Who we collect information from and the information we collect
Crystal Direct collects personal information provided directly from the following data sources:
Personal data means any information about an individual from which that person can be identified. We will collect, store, and use the following categories of personal information about you:
We collect personal information about you directly from you when you contract to purchase our goods and services or where you register and express interest in receiving information about such matters from us. We may also collect additional information from third parties where applicable to the products we are supplying to you. We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
We may collect additional information in connection with your participation in any promotions or competitions offered by us and information you provide when giving us feedback or completing profile forms. We also monitor customer traffic patterns and site use which enables us to improve the service we provide.
Please note that it is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your contractual relationship with us or once you have registered to receive information about our products and services.
Customers of Crystal Direct Customers
We may collect, store and process Personal Information of customers of Crystal Direct customers, solely on our customer’s behalf and at their direction. For such purposes, we serve as and shall be considered as a “processor” and not as a “controller” of such personal information. The Crystal Direct customers shall be considered as the “controllers” of such Personal Information and are responsible for complying with all laws and regulations that may apply to the collection, use and control of such Personal Information. Crystal Direct customers who use our services in this way are responsible for obtaining any consents, permissions and for providing any fair processing notices required for the collection and usage of such information.
We are concerned about the safety of children when they use the internet, and will never knowingly collect Personal Information from minors (children under 16 years of age, or any other age defined under applicable law). If we become aware that a minor is attempting to or has submitted Personal Information, we will notify the user that we may not accept his or her Personal Information. We will then remove any such Personal Information from our records.
We collect Personal and Aggregate Information
We collect two-types of information from you: “Personal Information” (anything which identifies you as an individual, either on its own or by reference to other information) and “Aggregate Information” (non-personally identifiable and anonymous data).
On our Site, Personal Information (such as your name, address, telephone number and/or email address) is collected when you voluntarily submit it to us, such as during a request for product information or a general enquiry. Other information that may also constitute Personal Information (such as your browser type, operating system, IP address, domain name, number of times you visited our website, dates you visited our website, and the amount of time you spent viewing the website) may be collected via cookies and other tracking technologies (such as transparent GIF files). Aggregate Information (such as how many times visitors log onto our website) may also be collected.
Outside of our website, Personal Information may also be collected directly by us or by our representative when you enter into a contract with us or contact us to make enquiries or complaints via telephone, email or by post. We may collect your business contact details and information about your profession or your employees, as well as information about you if you attend meetings, events or conferences that we organise.
What legal basis we have for collecting and using your personal information
Where relevant under applicable law, the use of your Personal Information will be justified by at least a condition for processing. In the majority of cases this condition will be that:
The Purpose for which we use your Personal Information
We will keep your personal data secure and only store it for as long as necessary and only for the purpose of providing services associated with the supply of PVC products including for the purposes of satisfying any legal accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Your Personal Information will not be used for any other purpose than provided by this Notice. We will use the information you supply:
We would like to use your Personal Information to provide you with information about products and services which we think may be of interest to you or your employer. We will only send you such materials by email and/or contact you by telephone if, when you are presented with the option at various points on our Site or during our contact with you, you gave us your prior express consent to receive such communications (“opt in”). In case you have not given your opt in consent to be contacted by Crystal Direct, your Personal Information (only to the extent that is absolutely required) will be retained on a “do not contact” list.
We may occasionally share data on Social Media (e.g. Twitter), Websites and Internet celebrating our shared successes, projects and exhibition days in order to promote our products and services. In these circumstances, we would only share the minimum amount of data needed to celebrate the success and thus promote the Crystal Direct brand, the Customers brand, and the location of the event.
In connection with our offline activities, you may simply notify Crystal Direct that you wish to cease receiving additional information from Crystal Direct (“opt out”), and Crystal Direct will honour any such request. Your Personal Information will be stored by us only as long as you do not change your mind to receive such materials from Crystal Direct, with the exception of those Personal Information which is required to avoid contacting you in the future for marketing purposes. We will provide you with the option to opt-out of marketing communications by following the “opt out” procedure below.
How we use information collected through Cookies and other Tracking technologies
A cookie is a small text file that is downloaded to your computer when visiting a website. It allows that website to recognise your computer when you return, enabling it to display personalized settings and other user preferences. Cookies also help websites improve the relevance of the advertising you see online. Other tracking technologies (including “web beacons” and “transparent GIF files”) are technical mechanisms that enable our service providers to gather information on your responses to our advertisements, emails and other online marketing materials.
Type of cookies used on the Site
We use several different types of cookies. In particular, we use: strictly necessary cookies which allow certain fundamental features of the Site to work; functionality cookies, which allow us to remember choices you make (for example, your cookie preference); and performance cookies, which monitor usage of the Site. We also use third party cookies – these are cookies that are set by a third part website rather than by us.
Some of the cookies are session cookies which are temporary and allow us to link your actions during a single use of the Site. These are deleted at the end of your browsing session. Others are persistent cookies which remain on your device for the period of tie specified in the cookie. These cookies help us to identify you as a unique user (by storing a randomly generated number).
Control your cookie settings
Please be aware that some of our services will not function if your browser does not accept cookies. However, you can allow cookies from specific websites by making them “trusted websites” in your internet browser.
The following links may assist you in managing your cookies settings, or you can use the ‘Help” option in your internet browser for more details:
Internet Explorer: http://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
Google Chrome: http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95647
Who we disclose your information to
We work with third parties to help manage our business and deliver services. We and our service providers (as defined below) disclose and share your Personal Information:
How we protect and store your information
We take the security of the information we collect seriously. We have implemented and we maintain technical and organisational security measures, policies and procedures intended to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information appropriate to the nature of the data concerned. Some of the steps we take are:
Transfer out of the EU
We may occasionally need to transfer data to countries outside the EEA, but we will only do so where such countries can ensure that the level of data protection afforded to individuals by the GDPR is not undermined.
We may only transfer data outside the EEA if one of the following conditions applies:
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Data Processing Officer (DPO) (contact details are provided below). Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. Under certain circumstances, by law you also have the right to:
Complaints, Amendments and Opting Out
To withdraw your consent, review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please inform the DPO, Martin Randall, in writing either by:
Fax to 01462 489909;
Email to email@example.com; or
Post to the address: Crystal Direct, Lacerta Court, Letchworth Garden City, Hertfordshire, SG6 1FD.
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any applicable data security breaches and will notify you and the ICO of a suspected breach within 72 hours of the breach where we are legally required to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
Questions and Contact Information
If you require any further information in relation to data protection, please do not hesitate to contact our Marketing Department on 01462 489900 or by email on firstname.lastname@example.org