1. Background

This privacy notice lets you know what happens to any personal data that you give to us, or any that we may collect from or about you. It applies to all products and services, and instances where we collect your personal data.

This privacy notice applies to personal information processed by or on behalf of The Cycle Mechanic.

Use the links below to find out more about how we use your personal information:

Changes to this privacy notice

We may change this privacy notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We encourage you to check this privacy notice for changes whenever you visit our website – https://thecyclemechanic.co.uk.

The Cycle Mechanic

The Cycle Mechanic is a business owned and operated by Steve Smithson.


2. What kinds of personal information about you do we process?

Personal information that we’ll process in connection with all of our products and services, if relevant, includes:

  • Personal and contact details, such as your name, contact details, contact details history and your securely encrypted password.
  • Records of your contact with us such as via our phone number, sms, IP address, website contact form and email communication.
  • Products and services you have purchased from us, as well as have been interested in and the associated payment methods used (but not any card or bank details).
  • Information in reviews and ratings such as the content of your review, your rating of your Service Experience with us (1-5 stars) and the date of your review and, if you update your review, the date on which it is edited.
  • Marketing to you and analysing data, including history of those communications, whether you open them or click on links.
  • Bicycle and equipment information, such as make and model, faults, service history, repairs and costs.
  • Membership of recognised cycling organisations that may qualify you for a discount off our labour charges.

3. What is the source of your personal information?

We’ll collect personal information from you directly.


4. What do we use your personal data for?

We use your personal data, including any of the personal data listed in section 1 above, for the following purposes:

  • Fulfilling our contract with you
  • Respond to your questions and provide related customer service
  • Updating your records and service history
  • Managing any aspect of our service
  • To improve the operation of our business
  • Invite you to leave reviews
  • Invite you to register to view your service history
  • For management and auditing of our business operations including accounting
  • Identify you as a registered user when you log in to the Website and re-visit the Website
  • For direct marketing communications. We’ll send marketing to you by email where you have opted to receive such marketing
  • To comply with legal and regulatory obligations, requirements and guidance

5. What are the legal grounds for our processing of your personal information (including when we share it with others)?

We rely on the following legal bases to use your personal data:

  1. Where it is needed to provide you with our products or services, such as:
  2. a) Managing the services you hold with us
    b) Updating your records

  3. Where it is in our legitimate interests to do so, such as:
  4. a) Managing your products and services relating to that, updating your records
    b) For management and audit of our business operations including accounting
    c) For direct marketing communications. We will send marketing to you by email and social media and digital channels
    d) Where we need to comply with any legal and/or regulatory obligations

  5. To comply with our legal obligations
  6. With your consent or explicit consent for some direct marketing communications by email.
  7. For the establishment, exercise or defence of legal claims, where necessary

6. When do we share your personal information with other organisations?

We may share information with the following third parties for the purposes listed above:

  • Where you have opted in to email marketing the service is provided by MailChimp who are certified with the EU-U.S. Privacy Shield Framework
  • When we send an automated notification that your equipment is ready for collection we use Twilio (who are certified with the EU-U.S. Privacy Shield Framework) for automated sms messages and Mailgun (who are certified with the EU-U.S. Privacy Shield Framework) for automated email messages and email messages sent via this website,
  • We use Square as a payment processor. We do not hold any record of card data such as card numbers, expiry dates and the like.
  • Governmental and regulatory bodies such as HMRC or the Information Commissioner’s Office
  • Other organisations and businesses who provide services to us such as server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions.
  • To a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Policy.
  • To any other person with your consent to the disclosure.

7. How and when can you withdraw your consent?

Where we’re relying upon your consent to process personal data, you can withdraw this at any time by contacting us using the details below. In particular, you have an unconditional right to object to the processing of your personal data for direct marketing purposes.


8. Is your personal information transferred outside the UK or the EEA?

We’re based in the UK but sometimes your personal information may be transferred outside the European Economic Area. If we do so we’ll make sure that suitable safeguards are in place, such as the EU-U.S. Privacy Shield Framework.


9. What should you do if your personal information changes?

You should tell us so that we can update our records using the details in the Contact Us section of our website. We’ll then update your records if we can.


10. Do you have to provide your personal information to us?

We’re unable to provide you with our services if you do not provide certain information to us. In cases where providing some personal information is optional, we’ll make this clear.


11. Do we do any monitoring involving processing of your personal information?

In this section monitoring means any: listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person (face to face) meetings and other communications.

We may monitor where permitted by law and we’ll do this where the law requires it, or to comply with regulatory rules, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures and for quality control and staff training purposes. This information may be shared for the purposes described above.


12. For how long is your personal information retained by us?

Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:

  • For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations
  • For as long as we provide goods and/or services to you and then for as long as someone could bring a claim against us; and/or
  • Retention periods in line with legal and regulatory requirements or guidance. For example, records required for tax purposes will be held for six years.

13. What are your rights under data protection laws?

Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they are engaged or not. The right of data portability is only relevant from May 2018.

  • The right to be informed about the processing of your personal information
  • The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
  • The right to object to processing of your personal information
  • The right to restrict processing of your personal information
  • The right to have your personal information erased (the “right to be forgotten”)
  • The right to request access to your personal information and to obtain information about how we process it
  • The right to move, copy or transfer your personal information (“data portability”)

You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/. You can contact us using the details below.


14. Your right to object

You have the right to object to certain purposes for processing, in particular to data processed for direct marketing purposes and to data processed for certain reasons based on our legitimate interests. You can contact us by going to the contact section of our website to exercise these rights.


15. What are your marketing preferences and what do they mean?

We may use your email address to contact you according to your marketing preferences.

You can opt out of any email marketing by following the unsubscribe link in any marketing email, or changing your marketing preferences by logging into this website if your are a registered user, or send us an email


Contact Us

If you have any questions about this privacy notice, or if you wish to exercise your rights, you can contact us by going to the contact section of our website. Alternatively, you can write to Steve Smithson at The Cycle Mechanic, 15 Caton Green Road, Brookhouse, Lancaster, LA2 9JL.