Summer price drops

£200 to £1500 off

Subject to status. T&Cs apply. Ends 31st Dec 25.

Privacy Policy

Introduction

At Carsa Ltd, we take your privacy seriously and will only use your personal information to administer your account and to provide products and services you have requested from us. We will never sell your data on to third parties.

We are required to inform you of the lawful basis under which we process your personal data. This Privacy Policy describes how we will use your personal information and how you can exercise your rights with respect to your personal information.

Your personal information is processed in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (as amended by the Data (Use and Access) Act 2025) and the Privacy and Electronic Communications Regulations (PECR) (together, the “Data Protection Legislation”), and other applicable law and regulation.

Who are Carsa?

Carsa consists of Carsa Limited. We are a privately owned used car dealer group.

Data Controller

For the purposes of Data Protection legislation, Carsa is the data controller of your personal information that we collect and process as explained within this Privacy Policy. We are registered with the Information Commissioner’s Office under registration number ZA786465.

Information we may collect

Information we may collect about you includes your name, date of birth, address, contact details (including email and phone numbers), vehicle details, purchase history, bank details, existing finance documentation and data collected as part of any new finance application or payment. This information is referred to as personal information.

Several different methods by which we may collect your personal information include:

  • Information collected through forms completed both in our dealerships or on our website.
  • A copy of your driving licence when you test drive one of our vehicles.
  • When you enquire or purchase goods/services we collect personal information to respond to your enquiry and process your purchase.
  • When you sell a vehicle we will collect details about your vehicle including the registration, mileage, service history as well as your bank details so we can pay you upon completion.
  • Information of transactions you have processed with us including services and purchases of vehicles and other goods.
  • CCTV footage of yourself on our premises.
  • Information contained in and records of communication between us including emails, text messages, WhatsApp messages, letters and recorded phone calls. Our phone calls are recorded for training, quality and regulatory purposes, and call recordings are held on our behalf by a third-party processor.
  • Records of your visits to our website, including, but not limited to, traffic data, location data, IP address and the resources that you access.
  • Your marketing preferences.
  • We also gather information to enable third parties to carry out credit reference checks on you (if you are purchasing a vehicle on finance), and to carry out identity and anti-money-laundering verification through a third-party verification provider, and we will have and process information about the result of those checks to complete your purchase.
  • We will collect information relevant to the additional products that we sell, that are provided by third parties.

Where we collect your information from other sources. We may also receive information about you from third parties, including credit reference and fraud-prevention agencies, the DVLA, finance intermediaries and lead providers, and publicly available or aggregated sources.

Processing Personal Information

We use your personal information in relation to our business activities. In particular, we may use your personal information in the following ways (the lawful basis for each is shown in brackets):

  • To respond to your query regarding the possible purchase of goods or services (legitimate interests / steps prior to a contract).
  • To carry out our obligations arising from any contract between you and us (performance of a contract).
  • To manage and administer the relationship between you and us (performance of a contract / legitimate interests).
  • To obtain feedback from you regarding us (legitimate interests).
  • To provide you with service and MOT reminders (legitimate interests).
  • To provide you with information about vehicles, services, promotions and offers that may be of interest to you (consent, or legitimate interests / soft opt-in where applicable).

Our lawful basis for processing personal data

At Carsa we may lawfully process your personal data under the following bases:

  • Consent – where you have given us a freely given, informed and specific choice to process your data (for example, certain marketing).
  • Contract – where processing is necessary to perform a contract with you, or to take steps at your request before entering into one.
  • Legitimate interests – where processing is necessary for our or a third party’s legitimate interests and is not overridden by your rights. Our legitimate interests include: preventing and detecting fraud; direct marketing; maintaining the security of our systems; data analytics; improving our products and services; and identifying usage trends and the effectiveness of our advertising. We carry out a balancing assessment before relying on this basis.

You can opt out of marketing at any point by contacting us at https://go.carsa.co.uk/cc or by emailing our Data Protection contact with the subject line “Marketing Opt-Out”.

Artificial intelligence and automated processing

We use software tools, including artificial intelligence (AI), to help us respond to enquiries quickly, consistently and accurately, for example, drafting and handling messages and calls across email, web chat, SMS, WhatsApp and telephone. Where these tools process your personal information, that processing is carried out by trusted third-party providers acting under contract on our behalf, who are not permitted to use your information for their own purposes or to train their own models. We do not sell your data and we do not use the public version of ChatGPT.

We do not make decisions producing legal or similarly significant effects about you based solely on automated processing. Where automated tools support such decisions, a member of our team reviews the outcome, and you can ask us to explain it, express your point of view, and contest it.

Our AI and communications providers currently include Anthropic, OpenAI, Vapi and Bland AI. Some of these providers may process your personal information outside the UK; please see “International transfers” below.

Sharing Personal Data

We may disclose your personal information to third parties in connection with our business activities, including in the following circumstances:

  • To third parties that provide services to us such as marketing activities.
  • To external organisations for the purposes of detecting and preventing fraud and criminal activities.
  • To third party finance companies for the purposes of them providing you with finance. These organisations may carry out credit checks and may disclose your data to credit reference agencies for that purpose. Once a finance company, insurer or vehicle manufacturer receives your information to provide a product to you, it becomes a data controller in its own right and will use your information in accordance with its own privacy policy, which we recommend you read.
  • To our fitting and installation partners for the purpose of arranging vehicle fitting appointments. This ensures timely and efficient processing of your orders and eliminates the need for additional customer communication for these arrangements.
  • To third party providers of insurance products if you take up the option of purchasing one of those products.
  • To advertising and social media platforms (such as Google and Meta) to help us market our services and to reach others with a similar profile. This may involve sharing a hashed identifier such as your email address so the platform can match you as one of our customers.
  • In a business sale or reorganisation, if we sell or transfer all or part of our business, your personal information may be disclosed to the prospective or actual buyer and their advisers.
  • We may pass your personal information to third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply the terms of any agreements we have with or otherwise concerning you, or to protect our rights, property or safety or those of our customers, employees or other third parties.
  • We may share your personal data with regulators and law enforcement, including the police, the Financial Conduct Authority, the Financial Ombudsman Service or any other relevant authority, where necessary to comply with our legal and regulatory obligations.
  • We may contact you as advised by our suppliers to ensure the ongoing safety and care of your vehicle and any policies are maintained, and the replacement of your vehicle and car care related products.

We will register your vehicle keeper details and will cross-check your data with DVLA to ensure accurate and timely communications can be made.

International transfers

Where legal requirements have been complied with, we may transfer personal data that we collect from you to locations outside of the European Economic Area (EEA) for processing and storing, including by our service providers. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. By submitting your personal data, you consent to this transfer, storing or processing.

Your Rights

Under the Data Protection Legislation, you have several rights in respect of your personal information. These are the rights to:

  • Request copies of your data (a subject access request).
  • Rectification of your data.
  • Erasure of your data.
  • Object to, or restrict, the processing of your data.
  • Data portability - to receive the personal data you provided to us, where processing is based on consent or a contract and carried out by automated means, in a structured, commonly used, machine-readable format.

To make a request, contact our Data Protection contact (details below). We will respond within one month, which may be extended for complex requests. Except as required by law, we will not use or disclose your personal information for any purpose for which you have not given us your consent or have requested to no longer be communicated to on a legitimate interest basis.

How to complain

If you have a concern about how we handle your personal information, please raise it with us first via https://go.carsa.co.uk/cc or by emailing our Data Protection contact. Our wider complaints procedure is at carsa.co.uk/terms/complaints.

You also have the right to complain to the Information Commissioner’s Office at any time, at https://ico.org.uk/make-a-complaint, although we would welcome the chance to resolve your concern first.

Marketing communications

Where you have agreed, or where the law allows on a ‘soft opt-in’ basis for similar products and services, we may send you marketing by email, SMS, WhatsApp and phone. Every marketing message includes a way to opt out, and you can opt out at any time via https://go.carsa.co.uk/cc.

Data Storage

The security of your data is paramount. The duration for which we retain your personal information will differ depending on the type of information and the reason why we collected it from you.

We keep your personal data only for as long as necessary for the purpose for which it was collected, or as required by law or regulation. The length of time we retain data varies depending on its nature, for example, records relating to a vehicle purchase or finance agreement are typically kept for six years to meet our legal and regulatory obligations, while CCTV footage from our premises is routinely deleted after 31 days unless retained in connection with a specific incident or complaint. Where we are required to hold data for a minimum period by the Financial Conduct Authority, HM Revenue & Customs, or other regulators, we will always comply with those requirements. When data is no longer needed, we delete or anonymise it securely. Further details of our retention periods by data category are available on request.

We take steps to ensure any business we work with has security protocols and policies in place to manage and record your data privacy and preferences correctly and that your data is stored securely.

Data Protection contact

Our Data Protection contact is Gary Neve, Email: Gary.Neve@carsa.co.uk.

Address: Carsa Limited, Unit 7 Barton Road, Chickenhall Lane, Eastleigh, Hampshire, England, SO50 6RR.

Last updated: 10 June 2026

Talk to us, anytime.

Our friendly team is just a message or call away.

Whatsapp

Message us on whatsapp, 24/7

+44 20 4632 2989

Phone

Call us for quick support and guidance.

0330 040 1031

Finance eligibility

Takes 30 secs and has no impact on your credit score.

Check finance eligibility

Car valuation

Get a no-obligation valuation on your vehicle.

Instant car valuation
Buy Car
Search carsSearch by modelPart exchangeFinanceCheck finance  eligibilityCar finance calculatorInstant car valuationFind & reserve car
Car care
carsaCarecarsaCovercarsaCoverEvcarsaExtrascarsaProtectMOT & ServiceExtended WarrantyEV Extended WarrantyCeramic Paint ProtectionScratch & Dent CoverAlloy Wheel ProtectionDriveaway Temporary Car InsuranceEV Home Charger
About Carsa
About usCareersCar preparationContact usFAQsBehind the WheelReviews
Social
TikTok
LinkedIn
Legal
Administration Fees
Competitions
Complaints Procedure
Consumer Transactions
Cookie Policy
Initial Disclosure Document
Modern Slavery Statement
Privacy Policy
Terms & Conditions
Terms of Use
Vehicle Purchase
Vehicle Sale
©<year> Carsa. Company number: 12805624 • VAT Number: GB356789439
Financial Disclosure

Carsa Ltd is authorised and regulated by the Financial Conduct Authority, FCA Registered Number (FRN) 935130. Carsa Ltd is a Credit Broker not a Lender. It is our intention to provide a high level of service at all times. However if you have reason to make a complaint about our service please raise this here: https://go.carsa.co.uk/cc. If we are unable to resolve your complaint satisfactorily, you may be entitled to refer the matter to the Financial Ombudsman Service (FOS). Further information is available by calling the FOS on 0845 080 1800 or visit https://www.financial-ombudsman.org.uk. You can check on the FCA's Register by visiting the FCA website www.fca.org.uk/register or by contacting the FCA on 0800 111 6768. Lenders typically pay a fixed commission to us for introducing you to them, calculated by reference to the vehicle model, product or amount you borrow. Different lenders may pay different commissions for such introductions. However, any such amounts lenders pay us will not affect the amount of interest or monthly payments you pay under your finance agreement, all of which are set by the lender concerned.

By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

PreferencesRejectAccept
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.