Privacy Policy

Home Privacy Policy

Effective date: 27/03/2026
Version: 3.0

This Privacy Policy explains how Computer Repair Norwich (“CRN”, “we”, “us”, “our”) collects, uses, stores, shares and protects personal data when you visit our website, contact us, request a quote, book a service, purchase a service, or otherwise deal with us.

Please read this Privacy Policy carefully. It should be read together with our Cookie Policy, Website Terms of Use and Service Terms and Conditions.

1. Who we are

Computer Repair Norwich is the controller of the personal data covered by this Privacy Policy.

If you have any questions about this Privacy Policy or about how we use personal data, please contact us using the contact details published on our website or at:

Email: enquiries@computerrepairnorwich.co.uk
Business address: Belmont House, Costessey Lane, Norwich, NR8 6HA, UK
Telephone: 01603 936892 / 07895 859 864

2. What this policy covers

This Privacy Policy applies to personal data we collect through:

  • our website;
  • email, telephone, text message, social media or other communications;
  • contact forms, quote requests and booking requests;
  • diagnostic, repair, collection, return, upgrade, software and related services;
  • any other interaction you have with us in connection with our business.

It applies to personal data relating to customers, prospective customers, website visitors and other individuals who contact us or use our services.

3. The personal data we collect

Depending on how you interact with us, we may collect and use the following types of personal data:

  • your name;
  • your address;
  • your email address;
  • your telephone number;
  • your booking, quote and enquiry details;
  • your device details, fault descriptions, service history and job records;
  • payment and transaction information;
  • communications between you and us;
  • marketing preferences;
  • website usage data, technical data and analytics data;
  • any other information you choose to provide to us.

We may also keep records of quotations, invoices, diagnostics, repair notes, parts used, approvals given, warranty issues, complaints and other service-related administration.

4. Data we may access during repair or diagnostic work

Where you ask us to inspect, diagnose, repair, configure, recover or transfer data from a device, we may incidentally access personal data stored on that device, such as files, folders, photos, emails, account profiles, software settings or other user content.

We do not seek to review personal content unless this is reasonably necessary for diagnosis, repair, testing, migration, recovery, configuration, verification or another service you have asked us to provide.

You are responsible for backing up your data before handing a device to us unless we have expressly agreed otherwise in writing.

5. How we collect your personal data

We may collect personal data:

  • directly from you when you contact us, complete a form, request a quote, make a booking, approve work, make a payment or otherwise communicate with us;
  • from your device or browser when you use our website;
  • from payment providers, analytics providers, hosting providers or other service providers who support our business;
  • from other people acting on your behalf where you have asked them to contact us or arrange a service for you;
  • from information contained on or supplied with a device you ask us to inspect or repair.

The ICO says privacy information should generally be provided when personal data is collected from the individual, and where relevant should also explain data obtained from other sources.

6. How we use your personal data and our lawful bases

The UK GDPR requires a lawful basis for processing personal data. Depending on the situation, we rely on one or more of the following: contract, legitimate interests, legal obligation and consent.

We may use your personal data for the following purposes:

6.1 To respond to enquiries, provide quotes and take steps before a contract

We use your contact details, enquiry details and device information to respond to messages, assess jobs, prepare quotations and discuss possible services.

Lawful basis: contract, where necessary to take steps at your request before entering into a contract; and/or legitimate interests in running and responding to business enquiries.

6.2 To provide services to you

We use your information to book, diagnose, inspect, collect, repair, upgrade, return, invoice and support the services you request from us.

Lawful basis: contract.

6.3 To manage payments, accounts, records and business administration

We use personal data for invoicing, payment handling, financial administration, record keeping, warranty administration, service history and other business operations.

Lawful basis: contract, legitimate interests and legal obligation, where records are required for tax, accounting or regulatory compliance.

6.4 To protect our business, systems and customers

We may use personal data for fraud prevention, misuse prevention, enforcing our terms, resolving disputes, debt recovery, protecting our systems and keeping our website and business secure.

Lawful basis: legitimate interests. Legitimate interests can be used where processing is necessary for your purposes and is balanced against the individual’s interests and rights.

6.5 To improve our website and services

We may use website usage data, enquiry trends, service records and analytics information to improve our website, customer experience, content, operations and service offering.

Lawful basis: legitimate interests, and where required by law, consent for non-essential cookies or similar technologies. PECR applies to cookies and similar technologies, and the ICO says non-essential uses generally require consent unless an exception applies.

6.6 To send marketing communications

If we send marketing by email, text or similar electronic means, we will do so only where permitted by law and, where required, on the basis of your consent.

Lawful basis: consent and/or legitimate interests where lawfully applicable. Individuals have an absolute right to object to direct marketing.

7. Special category data

We do not normally ask for special category personal data.

Please avoid sending us unnecessary sensitive information unless it is genuinely relevant to the service you require. If you choose to provide this kind of information, we will handle it only where we have a lawful basis and, if required, an additional condition for processing. Health information is special category data and requires extra protection under UK GDPR rules.

8. Passwords, account access and device content

If a service requires account access, passcodes, passwords, recovery details or access credentials, we may use those details only for the purpose of carrying out the service you requested, testing the device, confirming functionality, returning the device in working order, or otherwise administering the job.

We ask that you do not provide us with unnecessary passwords or personal information unless they are genuinely needed for the requested service.

9. Who we may share personal data with

We may share personal data where reasonably necessary with:

  • payment processors;
  • website hosting and IT service providers;
  • email and communications providers;
  • cloud storage or business software providers;
  • analytics providers;
  • accountants, professional advisers or insurers;
  • delivery, courier or collection providers;
  • parts suppliers, specialist subcontractors or service partners where relevant to the job;
  • law enforcement, regulators, courts, government bodies or other third parties where required by law or where necessary to establish, exercise or defend legal claims.

The ICO says a privacy notice should explain who you share personal data with, or at least the categories of recipients.

We do not sell your personal data.

10. International transfers

Some of our service providers may store or process personal data outside the UK.

Where we make a restricted transfer of personal data outside the UK, we will do so only where lawful and with appropriate safeguards in place, such as use of a country covered by UK adequacy regulations or other permitted transfer mechanisms and protections. The ICO says privacy information should explain overseas transfers and the safeguards used where relevant.

If you would like more information about any international transfers and the safeguards used, please contact us.

11. How long we keep personal data

We keep personal data only for as long as reasonably necessary for the purpose for which it was collected, including for legal, accounting, tax, insurance, complaint-handling, warranty, fraud-prevention and record-keeping purposes. Data protection law does not set one universal retention period, but organisations must not keep personal data longer than needed and should explain either the retention period or the criteria used to decide it.

As a general guide, we may keep:

  • enquiries and quote requests: for up to [12 months] after the last meaningful contact;
  • customer job records, invoices and transaction records: for up to [6 years] after the end of the relevant customer relationship or accounting period;
  • warranty and complaint records: for up to [6 years] after the matter is closed;
  • marketing consent and suppression records: until consent is withdrawn, you opt out, or for as long as needed to maintain our do-not-contact records;
  • website analytics and cookie-related data: in line with our Cookie Policy and the settings of the relevant tools.

We may keep information for longer where reasonably necessary to comply with legal obligations, resolve disputes, enforce our agreements, deal with complaints or defend legal claims.

12. Security

We take reasonable technical and organisational measures to protect personal data against unauthorised access, misuse, alteration, disclosure or loss.

These measures may include secure devices, password protection, access controls, secure software, limited access to records, reputable service providers, and secure disposal or deletion where data is no longer needed.

No method of transmission over the internet or method of electronic storage is completely secure, so we cannot guarantee absolute security.

13. Your data protection rights

Under the UK GDPR, individuals may have rights including:

  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability;
  • the right to object; and
  • rights relating to automated decision-making, where applicable.

These rights do not apply in every case, and some are subject to conditions, exemptions or limitations.

If you want to exercise any of your rights, please contact us using the contact details in this policy.

14. Subject access requests

You can ask for a copy of the personal data we hold about you.

The ICO says organisations must usually respond to a valid subject access request without undue delay and at the latest within one month, and that in most cases no fee may be charged, although a reasonable fee may be charged in limited circumstances such as manifestly unfounded or excessive requests or for additional copies.

We may ask for information to verify your identity before responding to a request.

15. Marketing

Where we send marketing communications, you can opt out at any time by:

  • clicking the unsubscribe link where available;
  • contacting us directly; or
  • asking us to stop.

Individuals have an absolute right to object to direct marketing, and privacy information should tell people about that right.

We may still keep limited suppression information so that we can respect your opt-out request and avoid contacting you again inappropriately.

16. Cookies and similar technologies

Our website may use cookies and similar technologies for functionality, security, analytics and user experience.

Our use of cookies and similar technologies is explained in more detail in our Cookie Policy. PECR applies to cookies and similar technologies, and the ICO says privacy and cookie information should be clear, accessible and explain what is used, why it is used and, where relevant, how consent works.

17. Third-party websites

Our website may contain links to third-party websites, plug-ins or services.

We are not responsible for the privacy practices, content or security of third-party websites. You should read their privacy policies separately.

18. Complaints

If you have any concern about how we use your personal data, please contact us first so that we have the opportunity to investigate and try to resolve the matter.

You also have the right to complain to the Information Commissioner’s Office (ICO), which is the UK supervisory authority for data protection matters. The ICO provides a complaint process for concerns about how organisations handle personal information.

You can find details on the ICO website.

19. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

Any updated version will be posted on our website with a revised effective date and version number. We recommend checking this page periodically to stay informed of any changes.

20. Contact us

If you have any questions about this Privacy Policy or about how we handle personal data, please contact us using the details below:

Computer Repair Norwich
Email: enquiries@computerrepairnorwich.co.uk
Telephone: 01603 936892 / 07895 859 864
Address: Belmont House, Costessey Lane, Norwich, NR8 6HA, UK