Privacy Policy

Last updated: 18th September 2023.

We are committed to the privacy and confidentiality of the information provided by you to us. We ask you to periodically review this page, as it may change from time to time. If something is unclear, please contact us.

Please note: Where Crystaltech is mentioned throughout the following policy, this represents CRYSTALTECH SERVICES (UK) LIMITED.

1. Who we are

We are CRYSTALTECH SERVICES (UK) LIMITED trading as Crystaltech. Our registered in England & Wales No. is: 05249952.

CRYSTALTECH SERVICES (UK) LIMITED brand(s) include Crystaltech.

Our website address(es) are:

• www.crystaltech.co.uk.

Our address(es) are:

• Trading Address: 14 Redbridge Enterprise Centre, Thompson Close, Ilford, United Kingdom, IG1 1TY
• Registered Office: 14 Redbridge Enterprise Centre, Thompson Close, Ilford, United Kingdom, IG1 1TY

Crystaltech is managed and operated by Duncan Smith. The digital landscape – including this website and social accounts – are owned by Crystaltech and managed by Beyond Co.

References to “the Company” “we”, “us”, “our” and “ours” (or other relevant terms) in this privacy policy means Crystaltech.

The terms “you”, “your” and “yours” (or other relevant terms) when used in this privacy policy mean any user of this website, prospective employees of Crystaltech, client, partner, vendor, supplier and other internal and external stakeholders.

2. Purpose of this privacy policy

If you submit personal data to us, it will be maintained in accordance with the provisions of the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK, until such time as the GDPR is no longer directly applicable to the UK, and then in accordance with the provisions of any successor legislation to the GDPR or the Data Protection Act 1998 (together, “the Data Protection Legislation”).

Personal data (as defined in the Data Protection Legislation) means any information which identifies you and may include information such as your name, email address, telephone number, position and postal address.

We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal data.

3. Notification of changes to the privacy policy

We are continually improving our methods of communication and adding new functionality and features to this website and to our existing services. Because of these ongoing changes, changes in the law and the changing nature of technology, our data protection practices will change from time to time. If and when our data protection practices change, we will update this privacy statement to describe our new practices. We encourage you to check this page regularly.

4. Our use of your personal data

When you provide us with your personal data, it may be used for the following purposes:

• To carry out our obligations arising from any contracts we have with you;
• To contact you to inform you of new services and events we will be providing;
• To send you requested information about our services – we will keep your contact details on our database and may, from time to time, email you information about services which may be of interest to you. If you do not wish to receive emails from us for these purposes, please let us know by emailing service@crystaltech.co.uk;
• To use your personal data for marketing purposes.

We may also receive information about you from other sources (with your consent), and we may combine this information with the information you give to us. We may use this information and the combined information for the purposes set out above.

5. Anonymous data collected through this website

In addition to the information we collect as described above, we use technology to collect anonymous information about the use of our website. For example, our web server automatically logs which pages of our website our visitors view, their IP addresses, and which web browsers they use. This technology does not personally identify you – it simply enables us to compile statistics about our visitors and their use of our website. Our website contains hyperlinks to other pages on our website. We may use technology to track how often these links are used and which pages on our website our visitors choose to view. Again this technology does not identify you personally – it simply enables us to compile statistics about the use of these hyperlinks.

6. Cookies and similar technologies

In order to collect the anonymous data described in the preceding paragraph, we may use cookie technology on our website. A cookie is a small piece of information which is sent to your browser and stored on your computer’s hard drive, mobile phone or other devices. Cookies do not damage your computer. You can set your browser to notify you when you receive a cookie. This enables you to decide if you want to accept it or not. However, some of the services and features offered through our website may not function properly if your cookies are disabled.

We use two types of cookies on our website:

• Strictly necessary cookies

These cookies are essential in order to enable you to move around the website and use its features. Without these cookies, services you have asked for cannot be provided. They are deleted when you close the browser.

• Performance cookies (e.g. Google Analytics)

These cookies collect information in an anonymous form about how visitors use our website. They allow us to recognise and count the number of visitors and to see how visitors move around the site when they are using it.

We may also use your IP address to help diagnose problems with our server, to administer our website and to improve the service we offer to you. An IP address is a numeric code that identifies your computer on a network, or in this case, the internet. Your IP address might also be used to gather broad demographic information. We may perform IP lookups to determine which domain you are coming from (i.e. google.com, yourcompany.com) to gauge our users’ demographics more accurately. Information from these types of cookies and technologies or about website usage is not combined with information about you from any other source. None of the cookies or technologies that we use will personally identify you.

7. Analytics and similar technology

As mentioned above in appendix ‘6. Cookies and similar technologies we use a selected amount of analytical tools in order to best optimise this site. The main three we use are: Google Analytics, RankMath and Hotjar. We have already disclosed our terms associated with Google Analytics above in appendix ‘6. Cookies and similar technologies’. For more information regarding Hotjar, please see the paragraph below.

We may use Hotjar in order to better understand our users’ needs and to optimise this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.), and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. In order for Hotjar to collect all of this data, it uses several ‘behaviour products’ including heatmaps, screen recording and conversion funnels. They also use ‘feedback products’, including incoming feedback, feedback polls and surveys. Hotjar stores all this information on our behalf in a pseudonymised user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.

8. Consent

To comply with current legislation, we need to ask for your consent to set the performance cookies described above. When you arrive on our website, a banner will appear asking for your consent to place performance cookies on your device. This website is tested regularly to ensure the cookie banner performs how it should, however, there may be various factors that could potentially temporarily affect this, including but not limited to conflicts from the CMS, plugins, themes, server-side, cache issues, updates and external factors such as the device(s) you’re using. If you, another user of your device or anyone else you know experiences issues with this, we ask you to contact us immediately so that we can rectify it.

Where ‘Accept’, ‘Agree’, ‘I’m fine with this’, ‘Okay’ or ‘OK’ (or other relevant terms) aren’t presented, by clicking on the banner, anywhere else on the screen or by continuing to use our website, we assume that you consent to cookies being placed on your device. This also applies if there isn’t a ‘Manage your options’, ‘Manage’, ‘Custom Settings’ (or other relevant terms) option as well. If you do not agree, please leave our website immediately. Once your consent has been provided, this message may not appear again when you revisit. If you, or another user of your device, wish to withdraw your consent at any time, you can do so by altering your browser settings.

9. Retention of your personal data

We will only keep your personal data within the timeframes allowed by law and for as long as is necessary to comply with industry obligations.

10. Disclosure of your personal data

We do not share, sell or distribute your personal data with unrelated third parties, except as otherwise provided for in this privacy policy and under these limited circumstances:

• When the law requires it.
• In order to provide you with the information or services that you have requested, your personal information may occasionally be transferred or shared with third parties who act for us for further processing in accordance with the purposes for which the data was originally collected or for the purposes to which you have subsequently consented. For example, we may allow third-party access to your personal data to support our information technology or to handle mailings on our behalf.
• Where you have consented, we may share your personal data with other companies whose products and services may be of interest to you.
• Where you are a client, we may disclose your personal data to third parties for the purposes of billing and debt collection.

11. Transfer of your personal data outside the EEA

The personal data collected from you may be transferred outside the EEA either by Crystaltech and/or any of the third parties described above. By providing personal data, you agree your data may be transferred outside the EEA in such circumstances.

While some of these countries may not offer the degree of protection to your personal data equivalent to that afforded by your country of residence, we will take all reasonable steps to ensure the security of data held and processed across our global network.

12. Data access, corrections and other rights

Upon receipt of your written request (known as a Subject Access Request, or SAR) and enough information to permit us to identify your personal data, we will disclose to you the personal data we hold about you within one month of receipt of your request. We may withhold personal data to the extent permitted by law. If we decide we have a lawful basis for withholding your personal data, we will notify you within one month of receipt of your request and provide reasons for our decision. You will have a right to appeal this decision.

We will also correct or amend any personal data that you tell us is inaccurate.

In some circumstances, you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.

In some circumstances, you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful, but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

13. Content, media and other material

Some of the content found on this website has been obtained from third-party sites, for example, stock imagery – strictly used for illustrational purposes. Another example could be the use of copy used on the site to describe the services we offer, as they may have been provided and/or lifted from the technology we use/from our partner’s sites. We have tried in every effort to use royalty-free, non-copyrighted content, media and other materials. We take blatant plagiarism very seriously and urge you to contact us if you feel we have misused, mis-sold or misled anything displayed on this website.

14. Links to other websites

Our website may contain hyperlinks to websites that are not operated by us. We urge you to review any privacy policy posted on any site you visit before using the site or providing any personal information about yourself.

15. Person of responsibility

Crystaltech’s appointed Data Protection Officer is Altab Husain.

16. How to make a complaint

If you believe that we have breached this policy or any other applicable privacy or data protection laws or regulations which may apply to Crystaltech, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues: www.ico.org.uk. We would, however, appreciate the opportunity to deal with your concerns before you approach the ICO so please contact us in the first instance. You should address your complaint via email: service@crystaltech.co.uk. Please include as much detail as you can about the personal data affected and the circumstances that you believe amount to a breach of this policy or applicable privacy or data protection law or regulations.

We will undertake an internal investigation and may contact you if we need any further information relating to your complaint. We will generally attempt to provide a response within 30 days of receipt of your complaint. Our response will set out the results of the investigation, including whether we agree that Crystaltech has breached this privacy policy or applicable privacy or data protection laws or regulations.