Under the General Data Protection Regulation (GDPR), we now have to supply data subjects with Fair Processing Notices (FPNs) that contain significantly more information than they do under the Data Protection Act 1998. This is in order to meet new requirements about being transparent and providing accessible information to customers / individuals about how we are going to use your personal data so that you are fully informed and are aware of how you can exercise rights under the GDPR.
What we need
Crystaline Communication Limited, hereafter referred to as “the controller” of the personal data you provide us, are registered at the following address: Boston House Business Centre, 69-75 Boston Manor Rd, Brentford TW8 9JJ.
Unless otherwise agreed with you, we will only collect basic personal data about you. This does not include any special categories of personal information about you (often referred to as “sensitive personal data”). This information does however, include the likes of you name, work address, email address and job title.
Why we need it
We require this data to provide you with the telecommunications services that you have requested from us, and to assert our right to be recompensed in return for these services, as per the services agreement or contract we have with you. If you do not provide this information then we will be unable to provide the telecommunications services that you have requested. We will not collect any personal data from you that we do not require and oversee the services we have agreed to provide you with.
What we do with it
All the personal data we hold about you will be processed by our staff in the United Kingdom, and no third parties will have access to your personal data unless there is a legal obligation for use to provide them with it. Please be aware however, that your information may be stored on a cloud based system whose servers are located within the European Union.
We take all reasonable steps to ensure that your personal data is processed securely.
We understand that the possession of data can carry an inherent risk. This is why we are implementing a system where we assess all risks associated with your information, after which we will be using these assessments to implement the most effective method of security.
How long we keep it
We will generally keep your data for a minimum of 3 years, after which time it will be destroyed if it no longer required for the lawful purposes for which it was obtained. If you consent to marketing, any information we use for this purpose will be kept with us until you notify us that you no longer wish to receive this information. More information on our retention schedule can be found on our website.
What we would also like to do with it
We would like to send you information about our own products and services, by post, telephone, email and SMS. Please note that if you consent to being sent our marketing information via email then your data will be shared with and you will be contacted by the third party organisation Mailchimp, who will make this contact on our behalf.