Privacy Notice

Introduction

It is a legal requirement to inform consumers or businesses on how we will process, store and share their data. This is done by publishing a Privacy Notice that is made available to anyone who wishes to see their rights before they submit any information to us.

Privacy Policy

Crystal Collections Ltd. is a Processor of Data. Our clients share data with us to enable us to provide our service to them. We do not store data for marketing purposes. We only process the data for the purpose in which it was shared with us for. When using the term “Personal Data” in our Privacy Policy, we mean information that relates to a living person and allows us to identify that person, either directly or in combination with other information that we may be given. Personal Data may include, for example, full names, contact details like mobile numbers and email addresses. We will also be told which motor vehicle a person uses that is secured by a finance agreement, the vehicle’s description and number plate and the creditor that supplied the finance for that vehicle.

How and why we use your Personal Data

We use your Personal Data for the following purposes:

  • To provide our contracted service to our clients.
  • To facilitate an open communication channel between you and your finance provider.
  • To inform the finance provider of information you have supplied to us, ensuring that your personal information is accurate and up to date.
  • To ensure any inaccurate information held by your finance provider is rectified as quickly as possible.
  • To enable your finance provider to respond effectively to any Data Subject Access Requests made regarding what personal information is held about you.
  • To liaise with your finance provider to exercise your right to the erasure of your data to prevent further or unnecessary processing that is not relevant to purpose.

Sensitive Personal Data

To provide our contracted services to our clients, we may process information that could reveal other such information that is considered “Sensitive Personal Data”. This information most often includes, data relating to a person’s health, but can also refer to sexual orientation, race, ethnic origin, political opinion, religion, membership of a trade union, and genetic or biometric data. Crystal Collections Ltd. will only process health information as a rule and only when a person has given their explicit consent for us to do so. This could be shared via a finance provider or directly if permission were given to a Crystal Collections’ agent or you have deliberately made it public.

By providing any Sensitive Personal Data to us, you need to explicitly agree that we may collect and share it with your finance provider with information on your behalf and in accordance with this Privacy Policy. A person always holds the right to have the data removed unless we are legally contracted to retain it.

If consent is not given to process any Sensitive Personal Data, this may mean we are unable to assist customers with issues that they may wish us to raise with their finance service provider. For Example: a health issue that resulted in loss of work and then income, that resulted in your finance provider engaging us.

Communicating with You

To manage our relationship with any customer on behalf of a finance provider, occasionally we may need to contact the customer by telephone, email and/or SMS for administrative or operational reasons, for example, to send you confirmation of a vehicle collection appointment date and time.

Please be aware that these communications are business communications, they are not made for marketing purposes and should not be deemed as such.

Your feedback

A customer’s opinion is very important to us, so we may send correspondence to customers to seek their feedback on our service provision.

We will use the communication methods exchanged with us by the customer or their finance provider. Feedback is used to assess our processes and where applicable they will be amended, and our policies reviewed. We will use this feedback to improve our service and ensure better compliance with legislation. It also helps us to manage our relationship with a customer on behalf of their finance provider and to improve the customer experience.

Requesting access to your Personal Data

Everyone has a right to request access to any Personal Data that is held about them. This could include email address, telephone numbers and address history.

If you would like to request a copy of your personal data, please contact us detailing your request via our Managing Director, Rhys Hellen: Rhys.Hellen@crystalcollections.com.

Security of your Personal Data

We are committed to taking appropriate technical and organisational measures to protect Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, or damage. When data is provided through our website this information is transmitted across the internet securely using high-grade encryption.

Furthermore, Crystal Collections Ltd. is a PCI DSS compliant organisation. This means that we adhere to high security standards to protect customer payment card details if this information is given.

We may in some instances share your Personal Data with a third party. When Crystal Collections Ltd. takes this action, we require that the third party has appropriate technical and organisational measures in place to protect Personal Data. However, in some instances we may be compelled by law to disclose Personal Data, such as law enforcement agencies, and therefore have limited control over how it is protected by that party from therein.

The information that you provide to us will be electronically stored in our systems, which are located on our premises or those of an appointed contracted third party. We may also allow access to your information by other third parties who act for us for the purposes described in this Privacy Policy or for other purposes approved by you.

The security of Personal Information is important to us, however, please be aware that no method of transmission over the Internet, or method of electronic storage, is 100% secure. Whilst we strive to use commercially acceptable means to protect Personal Information, we cannot guarantee its absolute security.

Change of Purpose for Storage of your Personal Data

We will only use Personal Data for the purposes for which we process it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Automated decision-making

Crystal Collections Ltd. procedures do not involve automated decision- making processes, therefore the Personal Data we hold about you will not be impacted upon automated decision-making whilst we are processing your data.

Data Retention

We will retain personal information from the date of receipt for no less than a 6-year period in an encrypted format to a maximum period of 10 years.

We retain personal information for this period so that we can show that we have not discriminated against anyone on prohibited grounds and that we have also conducted the processing of the data in a fair and transparent way. After this period, unless separately legally required to retain the information, we will securely destroy personal information in accordance with our data retention policy and the applicable laws and regulations.

If we wish to retain personal information on file for a period beyond the above, we will write to the people concerned separately, seeking their explicit consent to retain their personal information for a further fixed period on that basis. In some circumstances we may anonymize the personal information so that it can no longer be associated with a living person, in which case we may use such information without further notice.

Cookies or other Tracking Technologies

To improve our services, and to analyse how visitors use our website, we may use technologies, such as cookies, pixels or tracking software. Please be aware that in most cases we will not be able to identify a person from the information we collect using these technologies.

We also use cookies in our website and in our emails. Cookies are small pieces of information stored by a browser on a person’s computer’s hard drive. They enable a person to navigate our website or any other website.

Cookies can be deleted if a person wishes, while certain cookies are necessary for viewing and navigating websites including ours. This means that if the use of cookies is not accepted, a person may not be able to use some portions of our Site.

Links to Other Sites

Our Site may contain links to other sites that are not operated by us. If a person clicks on a third- party link, they will be directed to that third party’s site. We strongly advise that visitors review the Privacy Policy of every site you visit.

Updates to our Privacy Policy

We may make changes to this Privacy Policy from time to time which may include any new data protection legislation. We will publish on our website any new version of this Policy.

Contact information for Data Protection matters

We have an allocated the oversight of data protection to our Managing Director; Rhys Hellen, who oversees compliance with this privacy notice and all things related to data protection. If you have any questions about this privacy notice or how we handle your personal information, please contact our director by emailing Rhys.Hellen@crystalcollections.com

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for Data Protection Issues.

Telephone: 0303 123 1113

Website: www.ico.org.uk

ISO 9001 ISO 14001 ISO 27001 Business in the Community CSA FLA