Welcome to Crystal's privacy policy

Crystal Direct is committed to protecting your privacy. This Privacy Policy explains our data processing practices and your options regarding the ways in which your personal data (if any) is used. If you have any requests concerning your personal information (if any) or any queries with regard to our processing please contact us at marketing@crystal-direct.co.uk for the attention of the ‘Head of Marketing’.

Who we collect information from and the information we collect

Crystal Direct collects personal information provided directly from the following data sources:

  • Website and Email Users;
  • Individual prospective customers & customers;
  • Representatives of corporate prospective customers & customers

Personal data means any information about an individual from which that person can be identified. We will collect, store, and use the following categories of personal information about you:

  • Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.

We collect personal information about you directly from you when you contract to purchase our goods and services or where you register and express interest in receiving information about such matters from us. We may also collect additional information from third parties where applicable to the products we are supplying to you. We will only use your personal information when the law allows us to.  Most commonly, we will use your personal information in the following circumstances:

  • Where we need to perform the contract we have entered into with you.
  • Where we need to comply with a legal obligation.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where you have given your express consent.

We may collect additional information in connection with your participation in any promotions or competitions offered by us and information you provide when giving us feedback or completing profile forms. We also monitor customer traffic patterns and site use which enables us to improve the service we provide.

Please note that it is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your contractual relationship with us or once you have registered to receive information about our products and services.

Customers of Crystal Direct Customers

We may collect, store and process Personal Information of customers of Crystal Direct customers, solely on our customer’s behalf and at their direction.  For such purposes, we serve as and shall be considered as a “processor” and not as a “controller” of such personal information.  The Crystal Direct customers shall be considered as the “controllers” of such Personal Information and are responsible for complying with all laws and regulations that may apply to the collection, use and control of such Personal Information.  Crystal Direct  customers who use our services in this way are responsible for obtaining any consents, permissions and for providing any fair processing notices required for the collection and usage of such information.


We are concerned about the safety of children when they use the internet, and will never knowingly collect Personal Information from minors (children under 16 years of age, or any other age defined under applicable law).  If we become aware that a minor is attempting to or has submitted Personal Information, we will notify the user that we may not accept his or her Personal Information.  We will then remove any such Personal Information from our records.

We collect Personal and Aggregate Information

We collect two-types of information from you: “Personal Information” (anything which identifies you as an individual, either on its own or by reference to other information) and “Aggregate Information” (non-personally identifiable and anonymous data).

On our Site, Personal Information (such as your name, address, telephone number and/or email address) is collected when you voluntarily submit it to us, such as during a request for product information or a general enquiry.  Other information that may also constitute Personal Information (such as your browser type, operating system, IP address, domain name, number of times you visited our website, dates you visited our website, and the amount of time you spent viewing the website) may be collected via cookies and other tracking technologies (such as transparent GIF files).  Aggregate Information (such as how many times visitors log onto our website) may also be collected.

Outside of our website, Personal Information may also be collected directly by us or by our representative when you enter into a contract with us or contact us to make enquiries or complaints via telephone, email or by post.  We may collect your business contact details and information about your profession or your employees, as well as information about you if you attend meetings, events or conferences that we organise.

What legal basis we have for collecting and using your personal information

Where relevant under applicable law, the use of your Personal Information will be justified by at least a condition for processing.  In the majority of cases this condition will be that:

  • You have provided your consent to us using the Personal Information in that way for example where you provide us with consent to send you marketing communication about our products and services;
  • Our use of your Personal Information is in our legitimate interest as a commercial organisation (for example we use cookies to track information about how our website is used in order to continually improve its layout based on how you and other users interact with its content); and to personalise it to the user (for example, by showing content which is relevant to your geographical location), provided it is conducted at all times in a way that is proportionate, and that respects your privacy rights;
  • Our use of your Personal Information is necessary to perform a contract or take steps to enter into a contract with you (for example, to manage your account); and/or
  • Our use of your Personal Information is necessary to comply with a relevant legal or regulatory obligation that we have.  Some of the obligations including making reports to tax authorities or law enforcement agencies.

The Purpose for which we use your Personal Information

We will keep your personal data secure and only store it for as long as necessary and only for the purpose of providing services associated with the supply of PVC products including for the purposes of satisfying any legal accounting or reporting requirements.  To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. 

Your Personal Information will not be used for any other purpose than provided by this Notice.  We will use the information you supply:

  • To answer your specific enquiry or respond to your complaints.  For example if you contact us with a technical question, we will use your contact information and technical information to resolve the issue;
  • To administer and enhance our website;
  • For your greater business purposes, such as the administration of your customer account, to invite you to events, deal with your queries or for marketing or sales purposes;
  • In connection with a proposed or actual sale, merger or transfer of all or a portion of a business or division;
  • To satisfy legal or regulatory requirements;
  • As otherwise described in this notice; and
  • At your option, to send you additional marketing materials relating to crystal products and services.

Direct Marketing

We would like to use your Personal Information to provide you with information about products and services which we think may be of interest to you or your employer.  We will only send you such materials by email and/or contact you by telephone if, when you are presented with the option at various points on our Site or during our contact with you, you gave us your prior express consent to receive such communications (“opt in”).  In case you have not given your opt in consent to be contacted by Crystal Direct, your Personal Information (only to the extent that is absolutely required) will be retained on a “do not contact” list.

We may occasionally share data on Social Media (e.g. Twitter), Websites and Internet celebrating our shared successes, projects and exhibition days in order to promote our products and services.  In these circumstances, we would only share the minimum amount of data needed to celebrate the success and thus promote the Crystal Direct brand, the Customers brand, and the location of the event. 

In connection with our offline activities, you may simply notify Crystal Direct that you wish to cease receiving additional information from Crystal Direct (“opt out”), and Crystal Direct will honour any such request.  Your Personal Information will be stored by us only as long as you do not change your mind to receive such materials from Crystal Direct, with the exception of those Personal Information which is required to avoid contacting you in the future for marketing purposes.  We will provide you with the option to opt-out of marketing communications by following the “opt out” procedure below.

How we use information collected through Cookies and other Tracking technologies

A cookie is a small text file that is downloaded to your computer when visiting a website.  It allows that website to recognise your computer when you return, enabling it to display personalized settings and other user preferences.  Cookies also help websites improve the relevance of the advertising you see online.  Other tracking technologies (including “web beacons” and “transparent GIF files”) are technical mechanisms that enable our service providers to gather information on your responses to our advertisements, emails and other online marketing materials.

You will be given the opportunity to accept or reject the use of cookies on the Site in a pop-up box when you first access the Site.  You may choose not to accept the cookie, however, this may restrict the services that you can access on the Site as well as the overall performance of the Site.

Type of cookies used on the Site

We use several different types of cookies.  In particular, we use: strictly necessary cookies which allow certain fundamental features of the Site to work; functionality cookies, which allow us to remember choices you make (for example, your cookie preference); and performance cookies, which monitor usage of the Site.  We also use third party cookies – these are cookies that are set by a third part website rather than by us.

Some of the cookies are session cookies which are temporary and allow us to link your actions during a single use of the Site.  These are deleted at the end of your browsing session.  Others are persistent cookies which remain on your device for the period of tie specified in the cookie.  These cookies help us to identify you as a unique user (by storing a randomly generated number).

Control your cookie settings

Please be aware that some of our services will not function if your browser does not accept cookies.  However, you can allow cookies from specific websites by making them “trusted websites” in your internet browser.

The following links may assist you in managing your cookies settings, or you can use the ‘Help” option in your internet browser for more details:

Internet Explorer: http://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
Google Chrome: http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95647
Safari: http://support.apple.com/kb/PH5042
If you share the use of a computer, accepting or rejecting the use of cookies may affect all users of that computer

Who we disclose your information to

We work with third parties to help manage our business and deliver services.  We and our service providers (as defined below) disclose and share your Personal Information:

  • Among Crystal Direct and our affiliates;
  • To third party service providers (“service providers”) that perform services for us or on our behalf (including provide courier services, help manage our IT and back office systems, or distribute marketing materials).  Such service providers are required under their contract with us, to handle your personal information in accordance with applicable laws and principles related to privacy and data protection;
  • To other persons where we are under a legal obligation to disclose your personal information, and only as permitted or required by applicable law or regulation.  Such disclosure could be made to courts, to respond to lawful requests by public authorities, regulators and law enforcement agencies in the European Union and around the World or to protect and defend our rights or property.
  • Any access to such information will be limited to the purpose for which such information was provided to us or our service providers, as explained in the “how we use the information we collect” section above.

How we protect and store your information

We take the security of the information we collect seriously.  We have implemented and we maintain technical and organisational security measures, policies and procedures intended to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information appropriate to the nature of the data concerned.  Some of the steps we take are:

  • Placing confidentiality requirements on our staff members and service providers;
  • Destroying or permanently anonymising personal information if it is no longer needed for the purposes for which it was collected
  • Personal information collected is stored on secure servers in the UK which have the very latest security anti-virus and firewall software.

Transfer out of the EU

We may occasionally need to transfer data to countries outside the EEA, but we will only do so where such countries can ensure that the level of data protection afforded to individuals by the GDPR is not undermined.

We may only transfer data outside the EEA if one of the following conditions applies:

  • The European Commission has issued a decision confirming that the country to which we transfer the data ensures an adequate level of protection for the data subjects’ rights and freedoms;
  • Appropriate safeguards are in place such as binding corporate rules (BCR), standard contractual clauses approved by the European Commission, an approved code of conduct or a certification mechanism, a copy of which can be obtained from the data protection officer (DPO) (contact details are provided below);
    You have provided explicit consent to the proposed transfer after being informed of any potential risks; or
    The transfer is necessary for one of the other reasons set out in the GDPR including the performance of a contract between us and you, reasons of public interest, to establish, exercise or defend legal claims or to protect your vital interests where you are physically or legally incapable of giving consent and, in some limited cases, for our legitimate interest.

Your Rights

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Data Processing Officer (DPO) (contact details are provided below). Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. Under certain circumstances, by law you also have the right to:

  • Request access to your personal information which enables you to receive a copy of the personal data we hold about you.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information which enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.

Complaints, Amendments and Opting Out

To withdraw your consent, review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please inform the DPO, Martin Randall, in writing either by:

Fax to 01462 489909;
Email to marketing@crystal-direct.co.uk; or
Post to the address: Crystal Direct, Lacerta Court, Letchworth Garden City, Hertfordshire, SG6 1FD. 

Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.  We have put in place procedures to deal with any applicable data security breaches and will notify you and the ICO of a suspected breach within 72 hours of the breach where we are legally required to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

Opt In

This new Privacy Policy will take effect on May 25th 2018 and by using our services, on or after this date, you are confirming your consent and agreeing to these updates

Questions and Contact Information

If you require any further information in relation to data protection, please do not hesitate to contact our Marketing Department on 01462 489900 or by email on marketing@crystal-direct.co.uk

To find your local supplier use the search box below to get
a list of Crystal approved and Platinum partner
supplier locations
within your area.