The Data Protection Act 2018 and the General Data Protection Regulation (GDPR) impose certain legal obligations in connection with the processing of personal data.

The purpose of this notice is to explain how we look after your personal data and to inform you of your privacy rights. This version was created on 25th May 2018. Historic versions are obtainable by contacting us.


1. Who we are

PCHelp Sussex Ltd. (PCHelp) is an IT sales, service and support company based on the South Coast of England. It has shops in Peacehaven and Findon and a website www.pchelpsussex.co.uk. PCHelp is a data controller within the meaning of the GDPR.

• Registered Address: 192A South Coast Road, Peacehaven, East Sussex, BN10 8JJ – Phone 01273 580022.

• Data Protection Officer: Under the regulations PCHelp does not require a Data Protection Officer (DPO) however responsibility for data protection is held by our Managing Director. To exercise all relevant rights, queries or complaints in relation to this policy please contact him in the first instance at our registered address (above) or by email: dataprotection@pchelpsussex.co.uk.

If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031 231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner`s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.


2. What personal data do we collect?

When you contact one of our shops we may need to collect your identity and contact data. For example, where we need to provide a quotation or to inform you of the progress of an order. We also collect identity and contact data when you create an account or place an order on our website.

• Identity Data includes first name, last name and title.

• Contact Data includes Billing Address, Delivery Address, Email Address and Telephone Numbers.

When we are asked to service a computer or other electronic device we may need a password or other information to access the device. We may also need additional security information when installing programs where we need to register them with third parties. In the same way, we may need security information to allow us to set up email accounts.

• Security Data includes device, account and email passwords, IP addresses and security question answers.


3. What personal data do we NOT collect?

We have strict protocols and disciplinary procedures in respect of the personal data contained on the devices we service or otherwise have access to. No data is stored on our equipment.

When accepting payment by credit card we do not store any data electronically. On the website we send you to PayPal who accept the payment on our behalf. When making a credit card payment by phone or in one of our shops your data is sent directly, in encrypted form, to our credit card payment acquirer.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

We do not knowingly collect data relating to children and our website is not intended for children.


4. How do we keep your data- Security?

The security of your personal data is of great concern to us. We have legal obligations to keep it, and to handle it with care. We store your personal data securely and it is replicated in both our shops so that it cannot be lost in the event of a catastrophic failure.

All paperwork containing personal data is securely shredded and is not stored beyond any immediate need. Credit card slips are retained securely for 18 months after which they are securely shredded.

We have put in place procedures to deal with any suspected personal data breech and will notify you and any applicable regulator of a breach where we are legally required to do so.


5. How do we use your personal data?

The permitted legal bases for processing are set out in article 6 of the GDPR. At least one of these must apply when we process your data.

• Consent: you have given clear consent for us to process your personal data for a specific purpose (for example, marketing)

• Contract: the process is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.

• Legal Obligation: the processing is necessary for us to comply with the law (not including contractual obligations)

• Vital Interests: the process is necessary to protect someone’s life.

• Public Task: the processing is necessary for us to perform a task in the public interest, and the task or function has a clear basis in law.

• Legitimate Interest: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.



Business Function Why we use your personal Information Legal Basis
Marketing To send reminders when software requires periodic renewal Consent
Accounts To maintain our accounts and records Legitimate Interest
Product Sales To provide quotations and process orders Contract
Servicing To repair your electronic devices Contract
.

6. Who we share your personal data with and why?

In the UK we may share your data with statuary bodies, where the law requires us to do so, such as:

• HMRC and Companies House

• The Police and law enforcement agencies

• Courts and Tribunals

• The Information Commissioner’s Office (ICO)


We may also share your data with:

• Our Accountants (for the purpose of preparing annual accounts)

• Our Insurers (for the purpose of processing a claim)

• Delivery Companies (for the purpose of delivering goods you have ordered)

• PayPal On website orders, PayPal require name and address data in order to validate your identity


Acting on your instructions, we may use the data you have supplied to establish accounts on your behalf with various third-party providers. For example, we may create an account with Microsoft to register and install their office products on your equipment:

• Software Suppliers

• Email providers

• Broadband providers


These providers could be outside the United Kingdom and the European Union. Under such circumstances we can only transfer data to countries that have been identified as providing adequate protection for EU data, or to an approved third-party.


7. How long do we keep your personal data?

We will only retain your personal data for as long as necessary to fulfil the purpose we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We are required to retain your identity details, contact details and payment history for seven years.

Generally, we delete security data as soon as possible once the service work for which it was provided has been completed. We may ask for your consent to retain all or part of it where we have an ongoing contract to service your equipment, or if it is otherwise likely to be needed in the future. You have a right to withdraw consent at any time, at which point we will delete it.

In some circumstances you can ask us to delete your data (see legal rights below) or anonymise it so that it can no longer be associated with you.


8. What are your legal rights?

As a data subject, you have the following rights:

• Right of access you have the right to request a copy of the information we hold about you.

• Right of rectification you have the right to correct data that we hold about you that is inaccurate or incomplete.

• Right to be forgotten in certain circumstances you can ask for the data we hold about you to be erased from our records.

• Right to withdraw consent Where consent is the lawful basis for processing you may withdraw that consent.

• Right to data portability You may request we provide your data and, if possible, transmit that data directly to another data controller.

• Right to restrict processing You may request that place a restriction on certain type of processing, such as direct marketing.


There is no fee to access your personal data or to exercise any of the other rights. However, if your request is clearly unfounded, repetitive or excessive we may charge an admin fee or refuse to comply with your request.

We may request documentation to confirm your identity. We will respond as soon as possible and, in any case, we are required to respond within one month.