About this Policy
Protecting your personal information is extremely important to Carbon Bike Repair Ltd (“the Company”, “we” or “our”). This policy explains when and why we collect personal information about individuals, how we use it, how we keep it secure and your rights in relation to it.
What is Personal Information?
The GDPR defines ‘personal data’ as any information relating to an identified or identifiable natural person (a “data subject”). When we talk about personal information, we mean information about an individual that can identify them, such as their name, address, email, telephone number and payment details. A “data subject” can be a customer, employee, business contact or supplier. Any reference to “information” or “data” in this policy is a reference to personal information about a living individual.
We may collect, use and store your personal data as described in this policy.
For all of our services, the “data controller” is Carbon Bike Repair Ltd.
How do we collect information about you?
Depending on which “data subject” category you are in, the Company may collect personal information from you in various ways:
- Directly from you when you contact us by
- our webiste,
- our Facebook page,
- other social media (i.e. Twitter, Instagram)
- email to make an enquiry
- Visiting our workshop
- When shipping items to us
- If you have been introduced by another Trade person or Third party (i.e. Bike Shop, Bike Mechanic, Insurance Company, Solicitor etc).
What information do we hold and how do we use your information?
If you are a customer (potential or existing) we may ask for the following personal information about you and we use the information to provide the best possible service
Type of information
How we use it
|Name, Address and Contact Details (i.e. email address & phone numbers)||
|Visual images of your bicycle / item and designs||
|Your purchase / order history||
|Your contact history with us||
You also have the option of providing the following further information:
Type of information
How we use it
If you are an Employee, please refer to our Employee and Contractors Privacy Notice which can be obtained from your line manager.
Using your information in accordance with Data Protection laws
Data protection laws require us to meet certain conditions before we are allowed to use your personal information in the way we describe in this policy. To use your personal information, we will rely on the following conditions, depending on the activities we are carrying out;
Providing our contracts and services to you: We will process your personal information to carry out our responsibilities resulting from any agreements you’ve entered into with us and to provide you with the information, products and services you’ve asked from us which may include online services.
Complying with applicable laws: We may process your personal information to comply with any legal obligation we are subject to.
Legitimate interests: To use your personal data for any other purpose described in this policy, we’ll rely on a condition known as “legitimate interests”. It’s in our legitimate interests to collect your personal data as it provides us with the information we need to deliver our services to you more effectively. We may use your information to;
- Carry out market research and product development, which can include creating customer demographics and/or profiling. We may sometimes work with carefully selected third parties to do this, using advertising services provided by organisations such as Google or Facebook and may share data with them, which could be combined with the information they hold about you.
- Continue to send marketing information, via email only, to customers who purchased a service or product before 25th May 2018 and did not opt-out, until such time as they have reviewed their marketing preferences (which can be done at any time).
- Develop, test and manage our brands, products and services.
- Study and also manage how our customers use products and services from us.
- Manage risk for us and our customers.
This requires us to carry out an assessment of our interests in using your personal data against the interests you have a citizen and the rights you have under data protection laws. The outcome of this assessment will determine whether we can use your personal data in the ways described in this policy, except in relation to marketing, where we will always rely on your consent.
- Consent: We may provide you with marketing information about our services or products where you have provided your consent for us to do so. You may opt out of marketing at any time by emailing us at firstname.lastname@example.org. Opting-out will never prevent you from receiving a service from us. If you opt-out of receiving marketing emails, you will still receive important order and delivery information by email.
Where your Data is held?
The data we collect form you may be stored outside the European Economic Area (“EEA”).
We will only transfer Personal Data outside the European Economic Area to those countries that have adequate data privacy laws approved by the European Commission or alternatively if transferred to the United States of America to any US businesses that have signed up to the EU-US Privacy Shield framework. This requires that third party to provide data protection to standards similar levels of data protection to those in Europe. More information is available from the European Commission
Sharing your information
We will not sell, distribute or rent your data to any third parties, with the following exceptions:
- We were compelled to by any legal authority
- The business was sold to a new owner along with our customer details
In order to fulfil orders and provide you with a highly personal level of service, we do share your data with the following data controllers:
- Our courier companies – Parcelforce, TNT , Fedex and Royal Mail
- Our local same day courier – Forklift Bike
- Our out of hours drop off / collection service – Head for the Hills (Dorking)
- Our partner bicycle shops for mechanical services (strips and rebuild) – Cyclelink (Thames Ditton), Surrey Hills Cycleworks (Leatherhead), and Bespoke Cycling (London)
- Our payment service provider – Dojo
- Replacement components we supply who offer warranty on their products (in the event that you need to claim on the warranty)
- Marketing and advertising agencies who we work with to run our business
International Orders (outside of the EEA)
In order to fulfil international orders, some data will be passed on to companies within our shipping network who operate outside of the European Economic Area (EEA). This is carried out in a secure way and only the information needed to fulfil your order (e.g. name, postal address and contact details) will be provided.
Retaining your information
We shall not keep your personal data for any longer than is necessary in light of the purpose or purposes for which that personal data was originally collected, held and processed. We will review your personal data from time to time to establish whether we are still entitled to process it. If we decide that we are not entitled to do so, we will stop processing your personal data and securely destroy all personal data once we no longer need it.
A cookie is a small text file which asks permission to be downloaded onto your computer or smartphone when you visit a website. The cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
You have rights under the GDPR;
- To access your personal data.
- To be provided with information about how your personal data is processed.
- To have your personal data corrected.
- To have your personal data erased in certain circumstances.
- To object or restrict how your data is processed.
- To have your data transferred to yourself or another organisation in certain circumstances.
- To object to, and opt-out of our email marketing at any time
If you have any questions regarding our data processing practices or wish to exercise any of your rights, including changing your marketing preferences, please contact Data Protection Officer using the contact details set out below.
How you can access and update your information
The accuracy of your information is important to us. If you change email address or if any of the other information we hold is inaccurate or out of date, please contact us using the details shown at the end of this document.
You have the right to ask for a copy of the information the Starling by Design holds about you. Such requests should be direct to Franca Starling using the contact details at the end of this document. We do not charge a fee for the handling of a SAR however, we reserve the right to charge reasonable fees for additional copies of information that has already been supplied to a data subject and for requests that are unfounded or excessive.
Changes to this policy
We will keep this policy under regular review and reserve the right to amend this policy from time to time without prior notice. You are advised to check our website www.carbonbikerepair.co.uk regularly for any amendments (but amendments will not be made retrospectively).
This Policy aims to ensure compliance with the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details on the GDPR can be found at the website for the Information Commissioner (www.ico.gov.uk). For the purposes of the GDPR we will be the “controller” of all personal data we hold about you.
Our contact details
Data Protection Officer
Carbon Bike Repair Limited
Unit 1a, Bridge Works