• info@gmracing.co.uk
  • Northampton, UK
  • UK Manufacturing

Privacy Policy (GMR – Graham Martin Racing)

Last updated: [12 February 2026]

This Privacy Policy explains how GMR – Graham Martin Racing (“we”, “us”, “our”) collects, uses, stores, and shares your personal information when you visit gmracing.co.uk (the “Website”), create an account, contact us, or purchase products from us.

We are committed to protecting your privacy and handling your personal data in an open and transparent manner, in accordance with the UK GDPR and the Data Protection Act 2018.

1) Who we are (Data Controller)

Business name: GMR – Graham Martin Racing
Trading entity: Engine Mapper Ltd t/a GMR – Graham Martin Racing
Email: info@gmracing.co.uk
For data protection purposes, we are the Data Controller of the personal data described in this policy.

2) What personal data we collect

Depending on how you use the Website, we may collect:

A. Information you provide to us

  • Identity & contact data: name, billing/shipping address, email address, telephone number.
  • Account data: username, password (stored in encrypted/hashed form by our website platform), account preferences.
  • Order data: products purchased, order notes, VAT details (where applicable), returns and warranty information.
  • Payment data: we do not store your full card details. Payments are processed by our payment provider (see Section 6).
  • Communications: messages sent via forms, email, phone, or social media; support requests; and any files you upload (e.g., drawings/measurements you send to help us fulfil a custom order).

B. Information we collect automatically

  • Technical data: IP address, browser type/version, device identifiers, time zone, operating system.
  • Usage data: pages viewed, links clicked, time on site, referring pages, basket interactions.
  • Cookie data: identifiers stored in cookies or similar technologies (see our Cookie section below).

C. Information from third parties

  • Shipping status updates from couriers.
  • Fraud checks / payment confirmations from payment processors.
  • Website analytics or advertising platforms.

3) How we use your data (and our lawful bases)

We only use your personal data where the law allows us to. Under UK GDPR, we rely on these lawful bases:

A. To fulfil a contract (Article 6(1)(b))

  • Process and deliver your order, including shipping and returns.
  • Provide order confirmations, dispatch notifications, and customer service.
  • Manage warranties and product support.

B. Legal obligation (Article 6(1)(c))

  • Keep accounting records, invoices, and VAT records.
  • Comply with consumer law obligations and regulatory requirements.

C. Legitimate interests (Article 6(1)(f))

  • Keep our business running safely and efficiently (fraud prevention, site security).
  • Improve our website, products, and customer experience.
  • Respond to enquiries and manage relationships.
  • Administer our systems, backups, and business continuity.
  • Basic analytics to understand how the site is used.

D. Consent (Article 6(1)(a))

  • Send marketing emails/SMS where required by law.
  • Set non-essential cookies (analytics/advertising) where you accept them.

You can withdraw consent at any time (see Section 10).

4) Marketing preferences

If you opt in (or where permitted under the “soft opt-in” rules for existing customers), we may send you product updates, offers, and news.

You can opt out at any time by:

  • clicking unsubscribe in any marketing email, or
  • emailing us at info@gmracing.co.uk

We do not sell your personal data to third parties for marketing.

5) Cookies and similar technologies

We use cookies and similar technologies to make the Website work and to improve performance.

Essential cookies are required for core site functionality (e.g., basket, checkout, security).
Non-essential cookies (e.g., analytics/advertising) will only be set if you consent via our cookie banner (where applicable).

You can control cookies via:

  • our cookie banner, and/or
  • your browser settings.

6) Who we share your data with

We only share personal data where necessary to run the Website, fulfil orders, or comply with law. Typical recipients include:

  • Payment processors (e.g., Stripe/PayPal) to process payments securely.
  • Ecommerce/website platform (e.g., WooCommerce) for site operation.
  • Shipping and logistics providers (e.g., Royal Mail/DHL/DPD) for delivery and tracking.
  • Email providers (e.g., Google Workspace/Mailchimp) to send transactional messages.
  • Analytics providers (e.g., Google Analytics) only if enabled and consented where required.
  • Professional advisers (accountants, insurers, legal advisers) when necessary.
  • Authorities where required for legal compliance or to prevent fraud.

We require service providers to protect your data and only use it for specified purposes.

7) International transfers

Some of our suppliers (for example, payment, hosting, email, or analytics providers) may process data outside the UK.

Where data is transferred internationally, we ensure appropriate safeguards are in place, such as:

  • UK adequacy regulations, or
  • International Data Transfer Agreement (IDTA) / UK Addendum to EU SCCs, or
  • other lawful mechanisms recognised under UK GDPR.

8) Data security

We use appropriate technical and organisational measures designed to protect personal data, including (where applicable):

  • HTTPS encryption on our Website,
  • access controls and authentication for admin systems,
  • reputable payment providers so card data is handled securely,
  • backups and malware protection.

No method of transmission or storage is 100% secure, but we work to protect your information and reduce risk.

9) How long we keep your data

We keep personal data only as long as necessary for the purposes described above, including legal/accounting needs.

Typical retention:

  • Order and invoice records: usually 6 years (UK tax/accounting practice).
  • Customer service and warranty records: for the length of warranty plus a reasonable period.
  • Marketing records: until you opt out or we no longer use those lists.
  • Analytics data: per our platform settings (often 14–26 months).

We may retain data longer where required by law or to establish, exercise, or defend legal claims.

10) Your rights (UK GDPR)

You have rights over your personal data, including:

  • Access (request a copy)
  • Rectification (correct inaccurate data)
  • Erasure (“right to be forgotten”, where applicable)
  • Restriction of processing
  • Data portability (in certain circumstances)
  • Objection (especially to direct marketing or where we rely on legitimate interests)
  • Withdraw consent at any time (where we rely on consent)

To exercise your rights, contact info@gmracing.co.uk.
We may need to verify your identity before responding.

You also have the right to complain to the Information Commissioner’s Office (ICO) (the UK data protection regulator). You can find details on the ICO website.

11) Children’s privacy

Our Website and products are not intended for children, and we do not knowingly collect personal data from children.

12) Third-party links

Our Website may include links to third-party sites (e.g., social media or partner services). We are not responsible for the privacy practices of those sites. Please review their privacy policies directly.

13) Changes to this policy

We may update this policy from time to time. Any changes will be posted on this page with an updated “Last updated” date.

14) Contact us

If you have any questions about this Privacy Policy or how we use your data:

Email: info@gmracing.co.uk