Privacy Standards and Operational Policy

Privacy standards and operational policy for The Computer Cellar (v1.3)
– Updated August 17, 2023 –

Preamble:
The Computer Cellar (hereinafter “TCC”) prides itself on honest, trustworthy repair work. We trust our staff to perform quality repairs with the utmost respect for your privacy, safety, and security. Our company policy with regard to data handling and customer privacy is as follows.

Information requested during check-in:
During check-in, we will request your name, phone number, email address, model number of your device(s), serial number of your device(s), and in many cases the login credentials for your device(s). This information is used exclusively for diagnostics and repair of your device(s) and for communication with you in the course of diagnostics and repair of your device(s). We do not sell your information, and we do not send marketing phone calls, text messages, or email to customers at this time. Customer contact information is stored in a secured database on a web server.

We do not store credit/debit card information except briefly while taking payment(s) via phone, and credit/debit card information is deleted or destroyed immediately after processing of said payment(s).

Reasons we may request your password(s):
For any repair efforts involving software, including but not limited to computer setup, data transfer, data recovery, virus removal, malware removal, spyware removal, general troubleshooting, new user setup, user migration, and other operations within the OS.

For testing purposes after performing a hardware repair. Even in repairs that seem simple, our work may involve touching, moving, plugging/unplugging, connecting/disconnecting, screwing/unscrewing, modifying, replacing, or other manipulation of sensitive components, cables, and other parts within your computer. For this reason, after performing a repair or diagnostic process, we prefer to be able to boot into your operating environment and test to make sure that all involved components are functioning correctly.

For example, we may have replaced your display (screen), and therefore it would seem that we “only need to make sure the screen works”, but in most laptops, the camera and microphones are also within the display assembly, and we want to make sure that they are working properly as well. We do not exceed the scope of necessary testing while logged into your computer.

Our policy regarding viewing customer data:
In general, our technicians are quite busy and preoccupied with making sure repairs are done efficiently and on-time. We have very little interest in your personal lives and the contents of your computer, and we do not have the time to go snooping in said contents. That said, in the course of a repair, it is likely that we will encounter some of your personal information, by the very nature of our work. For example, we will see items that are openly saved on your desktop.

It is our policy that no customer data – including but not limited to text-based data (documents), databases, identification, photographs, videos, or audio recordings – shall be deliberately searched for, opened, viewed, scrutinized, copied, altered, photographed, deleted, or documented unless specifically requested by the customer or required within the scope of an approved repair job.

Situations where we may see your data:
It is unavoidable for us to see file names, icons, and thumbnails on the OS desktop. Additionally we will likely see file names, icons, thumbnails, and metadata if we are within a file explorer/finder/etc. window for any reason (i.e., looking for malicious software or attempting to transfer or recover your data.) If we are asked to transfer or migrate data between devices, installations, or accounts, we are likely to see file names, icons, thumbnails, metadata, and in some cases full-size images (particularly if we are transferring between Mac devices and migrating a database into the Photos app). We may see contents of some documents if we are troubleshooting problems with word processing, spreadsheet, or publishing software. We may see senders, recipients, subjects, and contents of email messages if asked to troubleshoot an email or browser-related issue. We may see some bookmarks, internet history, and browser extensions if troubleshooting issues with internet connectivity, web browsing, malware, or software in general. Finally, we will see and may scrutinize file names, types, and metadata, and we will see icons and thumbnails if the task involves identifying and/or removing “junk” data (i.e., data that is wasting space) or malware.

Situations where your data may be “copied”, and what this means:
If we are asked to transfer, recover, or migrate user data between two or more devices (including upgrading or replacing the storage device in your existing computer), your data will be copied between these devices directly, when possible. We do not make copies of your data to any additional devices except in situations described in the next section.

Situations where your data may be “copied to an external device”, and what this means:
If we are asked to copy data to an external device (including, but not limited to external hard disks and USB flash drives), data will be copied as requested. In some situations such as transfers or recovery of data between two or more devices, an intermediary device may be used. This is common if we are pulling data from a device that is failing in some way, copying from a device that is excessively difficult to open and extract the storage media from, or during data recovery jobs. TCC maintains a small set of these intermediary devices that, when used, are labeled with customer ID and date. A separate device is used for each customer and when no longer needed is later wiped in accordance with our retention policy (generally within 5-10 days). These devices are not permitted to leave our facility.

Situations where your data may be “deleted” or “modified”, and what this means:
If we are asked to free up disk space by identifying and/or removing “junk” data, or to commit a partial transfer, or if we identify malicious software or malicious software installers on your device, some data may be deleted, generally after discussion with you and explanation of what is being removed. If we are asked to rearrange data, especially in the course of a transfer, your directory structure may be altered. If we are copying, moving, or transferring data, some file metadata may be altered (such as the “last modified” timestamp). We do not alter the contents of any file for any reason, unless specifically requested by the customer.

Customer data retention policy:
Following a transfer, recovery, or other operation involving an intermediary device, that intermediary device may be retained in a secure location within our facility for up to ten days with your data still on it. This is usually done as a “just in case” something may have been missed in a transfer, or if we have some concern that a device may face additional issues and that this copy may be needed. After this time is up, these devices are wiped and reused. No copies of these devices are ever made for any reason, and these devices are not permitted to leave our facility. You may “opt out” of this retention by requesting this intermediary device, if used, to be wiped upon pickup of your device.

How your data is physically secured:
All customer data (i.e., devices that are currently housed in our facility that contain data belonging to a customer) is stored solely within our facility, except in rare circumstances where we may be picking up or delivering a device (TCC does not currently broadly offer transportation of devices, but it is the rare exception that may occur to this policy). For security reasons, we do not detail how each individual device is stored, but we keep everything as safe as can reasonably be expected, and each customer’s device is isolated from other customers’ devices.

Situations where your data may leave our control or be taken possession of by another party:
While we do not deliberately look at or examine your data, as stated it is likely that we will see at least some of it, especially in the course of data transfers, migration, or recovery. If we encounter something that is believed to be illegal in nature, whether by state, federal, or international law, we are obligated by law to report this to the appropriate authorities. Said authorities may seize your device(s), and we have no control over what happens to said device(s) once they leave our custody. We operate solely by the laws that govern our operation, and aside from such cases, your data and/or device(s) will not leave our custody without an appropriate court order.

There are some devices that we do not service in-house, where we may work with a third party business to whom we provide your device(s). In many cases, your data leaves our possession while it is with the third party. While we trust our partners, we assume no responsibility or liability for your data while it is out of our possession. You will be asked to sign a waiver or confirm your understanding of this prior to our release of your device(s) to a third party.

Our expectation of staff:
Our staff is made aware of our standards and policies upon hire, and are expected to adhere to these. Any employee caught violating the privacy of a customer is subject to immediate termination following an investigation. Law enforcement may be involved when appropriate. Actions taken in this regard are solely at the discretion of 9th St. Computer Cellar, LLC.

Menu