Privacy Policy

1. Data Collection

1.1 Information We Collect

A. Information You Provide Directly:

• Registration Information: Full name, email address, phone number, postal address, company name (if applicable)
• Service Requests: Device information and serial numbers, problem descriptions, repair preferences, communication preferences
• Communications: Email correspondence, support ticket submissions, survey responses, feedback and reviews
• Payment Information: Billing details processed through our payment processor (we do not store full payment card details)

B. Information Collected Automatically:

• Website Usage Data: IP address and approximate location, browser type and version, device information, pages visited and time spent, referral sources, search terms used
• Technical Data: Operating system, screen resolution, language preferences, time zone settings
• Cookies and Tracking: Essential cookies for website functionality, analytics cookies for usage statistics (with consent), preference cookies for user settings, marketing cookies for relevant advertising (with consent)

C. Information from Third Parties:

• Service Partners: Repair status updates and technical assessments from authorized service centers
• Logistics Providers: Shipping and delivery confirmations, package tracking information
• Payment Processors: Transaction confirmations and fraud prevention data from Stripe
• Public Sources: Business information verification from publicly available directories (for business customers only)

1.2 Data Sources

We collect personal data from the following sources:

1.3 Legal Basis for Processing

We process your personal data based on the following legal grounds under UK GDPR:

1.4 How We Use Your Information

Service Provision:

• Process and fulfill repair service requests and warranty claims
• Communicate repair status, updates, and completion notifications
• Arrange device collection and delivery through logistics partners
• Provide technical support, troubleshooting, and customer assistance
• Process payments and manage billing inquiries

Business Operations:

• Create and maintain customer accounts and service history
• Analyze website usage and performance for service improvement
• Prevent fraud, ensure security, and protect against unauthorized access
• Conduct market research and customer satisfaction surveys
• Comply with legal obligations and regulatory requirements

Marketing and Communications:

• Send service-related notifications and important updates
• Provide marketing communications to consenting customers
• Personalize website content and user experience
• Conduct promotional campaigns and special offers

2. Automated Processing

2.1 Automated Decision-Making

We use limited automated decision-making in the following circumstances:

Your Rights Regarding Automated Decisions:

• Right to obtain human intervention in the decision-making process
• Right to express your point of view and contest the decision
• Right to obtain an explanation of the decision and its consequences
• Right to request manual review of automated decisions

2.2 Profiling Activities

We engage in limited profiling activities to enhance our services:

Customer Service Profiling:

• Purpose: Analyze service history to provide personalized support and identify potential issues
• Data Used: Previous repairs, device types, communication preferences, service feedback
• Impact: Improved service recommendations and proactive support
• Your Rights: Right to object, request explanation, and opt-out

Marketing Profiling (Consent-Based):

• Purpose: Deliver relevant marketing content and offers based on interests and service history
• Data Used: Service preferences, device types, engagement with communications
• Impact: Personalized marketing communications and offers
• Your Rights: Right to withdraw consent, object, and request deletion

Note: You have the right to object to profiling activities. Contact us using the details in Section 7.3 to exercise this right.

3. Cookies & Tracking

3.1 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your website experience and provide our services effectively.

Third-Party Cookies:

• Google Analytics: Website performance and user behavior analysis
• Stripe: Payment processing and fraud prevention
• Social Media Platforms: Social sharing and integration features

3.2 Managing Cookies

You can control cookie settings through multiple methods:

Our Cookie Management:

• Cookie consent banner on first visit
• Cookie preferences center (accessible from footer)
• Granular control over cookie categories
• Easy withdrawal of consent options

Browser Settings:

• Block all cookies or specific types
• Delete existing cookies
• Set preferences for future cookies
• Receive notifications before cookies are set

Third-Party Opt-Out Tools:

• Google Analytics Opt-out Browser Add-on
• Your Online Choices (EU)
• Individual third-party privacy settings

Impact of Disabling Cookies:
Disabling certain cookies may limit website functionality, including login capabilities, shopping cart features, personalized content, and analytics that help us improve our services.

4. Data Sharing & Storage

4.1 Information Sharing

We share information with trusted service providers who assist in delivering our services:

A. Authorized Repair Centers:

• Data Shared: Device information, repair instructions, customer contact details for coordination
• Purpose: Service delivery, repair coordination, quality assurance
• Safeguards: Contractual obligations, data processing agreements, security requirements

B. Payment Processors:

• Service Provider: Stripe, Inc.
• Data Shared: Transaction details, billing information, fraud prevention data
• Purpose: Payment processing, security verification, compliance
• Safeguards: PCI DSS compliance, encryption, secure data handling

C. Logistics Partners:

• Service Providers: Various UK courier services
• Data Shared: Shipping addresses, contact information, package details
• Purpose: Collection, delivery, tracking, insurance claims
• Safeguards: Limited data sharing, secure handling procedures

D. Technology Providers:

• Service Providers: Website hosting, email services, analytics platforms
• Data Shared: Technical data, communications, usage analytics
• Purpose: Service operation, maintenance, improvement
• Safeguards: Data processing agreements, security standards, access controls

E. Legal Requirements:
We may disclose information when required by law, including:

• Compliance with legal obligations and court orders
• Response to lawful government and regulatory requests
• Protection of our rights, property, and safety
• Prevention of fraud and illegal activities
• Cooperation with law enforcement investigations

4.2 Data Processing Agreements

We maintain formal Data Processing Agreements (DPAs) with all third-party processors to ensure:

Contractual Safeguards:

• Clear definition of processing purposes and limitations
• Confidentiality and security obligations
• Data subject rights protection requirements
• Incident notification and breach response procedures
• Data deletion and return obligations upon contract termination

Processor Obligations:

• Process data only on documented instructions
• Implement appropriate technical and organizational security measures
• Assist with data subject rights requests
• Notify us of any data breaches within 24 hours
• Submit to audits and inspections as required

4.3 Data Retention

Retention Review Process:

• Annual review of all data categories and retention periods
• Automated deletion systems where technically feasible
• Manual review and deletion for complex data sets
• Documentation of deletion activities for compliance

4.4 International Data Transfers

Primary Data Storage: Secure servers within the European Union and United Kingdom

Processing Locations:

• Seychelles: Company headquarters and business administration
• United Kingdom: Service operations and customer support
• European Union: Website hosting, technical services, and data storage
• United States: Limited processing by certain service providers (with safeguards)

Transfer Safeguards for Non-Adequate Countries:

• Standard Contractual Clauses (SCCs): EU Commission approved clauses for data transfers
• Adequacy Decisions: Transfers to countries with adequate protection levels
• Binding Corporate Rules: For multinational service providers where applicable
• Explicit Consent: Where other safeguards are not available and consent is appropriate
• Contractual Necessity: Where transfer is necessary for contract performance

US Data Transfers:
For service providers in the United States, we ensure protection through:

• Standard Contractual Clauses with additional safeguards
• Data Processing Addendums with enhanced security requirements
• Regular assessment of data protection levels and legal developments
• Minimization of data transferred to essential processing only

5. Your Rights & Security

5.1 Your Privacy Rights

Under UK GDPR and the Data Protection Act 2018, you have comprehensive rights regarding your personal data:

Exercising Your Rights:

• Contact Methods: Use details in Section 7.3. UK residents may also contact our UK Representative (see Section 7.1a)
• Response Time: We will respond within one month of receiving your request
• Identity Verification: We may request identification to verify your identity
• Free of Charge: Rights requests are free unless manifestly unfounded or excessive
• Complex Requests: May require up to three months with explanation of delay
• Third-Party Rights: We will consider impacts on other individuals’ rights and freedoms

Limitations on Rights:
Certain rights may be limited where:

• Processing is necessary for compliance with legal obligations
• Processing is necessary for establishment, exercise, or defense of legal claims
• Processing is necessary for public interest or official authority tasks
• Restriction would prevent us from fulfilling contractual obligations

5.2 Security Measures

We implement comprehensive technical and organizational security measures to protect your personal information:

Technical Safeguards:

• Encryption: Industry-standard AES-256 encryption for data at rest and TLS 1.3 for data in transit
• Access Controls: Multi-factor authentication, role-based access, and principle of least privilege
• Network Security: Firewalls, intrusion detection systems, and continuous monitoring
• Data Backup: Regular encrypted backups with secure off-site storage
• System Updates: Regular security patches and vulnerability assessments
• Penetration Testing: Annual third-party security assessments

Organizational Measures:

• Staff Training: Regular privacy and security awareness training for all employees
• Access Management: Strict controls on who can access personal data and when
• Incident Response: Documented procedures for handling security incidents and breaches
• Vendor Management: Security assessments and contractual requirements for all processors
• Privacy by Design: Data protection considerations built into all new systems and processes
• Regular Audits: Internal and external audits of security and privacy practices

Physical Security:

• Secure data centers with 24/7 monitoring and access controls
• Biometric access controls and visitor management systems
• Environmental controls and redundant power systems
• Secure disposal of hardware and storage media

Your Security Responsibilities:

• Keep login credentials confidential and secure
• Use strong, unique passwords and enable two-factor authentication where available
• Log out of shared or public computers after use
• Report suspicious activity or potential security incidents immediately
• Keep your contact information up to date for security notifications

5.3 Data Breach Response

We have established comprehensive procedures for handling personal data breaches:

Breach Detection and Assessment:

• Monitoring Systems: Continuous monitoring for unauthorized access or data loss
• Incident Classification: Immediate assessment of breach severity and impact
• Risk Evaluation: Analysis of potential harm to affected individuals
• Containment: Immediate steps to contain and minimize the breach

Regulatory Notification (Within 72 Hours):

• ICO Notification: Report to Information Commissioner’s Office within 72 hours of awareness
• Breach Details: Nature of breach, categories and numbers of individuals affected, likely consequences
• Response Measures: Steps taken to address the breach and prevent recurrence
• Contact Information: Details of our Data Protection Officer or contact point

Individual Notification (Without Undue Delay):
When breach poses high risk to rights and freedoms:

• Direct Communication: Clear, plain language explanation of the breach
• Impact Description: Likely consequences and potential harm
• Protective Measures: Steps we’ve taken and recommendations for individuals
• Contact Information: How to get more information and support

Breach Response Team:

• Incident Response Manager
• Data Protection Officer (or designated privacy contact)
• IT Security Team
• Legal Counsel
• Senior Management

Post-Breach Activities:

• Detailed incident investigation and root cause analysis
• Implementation of additional security measures
• Review and update of security policies and procedures
• Staff training and awareness updates
• Documentation and reporting for compliance purposes

6. Special Considerations

6.1 Children’s Privacy

Age Restrictions:
Our services are not intended for children under 13 years of age, in accordance with UK Data Protection Act 2018 provisions on children’s consent.

Children Under 13:

• We do not knowingly collect personal information from children under 13
• If we become aware of such collection, we will delete the information promptly
• Parents/guardians should contact us immediately if they believe we have collected their child’s data
• We require parental consent for any processing of children’s data under 13

Children Aged 13-16:

• We may process personal data with the child’s consent for certain services
• We take additional care to ensure information is presented in age-appropriate language
• Parents/guardians retain rights to access and control their child’s personal data
• We implement additional safeguards for marketing communications to this age group

Parental Rights and Controls:

• Right to access their child’s personal data
• Right to request rectification or deletion of their child’s data
• Right to object to processing of their child’s data
• Right to withdraw consent on behalf of their child

Verification Procedures:
When we suspect a user may be under 13, we implement age verification procedures and may request parental consent before continuing to process personal data.

6.2 Third-Party Services

Our website and services integrate with various third-party providers. These services have their own privacy policies and practices:

Payment Services:

• Stripe, Inc.: Stripe Privacy Policy
• Handles payment processing, fraud detection, and transaction security
• Subject to PCI DSS compliance and additional security standards

Analytics and Performance:

• Google Analytics: Google Privacy Policy
• Website usage analytics and performance monitoring
• Data anonymization and aggregation practices

Communication Services:

• Email service providers for transactional and marketing communications
• Customer support platforms for ticket management
• SMS services for delivery notifications and updates

Social Media Integration:

• Social media platforms for sharing and integration features
• Social login options where available
• Social media advertising and remarketing

Your Control Over Third-Party Services:

• Review and manage privacy settings on third-party platforms
• Opt-out of third-party data collection where possible
• Contact third parties directly for privacy-related requests
• Use browser settings and extensions to limit third-party tracking

6.3 Policy Changes

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements.

Types of Changes:

• Minor Updates: Clarifications, contact information, or non-material changes
• Material Changes: New data uses, sharing practices, or rights modifications
• Legal Updates: Changes required by new laws or regulations
• Service Changes: Updates reflecting new features or service modifications

Notification Process:

• Effective Date Update: All changes will be reflected in the “Effective Date” at the bottom
• Website Notice: Prominent notice on our website for significant changes
• Email Notification: Direct notification to registered users for material changes
• Consent Requests: New consent requests where required by law

Your Options:

• Continued Use: Continued use of our services constitutes acceptance of minor changes
• Opt-Out: Right to opt-out of new data uses or sharing practices
• Account Closure: Right to close your account if you disagree with material changes
• Data Deletion: Right to request deletion of your data upon policy disagreement

Change History:
We maintain a record of significant policy changes and their effective dates for transparency and compliance purposes.

6.4 Illegal Content Handling

While providing repair services, our contracted service centers adhere to strict privacy standards and professional ethics.

Standard Privacy Practices:

• We do not access or review device contents beyond what is necessary for repair services
• Functionality testing is limited to essential system operations
• Personal files, photos, and data remain private and untouched
• Service centers are trained in privacy protection and data handling

Legal Obligations:
However, if during the course of repair work, illegal content is inadvertently discovered, our service centers are legally obligated to:

• Immediately notify law enforcement authorities
• Preserve evidence as required by law
• Cooperate with official investigations
• Transfer devices and data to authorities when legally required

Types of Content Subject to Reporting:

• Child sexual abuse material
• Terrorist-related content
• Content related to serious criminal activities
• Other content as required by applicable criminal law

Legal Basis and Your Acknowledgment:

• Legal Basis: This practice is required under applicable criminal reporting laws and regulations
• Your Acknowledgment: By using our services, you acknowledge and consent to this legal obligation
• Limitation of Liability: Electronic Partners will not be liable for any consequences arising from compliance with these legal requirements
• Confidentiality: We maintain confidentiality except where disclosure is legally required

Prevention and Best Practices:

• Ensure your device contains only legal content before sending for repair
• Remove or secure any sensitive personal information
• Use device backup and restore features to protect privacy
• Contact us if you have concerns about content on your device

7. Company Information

7.1 Data Controller Details

Legal Entity: Aftermarket Services Corp T/A Electronic Partners
Trading Name: Electronic Partners
Company Registration: Seychelles jurisdiction
Registered Address: House of Francis, Room 303, Lle Du Port, Mahe, Seychelles
UK Operations: Authorized to trade in the United Kingdom
Website: https://uk.electronic.partners
Phone: 0330 2233644

Data Protection Officer (DPO):
While not legally required to appoint a DPO, we have designated a privacy contact responsible for data protection matters:

• Privacy Contact: Data Protection Team
• Email: Available via support ticket system
• Responsibilities: Privacy policy compliance, data subject rights, breach response coordination

UK Representative:
As a non-UK company processing personal data of UK residents, we maintain operational presence in the UK through our authorized service centers and business operations.

7.1a UK Representative (Article 27 UK GDPR)

In accordance with Article 27 of the UK General Data Protection Regulation (UK GDPR), we have appointed a UK-based representative to act on our behalf regarding data protection matters for individuals located in the United Kingdom.

UK Representative Contact Details:
Manageflow Systems Ltd
Company No: 14955355
Address: 48–52 Penny Lane, Mossley Hill, Liverpool, Merseyside, United Kingdom, L18 1DG
Contact Method: Please use our support ticket system and select “Privacy/Data Protection” as the category. Messages will be forwarded to our representative where appropriate.

UK residents may contact our representative with any queries or concerns regarding the processing of their personal data or to exercise their rights under UK data protection law.

7.2 ICO Registration

Information Commissioner’s Office (ICO) Registration:

We are committed to transparency regarding our data protection obligations:

• Registration Status: As a Seychelles-incorporated company with UK operations, we are evaluating our ICO registration requirements
• Data Protection Fee: We comply with applicable data protection fee obligations where required
• Regulatory Compliance: We adhere to UK GDPR and Data Protection Act 2018 requirements regardless of registration status
• Transparency: We maintain full transparency about our data processing activities and legal obligations

Exemption Considerations:
We regularly review whether any exemptions apply to our processing activities, including:

• Processing for core business activities
• Processing necessary for legal obligations
• Processing for legitimate interests with appropriate safeguards

Ongoing Compliance:

• Regular review of registration requirements as our operations evolve
• Consultation with data protection specialists on regulatory obligations
• Proactive compliance with all applicable data protection laws
• Cooperation with regulatory authorities as required

7.3 Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

General Privacy Inquiries:
Company: Aftermarket Services Corp T/A Electronic Partners
Address: House of Francis, Room 303, Lle Du Port, Mahe, Seychelles
Phone: 0330 2233644
Support System: Create a support ticket

Data Subject Rights Requests:
Method: Support ticket system (preferred) or written request
Required Information: Full name, contact details, description of request, identity verification
Response Time: Within one month of receipt (may be extended to three months for complex requests)
Fee: Free of charge unless manifestly unfounded or excessive

Data Protection Concerns:
Privacy Team: Available via support ticket system
Escalation: Senior management review available for unresolved concerns
External Complaints: Information Commissioner’s Office (ICO) – https://ico.org.uk/ or 0303 123 1113

Emergency Contact:
For urgent privacy or security matters:
Phone: 0330 2233644 (during business hours)
After Hours: Submit urgent support ticket with “URGENT PRIVACY” in subject line

Business Hours:
Monday to Friday: 9:00 AM – 5:00 PM GMT
Response to privacy inquiries: Within 5 business days
Emergency privacy matters: Within 24 hours