Jensen Race Team Limited (Company No. 16959270)
Effective Date: 23 March 2026
Jensen Race Team Limited (Company No. 16959270), registered at 30 Clark Walk, Ettington, United Kingdom, CV37 7SE, ("the Company") is committed to the rigorous safeguarding of privacy and personal data. This statutory Privacy Policy delineates the precise methodologies by which the Company collects, processes, stores, and protects personal data in absolute compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA), the Privacy and Electronic Communications Regulations (PECR), and the newly enacted Data (Use and Access) Act 2025 (DUAA).
The Company collects and processes personal information—expressly limited to identity data, billing and shipping addresses, vehicle specifications, encrypted payment credentials, and technical usage metadata—to fulfil commercial obligations.
Pursuant to the legislative frameworks established by the DUAA 2025, the Company strictly relies upon the following lawful bases for data processing:
Processing is strictly necessary for the execution of sales contracts, the management of logistics, and the facilitation of returns procedures.
Processing is conducted for the purposes of cryptographic fraud prevention, intra-group corporate administration, and the direct marketing of closely associated automotive products. The Company has executed formal Legitimate Interests Assessments (LIAs) to definitively ensure that the fundamental rights of the Data Subject are not overridden by these commercial interests.
Under the provisions of the DUAA 2025, the Company reserves the right to disclose specific data points without conducting a balancing test only when strictly mandated by law for the prevention of crime, national security safeguarding, or in response to catastrophic public emergencies.
Affirmative opt-in consent (e.g., actively ticking a newsletter subscription box) is strictly required for the deployment of non-essential tracking cookies and the transmission of third-party marketing communications. All marketing communications will include a clear mechanism to unsubscribe.
In strict accordance with the modernized PECR guidelines introduced by the DUAA 2025, the Company utilizes digital storage and access technologies under the following classifications:
Cookies essential for core website functionality, such as maintaining cryptographic session states and securing the e-commerce checkout architecture. These technologies are deployed without requiring user consent.
Cookies utilized exclusively to aggregate statistical data for the purpose of identifying technical faults and optimizing the digital user experience. Under the DUAA 2025 statutory exemption, these technologies do not require prior consent, provided the data is not utilized for cross-device tracking or behavioral advertising profiling. The Data Subject retains the absolute right to object to this processing via the Cookie Preferences portal.
Technologies utilized solely to retain customized user interface preferences, such as localization or visual themes. These are legally exempt from consent requirements.
Cookies designed to deliver targeted advertisements are deployed solely upon the receipt of explicit, uncoerced opt-in consent from the Data Subject.
The Data Subject possesses fundamental statutory rights to access, rectify, restrict, or erase their personal data. Upon the submission of a Data Subject Access Request (DSAR), the Company is legally obligated to execute a reasonable and proportionate search to surface the requested data. In accordance with the DUAA 2025, should the Company require further contextual information to define the scope of the request or verify the requester's identity, the statutory response deadline shall be paused ("stop the clock") until the required information is provided to the Data Protection Officer.
If a Data Subject asserts that their personal data has been processed in a manner that infringes the provisions of the UK GDPR or the DPA, they possess a statutory right to lodge a formal complaint directly with the Company.
Formal complaints may be submitted via the designated email address provided on our website's Contact page or via physical post to the registered corporate office.
The Company is legally bound to issue a formal written acknowledgment of the complaint within 30 days of documented receipt.
The Company shall execute a thorough investigation without undue delay. The formalized outcome shall be communicated in accessible language, typically within a three-month timeframe unless exceptional complexity applies.
Should the Data Subject remain dissatisfied with the internal resolution, they retain the absolute right to escalate the grievance to the national data protection regulator, the Information Commissioner's Office (ICO).
The Company retains personal data only for as long as is strictly necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or statutory reporting requirements. In compliance with HM Revenue & Customs (HMRC) regulations, order and transaction data (including billing details) are securely retained for a mandatory period of seven (7) years. Marketing data and non-essential communications are routinely purged 24 months after the Data Subject's last active engagement with the Company.
To successfully fulfill commercial contracts, the Company is required to share strictly necessary data points with carefully vetted third-party processors. This is expressly limited to:
Delivery addresses and contact numbers shared with couriers solely for the purpose of dispatching goods.
Encrypted financial metadata processed securely by our designated merchant acquirer to facilitate e-commerce transactions.
The Company does not sell, rent, or commercialize personal data to external third parties under any circumstances.
The Company operates exclusively within the United Kingdom. All personal data collected is hosted, processed, and secured on servers located within the UK, ensuring absolute protection under the UK GDPR.
If you have any questions about this Privacy Policy or wish to submit a Data Subject Access Request, please contact us at:
Jensen Race Team Limited
30 Clark Walk
Ettington
United Kingdom, CV37 7SE
Email: support@jensenraceteam.co.uk