INTRODUCTION
- This Privacy Policy applies to the personal data Cristal ITS collects and process through the provision of products and services to prospective and existing customers. Cristal ITS do not market their services to individual consumers only those who are considered commercial entities
- For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation 2018 the company responsible for your personal data is Cristal ITS
- It is important to point out that we may amend this Privacy Policy from time to time. Please just visit this page if you want to stay up to date, as we will post any changes here or follow the links in relevant emails regarding our GDPR and Data Privacy policies
- If you are dissatisfied with any aspect of our Privacy Policy, you may have legal rights and, where relevant, we have described these as well
- This Privacy Policy applies in relevant countries throughout our international network. Different countries may approach data privacy in slightly different ways and so we also have country-specific parts to this Privacy Policy. This allows us to ensure that we're complying with all applicable data privacy protections, no matter where you are due to our processing of personal data being conducted within the UK
- What kind of personal data do we collect and how is it processed?
CLIENT DATA
If you are a Cristal ITS customer, we need to collect and use information about you, or individuals at your organisation, in the course of providing you with Managed Services or hardware sales support. Our CRM records are retained within security protected storage environments with appropriate user controls to prevent unauthorised access
We hold your personal data in respect of your work contact details including:
- Name
- Job title
- Work telephone and email address
The processing applied to this data is either as part of the performance of a contract or due to an individual being party to the performance of contract is necessary and therefore supported by the consent provided by our contractual dealings with clients.
CRISTAL ITS retains a legitimate interest for the retention of commercial contact data if we have historically provided quotations to an organisation via a specified individual.
To the extent that you access our website we will also collect certain data from you. If you would like more information about this please review our Cookies Policy.
Should we be required to process additional information for the purposes of Managed Services this will be in response to specific instructions covered by a defined scope of works and subject to this policy.
CRISTAL ITS may send marketing emails to those within our CRM about offers, products or new services. All such communications will be compliant with the GDPR and Privacy and Electronic Communications Regulations 2003 (PECR) and provide unsubscribe options for those who do not wish to receive such communications but still receive ongoing service and sales support from CRISTAL ITS.
SUPPLIER DATA
We need a small amount of information from our Suppliers to ensure that things run smoothly. We need contact details of relevant individuals at your organisation so that we can communicate with you. We also need other information such as your bank details so that we can pay for the services you provide (if this is part of the contractual arrangements between us) however as these are related to the businesses we trade with they are not considered as personal data.
We hold your personal data in respect of your work contact details including:
- Name
- Job title
- Work telephone and email address
The processing applied to this data if part of the performance of a contract or as you are party to the performance of contract is necessary and therefore supported by the consent provided by our contractual dealings with clients.
WEBSITE USERS
When accessing our website, we will learn certain information about you during your visit. How we will handle information we learned about you depends upon what you do when visiting our site.
If you visit our site to read or download information on our pages, we collect and store only the following information about you:
- The name of the domain from which you access the Internet
- The date and time you access our site;
- The Internet address of the website you used to link directly to our site.
We use "cookies" that tell when pages in our site are visited, and by how many people. Our cookies do not collect personally identifiable information and we do not combine information collected through cookies with other personally identifiable information to tell us who you are or what your screen name or email address is. We may use software programs to create summary statistics to assess certain information, including the number of visitors to the different sections of our site, what information is of most and least interest, the need for technical design specifications, and to identify system performance or problem areas.
For site security purposes and to ensure that this service remains available to all users, we use software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage.
Information about you
We do not collect personally identifiable information about individuals who visit our site except when the information is specifically provided on a voluntary basis. If you identify yourself by sending us an e-mail containing personal information, then the information collected will be solely used to respond to your message.
We may contact you regarding our products or related services. Our customers may receive information from us regarding special events, press releases, news of complementary products from our strategic partners, and/or product-specific technical information including security bulletins and notifications of upgrades.
Keeping Personal Information Secure
CRISTAL ITS uses appropriate technical, administrative and physical procedures to safeguard your personal information and prevent unauthorized access or disclosure.
Links to Non-CRISTAL ITS Websites
For your convenience and information, this site may contain links to third party websites. CRISTAL ITS is not responsible those sites or their privacy practices, which may differ from CRISTAL ITS’s practices. CRISTAL ITS does not endorse or make any representations about third-party websites. The personal data you choose to provide to or that is collected by third-party sites is not covered by CRISTAL ITS’s Privacy Policy.
Minors
CRISTAL ITS does not target its website to children under the age of 13 and does not knowingly collect personally identifiable information from children under the age of 13. In the event CRISTAL ITS determines that a person with respect to whom it has collected personally identifiable information is under the age of 13, CRISTAL ITS will promptly delete or destroy that information.
Sites covered by this Privacy Statement
This Privacy Statement applies to all CRISTAL ITS-owned websites and domains and the websites and domains of CRISTAL ITS’s wholly owned subsidiaries.
Cristal ITS Privacy policy changes
CRISTAL ITS reserves the right to change this policy at any time. Any changes to the Policy will be posted on our website. This statement and the policies outlined here are not intended to and do not create any contractual or other legal rights in or on behalf of any party.
How do we collect your personal data?
CLIENT DATA
There are two main ways in which we collect your personal data:
• Directly from you; and
• From your employer with whom we hold formal contractual agreements for the processing of personal data to support the provision of Managed Services or Sales Support activity
Who do we share your personal data with?
CLIENT DATA
If you are a Cristal ITS customer, we need to collect and use information about you, or individuals at your organisation, in the course of providing you with:
- Managed Services provision
- Sales Support activity
- Or assisting another organisation in support of our overall provision of services
- Our supply chain is risk assessed and we hold suitable due diligence information on file for each member of our supply chain to provide an assurance of their ability to effectively process personal data and ensure it remains secure and not disclosed to unauthorised resource or unnecessarily processed.
SUPPLIER DATA
CRISTAL ITS collects limited data on behalf of our supply chain and uses this for the purposes of procuring products and services from them to support our business and its internal administration and external customer facing obligations and commitments.
This data and it’s processing is limited to the contractual agreements we hold with our suppliers and is not processed in any other way that the servicing of our relationship and the provision of your services either directly or indirectly to us or our client base.
Any personal data provided to our supply chain the fulfillment of our customer facing obligations must be used only for the purpose it has been provided and must not be retained for use and processing by the supply once such activities has been completed.
Safeguarding Personal Data
CRISTAL ITS operates a robust and effective security measures to protect our commercial data from unauthorised access, manipulation or denial.
All contact details for customers sit within our CRM database which is hosted within our secure data processing network. CRISTAL ITS only use class leading service providers and have layered security mechanisms for user access, permissions and device management.
Our information security risk management is aligned within ISO27001 and we are seeking certification to this standard to place increased verification on our security planning and management.
How long do we keep your personal data for?
We consider the retention of commercial to be relevant and of legitimate interest to both parties and therefore such data will be retained on file until such time consent is withdrawn. Cristal ITS will undertake necessary steps to ensure that the data remains accurate and will contact you to verify the validity of the data we hold
How can you access, amend or take back the personal data that you have given to us?
Even if we already hold your personal data, you still have various rights in relation to it. To get in touch about these, please contact us enquiries@cristalits.co.uk. We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of any applicable laws. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
Right to object
If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases upon notification to the data subject). Generally, we will only disagree with you if certain limited conditions apply.
Right to withdraw consent
Where we have obtained your consent to process your personal data for certain activities or consent to market to you, you may withdraw your consent at any time subject to the contractual agreement covering the processing. As an individual data subject our processing of you data will be limited to those actions relating to existing contractual agreements or under our legitimate interest of providing goods and services to you
Data Subject Access Requests (DSAR)
You have the right to ask us to confirm what information we hold about you at any time, and you may ask us to modify, update or delete such information. At this point we may comply with your request or, additionally do one of the following:
- We may ask you to verify your identity, or ask for more information about your request; and
- Where we are legally permitted to do so, we may decline your request, but we will explain why if we do so
Right to erasure
In certain situations (for example, where we have processed your data unlawfully), you have the right to request us to "erase" your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply.
If we do agree to your request, we will delete your data but will generally assume that you would prefer us to keep a note of your name on our register of individuals who would prefer not to be contacted. That way, we will minimise the chances of you being contacted in the future where your data are collected in unconnected circumstances. If you would prefer us not to do this, you are free to say so.
Right of rectification
If the data we hold on you is incorrect you have the right to notify us and we shall update our records accordingly to ensure that they remain valid. CRISTAL ITS shall reasonable steps to maintain the accuracy of our data sets in order to continue to provide you with industry leading service however sometimes details alter and we shall make every effort to maintain accurate records.
Right of data portability
If you wish, you have the right to transfer your data from us to another data controller. We will help with this either by directly transferring your data for you, or by providing you with a copy in a commonly used machine-readable format.
Right to lodge a complaint with a supervisory authority (the ICO)
You also have the right to lodge a complaint with the ICO. If your interests or requirements change, you can unsubscribe from part or all of our marketing content (for example job role emails or Cristal ITS’s newsletters) by clicking the unsubscribe link in the email, or by updating your preferences through our preference centre on the Cristal ITS’s website (by signing into your account or entering your email address).
How do we store and transfer your data internationally?Cristal ITS’s is a global organisation – this is what enables us to offer the level of services that we do. In order for us to continue operating in this way, we may have to transfer or store your data internationally.