It is a legal requirement to inform consumers or businesses on how we will process, store and share their data. This is done by publishing a Privacy Notice that is made available to anyone who wishes to see their rights before they submit any information to us.
How and why we use your Personal Data
We use your Personal Data for the following purposes:
- To provide our contracted service to our clients.
- To facilitate an open communication channel between you and your finance provider.
- To inform the finance provider of information you have supplied to us, ensuring that your personal information is accurate and up to date.
- To ensure any inaccurate information held by your finance provider is rectified as quickly as possible.
- To enable your finance provider to respond effectively to any Data Subject Access Requests made regarding what personal information is held about you.
- To liaise with your finance provider to exercise your right to the erasure of your data to prevent further or unnecessary processing that is not relevant to purpose.
Sensitive Personal Data
To provide our contracted services to our clients, we may process information that could reveal other such information that is considered “Sensitive Personal Data”. This information most often includes, data relating to a person’s health, but can also refer to sexual orientation, race, ethnic origin, political opinion, religion, membership of a trade union, and genetic or biometric data. Crystal Collections Ltd. will only process health information as a rule and only when a person has given their explicit consent for us to do so. This could be shared via a finance provider or directly if permission were given to a Crystal Collections’ agent or you have deliberately made it public.
If consent is not given to process any Sensitive Personal Data, this may mean we are unable to assist customers with issues that they may wish us to raise with their finance service provider. For Example: a health issue that resulted in loss of work and then income, that resulted in your finance provider engaging us.
Communicating with You
To manage our relationship with any customer on behalf of a finance provider, occasionally we may need to contact the customer by telephone, email and/or SMS for administrative or operational reasons, for example, to send you confirmation of a vehicle collection appointment date and time.
Please be aware that these communications are business communications, they are not made for marketing purposes and should not be deemed as such.
A customer’s opinion is very important to us, so we may send correspondence to customers to seek their feedback on our service provision.
We will use the communication methods exchanged with us by the customer or their finance provider. Feedback is used to assess our processes and where applicable they will be amended, and our policies reviewed. We will use this feedback to improve our service and ensure better compliance with legislation. It also helps us to manage our relationship with a customer on behalf of their finance provider and to improve the customer experience.
Requesting access to your Personal Data
Everyone has a right to request access to any Personal Data that is held about them. This could include email address, telephone numbers and address history.
If you would like to request a copy of your personal data, please contact us detailing your request via our Managing Director, Rhys Hellen: Rhys.Hellen@crystalcollections.com.
Security of your Personal Data
We are committed to taking appropriate technical and organisational measures to protect Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, or damage. When data is provided through our website this information is transmitted across the internet securely using high-grade encryption.
Furthermore, Crystal Collections Ltd. is a PCI DSS compliant organisation. This means that we adhere to high security standards to protect customer payment card details if this information is given.
We may in some instances share your Personal Data with a third party. When Crystal Collections Ltd. takes this action, we require that the third party has appropriate technical and organisational measures in place to protect Personal Data. However, in some instances we may be compelled by law to disclose Personal Data, such as law enforcement agencies, and therefore have limited control over how it is protected by that party from therein.
The security of Personal Information is important to us, however, please be aware that no method of transmission over the Internet, or method of electronic storage, is 100% secure. Whilst we strive to use commercially acceptable means to protect Personal Information, we cannot guarantee its absolute security.
Change of Purpose for Storage of your Personal Data
We will only use Personal Data for the purposes for which we process it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Crystal Collections Ltd. procedures do not involve automated decision- making processes, therefore the Personal Data we hold about you will not be impacted upon automated decision-making whilst we are processing your data.
We will retain personal information from the date of receipt for no less than a 6-year period in an encrypted format to a maximum period of 10 years.
We retain personal information for this period so that we can show that we have not discriminated against anyone on prohibited grounds and that we have also conducted the processing of the data in a fair and transparent way. After this period, unless separately legally required to retain the information, we will securely destroy personal information in accordance with our data retention policy and the applicable laws and regulations.
If we wish to retain personal information on file for a period beyond the above, we will write to the people concerned separately, seeking their explicit consent to retain their personal information for a further fixed period on that basis. In some circumstances we may anonymize the personal information so that it can no longer be associated with a living person, in which case we may use such information without further notice.
Cookies or other Tracking Technologies
To improve our services, and to analyse how visitors use our website, we may use technologies, such as cookies, pixels or tracking software. Please be aware that in most cases we will not be able to identify a person from the information we collect using these technologies.
Links to Other Sites
Contact information for Data Protection matters
We have an allocated the oversight of data protection to our Managing Director; Rhys Hellen, who oversees compliance with this privacy notice and all things related to data protection. If you have any questions about this privacy notice or how we handle your personal information, please contact our director by emailing Rhys.Hellen@crystalcollections.com
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for Data Protection Issues.
Telephone: 0303 123 1113