Privacy Policy for AKM Repairs Ltd

AKM Repairs Ltd is committed to protecting the privacy, integrity, and security of personal data entrusted to us by our customers, including domestic users, commercial organisations, and enterprise clients.

This Privacy Policy explains how we collect, use, store, and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller Details

AKM Repairs Ltd is the “data controller” responsible for your personal data.

• Company Name: AKM Repairs Ltd
• Registered Address: 6 Oakfield Road, Fernwood, Newark, Nottinghamshire, NG24 3FT, United Kingdom
• Email: info@akmrepairs.co.uk
• Website: https://akmrepairs.co.uk
• ICO Registration Number:  

For any data protection queries, please contact us using the details above.

2. Scope of This Policy

This policy applies to:

• Customers sending electronic devices for diagnostic or repair services
• Business and enterprise clients
• Website visitors
• Suppliers and logistics partners where personal data is processed

Our services may involve handling devices such as GPUs, laptops, servers, CCTV NVR/DVR systems, and storage-enabled workstations. These devices may incidentally contain personal data.

3. Categories of Personal Data We Process

We may process the following categories of personal data:

3.1 Identity & Contact Data

• Name
• Job title
• Company name
• Email address
• Telephone number
• Billing and delivery address

3.2 Transaction Data

• Service history
• Repair reference numbers
• Invoices and payment records
• Service communications

3.3 Financial Data

• Payment information (processed via secure PCI-DSS compliant third-party providers)
• We do not store full card details on our systems

3.4 Technical Data (Website Use)

• IP address
• Browser type and version
• Device and operating system
• Usage analytics (where applicable)

3.5 Device-Related Data (Important Notice)

During diagnostics and repair, customer devices may contain stored data (including files, system data, or application data).

• We do not intentionally access, review, or extract personal files unless required for diagnostics, repair validation, or explicitly instructed by the customer.
• In some cases, limited system access may be required to confirm hardware functionality.

4. How We Use Your Data

We process personal data only where a lawful basis under UK GDPR applies:

4.1 Performance of Contract

• Processing repair requests
• Diagnosing and repairing equipment
• Managing service logistics and returns
• Customer communication regarding ongoing work

4.2 Legal Obligation

• Tax and accounting records (HMRC compliance)
• Warranty and consumer law requirements
• Fraud prevention and audit obligations

4.3 Legitimate Interests

• Improving service quality and diagnostics processes
• Managing business operations
• Internal record keeping and service tracking
• Responding to technical enquiries

4.4 Consent (where applicable)

• Marketing communications (only where explicitly opted in)

5. Device Data, Confidentiality & Customer Responsibility

AKM Repairs Ltd operates as a hardware-level engineering and diagnostics provider specialising in component-level repair of electronic systems.

• Our primary work involves PCB-level diagnostics, soldering, and component replacement.
• We do not operate as a data recovery or data management service provider unless explicitly agreed.

Customer Responsibility

Customers are responsible for:

• Backing up all data before submitting devices for repair
• Removing sensitive or confidential information where necessary

While we take reasonable care during handling and repair, we cannot guarantee preservation of data stored on customer devices.

6. Data Sharing and Processors

We do not sell or rent personal data.

We may share limited personal data with trusted third-party processors strictly for service delivery:

• Courier and logistics providers (e.g. DHL, DPD, Royal Mail) for shipping and returns
• Payment processors for secure transaction handling
• IT and cloud service providers used for business operations
• Professional advisers (legal, accounting, insurance) where required

All processors are bound by contractual obligations in accordance with Article 28 UK GDPR to ensure data protection compliance.

7. International Data Transfers

Where data is processed outside the United Kingdom (for example via cloud service providers), we ensure appropriate safeguards are in place, including:

• UK adequacy regulations, or
• Standard Contractual Clauses (SCCs), where applicable

8. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

Physical Security

• Controlled access engineering facility
• CCTV monitoring
• Restricted access to authorised personnel only

Digital Security

• Encrypted systems and communications where applicable
• Multi-factor authentication for internal systems
• Access control based on job role
• Secure data storage and audit logging

Incident Response

We maintain procedures to detect, report, and investigate suspected personal data breaches. Where legally required, we will notify the Information Commissioner’s Office (ICO) and affected individuals.

9. Data Retention

We retain personal data only for as long as necessary for the purposes outlined in this policy.

• Customer and transaction records are typically retained for up to 6 years in line with UK tax and accounting obligations.
• Device-related service records may be retained for warranty and service history purposes.
• After expiry of retention periods, data is securely deleted or anonymised.

10. Your Data Protection Rights

Under UK GDPR, you have the following rights:

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure (“right to be forgotten”), where applicable
• Right to restrict processing
• Right to object to processing
• Right to data portability
• Right to withdraw consent (where processing is based on consent)

Requests can be made via: info@akmrepairs.co.uk
We aim to respond within one calendar month, in accordance with UK GDPR requirements.

11. Cookies and Website Tracking

Our website may use cookies and similar technologies to:

• Enable core website functionality
• Analyse website traffic and usage
• Improve user experience

Where required, cookie consent will be obtained in compliance with UK PECR regulations.

For more information, please refer to our Cookie Policy (if applicable).

12. Complaints and Supervisory Authority

If you have concerns about how we handle your personal data, please contact us first so we can resolve the issue.

You also have the right to lodge a complaint with:

Information Commissioner’s Office (ICO)
Website: https://ico.org.uk

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect legal, technical, or operational changes. The latest version will always be available on our website.