GDPR Information

Last Updated: January 2025

Your Data Rights Under UK GDPR

At PC Fix Express, we are committed to protecting your personal data and complying with the UK General Data Protection Regulation (UK GDPR). This page explains your rights and how we handle your data.

1. Who We Are

Data Controller: PC Fix Express (trading name of Razvan Duda, self-employed)

Contact for Data Matters: privacy@pcfixexpress.co.uk

We are a small business providing computer repair services in the Surrey Hills area. When you use our services, we act as a "data controller" for the personal information you provide to us.

2. Data We Collect

2.1 Personal Information

We collect the following personal data to provide our services:

  • Name and contact details: Phone number, email address, home address
  • Service information: Device details, repair history, service records
  • Payment information: Payment records (we do not store card details)
  • Communications: Emails, text messages, and call records

2.2 Legal Basis for Processing

We process your data based on the following lawful bases under UK GDPR:

  • Contract: Processing is necessary to provide the services you've requested (Article 6(1)(b))
  • Legal obligation: We maintain records for tax and legal requirements (Article 6(1)(c))
  • Legitimate interests: To communicate with you about your service and maintain our business (Article 6(1)(f))

2.3 Special Category Data

We do not intentionally collect "special category data" (such as health information, biometric data, or criminal records). In the unlikely event we encounter such data while repairing your device:

  • We do not record, copy, or store this information
  • We treat all data on your device as confidential
  • We only access what is necessary to complete the repair

3. How We Use Your Data

3.1 Service Delivery

We use your data to:

  • Arrange collection and delivery of your device
  • Diagnose and repair your computer
  • Communicate with you about your repair
  • Process payments and send invoices

3.2 Service Improvement

We may use your data to:

  • Improve our services based on customer needs
  • Track common repair issues to improve diagnostics
  • Analyze service trends for business planning

3.3 We Do Not Sell Your Data

We never sell, rent, or trade your personal information to third parties for marketing purposes.

4. Data Sharing and Disclosures

4.1 Who We Share Data With

We may share your data only in the following circumstances:

  • Service providers: We may use third parties for payment processing or website hosting. These providers process data under our instructions and are bound by confidentiality obligations.
  • Legal requirements: We may disclose data if required by law, court order, or to protect our rights.
  • Business transfer: If our business is sold, your data may be transferred to the new owner.

4.2 Data Transfers Outside UK

  • Your data is processed and stored within the United Kingdom
  • We do not transfer your data outside the UK except as necessary to use cloud-based services that provide appropriate safeguards
  • Any such transfers comply with UK GDPR requirements

5. Data Security

We implement appropriate technical and organisational measures to protect your data:

5.1 Technical Security

  • Secure storage of customer records
  • Strong passwords and access controls
  • Regular security updates for software and systems
  • Secure communication channels

5.2 Physical Security

  • DBS checked technician for your safety
  • Secure storage of devices while in our possession
  • Controlled access to customer data

5.3 Data on Your Device

  • We only access files necessary to diagnose and repair your device
  • We do not copy, share, or view your personal files beyond what is needed
  • We do not retain access to your device after service is complete

5.4 Data Breaches

In the unlikely event of a data breach affecting your personal information:

  • We will notify you within 72 hours of becoming aware (where required by law)
  • We will describe the nature of the breach and the data affected
  • We will explain the steps we're taking to address it
  • We will inform the ICO (Information Commissioner's Office) if required

6. Data Retention

6.1 Retention Periods

We retain your personal data only as long as necessary:

  • Customer contact details: Kept while you are a customer, then deleted upon your request
  • Service records: 6 years (UK tax requirement for business records)
  • Communication records: 2 years after last contact
  • Payment records: 6 years (UK tax requirement)

6.2 Secure Deletion

When retention periods expire (or upon your request), we securely delete your data by:

  • Permanently deleting digital records
  • Shredding physical documents containing personal information
  • Ensuring backups are also updated to remove your data

7. Your GDPR Rights

Under UK GDPR, you have the following rights. We respect these rights and will respond to any request within one month.

Right to Access

You can request a copy of all personal data we hold about you. We will provide this in a commonly used format.

Right to Rectification

You can request correction of inaccurate or incomplete data. We will update our records promptly.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data, subject to legal obligations to retain certain records.

Right to Restrict Processing

You can request we limit how we use your data while a dispute is resolved.

Right to Data Portability

You can request your data in a structured, commonly used format for transfer to another service.

Right to Object

You can object to our processing of your data based on legitimate interests.

How to Exercise Your Rights

To exercise any of these rights, please contact us:

  • Email: privacy@pcfixexpress.co.uk
  • Subject line: "GDPR Rights Request"
  • Information to include: Your name, email, and the right you wish to exercise

We may request proof of identity before fulfilling your request to protect your data.

8. Right to Complain

8.1 Our Internal Complaints Process

If you believe we have mishandled your data, please contact us first:

  • Email: privacy@pcfixexpress.co.uk
  • Response time: We will acknowledge your complaint within 3 days and respond fully within 30 days

8.2 Right to Complain to ICO

You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

Information Commissioner's Office (ICO)

Website: www.ico.org.uk

Phone: 0303 123 1113

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We encourage you to contact us first, but you retain the right to contact the ICO at any time.

9. Cookies and Tracking

9.1 Cookies We Use

Our website may use the following cookies:

  • Essential cookies: Required for the website to function properly
  • Analytics cookies: Help us understand how visitors use our website

9.2 Your Cookie Choices

You can:

  • Accept or reject cookies via your browser settings
  • Set your browser to warn you when cookies are being sent
  • Disable cookies entirely (some features may not work)

10. Children's Data

Our services are not directed to children under 18. We do not knowingly collect personal data from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information.

11. Changes to This Privacy Notice

We may update this GDPR Information page from time to time. The updated version will be indicated by a revised "Last Updated" date. We encourage you to review this page periodically.

For significant changes, we will notify you by email or via our website.

12. Contact Us

If you have any questions, concerns, or requests regarding your personal data, please contact our Data Protection Officer:

PC Fix Express

Data Protection Contact: privacy@pcfixexpress.co.uk

Website: www.pcfixexpress.co.uk

Response Time: Within 30 days for data rights requests