PCS Wireless UK Limited Privacy Policy

Effective Date: May 2026

1) Who we are and scope

PCS Wireless UK Limited (registered in England and Wales under company number 12329873, with registered office at Unit 2, 1 Eastern Road, Bracknell, RG12 2UP, England) (“PCS UK,” “we,” “us,” or “our”) operates this website (the “Site”). PCS UK is part of the global PCS Wireless group, headquartered in the United States and operating through affiliates worldwide.

PCS UK is the controller of personal data collected through this Site and in connection with our UK business activities, as that term is defined under the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

This Policy explains how PCS UK handles personal data collected through the Site and through offline business interactions relating to our relationships with business suppliers, customers, and partners. We conduct business offline and by contract.  No purchases or sales occur on the Site. Orders and transactions with PCS UK are governed by our applicable customer terms and conditions.

This Policy is primarily focused on business relationships. PCS UK generally receives company information (e.g., legal name, KYC details, bank and payment information) and limited personal data about the employees and representatives of our business suppliers, customers, and partners who serve as our points of contact at those organizations (e.g., their name, role, work email, and telephone number). PCS UK may also receive limited personal data (such as name and shipping address) from business partners solely to perform logistics or return–shipment services. In these circumstances, the relevant business partner is the controller, and PCS UK acts only as a processor within the meaning of UK GDPR. PCS UK processes the personal data solely on the partner’s documented instructions under a written processing agreement compliant with Article 28 UK GDPR, does not use it for any independent purpose (including marketing or profiling), and retains it only as necessary to provide the service or comply with applicable law. If your interactions with PCS are not with PCS Wireless UK Limited or this Site, for example, if you are dealing with PCS Wireless, LLC in the United States or with another PCS affiliate, please refer to the PCS Wireless, LLC Privacy Policy.

Programme-specific policies. Certain programmes (e.g., device trade-in programmes operated with partners) are governed by separate privacy policies published where those programmes operate. Those programmes may involve limited consumer information (name and shipping address to send return boxes/labels or manage reverse logistics) and receiving pre-owned devices; PCS UK applies data‑wiping processes to devices it receives and does not intentionally access personal content on them.

For clarity, individuals participating in a partner-operated programme (such as a consumer trade-in programme) will have been provided the applicable programme-specific privacy notice at the time of collection by the partner – typically as part of the partner’s checkout or enrolment process – and that notice, not this Policy, governs the collection, use, and disclosure of personal data in connection with that programme. This Policy governs personal data processed through the PCS UK Site and in connection with the general business activities described in this Section 1. To the extent any provision of this Policy conflicts with a programme-specific privacy notice for activities within the scope of that programme, the programme-specific notice controls.

This Policy does not govern the personal data of PCS UK’s own employees, workers, contractors, or job applicants, which is processed in an employment or recruitment context. If you are a current or former PCS UK employee, worker, or contractor, or a candidate who has applied for a role with PCS UK, please refer to the separate PCS UK Employee Privacy Notice (provided through HR and available on the internal HR portal) and, for candidates, the PCS UK Recruitment Privacy Notice provided at the point of application. References in this Policy to “business contacts” mean the employees and representatives of our business suppliers, customers, and partners who serve as our points of contact, not PCS UK’s own personnel.

2) The personal data we collect

The personal data we collect in a business context may include:

  • Identity and contact information about supplier, customer, and partner representatives including name, work email address, telephone number, job title, employer details, and records of communications or account interactions.
  • Financial, due diligence, and anti-fraud information provided by companies (e.g., bank details for settlement, screening results), to the extent necessary for onboarding, compliance, fraud prevention, and risk management.
  • Logistics data (ship-to name/location; courier labels; RMA/return information) when needed to send packaging, labels, or receive returns. Where PCS UK receives this information solely to perform services on behalf of a business partner, PCS UK processes it as a processor and does not act as an independent controller.
  • Technical/usage data from the Site (IP address, browser type, pages viewed, referring/exit pages) collected via cookies and similar technologies (see Section 5).

We do not intentionally collect special category personal data (within the meaning of Article 9 UK GDPR) or criminal offence data through the Site. The Site is intended for business users and is not directed to children.

3) How we use personal data

We use personal data to:

  • Operate and improve the Site (analytics, security, troubleshooting).
  • Respond to inquiries and manage our supplier and customer relationships.
  • Onboard and verify counterparties (KYC/AML, fraud and sanctions screening as required or permitted by applicable law).
  • Perform and administer contracts (including purchase orders, settlement, remittances, claims, RMAs, and reverse logistics).
  • Protect PCS UK (IT and physical security, incident detection/prevention) and comply with laws (tax, accounting, reporting).
  • Corporate transactions (due diligence and integration if we reorganise, merge, or sell part of our business).
  • Logistics: where we receive personal data from business partners as a processor, we use that data only to provide the contracted logistics, fulfilment, or return‑shipment services in accordance with our processing agreement and applicable law.

Marketing. We may send business‑related updates about our services to business contacts.  Where required by the Privacy and Electronic Communications Regulations 2003 (as amended) (“PECR”), we will obtain consent before sending electronic direct marketing. Where PECR does not require consent, we may rely on our legitimate interests for limited B2B marketing, subject to your right to object at any time. You may opt out of marketing at any time (see Section 10).

4) Legal bases under UK GDPR

PCS UK processes personal data on the following legal bases:

  • Legitimate interests (including operating our business, managing supplier and customer relationships, securing the Site and our systems, preventing fraud, and improving our services) and provided that those interests are not overridden by the rights and freedoms of the individual.
  • Performance of a contract (to enter into or perform a contract with your company, or to take steps at your request before entering into a contract).
  • Legal obligation (KYC/AML, taxation, recordkeeping, compliance with UK law).
  • Consent where required (e.g., certain cookies or electronic marketing).

We do not engage in solely automated decision-making that produces legal or similarly significant effects on individuals.

5) Cookies and similar technologies

We use strictly necessary cookies and basic analytics to understand Site performance and improve content.  Non-essential cookies and similar technologies are used only where you have provided any consent required by applicable law through our cookie banner or preferences tool, where available. You can manage your preferences at any time using our cookie preferences tool; browser settings may also help you control cookies, although they may not control all similar technologies.

6) How we share personal data

We share personal data only as needed to run our business:

  • PCS Group companies worldwide (IT hosting, finance, compliance, support).
  • Service providers acting as processors (hosting, security, analytics, communications, KYC/AML, logistics, professional advisers) under Article 28-compliant contracts that restrict their use of personal data.
  • Counterparties and partners as necessary to perform contracts (e.g., shipping/returns).
  • Regulators, courts, and law enforcement where required by law or to establish, exercise, or defend legal claims.
  • Acquirers or other parties in connection with a merger, acquisition, or business reorganisation.

Where PCS UK has received personal data as a processor on behalf of a business partner, we handle that data in accordance with the applicable processing agreement and will direct individuals to the relevant partner for data subject requests, except where applicable law requires us to respond directly.

We do not sell personal data.

7) International data transfers

PCS UK is part of a global group, and your personal data may be transferred to, or accessed from, countries outside the United Kingdom, including the United States. Where the destination country has not been the subject of UK adequacy regulations, we rely on appropriate safeguards under Article 46 UK GDPR, including:

  • the UK International Data Transfer Agreement (“UK IDTA”);
  • the UK Addendum to the EU Standard Contractual Clauses; or
  • another lawful transfer mechanism recognised under UK GDPR.

Where the UK government has made an adequacy regulation in respect of a destination country (including, where applicable, the UK Extension to the EU-U.S. Data Privacy Framework for certified U.S. recipients), we may rely on that adequacy regulation.

We also implement technical and organisational measures to protect personal data in transit and at rest, and conduct transfer impact assessments where required. You may contact us for additional information about the transfer mechanisms applicable to your personal data, where required by law.

8) Data retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, including meeting legal, accounting, audit, fraud-prevention, and compliance requirements. PCS Group maintains a global records retention schedule that applies minimum retention periods required under applicable legal, regulatory, tax, accounting, audit, and operational requirements. We also apply periodic reviews to identify data that is no longer needed and securely delete or anonymise such data.

Unless a longer period is required by law, we generally apply the following retention periods:

  • Contact information for supplier, customer, and partner representatives (name, work email, phone, role): retained for up to 3 years after the last meaningful business interaction or the end of the commercial relationship. PCS UK may retain this information for longer where required to comply with legal, tax, accounting, audit, fraud-prevention, or regulatory obligations, to establish or defend legal claims, or where a longer retention period is otherwise permitted or required by applicable law.
  • KYC/AML and due-diligence records: retained for 5 years after the end of the business relationship, or longer if required under applicable anti-money-laundering or financial-compliance laws (including the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, as amended).
  • Financial, transactional, and accounting records: retained for 7 years to comply with tax and accounting obligations. PCS UK may retain these records for longer periods where required under applicable law, to comply with audit or regulatory obligations, to maintain accurate financial reporting, or to establish or defend legal claims.
  • Logistics and shipment/return records (including RMA details): retained for 3 years after fulfilment or closure of the relevant transaction. PCS UK may retain these records for longer where required under applicable law, by contract, to comply with audit or regulatory obligations, to support warranty or reverse-logistics processes, or to establish or defend legal claims.
  • Technical logs and website analytics data: retained for up to 24 months, unless aggregated or anonymised for longer-term analytics. PCS UK may retain certain logs for longer where required under applicable law, by contract, for security, fraud-prevention, or audit purposes, or to establish or defend legal claims.

Where specific retention periods cannot be provided, we apply the following criteria to determine retention duration:

  • statutory record-keeping requirements in relevant jurisdictions;
  • limitation periods for legal claims;
  • operational needs for fraud prevention, security, or contract administration; and
  • the necessity of maintaining accurate business records.

Once personal data is no longer required for these purposes, we delete or anonymise it in accordance with our global retention schedule and security protocols.

9) Security

We use administrative, technical, and physical safeguards designed to protect personal data. No system is 100% secure; if you suspect any unauthorised access or incident, please contact us immediately (see Section 12).

10) Your rights

Under UK GDPR, you have the following rights in relation to personal data we hold about you:

  • Access – to obtain a copy of your personal data and information about how we use it.
  • Rectification – to have inaccurate or incomplete personal data corrected.
  • Erasure – to have your personal data deleted in certain circumstances.
  • Restriction – to restrict our processing of your personal data in certain circumstances.
  • Objection – to object to our processing of your personal data, including processing based on legitimate interests, and to object to direct marketing at any time.
  • Portability – to receive a copy of certain personal data in a structured, commonly used, machine-readable format.
  • Withdraw consent – where our processing is based on consent, you may withdraw it at any time (without affecting the lawfulness of processing carried out before withdrawal).
  • Not be subject to solely automated decision-making that produces legal or similarly significant effects (we do not engage in such decision-making).

These rights are subject to certain exemptions and conditions under UK GDPR and the Data Protection Act 2018.

Marketing preferences. You can opt out of marketing emails at any time by using the unsubscribe link in the message or by contacting us.

How to exercise your rights. To exercise these rights, contact us at privacy@pcsww.com. PCS UK will verify your identity before processing any request, consistent with applicable law. Verification may include confirming information we already hold about you or requesting additional details needed to authenticate your identity. If you authorise a representative to submit a request on your behalf, PCS UK may require information sufficient to verify both your identity and the representative’s authority, including a signed authorisation or other documentation permitted by applicable law. PCS UK may also contact you directly to confirm the request.

Data protection complaints. If you have a complaint about how we handle your personal data, you may contact us using the details in Section 12. We will acknowledge and handle data protection complaints in accordance with applicable law.

PCS UK will verify authorised-representative requests as follows:

  1. Verification of your identity (the data subject). PCS UK may require the individual on whose behalf the request is made to provide information sufficient for PCS UK to reasonably confirm their identity. This may include matching specific information already held by PCS UK; providing additional information that PCS UK reasonably needs to confirm identity; or providing a signed declaration confirming that the representative is authorised to act on your behalf.
  2. Verification of the authorised representative. PCS UK will require the authorised representative to provide their name and contact information, proof of identity, and documentation demonstrating authority to act for the data subject. Acceptable documentation may include a signed written authorisation from the data subject; a valid power of attorney under applicable law; or other legally sufficient evidence demonstrating the representative’s authority.
  3. Direct confirmation. PCS UK may contact the data subject directly to confirm that the individual has authorised the representative and that the request is genuine.
  4. Insufficient proof. If the identity of the data subject or the authority of the authorised representative cannot be verified with reasonable certainty, PCS UK may request additional documentation or may decline the request as permitted by applicable law.
  5. Security of requests. PCS UK will process verified requests in accordance with applicable data-protection laws and will not disclose or delete personal data unless and until verification requirements are met.

Where PCS UK acts as a processor. Where PCS UK processes personal data solely on behalf of a business partner (for example, limited shipping information used for return-logistics services), that partner is the controller of the data under UK GDPR. Individuals should direct rights requests to the relevant partner. PCS UK will assist the partner in responding to verified requests as required by the applicable processing agreement and UK GDPR.

Right to lodge a complaint. If you are dissatisfied with how we handle your personal data or respond to a rights request or complaint, you have the right to complain to the UK Information Commissioner’s Office (“ICO”) or, where applicable, another competent supervisory authority. We encourage you to contact us first so that we have an opportunity to address your concerns directly.

11) Third-party links

The Site may link to third-party websites or services. Their privacy practices are governed by their own policies; please review them.

12) Contact us

PCS Wireless UK Limited
Registered office: Unit 2, 1 Eastern Road, Bracknell, RG12 2UP, England
Company number: 12329873
Email: privacy@pcsww.com

You may also contact our group privacy team using the email above for any questions about this Policy or our data-protection practices.

Supervisory authority: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom. https://ico.org.uk

13) Changes to this Policy

We may update this Policy from time to time. We will post the updated version and its effective date on this page. Material changes will be communicated where required by law.

Applicability to EEA visitors

Where PCS UK processes personal data in the context of its UK establishment, such processing is subject to UK GDPR. Where PCS group entities established in the EEA process personal data, such processing is subject to EU GDPR. The practices described in this Policy are intended to apply consistently across both frameworks.