PRIVACY POLICY

Last Updated: 13th June 2025

This Privacy Policy explains how Zak Storey Freelance ("we", "us", or "our") collects, uses, processes, stores, and shares personal data when you visit and use our website PC Blueprints (the "Service").

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are (Data Controller)

Zak Storey Freelance zak.storey@pcblueprints.com

For the purposes of the UK GDPR, we are the 'data controller' of the personal data we process through our Service. This means we determine the purposes and means of processing your personal data.

2. What Personal Data We Collect

We may collect and process various types of personal data from you, depending on how you interact with our Service:

  • Identity Data: Name, title, date of birth, gender.
  • Contact Data: Billing address, delivery address, email address, telephone numbers.
  • Account Data: Username, password (encrypted), account preferences.
  • Financial Data: Payment card details (processed securely by our payment gateway, we do not store full card numbers), billing information.
  • Transaction Data: Details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data: Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Usage Data: Information about how you use our website, products, and services. This may include your Browse history, searches, and pages viewed.
  • Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties and your communication preferences.
  • User Content Data: If our Service allows you to post comments, reviews, or other content, this may include text, images, videos, or other media you choose to upload.

3. How We Collect Your Personal Data

We use different methods to collect data from and about you, including through:

  • Direct interactions: You may give us your Identity, Contact, and Financial Data by filling in forms or by corresponding with us by post, phone, email, or otherwise. This includes personal data you provide when you:
    • Create an account on our website.
    • Place an order for products or services.
    • Subscribe to our newsletter or other publications.
    • Enter a competition, promotion, or survey.
    • Give us feedback or contact us.
    • Upload or post User Content.
  • Automated technologies or interactions: As you interact with our website, we may automatically collect Technical Data and Usage Data about your equipment, Browse actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies. Please see our Cookie Policy for more details.
  • Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources as set out below:
    • Technical Data from analytics providers (e.g., Google Analytics).
    • Contact, Financial and Transaction Data from providers of technical, payment, and delivery services.

4. How and Why We Use Your Personal Data (Purposes and Lawful Basis)

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • To register you as a new customer and manage your account:
    • Personal Data: Identity, Contact, Account Data.
    • Lawful Basis: Performance of a contract with you.
  • To process and deliver your orders, including managing payments, fees, and charges:
    • Personal Data: Identity, Contact, Financial, Transaction Data.
    • Lawful Basis: Performance of a contract with you; Necessary for our legitimate interests (e.g., to recover debts due to us).
  • To manage our relationship with you, including notifying you about changes to our terms or privacy policy:
    • Personal Data: Identity, Contact, Marketing and Communications Data.
    • Lawful Basis: Performance of a contract with you; Necessary to comply with a legal obligation; Necessary for our legitimate interests (e.g., to keep our records updated and to study how customers use our products/services).
  • To enable you to participate in a competition or complete a survey:
    • Personal Data: Identity, Contact, Usage, Marketing and Communications Data.
    • Lawful Basis: Performance of a contract with you; Necessary for our legitimate interests (e.g., to study how customers use our products/services, to develop them and grow our business).
  • To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data):
    • Personal Data: Technical Data.
    • Lawful Basis: Necessary for our legitimate interests (e.g., for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise); Necessary to comply with a legal obligation.
  • To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you:
    • Personal Data: Identity, Contact, Technical, Usage, Marketing and Communications Data.
    • Lawful Basis: Necessary for our legitimate interests (e.g., to study how customers use our products/services, to develop them, to grow our business, and to inform our marketing strategy); where required, with your consent.
  • To use data analytics to improve our website, products/services, marketing, customer relationships, and experiences:
    • Personal Data: Technical, Usage Data.
    • Lawful Basis: Necessary for our legitimate interests (e.g., to define types of customers for our products and services, to keep our website updated and relevant, to develop our business, and to inform our marketing strategy).
  • To make suggestions and recommendations to you about goods or services that may be of interest to you:
    • Personal Data: Identity, Contact, Technical, Usage, Marketing and Communications Data.
    • Lawful Basis: Necessary for our legitimate interests (e.g., to develop our products/services and grow our business).
  • To display User Content you have submitted:
    • Personal Data: User Content Data.
    • Lawful Basis: With your consent (implied by your submission of content for public display); Performance of a contract (e.g., if content submission is part of a service agreement).

We will only send you direct marketing communications via email if you have given us your explicit consent to do so. You can opt-out at any time by following the unsubscribe links on any marketing message sent to you or by contacting us.

5. Disclosure of Your Personal Data

We may share your personal data with the following categories of third parties for the purposes set out in Section 4:

  • Internal Third Parties: Other companies within our group (if applicable) who provide IT and system administration services, or who undertake reporting.
  • External Third Parties:
    • Service providers acting as processors who provide IT and system administration services, payment processing, delivery services, and marketing services. Examples include:
      • Stripe for payment processing.
      • DPD for product delivery.
      • Midnight for sending marketing emails.
      • Midnight for website hosting.
      • Google Analytics for website usage analysis.
    • Professional advisors acting as processors or joint controllers including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.
    • HM Revenue & Customs, regulators, and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
    • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

6. International Transfers

We may transfer your personal data outside the UK and European Economic Area (EEA) to countries that do not provide the same level of data protection as the UK/EEA.

If we transfer your personal data out of the UK/EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK Government or European Commission.
  • Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK (e.g., International Data Transfer Agreements or UK addendums to Standard Contractual Clauses).

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK/EEA.

7. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

For example, by law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.

In some circumstances, you can ask us to delete your data (see "Your Legal Rights" below).

9. Your Legal Rights

Under data protection law, you have rights including:

  • Your right to be informed: To know how your data is being collected and used (this Privacy Policy serves this purpose).
  • Your right of access: To ask us for copies of your personal information.
  • Your right to rectification: To ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure (the "right to be forgotten"): To ask us to erase your personal information in certain circumstances.
  • Your right to restrict processing: To ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing: To object to the processing of your personal information in certain circumstances.
  • Your right to data portability: To ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
  • Rights in relation to automated decision-making and profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless it is necessary for entering into, or performance of, a contract between you and us, is authorised by law, or is based on your explicit consent.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

To exercise any of these rights, please contact us using the details provided in Section 1 ("Who We Are") or Section 14 ("Contact Us") of our Terms and Conditions.

10. How to Complain

If you have any concerns about our use of your personal information, you can make a complaint to us at:

zak.storey@pcblueprints.com

You can also complain to the ICO (Information Commissioner's Office) if you are unhappy with how we have used your data. The ICO is the UK's independent authority for data protection.

Their address: Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

Helpline number: 0303 123 1113 ICO website: https://www.ico.org.uk

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "Last Updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.