Crystal Umbrella takes your privacy extremely seriously. It is our responsibility to treat your personal information with the utmost care. Crystal Umbrella adheres to all relevant legislation, in particular, the Data Protection Act which was replaced by the EU General Data Protection Regulation (GDPR) legislation. This policy sets out our approach and how we collect and use personal information from you.
Crystal Umbrella is a data controller. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this policy. Please note that this policy may be updated at any time. For the avoidance of doubt, this policy is non-contractual and does not form part of any contract you have agreed with us. You may give your personal details to Crystal Umbrella directly, through an application or registration form or via our website. Crystal Umbrella must have a legal basis for processing your personal data.
Personal Data – Lawful Basis
The law states you must have a valid lawful basis in order to process personal data. Out of the 6 listed, Crystal Umbrella uses 4 of which we detail below:
- Contract – The processing is necessary for a contract you have with an individual, or because they have asked you to take specific steps before entering into a contract.
- Legal Obligation – The processing is necessary for you to comply with the law
- Consent – The individual has given clear consent for you to process their personal data for a specific purpose.
- Legitimate Interest – the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
Retention of Data
Crystal Umbrella will only retain your data for as long as there is either a statutory requirement for us to do so or to be able to provide a service to you. This will usually require us to retain your personal data after our business relationship has ended for accounts, records and legal purposes and to deal with any account support questions. All data will be securely destroyed once our legal requirements are met and the law pertaining to those requirements allow us to do so.
Removal of Data
You are able to request the removal of your personal information at any time where there is no good reason for us continuing to process it or have a legal requirement for storing it. You are able to request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it. It is important to note that whilst your personal data is suspended our contractual obligations may not be fulfilled. If at any stage you wish to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the Data Protection Officer in writing. Please note that such request will not incur a fee, we may, however, charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. Please note such requests for data will require security questions to be answered to ascertain the identity and right to such information.
In line with data protection obligations, we are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. Our services are hosted from datacentres within the EEA, we are also committed to undertake regular vulnerability scans of our websites and services to ensure your data is fully protected.
Cookies are small data files sent by a web server to a web browser when that browser visits the server’s website and are stored by the browser on the computer’s hard drive. Cookies enable the web server to monitor activity on the website and make it easier for the user to log on to and use the website on future occasions. We may issue cookies to your computer when you log on to the Site unless you stated your objection to receiving them when providing your details to us. We may use information from cookies in the administration of the Site, to improve the Site and/or for marketing purposes. We may also use this information to identify your computer when you visit the Site and to personalise the Site for you. You can set your computer’s web browser to reject cookies, although you may then not be able to use certain features on the Site. If you do not wish to receive cookies in the future, please email us at firstname.lastname@example.org.
Complaints or Queries in regards to your Privacy or GDPR
Crystal Umbrella have appointed a Data Protection Officer to oversee the compliance and continued review of this policy. If you have any questions/queries or complaints in regards to this policy we ask that you place this in writing and send to: DPO@crystalumbrella.com or via post to FAO: DPO Officer Unitum House, 1 The Chase, John Tate Road, Hertford, Herts. SG13 7NN