This Privacy Policy explains how We’ve Got The Key Limited (“we”, “us”, or “our”) collects, uses, and protects your personal data when you use our website and related services.
We are committed to safeguarding your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We’ve Got The Key Limited
Norfolk Tower, 48-52 Surrey Street, Norwich, NR1 3PA
Email: enquiries@wgtk.co.uk
Telephone: 03033 300540
We are the data controller responsible for your personal data.
When you interact with our website (for example, filling in forms, requesting a quote, submitting a claim, or making a payment), we may collect:
Your name and contact details (email address, phone number, address),
Vehicle information (e.g. registration number, make, model),
Payment details (processed securely via Stripe — we never store full card details),
OTP verification data,
Any information you include in messages or correspondence.
When you visit our website, we may collect:
Your IP address and device type,
Browser information,
Pages visited and time spent on the site,
Cookie and analytics data.
We may receive limited data from third-party services, including:
Stripe (for payment status and verification),
Handl (for claim and policy updates),
Google (for analytics or embedded map services).
We use your personal data to:
Provide and manage your requested services or claims,
Verify your identity and process secure OTP or SMS verification,
Process and confirm secure online payments through Stripe,
Communicate with you about your enquiry, claim, or payment,
Maintain business and regulatory records,
Improve our website and user experience,
Comply with legal obligations.
We process personal data under the following lawful bases:
Contractual necessity: to perform or prepare a contract (e.g. fulfilling a claim or payment).
Consent: where you have given consent (e.g. for marketing or analytics).
Legal obligation: to meet regulatory or accounting requirements.
Legitimate interests: for site optimisation, fraud prevention, and internal administration.
We take appropriate security measures to protect your data from unauthorised access, disclosure, or loss.
Sensitive information such as payment data is encrypted and handled exclusively through secure, PCI-compliant providers (e.g. Stripe).
Access to your data is limited to authorised personnel only.
We only share your data when necessary for service delivery, including:
Stripe – to process secure payments,
Handl – to log and manage claims and payment confirmations,
Google – for analytics or map functionality,
Hosting and IT providers – for website performance and uptime.
We do not sell, rent, or trade your data with third parties.
We keep personal data only as long as necessary to fulfil the purpose it was collected for or as required by law.
Typical retention periods:
Claims and payment records: up to 7 years (for accounting and audit purposes).
General enquiries: up to 12 months.
Analytics data: retained according to your cookie consent preferences.
You have the following rights regarding your personal data:
Access your personal information,
Request correction or deletion,
Withdraw consent (for example, from marketing emails),
Object to or restrict processing,
Request data portability.
To exercise your rights, please contact us at enquiries@wgtk.co.uk.
If you are unhappy with how your data is handled, you can lodge a complaint with the Information Commissioner’s Office (ICO):
Some of our trusted service providers (e.g. Stripe, Google) may store or process data outside the UK.
Where this occurs, we ensure appropriate safeguards, such as Standard Contractual Clauses (SCCs), are in place to protect your data.
We may update this Privacy Policy to reflect changes in our operations or legal obligations.
Please review this page periodically for the latest version.
Last updated: 14 October 2025
