Privacy Policy
A legal disclaimer
Privacy Policy - the basics
PRIVACY NOTICE
Plympton Computer Care
Last updated: July 2025
---
CONTENTS
---
1. Who We Are
2. The Data We Are Responsible For
3. What Personal Data We Collect
4. How We Collect Your Personal Data
5. Why We Collect Your Personal Data and Our Legal Basis
6. Personal Data Found on Your Devices
7. Who We Share Your Data With
8. International Data Transfers
9. How Long We Keep Your Data
10. Cookies and Website Tracking
11. Your Rights Under UK Law
12. How to Exercise Your Rights
13. Changes to This Privacy Notice
14. How to Contact Us
---
1. WHO WE ARE
---
Plympton Computer Care ("we", "us", "our") is a computer repair and IT support business based in Plympton, Plymouth. We operate the website https://www.plymptoncomputercare.co.uk.
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are the Data Controller in respect of any personal data we collect and process about you. This means we determine the purposes and means by which your personal data is processed.
If you have any questions about this notice or how we handle your data, please contact us at:
Plympton Computer Care
Pode Drive
Plympton, Plymouth
PL7 2XZ
Email: info@plymptoncomputercare.co.uk
Telephone: 07403 281115
---
2. THE DATA WE ARE RESPONSIBLE FOR
---
This notice applies to personal data we collect from:
— Customers enquiring about or purchasing our repair and IT support services
— Visitors to our website
— Individuals who contact us by phone, email, or in person
This notice does not apply to the personal data of our employees or job applicants, which is covered by a separate internal policy.
---
3. WHAT PERSONAL DATA WE COLLECT
---
We may collect, use, store, and transfer the following categories of personal data:
Identity Data
Name, and where relevant, the name of your business or organisation.
Contact Data
Home or business address, email address, and telephone number(s).
Device and Job Data
Information about the device(s) you bring to us for repair or support, including make, model, serial number, fault description, and any relevant account or configuration details you voluntarily share with us to enable us to carry out the repair.
Financial and Transaction Data
Payment details sufficient to process your payment (we do not store full card details), invoices, and records of services purchased.
Technical Data
When you visit our website, we may automatically collect your IP address, browser type and version, pages visited, time and date of your visit, and other standard log data. This is processed by our website hosting and analytics providers.
Communications Data
Records of correspondence between us, including emails, messages, and notes from telephone calls.
Marketing Preferences
Whether you have opted in to receive promotional communications from us and your communication preferences.
We do not knowingly collect personal data relating to children under the age of 13. If you believe we have inadvertently collected such data, please contact us immediately so that we can delete it.
We do not collect Special Category data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data) in the normal course of our business.
---
4. HOW WE COLLECT YOUR PERSONAL DATA
---
We collect personal data through the following means:
Direct contact
When you contact us by phone, email, our website enquiry form, or in person at our premises, you may provide us with personal data directly.
Service delivery
When you bring a device to us or engage us for remote IT support, we collect the information needed to carry out the work and to identify you as our customer.
Automated website technologies
Our website uses cookies and similar technologies to collect Technical Data automatically when you browse our site. Please see Section 10 for more information on cookies.
Third parties
We may receive limited information about you from third-party referral sources or from payment processors in connection with a transaction. We only receive data from third parties where they have a lawful basis for sharing it with us.
---
5. WHY WE COLLECT YOUR PERSONAL DATA AND OUR LEGAL BASIS
---
Under the UK GDPR, we must have a valid legal basis for processing your personal data. We rely on the following bases:
Performance of a Contract (Article 6(1)(b) UK GDPR)
We process your Identity, Contact, Device and Job, Financial, and Communications Data because it is necessary to enter into or perform a contract with you — specifically, to accept and fulfil your repair or IT support request, issue invoices, and process payments.
Legal Obligation (Article 6(1)(c) UK GDPR)
We may be required to process and retain certain data to comply with our legal obligations, such as HMRC requirements for financial record-keeping under the Finance Act 1998 and related tax legislation.
Legitimate Interests (Article 6(1)(f) UK GDPR)
We process Technical Data and Communications Data on the basis of our legitimate interests in operating and improving our website, responding to enquiries, maintaining records of work carried out, and protecting our business against disputes or fraudulent activity. We have assessed that these interests are not overridden by your rights and freedoms as a data subject.
Consent (Article 6(1)(a) UK GDPR)
Where you have explicitly opted in to receive marketing emails or newsletters from us, we process your contact details on the basis of your consent. You may withdraw your consent at any time by contacting us or by clicking "unsubscribe" in any marketing email we send you. Withdrawal of consent does not affect the lawfulness of any processing carried out before that withdrawal.
---
6. PERSONAL DATA FOUND ON YOUR DEVICES
---
As a computer repair and IT support business, we recognise that devices brought to us for repair may contain personal data belonging to you or others.
We are committed to the following principles in this regard:
Access limitation
Our engineers will only access files or data on your device to the extent strictly necessary to diagnose and resolve the reported fault. We do not browse, read, copy, or retain personal files, documents, photographs, or account information beyond what is required for the repair.
Confidentiality
Any personal information incidentally encountered on your device during the course of repair will be treated with the same confidentiality as your own customer data.
Your responsibility
Before bringing your device to us or granting us remote access, we strongly recommend that you back up all data and, where you have concerns, remove or encrypt sensitive personal information. We accept no liability for pre-existing data loss or corruption.
Remote access
Where we carry out remote IT support, we will request access to your device only for the duration of the support session and only to carry out the agreed task. Remote access sessions are initiated with your knowledge and consent. You are able to observe and terminate any session at any time.
We do not transfer, share, or use personal data found on customer devices for any purpose other than carrying out the service you have engaged us to perform.
---
7. WHO WE SHARE YOUR DATA WITH
---
We do not sell, rent, or trade your personal data to any third party.
We may share your data with carefully selected third parties only where necessary and only to the extent required:
Payment processors
We use third-party payment services to securely process card and other electronic payments. These providers process payment data on our behalf under their own data protection obligations.
IT and software providers
Our business operations are supported by third-party software platforms (for example, job management, invoicing, or email systems). These providers act as data processors on our behalf and are bound by appropriate contractual data processing terms.
Professional advisers
In certain circumstances, we may need to share limited information with our accountants, legal advisers, or insurers, where necessary to fulfil our legal or contractual obligations.
Law enforcement and regulatory authorities
We may disclose personal data to the police, HMRC, the ICO, or other public authorities where we are legally required to do so, or where we believe it is necessary to protect the rights, property, or safety of our business, our customers, or others.
All third parties with whom we share personal data are required to process it lawfully and securely, and only for the specified purpose.
---
8. INTERNATIONAL DATA TRANSFERS
---
We primarily store and process your personal data within the United Kingdom.
Where any of our third-party service providers transfer data outside the UK (for example, cloud services hosted in non-UK territories), we ensure that appropriate safeguards are in place in line with Chapter V of the UK GDPR and the guidance of the ICO. This may include transfers to countries covered by UK adequacy regulations, or the use of the International Data Transfer Agreement (IDTA) issued by the ICO.
If you would like further information about international transfers and the safeguards in place, please contact us.
---
9. HOW LONG WE KEEP YOUR DATA
---
We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by law. Our standard retention periods are as follows:
Customer and job records
We retain records of repair and IT support jobs, including contact details and job descriptions, for a period of six years following the completion of the job. This is consistent with our obligations under the Limitation Act 1980, which governs the time period within which legal claims may be brought.
Financial records
We retain invoices, payment records, and related financial data for a minimum of six years, in compliance with HMRC requirements under the Finance Act 1998 and associated regulations.
Marketing data
If you have opted in to marketing communications, we will retain your contact details and marketing preferences for as long as you remain subscribed. We will periodically ask you to confirm that you wish to continue receiving communications from us.
Website technical data
Anonymised or aggregated website usage data may be retained for up to 26 months in line with standard analytics retention periods. Log files containing IP addresses are retained for a shorter period as required for security purposes.
After the relevant retention period has expired, data is securely deleted or anonymised so that it can no longer be associated with you.
---
10. COOKIES AND WEBSITE TRACKING
---
Our website, https://www.plymptoncomputercare.co.uk, uses cookies in accordance with the Privacy and Electronic Communications Regulations 2003 (PECR) and the UK GDPR.
A cookie is a small text file placed on your device when you visit a website. Cookies allow the website to recognise your device and remember certain information about your visit.
We use the following types of cookies:
Strictly necessary cookies
These are essential for the website to function. They do not require your consent under PECR and cannot be switched off.
Analytics cookies
These help us understand how visitors interact with our website (for example, which pages are visited most frequently) so that we can improve our service. We obtain your consent before setting these cookies.
Third-party cookies
Our website may include content or tools provided by third parties (for example, Google Maps or social media plugins) that set their own cookies. We do not control these and recommend you review the relevant third-party privacy policies.
Where required by law, we obtain your consent before placing non-essential cookies on your device. You can withdraw or manage your cookie consent at any time using the cookie settings on our website, or by adjusting your browser settings.
For more information about cookies and how to manage them, visit the ICO's guidance at: https://ico.org.uk/your-data-matters/online/cookies/
---
11. YOUR RIGHTS UNDER UK LAW
---
Under the UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data. These rights may be subject to certain conditions and exemptions.
The right to be informed
You have the right to be told how and why we use your personal data. This privacy notice fulfils that obligation.
The right of access
You have the right to request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond within one calendar month of receiving your request.
The right to rectification
You have the right to ask us to correct any personal data that is inaccurate or to complete data that is incomplete.
The right to erasure
Also known as "the right to be forgotten", you may request that we delete your personal data in certain circumstances, for example where the data is no longer necessary for the purpose for which it was collected, or where you withdraw consent and there is no other lawful basis for processing.
The right to restrict processing
In certain circumstances, you may ask us to pause the processing of your personal data, for example while we verify its accuracy following a rectification request.
The right to data portability
Where processing is based on your consent or on a contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format, and to have it transferred to another controller where technically feasible.
The right to object
You have the right to object to processing carried out on the basis of our legitimate interests. Where you object to direct marketing, we will always stop immediately and without qualification.
Rights relating to automated decision-making and profiling
We do not use automated decision-making or profiling that produces legal or similarly significant effects for you.
The right to withdraw consent
Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
You are not required to pay a fee to exercise any of the rights listed above, and we will not discriminate against you for exercising them.
---
12. HOW TO EXERCISE YOUR RIGHTS
---
To exercise any of your rights, or if you have a concern about how we handle your personal data, please contact us using the details in Section 14.
We may need to verify your identity before we can respond to your request.
We will respond within one calendar month. In complex cases, or where we receive a high volume of requests, we may extend this by a further two months, in which case we will notify you.
If you are not satisfied with our response, or if you believe we are processing your personal data in a way that does not comply with the law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: https://ico.org.uk
Online complaint form: https://ico.org.uk/make-a-complaint/
We would, however, appreciate the opportunity to address your concern before you approach the ICO, so please contact us in the first instance.
---
13. CHANGES TO THIS PRIVACY NOTICE
---
We keep this privacy notice under regular review and will update it when our practices change or when required by law.
When we make significant changes, we will update the "Last updated" date at the top of this notice. We encourage you to review this notice periodically.
---
14. HOW TO CONTACT US
---
Plympton Computer Care
[Your business address]
Plympton, Plymouth
[Postcode]
Email: [your contact email]
Telephone: [your phone number]
Website: https://www.plymptoncomputercare.co.uk
We aim to respond to all queries within two working days.
---
This privacy notice was prepared in accordance with:
— UK General Data Protection Regulation (UK GDPR), as retained in UK law by the European Union (Withdrawal) Act 2018
— Data Protection Act 2018
— Privacy and Electronic Communications Regulations 2003 (PECR)
— Limitation Act 1980 (in respect of retention periods)
— Finance Act 1998 and associated HMRC guidance (in respect of financial record retention)
This notice does not constitute legal advice. If you have specific compliance concerns, we recommend consulting a qualified data protection practitioner or legal adviser.
---
