top of page

GDPR Policy and Privacy Notice

This privacy notice was last updated on 22nd July 2025.

This privacy notice sets out the basis on which we collect and process your personal data through the use of our website, our digital applications, and/or signing up for newsletters and other marketing activities either in person or online.  Any changes we make to this policy in the future will be posted on this page so please check this page regularly.

 

Who We Are

Crystal Services Limited is the Data Controller responsible for your personal data within the context of the data you choose to directly pass to us through our website, digital applications, marketing activities, by email, phone, or face-to-face.  Crystal Services Ltd will be what is known as the ‘Data Controller’ of the personal data you provide to us, and we will sometimes refer to ourselves in this notice as “we” or “us”. By Data Controller, this means Crystal Services Ltd determines the purposes and way in which any personal data are, or will be, processed.  Our registered office is at Summerhouse Office Suite, Squeen Farm Bungalow, Ballacrye Road, Ballaugh, IM7 5BP. If you have any questions about this privacy notice, the use of your personal information, or your dealings with our website or our digital applications, you can contact us at info@crystalserviceslimited.com.

 

When We Are Not the Data Controller

Crystal Services Ltd provide services to our clients.  This notice does not apply to our client’s businesses where Crystal Services Ltd is not the Data Controller.   If you have any questions about our client’s use of your personal information, please contact them directly.  In respect of some of our client’s business, we may or may not be a data processor. In so far as we act as a data processor rather than a data controller, this policy shall not apply. Our legal obligations as a data processor are instead set out in the contract between us and the relevant data controller.

 

Our Principles of Data Protection

Crystal Services Ltd are committed to safeguarding the privacy of our website visitors and service users and complying with the General Data Protection Regulation and the Data Protection Act 2018.  Looking after the personal information you share with us is very important, and we want you to be confident that your personal data is kept safely and securely and to understand how we use it to offer you the best user experience.

We have published this notice to help you understand:

 

  • how and why Crystal Services Ltd collect information from you.

  • who we share your information with, why and on what basis; and

  • what your rights are.

 

 

 

 

What information we collect and why?

Information you provide to us directly when you visit or use some parts of our website and/or services we might ask you to provide personal data to us. For example, we ask you for your contact information when you submit an enquiry, submit your CV for a job application, submit an illustration request, book an appointment, or give feedback.

Where you are requested to fill in a form (either online or offline), it’s your choice as to which fields to complete and with what data.  If you don’t want to provide us with your personal data, you don’t have to but it might mean you can’t use some parts of our website or service.

 

Information we collect automatically

We collect some information about you automatically when you visit our websites or use our services, like your IP address and device type. We also collect information when you navigate through our website and digital applications such as pages you looked at and what links you clicked on and so on. This information is useful as it helps us get a better understanding of how you use our websites and services so that we can continue to provide the best experience possible.  Some of this information is collected using cookies and similar tracking technologies. If you want to find out more, look at our cookie policy.

 

Information we get from third parties

The majority of information we collect, we collect directly from you. Sometimes we might collect personal data about you from other sources, such as from employment agencies or clients that you provide services to. We may use this information to supplement the personal data we already hold on you, in order to better inform, personalise or to improve our services and to validate the personal information you provide.  Where we collect personal data, we’ll only process it:

 

  • To perform a contract with you, or

  • Where we have legitimate interests to process the personal data and they’re not overridden by your rights

  • In accordance with a legal obligation or

  • Where we have your consent

 

How do we use your information?

Data Protection says that we are allowed to use and share your personal data only where we have a proper reason to do so. The law says we must have one or more of these reasons and these are:

 

  • Contract - your personal information is processed to fulfil a contractual arrangement.

  • Consent – where you agree to us using your information in this way.

  • Legitimate Interests - this means the interests of Crystal Services Ltd in managing our business to allow us to provide you with the best products and services in the most secure and appropriate way.  For example, to transfer your data to certain Third Parties in order to deliver you the requested service.

  • Legal Obligation – where there is a statutory or other legal requirement to share the information, for example, when we have to share your information for law enforcement purposes.

 

Here is a list of the ways that we may use your personal information, and which of the reasons described above we rely on to do so. Where we list legitimate interests as a reason, we also describe below what we believe these legitimate interests are.

 

What We Use Your Personal Information For

Our Reasons (Legal Basis)

Our Explanation Of Legitimate Interests

To communicate with you or to market to you

Consent or Legitimate Interest

Marketing communications in accordance with your marketing preferences

Asking you for feedback or to take part in research we are conducting

To advertise to you using targeted display advertising

To provide you with services

Contract or Legal Obligation

In order to perform a contractual relationship

Provide you with the information you’ve requested

Operational communications like changes to our websites and services, security updates or assistance with using our services

Billing Communications

To analyse, aggregate and report

Legitimate Interest

Monitoring and improving our website and services (whether obtained directly or from third parties).

This is typically but not always anonymised analytics and reports.

To develop new sites and offerings in order to offer you new and more effective services.

To detect, investigate and report financial crime (e.g. Fraud) and ensure compliance with a legal obligation

Legal Obligation / Legitimate Interests

Developing and improving how we deal with financial crime. Complying with any legal obligation placed on us by regulators. Complying with any regulations that apply to us. Complying with legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. Process efficiency in dealing with such activity, and to make service and process improvements.

To undertake website and or service personalisation

Legitimate Interests

Developing products, services, applications and designs that attract and retain customers. Improving customer interaction with our sites. Defining types of customers for new products or services

Maintaining network and data security

Legitimate Interests

To maintain the security of our network this in turns helps us to maintain the safety and confidentiality of your information.

Logistics planning, demand forecasting, management information and research

Legitimate Interests

We use information about buying habits, services bought and volumes, to help us to respond to demand, ensure the right products get to the right areas and to help us plan our ranges.

 

Who do we share your information with and why?

There may be times when we need to share your data with third parties. We will only disclose your personal data to:

 

  • Third-party providers and partners who assist and enable us to use the personal data to support the delivery of services or functionality of services or to market services and products to you.

  • Regulators, law enforcement, government agencies, courts or other third parties where we think it's necessary to comply with applicable laws or regulations or to exercise, establish or defend our legal rights.

  • An actual or potential buyer and or its advisers in connection with a purchase, merger, or acquisition of any part of our business

  • Other people when we have your consent.

  • Payment processors

  • Sub processors who are vetted for GDPR compliance

  • Debt Recovery, Credit Checking Services and Fraud Prevention Services

 

 

Your Rights

Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data; request that your personal data is erased or corrected; request access to your personal data.  For more information or to exercise your data protection rights, please contact us at info@crystalserviceslimited.com.  You also have a right to complain to the Information Commissioner’s Office, which regulates the processing of personal data.

 

Keeping in touch with you

Crystal Services Ltd will not share your information with companies outside of those listed in “Who we share your information with and why”.

 

How long we keep your information?

If we collect your personal information, the length of time we retain it is determined by several factors including the purpose for which we use that information and our obligations under other laws. We may need your personal information to establish, bring or defend legal claims. For this purpose, we will always retain your personal information for 7 years after the date it is no longer needed by us for any of the purposes listed under How we use your information above. The only exceptions to this are where:

 

  • the law requires us to hold your personal information for a longer period or delete it sooner.

  • you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law.

  • we bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible; or

  • in limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period.

 

Security

Security is a priority for us when it comes to your personal data. We’re committed to protecting your personal data and have appropriate technical and organisational measures in place to make sure that happens.

 

 

 

What are your rights?

You are entitled to request the following from Crystal Services Limited, these are called your Data Subject Rights and there is more information on these on the Information Commissioners website www.ico.org.uk

 

  • Right of access –to request access to your personal information and information about how we process it.

  • Right to rectification –to have your personal information corrected if it is inaccurate and to have incomplete personal information completed.

  • Right to erasure (also known as the Right to be Forgotten) – to have your personal information erased. Email info@crystalserviceslimited.com

  • Right to restriction of processing – to restrict processing of your personal information.

  • Right to data portability - to electronically move, copy or transfer your personal information in a standard form.

  • Right to object - to object to the processing of your personal information

  • Rights with regards to automated individual decision-making, including profiling – rights relating to automated decision-making, including profiling.

 

If you have any general questions about your rights or want to exercise your rights, please contact info@crystalserviceslimited.com.  You have the right to lodge a complaint with a data protection regulator in Europe, in a country you work or live, or where your legal rights have been infringed.  Where your personal information has or is being used in a way that you believe does not comply with data, however, we encourage you to contact us before making any complaint and we will seek to resolve any issues or concerns you may have.  The contact details for the Information Commissioner’s Office (ICO), the data protection regulator in the UK, are available on the ICO website www.ico.org.uk

 

Version: Jul 2025

bottom of page