GDPR
Compliance
We are fully compliant with UK GDPR regulations and committed to protecting your personal data. Learn about your rights and our data protection practices.
Quick Navigation
GDPR Compliance Statement
Repair Room LTD is committed to full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains our approach to data protection and your rights as a data subject.
As a data controller, we are responsible for ensuring that your personal data is processed lawfully, fairly, and transparently in accordance with applicable data protection legislation.
What is UK GDPR?
The UK General Data Protection Regulation (UK GDPR) is the UK's data protection law that came into effect on 1st January 2021. It governs how personal data is collected, processed, stored, and used by organisations.
Key Principles
- • Lawfulness, fairness, and transparency
- • Purpose limitation
- • Data minimisation
- • Accuracy
- • Storage limitation
- • Integrity and confidentiality
Individual Rights
- • Right to be informed
- • Right of access
- • Right to rectification
- • Right to erasure
- • Right to restrict processing
- • Right to data portability
- • Right to object
Your Data Rights
Under UK GDPR, you have several important rights regarding your personal data:
Right to Access
You can request copies of the personal data we hold about you, including information about how we process it.
Right to Rectification
You can ask us to correct any inaccurate or incomplete personal data we hold about you.
Right to Erasure
You can request that we delete your personal data in certain circumstances, such as when it's no longer necessary.
Right to Restrict Processing
You can ask us to limit how we process your personal data in certain situations.
Right to Object
You can object to processing of your personal data for direct marketing or legitimate interests.
Rights Related to Automated Decision-Making
You have rights regarding automated decision-making processes and profiling that affect you.
How to Exercise Your Rights: Contact us using the details at the bottom of this page. We will respond within 30 days and may ask for verification of your identity.
Our Obligations as Data Controller
As a data controller, we have specific obligations under UK GDPR:
Transparency
Provide clear information about how we process your data
Purpose Limitation
Only process data for specified, legitimate purposes
Data Minimisation
Collect only the data necessary for our purposes
Accuracy
Keep personal data accurate and up to date
Security
Implement appropriate technical and organisational measures
Accountability
Demonstrate compliance with data protection principles
Lawful Basis for Processing
We process personal data under the following lawful bases:
Contract (Article 6(1)(b))
Processing necessary for the performance of a contract with you (repair services, appointments, billing)
Legitimate Interests (Article 6(1)(f))
Processing necessary for our legitimate interests (business operations, service improvement, fraud prevention)
Consent (Article 6(1)(a))
Processing based on your explicit consent (marketing communications, non-essential cookies)
Legal Obligation (Article 6(1)(c))
Processing necessary to comply with legal obligations (tax records, regulatory requirements)
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:
Customer Records
7 years from last service (for tax and warranty purposes)
Marketing Data
Until consent is withdrawn or 2 years of inactivity
Website Analytics
26 months (Google Analytics default)
Communication Records
3 years (for customer service and dispute resolution)
Automatic Deletion: We have automated processes to delete personal data when retention periods expire, unless there are legal or regulatory reasons to retain it longer.
Data Security Measures
We implement appropriate technical and organisational measures to protect your personal data:
Technical Measures
- • Encryption of data in transit and at rest
- • Secure servers with regular updates
- • Access controls and authentication
- • Regular security assessments
- • Secure backup procedures
Organisational Measures
- • Staff training on data protection
- • Confidentiality agreements
- • Access controls and user management
- • Incident response procedures
- • Regular policy reviews
Data Breach Procedures
In the unlikely event of a data breach, we have established procedures to ensure prompt and appropriate response:
Immediate Assessment
Assess the nature, scope, and impact of the breach within 24 hours
Regulatory Notification
Notify the ICO within 72 hours if the breach poses a risk to individuals
Individual Notification
Inform affected individuals without undue delay if high risk to their rights and freedoms
Remediation
Take steps to contain the breach and prevent recurrence
Good News: We have never experienced a data breach and maintain robust security measures to prevent one.
Contact Our Data Protection Officer
For any data protection enquiries, concerns, or to exercise your rights, please contact us:
info@techrepairroom.co.uk
Mark as "Data Protection Enquiry"
Phone
0118 207 3456
Mon-Fri: 9AM-6PM | Sat: 10AM-4PM
Registered Address
56 Bodmin Road
Woodley, Berkshire
RG5 3RZ
Response Time: We aim to respond to all data protection enquiries within 30 days. For urgent matters, please mark your correspondence as "URGENT - Data Protection".
Right to Complain: If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).
ICO Contact Details:
Telephone: 0303 123 1113
Textphone: 18001 0303 123 1113
Monday to Friday, 9am to 5pm
Website: ico.org.uk
Address:
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF