Data Processing Addendum
Last updated July 2026. This addendum forms part of the agreement between the garage ("Controller") and MangyByte Ltd ("Processor") for the GarageByte service.
Roles
When a garage uses GarageByte to process its own customers' personal data, the garage is the data controller and MangyByte Ltd is the data processor. We process that personal data only on the garage's documented instructions, being the provision of the service.
Nature & purpose of processing
Storing and processing garage-customer records, vehicles, bookings, health checks, invoices and communications for the purpose of operating the garage's booking and management workflow.
Categories of data & data subjects
Data subjects are the garage's customers and staff. Data includes contact details, vehicle details, booking and service history, and related communications. We ask garages not to store special-category data in the system.
Our commitments
We keep personal data confidential, apply appropriate technical and organisational security (including per-garage database isolation, access controls, encryption in transit and nightly backups), and require our sub-processors to do the same. We assist the garage with data-subject requests, breach notification and, where relevant, data-protection impact assessments.
Sub-processors
We use vetted sub-processors for hosting, email delivery, payment processing and anti-spam. We remain responsible for their performance and will inform garages of material changes.
International transfers
Personal data is hosted in the UK/EU. Any transfer outside that area is made under an appropriate safeguard recognised by UK/EU data-protection law.
Return & deletion
On termination the garage can export its data. We then delete the garage's personal data after a limited retention window, unless retention is required by law.