Notice Revised: 21 December 2019
The UK Data Protection Act (incorporating the EU General Data Protection Regulation (GDPR)) applies to all our operations globally, unless the equivalent local law is stronger.
The UK Data Protection Act (and GDPR) works in two core ways. It gives individuals rights over how their personal information is used, and lays out rules for organisations that process personal information.
Our Information Security and Privacy Policy describes how we treat personal information.
Our Cookies policy describes what cookies we use on our website and their purpose.
Exercising your rights regarding the processing of your personal information
To exercising your rights, you must provide us with a request in writing, by post or email. Although you should submit a request in writing, if you would like to speak to someone in person, you may contact us by telephone.
Contact Details:
Information Governance Advisor (Disclosures)
PC Solutions (UK) Ltd
Station House
North Street
PO9 1QU
United Kingdom
Phone: +44 (0)23 93 190 301
Email: ig@pc-solutions.co.uk
We may need to ask you to provide:
- proof of your identity
- proof of your home address
- any information that we reasonably need to identify and locate the information you have requested (for example details of the PC Solutions offices or staff that you have had contact with and when)
We will not start looking for your information until we confirm your identity.
Right to access personal information
Any individual (person) has a right to ask for a copy of the personal information held about them. This means that you can ask for the information that PC Solutions holds about you. This is known as the right of ‘subject access’.
Right to restrict processing of personal information
In certain situations, you have the right to require us to restrict the processing of your personal information. We may restrict your personal information by temporarily moving the information to another data processing system, making the information unavailable to other users, or temporarily removing published information from our Digital Services. We may also use available technical methods to ensure the personal information is not subject to further processing and cannot be altered. Where we have restricted processing of personal information, this will be clearly indicated by our systems.
You can require us to restrict processing in the following circumstances:
- You believe that we are processing your personal data unlawfully and you do not want us to delete the information but restrict it instead.
- You are concerned, or have reason to believe, that the information we hold about you is inaccurate. You can ask us to restrict the information until we are able to determine whether the information is accurate or inaccurate.
- We no longer require the information for the purposes for which we originally collected it, but they are required by you for the establishment, exercise or defence of legal claims.
- You have objected to the processing (see below) and we require time to decide whether the legitimate interests we have to process the information we hold override your fundamental rights.
Processing you think is unlawful
If you tell us that you believe we are processing your personal information unlawfully, but you do not want the information to be deleted, you have the right to require us to restrict the processing of that information.
We will ask you for a detailed explanation about why you believe the processing is unlawful and may also ask you to provide evidence to support this belief.
Processing of personal information you think is inaccurate
You can tell us if you think the personal information or data we are processing about you, is factually inaccurate. You can require us to restrict how we use your personal information until we can verify the accuracy of it. We will ask you for a detailed explanation about why you believe the information is inaccurate and may also ask that you provide supporting evidence of the alleged inaccuracy.
If we find that the personal information or data we are processing about you is inaccurate, we will take the appropriate steps to correct the information or data.
Personal information no longer needed by PC Solutions, but needed by you in regards to a legal claim
In most circumstances, we will securely remove or dispose of personal information when we no longer require it for our legitimate business purposes.
If personal information we no longer require would however assist you in establishing, exercising or defending a legal claim, you can require us to keep the information for as long as necessary. We may require you to provide an explanation and any supporting evidence that a legal claim is on-going or contemplated.
Right to object to processing
You have the right to object to PC Solutions processing your personal information or data in the following circumstances:
Personal information used for direct marketing
If we are using your personal information to deliver you direct marketing, you have the right to object at any time. If you exercise this right, we will stop processing your personal information for direct marketing purposes. However, we reserve the right to keep your information on a “do not contact” list to ensure your information is not added to any further marketing lists in the future.
Automated decision making and profiling
‘Profiling’ is the automated use of personal data held on systems to analyse or predict events which have a legal effect, or other similarly significant effect, on the individual. Examples would include health, economic situation, personal preferences or interests and location. You have the right not to be subject to a solely automated decision, and this may include profiling (although there is no general right to object to profiling). If you are concerned PC Solutions has made a solely automated decision about you, you can object.
Please note, PC Solutions is allowed to carry out automated decisions with no human intervention where you have given your explicit consent to this processing (although you have the right to withdraw your consent).
We are also permitted by law to make automated decisions with no human intervention under the following circumstances:
- The automated decision is required to enter into, or perform a contract, or complete a contract involving you and PC Solutions, e.g making an electronic purchase.
- The automated decision is allowed under a law passed at European Union level, or at the level of European Union or EEA member state level (meaning it is allowed under a national law) or UK level. The law will provide safeguards to protect your rights and freedoms.
However, you still have a general right to object in both of the above circumstances, by providing the reasons why you believe the processing is having a negative effect on you. If you object, we will carefully consider your reasons, and decide whether to review the decision-making process in your specific case.
Right to erasure of personal data (“the right to be forgotten”)
In the circumstances outlined below, you have the right to require that PC Solutions securely deletes or removes your personal information:
- If the personal information we store about you is no longer required for the purposes for which we originally collected it.
- The processing is based on consent - if you have previously given your consent to PC Solutions to collect and process your personal information, and you tell us that you withdraw your consent. Please note: withdrawing your consent does not mean the processing of your personal data which occurred before the withdrawal was unlawful.
- We are processing your personal information for direct marketing purposes, and you want us to stop.
- If you think PC Solutions has processed your personal information unlawfully.
If you believe any of the above situations apply, we will ask you for a detailed explanation and further information to verify this.
Right to data portability
If you have provided your information to PC Solutions, you have the right to request and receive a copy of that information in a structured, commonly-used and machine-readable format.
Additionally, you have the right to ask us to deliver the information we hold about you to another organisation.
There are some situations in which the right to data portability does not apply. For further information, please contact: ig@pc-solutions.co.uk
Your right to complain to a national data protection regulator (data protection supervisory authority)
If you believe we have processed your personal information unfairly or unlawfully, or we have not complied with your rights under GDPR, you have the right to complain to a national data protection regulator.
Complaints about how we process your personal information will be considered by the UK data protection regulator, the Information Commissioner’s Office (ICO). The ICO can be contacted as follows:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
UNITED KINGDOM
Website: www.ico.org.uk
Email: casework@ico.org.uk
If you live in a country or territory located within the European Union (EU) or European Economic Area (EEA), and you believe that some, or all, of the issues you are concerned about have taken place in your own country of residence, you can complain to your local data protection regulator. For contact details of local data protection regulators in the EU and EEA, please refer to the European Data Protection Board website.
You should be aware that the EU or EEA regulator you contact may not be the regulator that deals with your complaint. They may refer your complaint to another data protection regulator, and a number of regulators may work together to determine the outcome of your complaint. The handling of your complaint will be dealt with by a “lead supervisory authority”, which will be allocated during the complaint handling process.
If you live outside the EU or EEA, and the data protection issue you are worried about relates to the processing of personal data in your own country, you may be able to complain to your local data protection or privacy regulator. You may be able to find details of your local privacy or data protection regulator by searching the internet.
If you have a concern about how we have processed your personal data, many data protection/privacy regulators will ask that you contact us first, by outlining your concerns, and allowing us to attempt to correct issue, prior to contacting them.
PC Solutions processing of personal information
International transfers
PC Solutions shares personal information within the wider PC Solutions group of entities situated both within and outside the EU. We do this under a data sharing agreement that includes the appropriate EU model international data transfer clauses, to ensure that your personal information is protected, no matter which entity in the PC Solutions group holds that same information.
Where PC Solutions makes transfers of personal information outside the PC Solutions entities to another organisation, we instead rely on the use of the EU model international data transfer clauses, especially where the country the organisation resides in, is not listed as ‘adequate’ by the European Commission.
Recipients
We use other organisations to process your personal information in order to carry out services on our behalf. We use them to:
- Provide customer service, surveys and marketing
- Personalise our Digital Services
- Carry out payments
- Carry out fraud and other legal investigations as required
Where we use another organisation, we make sure that your personal information is protected and remains in our control.
In certain situations, we also share personal information to government bodies and law enforcement bodies. Where we do share personal information with these types of organisations, we take reasonable steps to ensure it’s protected.
Marketing
Through your consent we’ll use your personal information to send you direct marketing and to better identify products and services that may interest you. We do this if you’re a PC Solutions customer or if you’ve contacted us in another way (such as registering to attend an event or entering a competition).
This means we’ll:
- understand you better as a customer, and therefore tailor the marketing communications we send you,
- inform you about other products and services you may be interested in,
- try to identify products and services you’re interested in.
The information processed consists of:
- Contact details. This includes your name, gender, address, phone number, date of birth and email address.
- Information from cookies and tags placed on your devices when you visit our Digital Services.
- Information from third-party organisations, for example publicly available sources such as the electoral roll and business directories.
- Details of the products and services you’ve purchased, and how you use them.
We’ll send you information about our products and services by phone, post, text message, email, and online, according to the channels you prefer. We also use the information we have about you to personalise these messages when we can as we understand it is important to make them relevant. We do this as we have a legitimate business interest in keeping you up to date with our products and services. We check that you accept us sending you marketing messages before we do so. In every message you recieve, you also have the option to opt out.
We’ll also only market other organisations’ products and services if you have agreed that it is alright for us to do so.
You can ask us to stop sending you marketing messages, and withdraw your permission at any time.
Retention
PC Solutions keeps personal information in line with our corporate retention requirements. Further details of our corporate retention schedule are available on request via the contact details, please contact: datadisclosure@pc-solutions.co.uk.
Fraud Checks
We perform fraud checks on all our customers as this is required for us to perform our contracted services, by ensuring that the services we provide are duly paid for, and to ensure that individuals are protected from fraudulent transactions on their cards. Where we believe we have detected fraudulent activity we may block you from purchasing a product.
Due to the volumes of transactions we handle, we utilise automated systems, including third-party systems, for fraud detection purposes. These automated systems analyses each sale in order to make automated decisions on whether or not we will accept a sale.
The checks and decisions that are performed look at areas including known industry indicators of fraud, which our fraud detection provider provides to us, as well as fraud patterns we detect on our Digital Services. Combined, these create an automated score predicting the likelihood of a fraudulent transaction. If our systems provides a high score for you, then we may decline an order or reserve the right to block you from our services. The fraud indicators are dynamic so will alert depending on what types of fraud are being detected in the world, country and our sites at any time.
You have certain rights in respect of this fraud detection activity. Our fraud detection is in place to protect all of our customers, as well as PC Solutions. You have the right to challenge any fraud decision decided about you and to be given more information about why any such decision was made. Please contact: datadisclosure@pc-solutions.co.uk.
General Data Protection Queries
If you wish to contact us about this privacy notice, or any issue relating to information governance or data protection, please contact PC Solutions Data Protection Officer, using the following channels:
By post:
Information Governance Team
PC Solutions (UK) Ltd
North Street
Havant
PO9 1QU
Telephone: +44 (0)23 93 190 301
Email: ig@pc-solutions.co.uk