Data Privacy Notice

Purbrook Software Solutions Ltd t/a KADOE Finder

Last updated: 20 April 2026

Who We Are

Purbrook Software Solutions Limited (“we”, “us” or “our”) is committed to protecting your privacy and ensuring you have a positive experience on our website and when using any of our services. We are the controller of your personal data.

This privacy notice tells you what to expect us to do with your personal information. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our services, including our website.

This policy has been produced in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Contact Details

Post

147 Pavilion Road, Worthing, West Sussex, BN14 7EG

Telephone

03330 150565

Registrations

Company No. 14996555

ICO No. ZC009049

We are the data controller for the data we collect. We are also a data processor when acting as a DVLA link provider for our clients.

What Data We Collect

  • Names and contact details
  • Job title
  • Client account information
  • Account information, including registration details
  • Account access information
  • Information relating to compliments or complaints
  • Records of meetings and decisions
  • Transaction data (payments and purchases)
  • Information used for security purposes
  • Marketing preferences
  • Relevant information from previous investigations
  • Vehicle information
  • Technical data (browser, operating systems)
  • Website user information
  • IP addresses
  • Usage data (how you interact with our services)

In addition to our role as a data controller, we act as a data processor for our clients. They, as the data controller, remain responsible for the lawfulness of their operation.

Why We Use Your Data

  • To provide and improve products and services for clients
  • For the operation of client or customer accounts
  • To comply with legal requirements
  • To comply with DVLA requirements and regulatory obligations
  • To protect client welfare
  • For dealing with queries, complaints and providing technical support
  • For information updates or marketing purposes

Lawful Bases

We process data for one or more of the following lawful bases under Article 6 of the UK GDPR:

Consent
We have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. You have the right to withdraw your consent at any time.
Contract
We have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
Legal obligation
We have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
Legitimate interests
We're collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability.

Data Sharing

We do not sell or rent your data to third parties. We may share data with the following recipients for operational and legal purposes:

  • DVLA: We submit queries to the DVLA and receive keeper data in return, as part of the KADOE scheme.
  • Stripe: Payment information necessary to process payments for credits. Stripe is a PCI-DSS compliant payment processor.
  • Hosting providers: Server and cloud infrastructure providers who host our systems (data processors with appropriate contracts).
  • Law enforcement: Only when required by law, court order, or to prevent serious harm.

All data processors work under Data Processing Agreements (DPAs) that ensure they meet UK GDPR standards.

Data Retention

  • Account data: For the duration of your account, plus 6 years (for tax and legal record purposes).
  • DVLA keeper data: Only for the minimum time necessary to deliver results to the client (typically seconds to minutes).
  • Service logs: Up to 24 months for audit and debugging purposes.
  • Payment records: 6 years (required by tax and accounting regulations).

When data is no longer needed, we securely delete or anonymise it.

Data Security

We implement appropriate technical and organisational security measures to protect your data against unauthorised access, alteration, disclosure, or destruction. These include:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication with hashed passwords
  • Limited access controls (only authorised staff can access customer data)
  • Regular security audits and vulnerability testing
  • Secure infrastructure hosted on reputable cloud providers
  • Incident response procedures for data breaches

However, no system is completely secure. If you believe your data has been compromised, please contact us immediately.

Your Data Protection Rights

Under the UK GDPR and Data Protection Act 2018, you have the following rights:

  • Right of Access: request a copy of your personal data we hold.
  • Right to Rectification: request that we correct inaccurate data.
  • Right to Erasure: request deletion of your data (subject to legal retention requirements).
  • Right to Restrict Processing: request that we limit how we use your data.
  • Right to Data Portability: request your data in a portable format.
  • Right to Object: object to processing for certain purposes.
  • Right to Withdraw Consent: if we rely on your consent, you can withdraw it at any time.
  • Right to Complain: lodge a complaint with the Information Commissioner’s Office (ICO).

To exercise any of these rights, please contact us using the details above.

Cookies and Analytics

Our website uses cookies to improve user experience. We use:

  • Essential cookies: required for website functionality (login, security).
  • Analytics cookies: to understand how visitors use our website (e.g. Google Analytics).

You can control cookies through your browser settings. However, disabling essential cookies may affect website functionality.

International Data Transfers

Your data is primarily stored and processed within the UK and the EEA. If we need to transfer data outside the UK/EEA, we will:

  • Use Standard Contractual Clauses (SCCs) as approved by regulators
  • Ensure the recipient country has an adequacy decision from the UK government
  • Implement additional technical safeguards

Children’s Data

Our services are not directed at, nor intended for, individuals under 18 years of age. We do not knowingly collect data from children. If we become aware that we have collected data from a child, we will delete it immediately.

Changes to This Privacy Notice

We may update this privacy policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by email or by posting a notice on our website. Your continued use of the service constitutes acceptance of the updated policy.

How to Complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice. If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

Information Commissioner’s Office

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Helpline: 0303 123 1113

Website: ico.org.uk/make-a-complaint