The workshop isn’t open yet: repair requests are closed for now. In the meantime, have a look at our case studies. See the case studies →
Legal

Privacy Policy

Last updated : 2026-07-12

[TO BE REVIEWED BY A LAWYER] — Provisional template to be validated against the GDPR and CNIL guidance.

1. Data controller

The controller of personal data is BoardRepair, with its registered office at 60 Rue François 1er, 75008 Paris, France. Contact: [email protected] — [Full controller details / legal identity: to complete]

2. Data collected

  • Via the contact form: name, email address, device information (model, fault) and message content.
  • As part of a repair: data needed to perform the service (contact details, return address, device information).
  • Via audience measurement: anonymous, aggregate data only, without cookies (see the Cookie Policy).

3. Purposes and legal bases

Purpose Legal basis (GDPR)
Respond to contact-form requests Pre-contractual steps / legitimate interest (art. 6.1.b / 6.1.f)
Perform the repair service and invoicing Performance of the contract (art. 6.1.b)
Comply with accounting and legal obligations Legal obligation (art. 6.1.c)
Website audience measurement (anonymous, cookieless) Legitimate interest (art. 6.1.f)

4. Retention periods

  • Contact data (requests with no follow-up): [period to complete — e.g. up to 3 years after last contact].
  • Repair / invoicing data: statutory accounting retention period [period to complete — e.g. 10 years].
  • Audience-measurement data: as stated in the Cookie Policy.

[TO BE REVIEWED BY A LAWYER] for exact retention periods.

5. Data recipients

Data is intended solely for authorised BoardRepair staff. It may be shared with processors (hosting provider, email-sending provider, audience-measurement tool, carrier) offering GDPR-compliant safeguards [List of processors: to complete]. No data is sold to third parties. Where data is transferred outside the EU, the appropriate GDPR safeguards are applied.

6. Your rights

Under the GDPR, you have the rights of access, rectification, erasure, objection, restriction, data portability, and the right to withdraw consent at any time. To exercise them, contact [email protected]. Proof of identity may be requested.

7. Complaint to the CNIL

You may lodge a complaint with the French data protection authority, the CNIL: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07 — www.cnil.fr.

8. Data Protection Officer (DPO)

[A DPO is not necessarily required. If applicable, contact details: to complete] [TO BE REVIEWED BY A LAWYER]. Absent a DPO, requests may be sent to [email protected].

9. Security

BoardRepair implements appropriate technical and organisational measures to protect personal data against unauthorised access, alteration or disclosure.