Privacy Policy

1. Who We Are (Data Controller)

1.1 PC Repair Services is the data controller responsible for the personal data we collect about you.

1.2 Our contact details are:

• Business name: PC Repair Services
• Address: 140 Parkhead Drive, Edinburgh, EH11 4RX, United Kingdom
• Email: support@pc-repair.services
• Phone: +44 73 8474 0784

1.3 We are not currently required to register with the Information Commissioner's Office (ICO) under the Data Protection (Charges and Information) Regulations 2018; if our processing activities change to require registration, we will update this policy.

2. What Personal Data We Collect

2.1 Information you provide directly to us (when booking a repair, filling out a contact form, requesting a quote, or contacting us):

• Full name
• Email address
• Phone number
• Postal address (for on-site visits or device collection)
• Device details (make, model, serial number, fault description)
• Any other information you choose to share with us

2.2 Information collected automatically when you visit our website:

• IP address (anonymised by Google Analytics)
• Browser type, device type, and operating system
• Pages visited, time spent on pages, and referring website
• Cookies and similar tracking technologies (see our Cookie Policy)

2.3 Information from your device during repair (if and only if necessary for diagnosis or repair):

• System logs and error reports
• Hardware specifications
• Network configuration

2.4 We do not intentionally access, copy, or browse your personal files (documents, photos, emails, browser history) unless you have specifically requested a data recovery or data transfer service.

2.5 We do not collect special category data (race, religion, health, biometric, etc.) unless you voluntarily disclose it in correspondence, in which case we will not retain it beyond what is necessary to respond.

3. Why We Collect Your Data (Lawful Basis)

3.1 Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:

3.2 Contract (Article 6(1)(b))

To provide the repair, diagnostic, or technical service you have booked with us. Without this data, we cannot fulfil our service to you. This includes:

• Communicating about your booking, repair status, and collection
• Issuing invoices and processing payments
• Providing warranty support and after-care

3.3 Legitimate Interests (Article 6(1)(f))

To run our business in a fair and effective way, including:

• Improving our website and services through anonymised analytics
• Preventing fraud and securing our systems
• Sending occasional service-related updates to existing customers (you may opt out at any time)
• Responding to enquiries and quote requests

We have assessed these legitimate interests and concluded they do not override your rights and freedoms.

3.4 Legal Obligation (Article 6(1)(c))

To comply with UK law, including:

• Retaining invoice and accounting records for 6 years (HMRC requirement)
• Responding to lawful requests from regulators, courts, or law enforcement

3.5 Consent (Article 6(1)(a))

For non-essential cookies, marketing emails, and any optional communications. You can withdraw consent at any time without affecting the lawfulness of prior processing.

4. How We Use Your Data

4.1 We use your personal data only for the purposes for which it was collected, including:

• Booking, scheduling, and providing repair services
• Communicating with you about your repair (status updates, completion notices, warranty queries)
• Processing payments and issuing invoices
• Responding to enquiries, quote requests, and complaints
• Improving our website and services through anonymised, aggregated analytics
• Complying with legal, tax, and regulatory obligations
• Where you have opted in, sending occasional service-related emails (you can unsubscribe at any time)

4.2 We do not sell, rent, or trade your personal data to any third party for marketing or any other purpose.

4.3 We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects on you.

5. Who We Share Your Data With

5.1 We share personal data only with trusted third parties strictly necessary to operate our business. Each is contractually bound to protect your data and use it only for the agreed purpose.

5.2 Categories of recipient include:

• Hosting and infrastructure providers — Cloudflare (UK/EU/US data centres) for website hosting and security
• Email and communication providers — our email host for sending and receiving correspondence
• Analytics providers — Google Analytics (with IP anonymisation) for understanding website usage
• Payment processors — only when you make a card payment; we do not store card details ourselves
• Parts suppliers — only when ordering specific replacement parts for your repair (e.g., make/model required to source the correct part)
• Accountants and tax advisors — for legal accounting and tax compliance
• Legal and regulatory authorities — only when legally required (e.g., HMRC, courts, police on lawful request)

5.3 We do not transfer your data outside the UK or European Economic Area (EEA) except where necessary to use the providers above (e.g., Google Analytics, Cloudflare). In all such cases, we rely on appropriate safeguards including UK adequacy decisions, EU Standard Contractual Clauses, or the UK International Data Transfer Agreement.

6. How Long We Keep Your Data

6.1 We retain personal data only for as long as necessary for the purpose it was collected, and to comply with legal obligations.

6.2 Specific retention periods:

• Booking and customer contact details: 3 years from last interaction (for warranty and service continuity)
• Invoices, payment records, and accounting data: 6 years (HMRC requirement under the Companies Act 2006 / VAT law)
• Email correspondence: 3 years from last interaction
• Diagnostic logs and repair notes: 12 months after device collection
• Recovered or transferred customer data (where data recovery service was purchased): securely deleted within 7 working days of collection (per our Terms & Conditions, clause 3.6)
• Website analytics data: Google Analytics retains anonymised data for 14 months by default
• Marketing consent records: until consent is withdrawn, plus 3 years for compliance evidence
• CCTV (if applicable at our premises): 30 days then automatically overwritten

6.3 After retention periods expire, data is securely deleted or fully anonymised so it can no longer identify you.

7. How We Protect Your Data

7.1 We take appropriate technical and organisational measures to protect your personal data, including:

• HTTPS/TLS encryption on all website traffic
• Encrypted storage of customer records
• Strict access controls — only authorised staff can access customer data
• Secure disposal of hardware containing customer data (DBAN/secure-erase or physical destruction)
• Strong, unique passwords and multi-factor authentication on all business accounts
• Regular software updates and security patches
• Confidentiality obligations binding all staff

7.2 While we use industry-standard safeguards, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but will notify you and the ICO of any data breach affecting your rights and freedoms within 72 hours, in line with UK GDPR Article 33.

8. Your Rights Under UK GDPR

8.1 You have the following rights regarding your personal data. To exercise any of these rights, contact us at support@pc-repair.services. We will respond within 1 calendar month (extendable by a further 2 months for complex requests, with notice).

8.2 Right to be Informed

You have the right to know what data we hold and how we use it — this Privacy Policy provides that information.

8.3 Right of Access (Subject Access Request)

You can request a copy of all personal data we hold about you, free of charge. We may ask you to verify your identity before processing the request.

8.4 Right to Rectification

You can ask us to correct inaccurate or incomplete personal data we hold about you.

8.5 Right to Erasure ("Right to be Forgotten")

You can ask us to delete your personal data where:

• It is no longer needed for the purpose collected
• You withdraw consent (where consent was the lawful basis)
• You object and we have no overriding legitimate interest
• The data has been unlawfully processed

We may refuse erasure where retention is required by law (e.g., accounting records).

8.6 Right to Restrict Processing

You can ask us to limit how we use your data while a dispute or accuracy issue is resolved.

8.7 Right to Data Portability

You can request your data in a structured, commonly used, machine-readable format (e.g., CSV, JSON) for transfer to another provider.

8.8 Right to Object

You can object to processing based on legitimate interests, including direct marketing. We will stop processing unless we have compelling legitimate grounds.

8.9 Rights Related to Automated Decision-Making

We do not make automated decisions or profile you. You have the right not to be subject to such decisions.

8.10 Right to Withdraw Consent

Where we rely on consent (e.g., marketing emails, non-essential cookies), you may withdraw it at any time without affecting the lawfulness of prior processing.

9. Cookies & Website Tracking

9.1 Our website uses cookies and similar technologies. Some are strictly necessary for the website to function; others (analytics, marketing) require your consent.

9.2 You can manage your cookie preferences at any time via the cookie banner or your browser settings.

9.3 For full details of every cookie we use, what it does, and how long it lasts, see our Cookie Policy.

10. Marketing Communications

10.1 We will only send marketing or promotional emails if you have explicitly opted in or are an existing customer who has not opted out (under the "soft opt-in" rule of PECR Regulation 22(3)).

10.2 Every marketing email contains a clear unsubscribe link. One click is enough — we will remove you within 5 working days.

10.3 We do not engage in postal marketing, telephone marketing, or SMS marketing without explicit prior consent.

11. Children's Privacy

11.1 Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from children under 13. If a parent or guardian becomes aware that a child has provided us with personal data, please contact us and we will delete it promptly.

12. Third-Party Links

12.1 Our website may contain links to third-party websites (e.g., social media, supplier sites, Google Maps). This Privacy Policy applies only to our website. We are not responsible for the privacy practices of third-party sites and recommend you review their privacy policies.

13. International Data Transfers

13.1 Some of our service providers (e.g., Google Analytics, Cloudflare) may process data outside the UK or EEA. Where this happens, we ensure appropriate safeguards are in place under UK GDPR, including:

• Adequacy decisions (e.g., UK-EU adequacy)
• UK International Data Transfer Agreement (IDTA)
• EU Standard Contractual Clauses with the UK Addendum

13.2 You can request a copy of the safeguards we use by contacting us.

14. Data Breach Notification

14.1 In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, in line with UK GDPR Article 33.

14.2 If the breach is likely to result in a high risk to you, we will also notify you directly without undue delay.

15. Complaints & Supervisory Authority

15.1 If you have a concern about how we handle your personal data, please contact us first at support@pc-repair.services. We will investigate and respond within 14 working days.

15.2 If you are not satisfied with our response, you have the right to lodge a complaint with the UK supervisory authority:

• Information Commissioner's Office (ICO)
• Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
• Helpline: 0303 123 1113
• Website: ico.org.uk

16. Changes to This Policy

16.1 We may update this Privacy Policy from time to time to reflect changes in the law, our services, or our business practices. The "Last updated" date at the top of this page will indicate when the policy was last revised.

16.2 For material changes affecting how we use your data, we will notify you by email (where we have your address) or by a prominent notice on our website at least 14 days before the change takes effect.

16.3 We encourage you to review this policy periodically.

17. How to Contact Us

17.1 For any privacy-related question, request, or complaint, please contact:

• Email: support@pc-repair.services
• Phone: +44 73 8474 0784
• Post: Privacy Enquiry, PC Repair Services, 140 Parkhead Drive, Edinburgh, EH11 4RX

17.2 Please mark your enquiry "Privacy / Data Protection" so we can prioritise it appropriately.