-processors to provide our service:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database hosting | EU (Ireland) |
| Vercel | Application hosting | EU |
| Emailit | Transactional email | EU |
Data Processing Agreement
We provide a Data Processing Agreement (DPA) to all customers on request. This agreement sets out our obligations as a data processor and your rights as a data controller.
To request a DPA, please contact privacy@motorworks.ie.
Your Obligations
As a garage using MotorWorks, you should:
- Have a lawful basis for processing customer data (typically "legitimate interests" for service records)
- Display a privacy notice informing customers how their data is used
- Respond to data subject requests within one month
- Report data breaches to the DPC within 72 hours (if applicable)
- Keep records of processing activities
Breach Notification
In the event of a data breach affecting your data, we will notify you without undue delay and within 72 hours of becoming aware of the breach, providing all information necessary for you to fulfil your own reporting obligations.
Contact Our DPO
For any questions about GDPR or data protection, please contact:
