Privacy Policy

OptiTech Automation (sole trader) · Last updated: 9 June 2026

1. Who we are

OptiTech Automation — a UK sole trader (the personal business of Cristian Moise-Putanu) — is the data controller for personal data collected through this platform. OptiTech Automation is a business name, not a registered company; there is no Companies House number or registered office. Our principal place of business is Torquay, Devon, United Kingdom.

We handle all personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

You can reach our privacy team at privacy@optitechautomation.co.uk.

2. Data we collect

When you use our platform we collect the following personal data:

  • Identity data: first name, last name.
  • Contact data: email address, phone number.
  • Location data: postcode (used to confirm service area eligibility).
  • Booking data: service requested, date and time of appointment, booking reference, and any notes you provide.
  • Payment data: payment card details are processed by Stripe and are never stored on our servers. We receive a payment token and transaction reference only.
  • Technical data: IP address, browser type, device type, and cookies (see section 8).

3. Lawful basis for processing

We rely on the following lawful bases under UK GDPR:

  • Contract performance (Article 6(1)(b)): processing your booking, managing deposits and refunds, and communicating with you about your appointment.
  • Legitimate interests (Article 6(1)(f)): fraud prevention, platform security, improving our services, and analytical research. We have assessed that these interests do not override your fundamental rights.
  • Legal obligation (Article 6(1)(c)): retaining financial records to meet our HMRC obligations.

4. Third-party processors

We use the following sub-processors to operate the platform. Each is bound by a Data Processing Agreement:

Supabase

Database and authentication infrastructure. Your personal data is stored in Supabase-managed PostgreSQL databases. Data is held in the EU (West Europe region) by default.

Stripe

Payment processing. Stripe collects and processes payment card data directly under its own privacy policy and PCI-DSS compliance programme. We receive only tokenised payment references.

Resend

Transactional email delivery. Booking confirmation emails, reminders, and notifications are sent via Resend. Your email address and relevant booking details are transmitted to Resend for this purpose only.

5. Data retention

We retain personal data for the following periods:

  • Completed bookings: 7 years from the date of the booking, to comply with HMRC record-keeping requirements under the Taxes Management Act 1970.
  • Cancelled or expired holds: 90 days, then permanently deleted.
  • Pool requests not matched: 30 days after the request expires.
  • Technical logs: 30 days on a rolling basis.

After the relevant retention period, your data is securely and permanently deleted from our systems and those of our sub-processors.

6. Your rights under UK GDPR

Under UK GDPR Articles 15–22, you have the following rights in relation to your personal data:

  • Right of access (Art. 15): request a copy of the data we hold about you.
  • Right to rectification (Art. 16): ask us to correct inaccurate data.
  • Right to erasure (Art. 17): ask us to delete your data (“right to be forgotten”), subject to legal retention obligations.
  • Right to restrict processing (Art. 18): ask us to limit how we use your data in certain circumstances.
  • Right to data portability (Art. 20): receive your data in a structured, machine-readable format.
  • Right to object (Art. 21): object to processing based on legitimate interests.
  • Rights related to automated decision-making (Art. 22): not to be subject to solely automated decisions that significantly affect you.

To exercise any of these rights, contact us at privacy@optitechautomation.co.uk. We will respond within 30 days. There is no charge for exercising your rights.

If you are unsatisfied with our response you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

7. Cookies

We use the following types of cookies:

  • Strictly necessary cookies: required for the platform to function (e.g. session management, security tokens). These cannot be disabled.
  • Analytical cookies: we may use anonymised analytics to understand how the platform is used and improve it. No personally identifiable information is collected for analytical purposes.

We do not use advertising or tracking cookies. You can control cookies through your browser settings.

8. International transfers

Some of our sub-processors operate outside the UK. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the ICO or equivalent adequacy decisions.

9. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the platform at least 14 days before the changes take effect. The “last updated” date at the top of this page shows when the policy was last revised.

10. Contact

OptiTech Automation — Cristian Moise-Putanu (sole trader)
Torquay, Devon, United Kingdom
privacy@optitechautomation.co.uk

Terms of ServiceContact