phone clinic
phone clinic
Book Repair

LEGAL & COMPLIANCE

Phone Clinic Privacy Policy

Who We Are

Phone Clinic Repair is the data controller responsible for your personal information. We operate mobile phone, tablet, and laptop repair services across 14+ locations throughout the United Kingdom.

Registered Head Office: 6 Upper Market Square, Stoke-on-Trent, ST1 1NS

Telephone: 01782 287557

Email: support@phoneclinicrepair.co.uk

As the data controller, we determine the purposes and means of processing your personal data and are legally responsible for ensuring that such processing is carried out lawfully, fairly, and transparently in accordance with UK GDPR.

Where a specific store location processes your data independently as a franchised or separately managed entity, that entity may also act as a data controller. This policy covers all processing conducted under the Phone Clinic Repair brand.

Data We Collect & How We Collect It

We collect personal data in a number of ways, including directly from you, automatically through our website, and through our in-store service process. The categories of data we may collect include:

2.1 Identity & Contact Data

  • Full name
  • Postal address
  • Email address
  • Telephone or mobile number

2.2 Device & Repair Data

  • Device make, model, and colour
  • Device IMEI number or serial number
  • Nature of the fault or damage reported
  • Device passcode (collected solely for testing purposes before and after repair, and immediately discarded thereafter)
  • Service history and repair records linked to your unique device IMEI or serial number and your customer record
  • Warranty claims and correspondence

2.3 Transaction & Financial Data

  • Payment method (type only; we do not store full card numbers)
  • Transaction reference and amount
  • Invoice and receipt records

2.4 Booking & Appointment Data

  • Date, time, and location of booked appointments
  • Service type selected
  • Correspondence or notes submitted via the booking form

2.5 Communications Data

  • Enquiries sent via our website contact forms
  • Email or telephone correspondence with our team
  • Warranty claim submissions
  • Marketing preferences (if you opt in to receive newsletters or promotions)

2.6 Technical & Usage Data (Website)

  • IP address
  • Browser type and version
  • Operating system
  • Pages viewed and time spent on site
  • Referral source (how you found our website)
  • Cookie data (see Section 9)

2.7 Special Category Data

We do not intentionally collect or process any special category personal data (such as health, ethnic origin, religious beliefs, or financial vulnerability). If you voluntarily disclose such information to us, we will handle it with the highest level of confidentiality.

How We Use Your Personal Data

We use your personal data only for the purposes for which it was collected or for compatible purposes. The primary purposes for which we process your data are:

3.1 Service Delivery

  • To accept, process, and complete your device repair or service
  • To test your device before and after the repair
  • To notify you when your repair is complete or if there are delays or additional costs
  • To fulfil our obligations under our Service Agreement (Terms & Conditions)

3.2 Warranty Administration

  • To maintain warranty records linked to your device IMEI or serial number and your customer profile
  • To process warranty claims for defective parts or workmanship faults
  • To verify warranty eligibility against the original repair record
  • To communicate with you regarding the outcome of a warranty claim

3.3 Customer Account & After-Sales Service

  • To manage your customer record and service history
  • To provide efficient after-sales support and respond to enquiries
  • To handle complaints and dispute resolution

3.4 Appointments & Booking

  • To schedule and manage your repair appointment
  • To send appointment confirmations and reminders

3.5 Marketing Communications (with Consent Only)

  • To send you newsletters, special offers, and promotions where you have explicitly opted in
  • To inform you of new services or locations relevant to your interests
  • You may withdraw marketing consent at any time (see Section 7)

3.6 Legal & Regulatory Compliance

  • To comply with our legal obligations, including tax and accounting requirements
  • To prevent, detect, and investigate fraud or other criminal activity
  • To establish, exercise, or defend legal claims

3.7 Website & Service Improvement

  • To analyse website usage and improve our online booking experience
  • To measure marketing effectiveness and service performance

Lawful Basis for Processing

Under UK GDPR, we must have a lawful basis for processing your personal data. The table below sets out the lawful basis we rely upon for each processing activity:

Processing ActivityLawful BasisNotes
Completing your device repair and notifying youContractNecessary to fulfil the Service Agreement you enter into with us
Collecting device passcode for testingContractNecessary to test and return your device in working order
Maintaining warranty and repair recordsContractRequired to administer warranty linked to your IMEI / serial number
Sending appointment confirmationsContractNecessary to provide the booked service
Processing payments and issuing invoicesContract / Legal ObligationContractual performance and HMRC record-keeping
Responding to enquiries and complaintsLegitimate InterestsOur legitimate interest in resolving queries and maintaining customer satisfaction
Marketing communications (newsletters, offers)ConsentOnly where you have explicitly opted in via our forms or at the point of service
Website analytics and performance trackingLegitimate InterestsOur legitimate interest in improving our digital services
Fraud prevention and legal complianceLegal ObligationRequired to comply with applicable laws and regulations
Defending or pursuing legal claimsLegitimate InterestsOur legitimate interest in protecting our legal rights

Data Sharing & Third Parties

Phone Clinic Repair does not sell, rent, or trade your personal data to any third party. We may share your data only in the following limited circumstances:

5.1 Service Providers (Data Processors)

We engage trusted third-party companies to help us deliver our services. These providers act as data processors and are contractually bound to process your data only on our instructions and in accordance with UK GDPR. They include:

  • Payment processors — to securely process card payments (e.g. card terminal providers)
  • Booking and appointment systems — to manage online reservations
  • Email and communication platforms — to send service notifications and, where applicable, marketing emails
  • Website hosting and analytics providers — including Google Tag Manager and Google Analytics (see Section 9)
  • IT and CRM systems — to manage customer records and service history

5.2 Legal Authorities

We may disclose your personal data to law enforcement bodies, courts, regulators, or other governmental authorities where we are legally required to do so, or where necessary to prevent fraud, protect the safety of individuals, or defend legal claims.

5.3 Business Transfers

In the event of a merger, acquisition, franchise arrangement, or sale of all or part of our business, your personal data may be transferred to the relevant third party. We will notify you in advance of any such transfer and your data will remain subject to equivalent data protection obligations.

5.4 With Your Consent

We may share your data with other third parties where you have given us your explicit consent to do so.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. Our retention periods are as follows:

Repair records & service history
Duration of warranty + 2 years
Required to administer warranty claims and resolve any post-repair disputes
Customer contact details
6 years
In line with the UK Limitation Act 1980 for potential contract claims
Financial & invoicing records
7 years
Required by HMRC under UK tax legislation
Warranty claim records
Duration of applicable warranty
Retained to administer active warranties tied to device IMEI or serial number
Device passcode
Not retained
Collected solely for in-repair device testing; discarded immediately after use and not stored in any system
Marketing preferences
Until withdrawn
Retained while you remain opted in; deleted upon unsubscription or consent withdrawal
Website analytics data
26 months
Standard Google Analytics retention; used for website performance analysis
Enquiries & complaints
3 years
Retained to manage follow-up and any potential legal proceedings

When your data is no longer required, it is securely deleted or anonymised in accordance with our data disposal procedures.

Your Rights Under UK GDPR

Under UK GDPR and the Data Protection Act 2018, you have the following rights in respect of your personal data: 

Right of Access

Request a copy of the personal data we hold about you (Subject Access Request).

Right to Rectification

Ask us to correct inaccurate or incomplete personal data we hold.

Right to Erasure

Request deletion of your data where there is no compelling reason for continued processing.

Right to Restriction

Ask us to restrict processing of your data in certain circumstances (e.g. while accuracy is disputed).

Right to Portability

Receive your data in a structured, machine-readable format and transfer it to another controller.

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

How to Exercise Your Rights: To exercise any of the above rights, please contact us using the details in Section 13. We will respond within one calendar month of receiving a valid request, free of charge. Where requests are manifestly unfounded, excessive, or repetitive, we may charge a reasonable administrative fee or decline to respond, with reasons provided.

Data Security

The security of your personal data is of paramount importance to us. We have implemented appropriate technical and organisational measures to protect your data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

  • Physical security — secure premises and restricted access to areas where personal data is processed
  • Access controls — staff access to personal data is limited on a need-to-know basis and protected by individual login credentials
  • Staff training — all team members handling personal data are trained on our data protection obligations
  • Secure payment processing — card payments are processed via PCI-DSS compliant payment systems; we do not store full card numbers
  • Website security — our website uses HTTPS (SSL/TLS encryption) to protect data in transit
  • Supplier due diligence — third-party data processors are assessed for data security compliance and are contractually obligated under UK GDPR

Despite these measures, no data transmission over the internet or storage system can be guaranteed to be 100% secure. If you have any concerns about the security of your data, please contact us immediately.

Data Breach Notification: In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach, and we will notify affected individuals without undue delay where there is a high risk to their rights and freedoms.

Cookies & Tracking Technologies

Our website (phoneclinicrepair.co.uk) uses cookies and similar tracking technologies to enhance your experience, analyse site performance, and support our marketing activity. A cookie is a small text file stored on your device when you visit a website.

9.1 Types of Cookies We Use

Cookie TypePurposeConsent Required?
Strictly NecessaryEssential for the website to function (e.g. session management, booking forms)No (exempt)
Analytics / PerformanceGoogle Analytics — measures visitor behaviour, traffic sources, and page performanceYes
Marketing / AdvertisingGoogle Tag Manager, Google Ads — enables targeted advertising and campaign trackingYes
FunctionalRemembers your preferences (e.g. selected store location)Yes

9.2 Third-Party Cookies

Our website integrates with third-party services that may set their own cookies, including Google Analytics, Google Tag Manager, and Google AdSense. These providers have their own privacy policies governing their use of data collected via cookies.

9.3 Managing Your Cookie Preferences

You can manage or withdraw your consent to non-essential cookies at any time via our cookie consent tool displayed on your first visit to our website. You may also control cookies through your browser settings — most browsers allow you to block or delete cookies. Please note that disabling certain cookies may affect the functionality of our website.

For more information about cookies and how to manage them, please visit ico.org.uk.

Children's Privacy

Our services are not directed at children under the age of 18. We do not knowingly collect personal data from children under 18 without verifiable parental or guardian consent. If a repair or warranty claim is submitted on behalf of a minor, the consenting adult (parent or legal guardian) is responsible for ensuring that this policy has been reviewed and that consent is given on the child’s behalf.

If we become aware that we have inadvertently collected personal data from a child under 18 without appropriate consent, we will take steps to delete that information promptly. Please contact us at support@phoneclinicrepair.co.uk if you believe we hold data about a child without proper consent.

International Data Transfers

Phone Clinic Repair is a UK-based business and processes the majority of personal data within the United Kingdom. However, some of our third-party service providers (such as cloud software platforms) may process data in countries outside the UK, including countries within the European Economic Area (EEA) or further afield.

Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place, including:

  • Transfers to countries covered by a UK adequacy decision (recognised as providing an equivalent level of data protection)
  • Use of UK International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses approved by the ICO
  • Assessment of the data importer’s compliance with UK GDPR equivalent standards

You may request further information about the specific safeguards applied to any international transfer of your data by contacting us as set out in Section 13.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing activities, legal requirements, or business operations. Any changes will be published on this page with an updated “Last Updated” date at the top.

Where changes are material (i.e. significantly affect your rights or how we use your data), we will take reasonable steps to notify you — for example, via a notice on our website or by email (where we hold your email address).

We encourage you to review this policy periodically to stay informed about how we protect your data. Your continued use of our services following the publication of changes constitutes your acknowledgement of the updated policy. 

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal data, please contact us:

Telephone: 01782 287557

Email: support@phoneclinicrepair.co.uk

Ready to Fix Your Device?

Book your repair online in minutes. Fast, professional, and backed by our warranty guarantee.

BOOK YOUR REPAIR NOW