Menu
Welcome to Bristol iPhone Repair

Privacy Policy /GDPR

Maintaining your privacy is really important to us. You entrust us with your information, and we take that responsibility seriously.

We may modify or update this Privacy Policy from time to time to reflect the changes in our business and practices, and so you should review this page periodically. When we changethe policy in a material manner we will let you know and update the ‘last updated’ header asbelow.

This Privacy Policy was last amended on [enter date]

This policy was last updated on in line with GDPR requirements. It may be updated in the future and we will post the new version here on our website. We will never deviate from our overall philosophy of maintaining your privacy, though.

22nd May 2018

1. General Information

[Bristol iPhone Repair / Repair Bristol LTD] ("we", "us", "our") take security and privacy seriously. This Privacy Policy explains how we collect, store and use personal data when you browse [www.bristoliphonerepair.co.uk or any of our websites under Repair Bristol LTD] or otherwise provide your personal data to us. Please read this Privacy Policy carefully to understand how we will treat your personal data.

2. What information we collect about you Your personal data

When we say your "personal data", we mean any information that identifies any person that you provide to us.

Your "personal data" may also be contained in information that we collect about you in connection with your order or otherwise interact with us for example by electronic mail.

When it comes to your personal data, we comply with our obligations under the General Data Protection Regulation and any other applicable data protection legislation from time to time.

Your personal data includes the information you provide, on the [www.bristoliphonerepair.co.uk]website (including any forms you complete), or during an electronic mail enquiry about you.

Examples of this personal data include your name, hello@bristoliphonerepair.co.uk, address including postcode which you provide to us when you set up an account and subsequently amend in the My Account section when you go to checkout; and any correspondence when you contact us.

We do not knowingly collect or solicit any personal data from anyone under the age of sixteen or knowingly allow such persons to purchase goods from us. [www.bristoliphonerepair.co.uk] is not directed at children under the age of sixteen. In the event that we learn that we have collected personal data from a child under age sixteen without verification of parental consent, we will delete that information as quickly as possible.

Information we collect - We collect information about your website usage, to improve our service and to understand trends to enhance and customize our website. Some of this data may be "personal data", where it identifies a person. Here's the information that we collect and how we use it:

We monitor traffic information, including things like page visits, email clicks, referring sites. We use this information to improve our website, advertising, promotions, and to understand customer purchasing behaviour.

Please see Section 11: Use of Cookies below regarding Cookies.

[Bristol iPhone Repair] does not store any credit card data. When payments are processed [Bristol iPhone Repair] via credit card, uses third-party vendors that are PCI-DSS compliant. At no point does have access to your credit card information. For further information on how we meet industry standards for credit card information security visit https://freewebstore.com/PCI_compliance.html.

We use stripe to process card orders via the website and their GDPR compliance information is here:

In person we use iZettle to take payment by card. Ther GDPR compliance information can be found here: 

3. How we use the information we collect

We use your personal data for legitimate business reasons, for example email you when your order has been received. It will also enable us to contact you by email, fax, post, SMS, social media or telephone where necessary concerning [Bristol iPhone Repair] or an order you have placed; to record your personal preferences; to personalize our services to you (such as by pre-populating fields to make it easier for you to provide information when you return to the [Bristol iPhone Repair]. It will also enable us to produce reports you request as part of the services we provide.

Contacting you for Marketing Purposes - We may use your personal data to contact you by email, fax, post, SMS, social media and/or telephone to let you know about our other[Bristol iPhone Repair] and/or third-party services, content, offers or product ranges which may be of interest to you. We will only use your data in this way where you have provided consent, we have legitimate business reasons for doing so, or where we are otherwise entitled by law to do so. If you would like us to stop providing you with such notifications, just contact us using the details in Section “How to Contact Us” at the end of this policy. Please note, this may take up to one working day to take effect. To stop receiving emails from [Bristol iPhone Repair] itself, you should cancel your [Bristol iPhone Repair] account or unsubscribe from our mailing list.

Cookies

freewebstore (website company) DOES NOT place Cookies on your store. 

- We may further use, or permit selected third parties to use, your personal data to enable us to track and analyse [Bristol iPhone Repair] website traffic and visitor trends, improve your browsing experience and to personalize and enhance the content and advertising we display. For further details, please see Section xxx: Use of Cookies below.

Legal Requirements – We may use your personal data to comply with any legal obligations to which we are subject.

4. Why do we use your personal data?

We collect and use your personal data for a variety of reasons. We need some data to enter into and perform our contract with you. The lawful basis for processing your personal data is Consent as you have consented to provide your personal details to us to allow us to provide a service to you. If you fail to provide such data we will be unable to provide our service to you.

Other information we collect because we have legitimate business interests, for example, in:

  • Fulfilling your order and providing updates on the order.

  • Understanding how our customers use our products, services and websites;

  • Understanding and responding to customer feedback;

  • Researching and analysing the services our customers want;

  • Improving our product and better understanding how our customers use it.

5. How we share information we collect

Except as described in this policy, [Bristol iPhone Repair] does not divulge any personal information gathered via its services to third parties.

We may share your personal data with third parties in certain circumstances:

  • We may disclose your data to any member of our group (which means our subsidiaries or our ultimate holding company);

  • in the event that we, our business, or substantially all of its assets are acquired by a third party (in which case personal information about customers will be one of the transferred assets);

  • if we are under a duty to disclose or share your personal in order to comply with any legal obligation; to cooperate with law enforcement officials in the investigation of unlawful activities of [Bristol iPhone Repair] website users or relating to [Bristol iPhone Repair] users; or in order to enforce or apply any contract with you; or to protect our rights, property, or safety of our employees, customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection or unlawful activity.

We also utilize a number of carefully selected third parties to help provide our services to you. Examples of these functions include website creation and hosting, email, providing marketing assistance and data analysis, data management, handling credit card transactions and providing customer service. In choosing to work with any such third parties, we will always ensure that the security policies and confidentiality arrangements of those third

parties adhere to the same requirements we ourselves impose and expect, as a minimum. No ownership rights to the data will be transferred to any third party.

Sub-processors we use:

Name

Service Provided

Link

freewebstore

eCommerce provider for website design, hosting and data storage.

https://freewebstore.com/privacy.html


We use Google GMail GSuite for emails, we have opted into their GDPR complaince inforation on which can be found here

page4image9608page4image9768

6. How long do we store your data for?

We only store your data for as long as necessary for the purposes of processing set out in

this policy.

Data Retention Policy

What personal information is kept?

Order Data, Invoices, - We keep name, address, phone number and email address for the length of the warranty period, you can request it be deleted at anytime.

My Account - We keep name, address, phone number and email address Active until user unsubscribes or makes an individual request to delete it.

Newsletter subscriptions - We keep email address - Active until user unsubscribes

page4image48344page4image48768page4image48928page4image49088page4image49248page4image49408page4image49568

7. How to access and control your information

You are free to change your personal details in the My Account section of your account at any time, if you have set up an account with us.

You can also ask us for a copy of your personal data that we hold. We may ask for proof of your identity before providing any information and reserve the right to refuse to provideinformation requested if identity is not established. Please see “Your Individual Rights”below. Generally, we will retain your personal data for a reasonable period, or for as long as the law requires.

Your individual rights

1. Access to your personal data: You can ask us to confirm if we are processing your personal data and you may request a copy of your personal data by contacting us.

See Section “How to Contact Us” at the end of this policy.

  1. Right to change or withdraw your consent: Where you have given us consent to make use of your personal data for any of the purposes outlined in this policy, you may withdraw that consent at any time by contacting us using the details located atSection “How to Contact Us” at the end of this policy. If you wish to change your contact preferences or no longer wish to be contacted for marketing purposes, use the Unsubscribe link in the email or get in touch. See Section “How to Contact Us” atthe end of this policy.

  2. Right to Rectification: You may ask us to update out of date or inaccurate information we hold about you. To do so, please log on to your [Bristol iPhone Repair] account and update your information or get in touch using the details at Section “How to Contact Us” at the end of this policy.

  3. Right to Erasure: In certain circumstances you may ask us to erase your Personal Data. If you would like us to erase the personal data we hold about you, please get in touch using the details at Section “How to Contact Us” at the end of this policy

  4. Right to Data Portability: In certain circumstances you may ask us to provide you with the personal data that we hold about you in a structured, commonly used, machine readable form, or ask for us to send such personal data to another data controller.

  5. Right to object: In certain circumstances you may object to our processing of your personal data. Please get in touch using the details at Section “How to Contact Us” atthe end of this policy.

  6. Right to restrict processing: You can ask us to restrict the processing of personal data we hold about you in certain circumstances. Please get in touch using the details at Section “How to Contact Us” at the end of this policy.

  7. Make a complaint: You may make a complaint about our data processing activities,

please contact us. See Section “How to Contact Us” at the end of this policy.

9. Getting in touch: To make enquiries and/or to exercise any of your rights in this privacy policy please contact us. See “How to Contact Us” at the end of this policy.

10. Use of cookies 

freewebstore (website company) DOES NOT place Cookies on your store. 

- We may further use, or permit selected third parties to use, your personal data to enable us to track and analyse [Bristol iPhone Repair] website traffic and visitor trends, improve your browsing experience and to personalize and enhance the content and advertising we display. For further details, please see Section xxx: Use of Cookies below.

Legal Requirements – We may use your personal data to comply with any legal obligations to which we are subject.

10. Data security

We take security and privacy seriously. We will endeavour to take all reasonable steps to keep your personal data secure once it has been transferred to our systems. We adopt appropriate, industry standard data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction. For more information how we keep our online data safe, visit https://freewebstore.com/privacy.html.

11. Getting in touch

If you have any queries relating to this Privacy Policy or [Bristol iPhone Repair’s] use of your personal or financial data, please contact [hello@bristoliphonerepair.co.uk] or alternatively write to: 


We use Ovatu.com for online booking and this is the GDPR compliance from Ovatu:

What is the GDPR?

GDPR stands for General Data Protection Regulation, which becomes enforceable in the EU on May 25th, 2018 and relates to how businesses process their customers’ personal data (information that identifies an individual).

It covers issues such as:
- Using customers’ personal data in accordance with outlines principles (Article 5 – Processing Principles)
- Requesting consent to collect personal data (Articles 7, 8 & 9 - Consent)
- Enabling customers access to their personal data (Article 15 - Access)
- Providing copies of personal data to you customers (Article 20 – Data Portability)
- Rectifying personal data which is out of date or incorrect (Article 16 - Rectification)
- Fully deleting a customers’ personal data at their request (Article 17 - Erasure)

Under the GDPR, there are two parties involved in complying with the above:
1. The Controller – This is your business using Ovatu
2. The Processor – This is us, Ovatu

You (the Controller), are required to comply in terms of how you treat your customers' personal data. We (the Processor), are required to enable you to comply with the legislation. We are also of course required to comply with this legislation in terms on how we treat your personal data (we are fully compliant).

A contract between the Controller and Processor is also required, in order to specify each parties obligations under the GDPR.

This article will address, what the GDPR means for you, what Ovatu is doing to enable you to comply, how Ovatu complies, and where you can find the relevant contracts.

What does the GDPR mean for you?

The GDPR applies to business that are:
- Established in the EU
- Offer goods or services to EU based individuals
- Monitor EU residents’ behaviour

Under the GDPR, these businesses are required to comply with the following directives:

Article 5 – Processing Principles
Businesses collecting personal data are required to treat such data in the following ways:
- Process the data in a way that is lawful, fair and transparent
- Use the data for legitimate purposes
- Limit the use only to what is necessary
- Process the data in a way that maintains its accuracy
- Store the data for no longer than necessary
- Process the data in a secure fashion

Articles 7, 8 & 9 - Consent
Customers must be given clear information about how their data will be used, and their consent to data collection needs to be made in a way that:
- Consent is given in an opt-in rather than op-out fashion
- It is given just before the data is collected
- Separate requests are made for separate types of data collection
- Consent is easy to withdraw

Article 15 – Access & Article 20 – Data Portability
Customers have the right to request and obtain:
- A copy their personal data
- Information on how it is being used and stored
- Information about who the data may be disclosed to

Articles 16 – Rectification
A customer has the right to request that their personal data be rectified and updated

Articles 17 - Erasure
A customer can also ask your business to erase their personal data or to place a restriction on how it will be used. Your business must comply with requests to erase the data if it no longer needs the data for the original reason it collected this data.

In addition, if your business exports customer data to a third party (such as an email marketing tool), you need to ensure that the third party also complies with the GDPR.

What is Ovatu doing to enable you to comply with the GDPR?

Ovatu has been designed in a way that ensures data protection and security are at the forefront. In addition, all of your data is stored in the United States in Amazon Web Services data centres. The storage and transmission of this data is covered by the EU-U.S. privacy shield framework.

In order to enable our customers to fully comply with the requirements of the GDPR, we are implementing a number of specifically targeted features. These will all be live by March 25th 2018. A full two months prior to the GDPR coming into effect.

Articles 7, 8 & 9 - Consent
1. An explicit checkbox (unselected by default) will be presented to customers signing up via the online booking system (Mini-site, widgets and Ovatu You)
2. Customisable text will enable you to modify the content of the checkbox and instruct your customers on your personal data collection use and policies.
3. A second checkbox allowing your customers to opt-in to marketing materials sent by your business.
4. An explicit checkbox (unselected by default) with fully customisable text presented when a customer completes a form. This can be modified and different for each form type.

Article 15 – Access & Article 20 – Data Portability
1. A full customer file export function which includes customer profile, sales, forms, custom fields, notes, photos, passes and gift cards
2. This file can be requested from the customer profile page and you will be alerted when it is ready. You can then download and email this file directly to your customer. Please note that your customers are able to request a copy of the notes fields.

Articles 16 – Rectification
1. The customer file is currently already fully editable
2. The option to unseal a locked form (which will then be marked as unlocked with no ability to re-lock)

Articles 17 - Erasure
1. A full customer deletion function. Please note that forms and sales will not be deleted if they have a mandatory retention period, as this article does not overrule other retention/record-keeping laws.
2. Mandatory retention period for each form type
3. Mandatory retention period for sales and reservations

How does Ovatu comply with the GDPR?

Ovatu’s compliance with the GDPR consists of facilitating the Controllers compliance by means of implementing the features listed above.

Ovatu is also required to treat customer personal data in accordance with the same principles. Ovatu is fully compliant and this is outlined in the Privacy Policy. Some specific areas to note are:

Articles 7, 8 & 9 - Consent
Upon sign up, all Ovatu customers are required to agree to the Ovatu Software as a Service (SaaS) Agreement. This agreement is a legal contract between the Processor (Ovatu) and Controller (Ovatu customer). Ovatu customers are also required to agree to our Privacy Policy which outlines Ovatu’s data collection and processing principles and our responsibilities both as a Controller and Processor under the GDPR.

Article 15 – Access & Article 20 – Data Portability
Ovatu has always provided full data export for all of our customers. Ovatu customers are able to export CSV files of any type of data stored within their account via our Web App.

Articles 17 - Erasure
Ovatu has a fully transparent cancellation policy. Ovatu customer may cancel their account at any time for any reason via the Web App and may request full deletion of their account via email hello@ovatu.com.

Your rights and controlling your personal information

Choice and consent: Please read this Privacy Policy carefully. By providing personal information to us, you consent to us collecting, holding, using and disclosing your personal information in accordance with this Privacy Policy. If you are under 16 years of age, you must have and have, and warrant to the extent permitted by law to us that you have, your parent or legal guardian’s permission to access and use the Site and they (your parents or guardian) have consented to you providing us with your personal information. You do not have to provide personal information to us, however, if you do not, it may affect your use of this Site or the products and/or services offered on or through it.
Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

Restrict: You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below. If you ask us to restrict how we process your personal information, we will let you know how the restriction affects your use of our Site or products and services.
Access and data portability: You may request details of the personal information that we hold about you. You may request a copy of the personal information we hold about you. Where possible, we will provide this information in CSV format or other easily readable machine format. You may request that we erase the personal information we hold about you at any time. You may also request that we transfer this personal information to another third party (data portability).

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.

Complaints: If you believe that we have breached the Australian Privacy Principles or an article of the GDPR and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact the Office of the UK Information Commissioner if you wish to make a complaint.

Unsubscribe: To unsubscribe from our e-mail database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

Storage and security

We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures such as the pseudonymisation and encryption of personal information, to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

We cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that the personal information we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

Contact us:

To contact us about any of the above or to request your data, delete your data or any of the above please email hello@bristoliphonerepair.co.uk or write to Repair Bristol LTD, The Old Church School, Off Butts Hill, Frome, BA11 1HR