GDPR

Crystal Choice takes your privacy extremely seriously. It is our responsibility to treat your personal information with the utmost care. Crystal Choice adheres to all relevant legislation, in particular, the Data Protection Act which was replaced by the EU General Data Protection Regulation (GDPR) legislation. This policy sets out our approach and how we collect and use personal information from you.

Introduction

Crystal Choice is a data controller. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this policy. Please note that this policy may be updated at any time. For the avoidance of doubt, this policy is non-contractual. You may give your personal details to Crystal Choice directly, through an application or any form on our website. Crystal Choice must have a legal basis for processing your personal data.

Personal Data – Lawful Basis

The law states you must have a valid lawful basis in order to process personal data.  Out of the 6 listed, Crystal Choice uses 2 of which detail below:

• Consent – The individual has given clear consent for you to process their personal data for a specific purpose.
• Legitimate Interest – the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

Retention of Data

Crystal Choice will only retain your data for as long as there is either a statutory requirement for us to do so or to be able to provide a service to you. This will usually require us to retain your personal data after our business relationship has ended. All data will then be securely destroyed once any legal requirements are met and the law pertaining to those requirements allow us to do so.

Removal of Data

You are able to request the removal of your personal information at any time where there is no good reason for us continuing to process it or have a legal requirement for storing it. You are able to request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it. If at any stage you wish to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the Data Protection Officer in writing. Please note that such request will not incur a fee, we may, however, charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. Please note such requests for data will require security questions to be answered to ascertain the identity and right to such information.

Security

In line with data protection obligations, we are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. Our services are hosted from datacentres within the EEA, we are also committed to undertake regular vulnerability scans of our websites and services to ensure your data is fully protected.

Data Sharing

We may have to share your data with third parties, including third – party service providers and other entities within the group. We require third parties to respect the security of your data and to treat it in accordance with the law in the same way we do. We obtain a full copy of their privacy policy and will only continue this relationship subject to our satisfaction of the documentation received.

Cookies

Cookies are small data files sent by a web server to a web browser when that browser visits the server’s website and are stored by the browser on the computer’s hard drive. Cookies enable the web server to monitor activity on the website and make it easier for the user to log on to and use the website on future occasions. We may issue cookies to your computer when you log on to the Site unless you stated your objection to receiving them when providing your details to us. We may use information from cookies in the administration of the Site, to improve the Site and/or for marketing purposes. We may also use this information to identify your computer when you visit the Site and to personalise the Site for you. You can set your computer’s web browser to reject cookies, although you may then not be able to use certain features on the Site.

Complaints or Queries in regards to your Privacy or GDPR

Crystal Choice have appointed a Data Protection Officer to oversee the compliance and continued review of this policy. If you have any questions/queries or complaints in regards to this policy we ask that you place this in writing and send to FAO: DPO Officer Crystal Choice, Redfern House, 105 Ashley Road, St Albans, AL1 5GD