Privacy Policy - Share and Repair Network

1. Introduction

Share and Repair Network ("we", "our", "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our platform.

Data Controller: Share and Repair Network is the data controller responsible for your personal data.

Contact Details:
Email: hello@share-and-repair.network
For data protection inquiries: Please use the subject line "Data Protection Query"

2. Information We Collect

2.1 Information You Provide Directly

When you use our platform, you may provide us with:

Account Information: Name, email address, password (encrypted)
Profile Information: Optional profile details you choose to share
Organization Information: Organization name, description, address, contact details, logos, and images if you create or manage an organization or group
Resources: Files, documents, links, and descriptions you upload or share
Communications: Messages, feedback, and correspondence you send to us
Preferences: Notification preferences, language preferences, country selection

2.2 Information We Collect Automatically

When you use our platform, we automatically collect:

Usage Data: Pages viewed, features used, time spent on platform, download and view counts
Device Information: IP address, browser type, device type, operating system
Location Data: Approximate location based on IP address, country you select
Cookies and Similar Technologies: See Section 8 for details
Log Data: Server logs including access times, error logs, and security events

2.3 Information from Third Parties

We may receive information from:

Authentication Services: If you log in via third-party services (if implemented)
Mapping Services: Geocoding data from address information you provide
Payment Processors: If we implement paid features in the future

3. Legal Basis for Processing (GDPR)

Under UK GDPR, we process your personal data based on the following legal grounds:

Purpose	Legal Basis
Account creation and management	Performance of contract / Consent
Providing platform services	Performance of contract
Email notifications you've opted into	Consent
Platform improvements and analytics	Legitimate interests
Security and fraud prevention	Legitimate interests / Legal obligation
Compliance with legal obligations	Legal obligation
Transactional emails (password resets, security alerts)	Performance of contract / Legitimate interests

Legitimate Interests: Where we rely on legitimate interests, we have conducted a balancing test to ensure your rights and freedoms are not overridden. Our legitimate interests include operating and improving our platform, preventing fraud, and ensuring security.

4. How We Use Your Information

We use your personal data for the following purposes:

4.1 Service Provision

Creating and managing your account
Providing access to platform features
Displaying organization and group information
Facilitating resource sharing
Processing your requests and inquiries

4.2 Communications

Sending you notifications based on your preferences (library news, repair news, platform updates)
Responding to your questions and feedback
Sending essential service communications (account verification, password resets, security alerts)
Notifying you of significant changes to our services or policies

4.3 Platform Improvement

Analyzing usage patterns to improve features
Conducting research and analytics
Testing new features and functionality
Troubleshooting technical issues

4.4 Security and Legal Compliance

Preventing fraud and abuse
Enforcing our Terms and Conditions
Complying with legal obligations
Protecting the rights and safety of users

5. How We Share Your Information

We do not sell your personal data to third parties. We only share your information in the following circumstances:

5.1 Public Information

Organization Listings: Information about organizations and groups (name, description, address, contact details) is publicly visible on the platform
Published Resources: Resources you publish are visible to platform users
User Profiles: Basic profile information may be visible to other users where appropriate (e.g., organization owners)

5.2 Service Providers

We share data with trusted third-party service providers who process data on our behalf:

Cloud Storage: AWS (Amazon Web Services) for file storage and hosting
Email Services: Email delivery providers for transactional and notification emails
Mapping Services: Geocoding and map display services
Analytics: Platform usage analytics (anonymized where possible)

These service providers are contractually obligated to protect your data and may only use it for the purposes we specify.

5.3 Legal Requirements

We may disclose your information if required by law or in response to:

Legal processes (court orders, subpoenas)
Law enforcement requests
Protection of our rights or safety of others
Investigation of fraud or security issues

5.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your personal data may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

5.5 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

6. International Data Transfers

We are based in the United Kingdom. Your data may be transferred to and processed in countries outside the UK and EEA, including the United States (where AWS servers may be located).

When we transfer data internationally, we ensure appropriate safeguards are in place:

We use service providers that comply with UK GDPR requirements
We rely on adequacy decisions by the UK government where applicable
We use Standard Contractual Clauses (SCCs) approved by the UK ICO
AWS complies with the EU-US Data Privacy Framework and UK Extension

You have the right to obtain information about the safeguards we use for international transfers by contacting us.

7. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy:

Data Type	Retention Period
Account information	Until account deletion + 30 days for backup cleanup
Organization listings	Until removed or account deletion
Uploaded resources	Until deleted by user or organization removed
Usage logs	90 days (anonymized after 30 days where possible)
Email communications	2 years or until you request deletion
Backup data	30 days in rolling backups
Legal/compliance records	As required by law (typically 6 years)

Preview Mode Notice: During our preview phase, data retention practices are being refined. Data loss may occur, and we recommend keeping backups of important information.

After the retention period, we will securely delete or anonymize your personal data. Some information may remain in archived backups for up to 30 days before permanent deletion.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and understand how you use our platform.

8.1 Types of Cookies We Use

Cookie Type	Purpose	Duration
Essential Cookies	Required for platform functionality (session management, security)	Session or 1 year
Preference Cookies	Remember your settings (language, country, notification preferences)	1 year
Analytics Cookies	Help us understand platform usage (anonymized where possible)	2 years
Security Cookies	Fraud prevention and security monitoring	Session or as needed

8.2 Managing Cookies

You can control cookies through your browser settings:

Most browsers allow you to refuse cookies or delete existing ones
Blocking essential cookies may impact platform functionality
Analytics cookies can typically be disabled without affecting core features

Learn more about managing cookies: www.aboutcookies.org

8.3 Third-Party Cookies

We use third-party services (such as mapping providers) that may set their own cookies. These are subject to the third party's privacy policy.

9. Your Data Protection Rights (UK GDPR)

Under UK GDPR and the Data Protection Act 2018, you have the following rights:

Right to Access

Request a copy of your personal data we hold

Right to Rectification

Correct inaccurate or incomplete data

Right to Erasure

Request deletion of your personal data ("right to be forgotten")

Right to Restrict Processing

Limit how we use your data in certain circumstances

Right to Data Portability

Receive your data in a machine-readable format

Right to Object

Object to processing based on legitimate interests or direct marketing

Rights Related to Automated Decision-Making

Protection against solely automated decisions (we don't currently use automated decision-making)

Right to Withdraw Consent

Withdraw consent at any time where we rely on consent for processing

9.1 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: hello@share-and-repair.network
Subject Line: "Data Protection Request - [Your Right]"

Please include:

Your full name and email address associated with your account
A clear description of your request
Any relevant details to help us locate your information

9.2 Response Time

We will respond to your request within one month of receipt. In complex cases, we may extend this by up to two additional months and will inform you of the delay.

9.3 Identity Verification

To protect your privacy, we may ask you to verify your identity before processing your request. This may involve confirming details from your account or providing additional identification.

9.4 Fees

We do not charge fees for most data subject requests. However, we may charge a reasonable fee for manifestly unfounded, excessive, or repetitive requests.

9.5 Limitations

In some cases, we may not be able to fulfill your request due to:

Legal obligations requiring us to keep certain data
Legitimate interests that override your rights
Establishment, exercise, or defense of legal claims
Protection of others' rights and freedoms

If we cannot fulfill your request, we will explain why.

10. Right to Lodge a Complaint

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)

Website: ico.org.uk

Helpline: 0303 123 1113

Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Online Reporting: ico.org.uk/make-a-complaint/

We encourage you to contact us first so we can try to resolve your concern directly.

11. Children's Privacy

Our platform is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16.

If you are between 16 and 18, we recommend using the platform with parental guidance.

If we become aware that we have collected personal data from a child under 16 without proper parental consent, we will take steps to delete that information promptly. If you believe we have data about a child, please contact us immediately.

12. Security Measures

We take the security of your personal data seriously and implement appropriate technical and organizational measures:

12.1 Technical Measures

Encryption: Passwords are hashed using industry-standard encryption
HTTPS: All data transmitted between your browser and our servers is encrypted using SSL/TLS
Secure Storage: Data stored on AWS with encryption at rest
Access Controls: Strict access controls and authentication mechanisms
Regular Backups: Regular backups with 30-day retention for disaster recovery
Security Monitoring: Continuous monitoring for suspicious activities

12.2 Organizational Measures

Staff training on data protection and security
Regular security audits and vulnerability assessments
Incident response procedures
Data minimization practices
Privacy by design and by default principles

12.3 Your Responsibility

You can help protect your data by:

Using a strong, unique password
Not sharing your account credentials
Logging out after using shared devices
Reporting suspicious activity immediately
Keeping your contact information up to date

12.4 Data Breach Notification

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will:

Notify the ICO within 72 hours of becoming aware of the breach
Notify affected individuals without undue delay
Provide information about the nature of the breach and steps to mitigate harm
Document the breach and our response

13. Email Communications and Preferences

You can control the email communications you receive from us:

13.1 Notification Types

Library News: Updates about new lending libraries and resources
Repair News: Updates about new repair cafés and repair resources
Platform Updates: Important announcements and new features

You can manage these preferences in your account settings.

13.2 Essential Communications

Some emails are essential for the service and cannot be opted out of:

Account verification emails
Password reset requests
Security alerts
Responses to your inquiries
Legal notices and policy changes

13.3 Unsubscribing

You can unsubscribe from marketing emails by:

Clicking the "unsubscribe" link in any marketing email
Adjusting your preferences in account settings
Contacting us directly

14. Third-Party Links and Services

Our platform may contain links to third-party websites, services, or resources. This Privacy Policy applies only to our platform.

Third-Party Responsibility: We are not responsible for the privacy practices of third-party sites. We encourage you to read their privacy policies.

Key Third-Party Services We Use:

AWS (Amazon Web Services): Cloud hosting and storage - Privacy Policy
OpenStreetMap: Mapping services - Privacy Policy
Email service providers (for transactional emails)

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Notification of Changes: We will notify you of significant changes by:

Updating the "Last Updated" date at the top of this policy
Sending an email notification to your registered email address
Displaying a prominent notice on the platform

Your Continued Use: Your continued use of the platform after changes are posted constitutes acceptance of the updated policy. If you do not agree with changes, please discontinue use and delete your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

16. Contact Us and Data Protection Officer

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: hello@share-and-repair.network

For Data Protection Inquiries: Use subject line "Data Protection Query"

Website: share-and-repair.network

Data Protection Officer: As a small organization, we do not currently have a dedicated Data Protection Officer. Data protection inquiries should be directed to the email above.

We aim to respond to all data protection inquiries within 48 hours and will provide a full response within one month as required by UK GDPR.

Privacy Policy Summary

Key Points:

We respect your privacy and comply with UK GDPR and Data Protection Act 2018
We collect account info, organization data, uploaded resources, and usage analytics
We use your data to provide services, send notifications you choose, improve the platform, and ensure security
We don't sell your personal data to third parties
We share data only with service providers (AWS, email), publicly visible listings, and when legally required
You control your notification preferences and can exercise GDPR rights (access, deletion, portability, etc.)
Your data is secure with encryption, access controls, and regular monitoring
You can contact us anytime at hello@share-and-repair.network for data protection questions
You can complain to the ICO if unhappy with our data handling
Preview mode: During preview, data loss may occur - keep backups of important information