Privacy Policy

About this Policy

Protecting your personal information is extremely important to Carbon Bike Repair Ltd (“the Company”, “we” or “our”).  This policy explains when and why we collect personal information about individuals, how we use it, how we keep it secure and your rights in relation to it.

What is Personal Information?

The GDPR defines ‘personal data’ as any information relating to an identified or identifiable natural person (a “data subject”).   When we talk about personal information, we mean information about an individual that can identify them, such as their name, address, email, telephone number and payment details.  A “data subject” can be a customer, employee, business contact or supplier.  Any reference to “information” or “data” in this policy is a reference to personal information about a living individual.

We may collect, use and store your personal data as described in this policy.

For all of our services, the “data controller” is Carbon Bike Repair Ltd.

How do we collect information about you?

Depending on which “data subject” category you are in, the Company may collect personal information from you in various ways:

  1. Directly from you when you contact us by
    • telephone,
    • our webiste,
    • Messenger
    • our Facebook page,
    • other social media (i.e. Twitter, Instagram)
    • email to make an enquiry
  2. Visiting our workshop
  3. When shipping items to us
  4. If you have been introduced by another Trade person or Third party (i.e. Bike Shop, Bike Mechanic, Insurance Company, Solicitor etc).

What information do we hold and how do we use your information?

If you are a customer (potential or existing) we may ask for the following personal information about you and we use the information to provide the best possible service

Type of information
How we use it
Name, Address and Contact Details (i.e. email address & phone numbers)
  • To provide you with a quotation and discuss the services required
  • To send you updates / service information relating to your orders
  • To advise on deliverables & deadlines and various information regarding the services we provide to you.
  • To collect or return items to you.
  • To process your order and sales invoices
  • At your request, to let you know when an item is back in stock
  • To send you marketing emails, newsletters, conduct online surveys, run competitions or other information which may interest you (only if you’ve opted-in)
  • For fraud prevention
Payment details
  • To collect payment and process refunds, where necessary
  • For fraud prevention
Visual images of your bicycle / item and designs
  • To assist with assessing the damage to your bicycle / item
  • To document items received by CBR
  • To show proof of damage
  • To document the repair process and end result
  • Images maybe used on our website or for social media or advertising purposes
Your purchase / order history
  • To fulfil your orders, provide customer service and handle returns or warranty claims
  • To find out what you like, and send you relevant marketing emails (only if you’ve opted-in)
Your contact history with us
  • To provide you with customer service and support

You also have the option of providing the following further information:

Type of information
How we use it
Survey responses
  • To help us better understand our customers’ needs and preferences.
Competition entries
  • To acknowledge receipt of your entry, and notify you of results

If you are an Employee, please refer to our Employee and Contractors Privacy Notice which can be obtained from your line manager.

Using your information in accordance with Data Protection laws

Data protection laws require us to meet certain conditions before we are allowed to use your personal information in the way we describe in this policy.  To use your personal information, we will rely on the following conditions, depending on the activities we are carrying out;

Providing our contracts and services to you:  We will process your personal information to carry out our responsibilities resulting from any agreements you’ve entered into with us and to provide you with the information, products and services you’ve asked from us which may include online services.

Complying with applicable laws:  We may process your personal information to comply with any legal obligation we are subject to.

Legitimate interests:  To use your personal data for any other purpose described in this policy, we’ll rely on a condition known as “legitimate interests”.  It’s in our legitimate interests to collect your personal data as it provides us with the information we need to deliver our services to you more effectively.  We may use your information to;

  • Carry out market research and product development, which can include creating customer demographics and/or profiling. We may sometimes work with carefully selected third parties to do this, using advertising services provided by organisations such as Google or Facebook and may share data with them, which could be combined with the information they hold about you.
  • Continue to send marketing information, via email only, to customers who purchased a service or product before 25th May 2018 and did not opt-out, until such time as they have reviewed their marketing preferences (which can be done at any time).
  • Develop, test and manage our brands, products and services.
  • Study and also manage how our customers use products and services from us.
  • Manage risk for us and our customers.

This requires us to carry out an assessment of our interests in using your personal data against the interests you have a citizen and the rights you have under data protection laws. The outcome of this assessment will determine whether we can use your personal data in the ways described in this policy, except in relation to marketing, where we will always rely on your consent.

  • Consent: We may provide you with marketing information about our services or products where you have provided your consent for us to do so.  You may opt out of marketing at any time by emailing us at  Opting-out will never prevent you from receiving a service from us.  If you opt-out of receiving marketing emails, you will still receive important order and delivery information by email.

Where your Data is held?

The data we collect form you may be stored outside the European Economic Area (“EEA”).

We will only transfer Personal Data outside the European Economic Area to those countries that have adequate data privacy laws approved by the European Commission or alternatively if transferred to the United States of America to any US businesses that have signed up to the EU-US Privacy Shield framework.  This requires that third party to provide data protection to standards similar levels of data protection to those in Europe. More information is available from the European Commission

Sharing your information

We will not sell, distribute or rent your data to any third parties, with the following exceptions:

  • We were compelled to by any legal authority
  • The business was sold to a new owner along with our customer details

In order to fulfil orders and provide you with a highly personal level of service, we do share your data with the following data controllers:

  • Our courier companies – Parcelforce, TNT , Fedex and Royal Mail
  • Our local same day courier – Forklift Bike
  • Our out of hours drop off / collection service – Head for the Hills (Dorking)
  • Our partner bicycle shops for mechanical services (strips and rebuild) – Cyclelink (Thames Ditton), Surrey Hills Cycleworks (Leatherhead), and Bespoke Cycling (London)
  • Our payment service provider – Dojo
  • Replacement components we supply who offer warranty on their products (in the event that you need to claim on the warranty)
  • Marketing and advertising agencies who we work with to run our business

International Orders (outside of the EEA)

In order to fulfil international orders, some data will be passed on to companies within our shipping network who operate outside of the European Economic Area (EEA).  This is carried out in a secure way and only the information needed to fulfil your order (e.g. name, postal address and contact details) will be provided.

Retaining your information

We shall not keep your personal data for any longer than is necessary in light of the purpose or purposes for which that personal data was originally collected, held and processed.  We will review your personal data from time to time to establish whether we are still entitled to process it.  If we decide that we are not entitled to do so, we will stop processing your personal data and securely destroy all personal data once we no longer need it.


A cookie is a small text file which asks permission to be downloaded onto your computer or smartphone when you visit a website.  The cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

In addition, our website uses a web analytics service Google Analytics, provided by Google, Inc. (“Google”). The information generated by the cookie about your use of our website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google Analytics does not identify individual users or associate your IP address with any other date held by Google.  Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.  Further information about Google’s privacy policy may be obtained from

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to other websites

We may occasionally provide links to third-party websites to help you find other relevant information. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy policy. You should exercise caution and look at the privacy statement applicable to the website in question.

Your rights

You have rights under the GDPR;

  1. To access your personal data.
  2. To be provided with information about how your personal data is processed.
  3. To have your personal data corrected.
  4. To have your personal data erased in certain circumstances.
  5. To object or restrict how your data is processed.
  6. To have your data transferred to yourself or another organisation in certain circumstances.
  7. To object to, and opt-out of our email marketing at any time

If you have any questions regarding our data processing practices or wish to exercise any of your rights, including changing your marketing preferences, please contact Data Protection Officer using the contact details set out below.

How you can access and update your information

The accuracy of your information is important to us.  If you change email address or if any of the other information we hold is inaccurate or out of date, please contact us using the details shown at the end of this document.

You have the right to ask for a copy of the information the Starling by Design holds about you.  Such requests should be direct to Franca Starling using the contact details at the end of this document.  We do not charge a fee for the handling of a SAR however, we reserve the right to charge reasonable fees for additional copies of information that has already been supplied to a data subject and for requests that are unfounded or excessive.

Changes to this policy

We will keep this policy under regular review and reserve the right to amend this policy from time to time without prior notice.  You are advised to check our website regularly for any amendments (but amendments will not be made retrospectively).

This Policy aims to ensure compliance with the General Data Protection Regulation (GDPR) when dealing with your personal data.  Further details on the GDPR can be found at the website for the Information Commissioner (  For the purposes of the GDPR we will be the “controller” of all personal data we hold about you.

Our contact details

Data Protection Officer
Carbon Bike Repair Limited
Unit 1a, Bridge Works
Kingston Road
KT22 7SU
United Kingdom

This privacy policy was last updated on 19 June 2023.