WHAT YOU NEED TO KNOW
- 1. Who is responsible for your data
- 2. Personal data we collect about you
- 3. How we collect data about you
- 4. How we use your personal data
- 5. Sharing your data
- 6. How we protect your data
- 7. How long we keep your data
- 8. Sending data outside the European Economic Area
- 9. Your rights
- 10. Contact us
1. Who is responsible for your data
SBE Ltd is responsible for the data you provide to us when registering your repair on our website or, in some cases, when calling one of our customer support centres. In these instances, we are the Data Controller of the data which we collect from you, and as such we control the ways your personal data are collected and the purposes for which your personal data are used. Our registered address is: SBE Ltd, BEAVER BUSINESS PARK, ASHFORD, KENT TN23 7SH, UK.
SBE Ltd also acts as a Data Processor when your device is received for repair at one of our Authorised Service Centre (ASC) locations. When we perform a repair, we do so on behalf of your device’s manufacturer or insurer. As such, the manufacturer or the insurer of the device is the Data Controller of your personal data because they have a legal obligation to honour the contract they have with you (the contract of warranty or insurance). In this case, SBE Ltd acts as a Data Processor on behalf of your device’s manufacturer or insurer.
2. Personal data we collect about you
The personal data we collect from you are:
- Your personal information (e.g. name, address, telephone number, email)
- Information about your product (e.g. serial number, IMEI)
- Your proof of purchase (e.g. invoice, warranty card)
- Your payment information (if your product is out of warranty or if your repair is chargeable)
We do not collect any sensitive data as defined in GDPR. Moreover, we will not process any repairs for a minor without obtaining parental consent.
As part of the repair process, SBE Ltd undertake not to process any data stored on your device, except for the purpose of deleting and resetting the device. As such, we ask you to perform a full backup and a full reset of your device before handing in your device. Any device received for repair will get fully wiped and reset following the device manufacturer’s procedures and guidelines.
3. How we collect data about you
We collect your personal data when you register a repair with us:
- Either directly, through our website or by calling us or when you drop off or send off your device to one of our authorised service centres;
- Or indirectly through one of our business partners (e.g. if you book your repair via a mobile phone store or through your insurance company).
4. How we use your personal data
According to the law, we can only use your personal data if there is a proper reason for doing so. In the table below, we have set out the different ways in which we use your personal data (purpose of processing) and the reasons we rely on for using that data (legal basis for processing).
|PURPOSE OF PROCESSING||LEGAL BASIS FOR PROCESSING|
|Registering your repair and submitting your repair to the ASC||Execution of a contract|
|Generating a letter of transport (if applicable) allowing you to send your faulty device to the ASC||Execution of a contract|
|Repairing or exchanging your product (under the terms of the warranty or contract)||Execution of a contract|
|Communicating with you about your repair (e.g. sending progress notifications, sending a repair quote, sending a satisfaction survey)||Execution of a contract
Our legitimate interest
|Improving our products or services||Our legitimate interest|
|Communicating with you for other reasons than your repair (e.g. sending a newsletter)||Your consent|
We do not perform any profiling or automated processing of your personal data.
5. Sharing your data
As part of the repair service, we share some of personal your data with the following categories of third-parties:
- Your device’s manufacturer (and, if applicable, its authorised service centre). We share your information with the manufacturer of your device to enable them to honour their legal obligations as per the contract of warranty (namely, check your device’s warranty entitlement and authorise the necessary repairs). In most cases, the authorised service centre is SBE Ltd, but this may vary based on each manufacturer’s individual service policy.
- Our logistics partners. We share some of your information with courier companies in order to enable them to deliver your device back to your address, and to contact you in case of a missed delivery. The courier companies we use may vary. Typically, we use UK Mail, DHL, UPS or TNT for UK deliveries.
- Our web hosting partners. Our website is developed, maintained and hosted by SBE SAS who are one of SBE Ltd’s affiliated companies. The website and its associated database are hosted in a secure datacentre located within the EU.
- Our “Digital Analytics” partners. Our website generates cookies that are used to analyse the traffic to our website and generate reports about visitors to help us improve our site and the services we offer (e.g. GOOGLE ANALYTICS, AT INTERNET).
- Payment processing companies. If your repair is chargeable (e.g. out of warranty), your payment card data will be provided by SBE Ltd to a payment processing company (e.g. WORLDPAY).
- Customer relationship platforms. We share some of your data with companies that collect customer reviews (e.g. TRUSTPILOT, YELL) in order to help us measure your satisfaction and improve our services. We also use certain platforms to provide you with an efficient customer service experience, such as online chat (e.g. SNAPENGAGE).
6. How we protect your data
We protect your personal data against unauthorized access, unlawful use, accidental loss, corruption or destruction. We use technical measures such as encryption, password protection and access control mechanisms to protect your data and the systems they are held in. We also use operational security measures, such as limiting the number of people who have access to the databases where your personal data is stored.
We ensure that these security measures are reviewed regularly, and we rely on industry standards and best practices. We make sure that each of our subcontractors who have access to your data provide the same guarantees of security and data protection as we do, as per to the requirements of the European data protection regulation (GDPR).
7. How long we keep your data
We only keep your data for as long as we need it. How long we need data depends on what we are using it for, whether that is to provide services to you, for our own legitimate interests or so that we comply with the law. We will actively review the information we hold and when there is no longer a legal or business need for us to hold it, we will either delete it securely or in some cases anonymise it.
The following table shows the retention periods we have set for the data we hold in respect to mobile device repair and after-sales service provision, where SBE Ltd acts as a Data Controller:
|NATURE OF DATA||RETENTION PERIOD|
|Data related to service and repairs (e.g. repair booking information, repair history…)||36 months from the date of booking the repair|
|Accounting records and supporting evidence (e.g. quotes, invoices, delivery notes…)||Retention period set by EU Member State law (in UK, this period is 6 years)|
|Data used for sending marketing communications, if applicable (e.g. newsletters…)||Until you withdraw your consent|
8. Sending data outside the European Economic Area
The personal data we collect as part of the repair process is hosted within the EU (in UK and France). When acting as a Data Controller, SBE Ltd do not store or send any data outside the EEA (European Economic Area).
9. Your rights
You are entitled to see copies of all personal data held by us and to amend, correct or delete such data. You can also limit, restrict or object to the processing of your data. You can exercise those rights by contacting: email@example.com or by writing to us at:
BEAVER BUSINESS PARK
Please note that, if the legal basis of the data processing is to execute a contract (such as the warranty), choosing to exercise certain rights (e.g. the right to restrict or object to the processing of your data) could result in us being unable to provide you with the service (i.e. to repair your device).
If you gave us your consent to use your data, e.g. so that we can send you marketing emails, you can withdraw your consent at any time. Please note that even if you withdraw your consent, we can still rely on the consent you gave as the lawful basis for processing your data before you withdrew your consent.
You can object to our use of your data where we rely on our legitimate interests to do so. We explained the legitimate interests we rely on in the table above under the heading ‘How we use your personal data’.
When you get in touch, we will come back to you as soon as possible and where possible within one month. If your request is more complicated, it may take a little longer to come back to you, but we will come back to you within a further two months maximum. There is no charge for most requests, but if you ask us to provide a significant amount of data for example, we may ask you to pay a reasonable admin fee. We may also ask you to verify your identity before we provide any information to you.
Please note that you have the right to lodge a complaint with the supervisory authority which is responsible for the protection of personal data in the country where you live or work, or in which you think a breach of data protection laws might have taken place. The supervisory authority in UK is the ICO (https://ico.org.uk/).
10. Contact us
You can contact our DPO (Data Protection Officer) by sending an email to: firstname.lastname@example.org or by writing to us at:
BEAVER BUSINESS PARK