The Data Protection Act 2018 and the General Data Protection Regulation (GDPR) impose certain legal obligations in connection with the processing of personal data.
The purpose of this notice is to explain how we look after your personal data and to inform you of your privacy rights. This version was created on 25th May 2018. Historic versions are obtainable by contacting us.
PCHelp Sussex Ltd. (PCHelp) is an IT sales, service and support company based on the South Coast of England. It has shops in Peacehaven and Findon and a website www.pchelpsussex.co.uk. PCHelp is a data controller within the meaning of the GDPR.
If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031 231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner`s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
When you contact one of our shops we may need to collect your identity and contact data. For example, where we need to provide a quotation or to inform you of the progress of an order. We also collect identity and contact data when you create an account or place an order on our website.
We have strict protocols and disciplinary procedures in respect of the personal data contained on the devices we service or otherwise have access to. No data is stored on our equipment.
When accepting payment by credit card we do not store any data electronically. On the website we send you to PayPal who accept the payment on our behalf. When making a credit card payment by phone or in one of our shops your data is sent directly, in encrypted form, to our credit card payment acquirer.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
We do not knowingly collect data relating to children and our website is not intended for children.
The security of your personal data is of great concern to us. We have legal obligations to keep it, and to handle it with care. We store your personal data securely and it is replicated in both our shops so that it cannot be lost in the event of a catastrophic failure.
All paperwork containing personal data is securely shredded and is not stored beyond any immediate need. Credit card slips are retained securely for 18 months after which they are securely shredded.
We have put in place procedures to deal with any suspected personal data breech and will notify you and any applicable regulator of a breach where we are legally required to do so.
The permitted legal bases for processing are set out in article 6 of the GDPR. At least one of these must apply when we process your data.
|Business Function||Why we use your personal Information||Legal Basis|
|Marketing||To send reminders when software requires periodic renewal||Consent|
|Accounts||To maintain our accounts and records||Legitimate Interest|
|Product Sales||To provide quotations and process orders||Contract|
|Servicing||To repair your electronic devices||Contract|
In the UK we may share your data with statuary bodies, where the law requires us to do so, such as:
We may also share your data with:
Acting on your instructions, we may use the data you have supplied to establish accounts on your behalf with various third-party providers. For example, we may create an account with Microsoft to register and install their office products on your equipment:
These providers could be outside the United Kingdom and the European Union. Under such circumstances we can only transfer data to countries that have been identified as providing adequate protection for EU data, or to an approved third-party.
We will only retain your personal data for as long as necessary to fulfil the purpose we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We are required to retain your identity details, contact details and payment history for seven years.
Generally, we delete security data as soon as possible once the service work for which it was provided has been completed. We may ask for your consent to retain all or part of it where we have an ongoing contract to service your equipment, or if it is otherwise likely to be needed in the future. You have a right to withdraw consent at any time, at which point we will delete it.
In some circumstances you can ask us to delete your data (see legal rights below) or anonymise it so that it can no longer be associated with you.
As a data subject, you have the following rights:
There is no fee to access your personal data or to exercise any of the other rights. However, if your request is clearly unfounded, repetitive or excessive we may charge an admin fee or refuse to comply with your request.
We may request documentation to confirm your identity. We will respond as soon as possible and, in any case, we are required to respond within one month.