The policy sets out the obligations and requirements of the Users, the Website and the Company, and details the ways in which the Website processes, stores and protects user data and information.
refers to www.crystalclear.systems
refers to Crystal Clear Systems Limited, registered in England and Wales, Number 06697653. Registered Office: Enterprise House, 5 Roundwood Lane, Harpenden, Hertfordshire AL5 3BW.
refers to any visitor to the Website
The Website and the Company take a proactive approach to privacy and ensure that the necessary steps are taken to protect the privacy of the User.
The Website complies with all UK national laws and requirements for user privacy.
A cookie is a small file which is placed on your computer’s hard drive when you visit a website. You have the option to accept or reject cookies, although if you reject them there is generally a detrimental effect on site performance. If you accept them, the file is downloaded and helps analyse web traffic and allows the site to recognise you as an individual. Cookies may store preferences that you might set for a site, such as language.
Accepting a cookie from the Website in no way exposes any personally identifiable information to the Company. Should a cookie collect the IP Address (a number that can be traced to the network or internet provider through which you access the internet) the Company hereby confirms that there is no process in place whereby that information is examined for marketing purposes beyond identifying the country concerned.
The Company does not operate a process whereby visits to the Website are traced and followed up in the event of no interaction taking place during the visit.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from the Website.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
After approval of your comment, your profile picture is visible to the public in the context of your comment.
The Website uses tracking software to monitor its visitors to better understand how they use it. This software is provided by Google Analytics and employs cookies to track visitor activity. These cookies will track and monitor your engagement and usage of the Website, but will not store, save or collect personal information.
General Data Protection Regulations
The Company is registered for data protection with the Information Commissioner’s Office. The current certificate can be viewed here.
What data is collected?
The Company may hold the following personal information:
- Name and employment status (job title)
- Contact information, including landline and mobile telephone numbers, and email addresses
- Address details
- Notes relevant to the current status of any enquiry or ongoing project
What is the data collected used for?
The Company uses the data held solely for internal administration and record keeping, and it is retained for the legally required period of time.
We do not supply any details to any third party, unless requested or required to do so by law.
Where is the data held?
The Company makes use of Microsoft’s Office 365 service, and data is held within this environment. According to currently available Microsoft information, this means datacentres within the UK at Durham and London.
The Company uses the accounting system Xero, which contains identifiable information, including email addresses, of any person with whom the company has conducted a financial transaction. This data is held in the United States of America, and Xero is working to ensure full GDPR compliance, as outlined in their updates here.
The Company makes some use of the file storage service Dropbox to share and collaborate with clients and associates. In general the material being shared is not personal data, although it may be commercially sensitive. The Company ensures that a minimum amount of data is shared in this manner, and any shared folders are deleted once a project has concluded. Dropbox is not used by the Company for long-term storage of any documents or data.
The Company makes some use of Google Drive for collaboration with clients and associates. In general the material being shared is not personal data, although it may be commercially sensitive. The Company currently holds some archived documents in Google Drive, which are being assessed and deleted if not required (as at April 2018). Any documents that need to be retained are being moved to the Microsoft OneDrive environment.
The Company makes some use of Amazon Cloud Storage for some archive document storage. These documents are being assessed and deleted if not required (as at April 2018). Any documents that need to be retained are being moved to the Microsoft OneDrive environment.
The Company holds desktop computers, laptops and tablets and mobile phones. The laptops and tablets contain a certain amount of personally identifiable customer details, in the form of emails and documents which are synchronised with the Company’s Microsoft Office 365 OneDrive. The Company has a policy of synchronising only those folders to which access is needed from client premises, or other remote locations.
Mobile phones contain emails and telephone numbers in the form of contact records.
The Company employs BitLocker encryption on portable devices, and mobile phones are encrypted with a passcode required to access the data, and are set to erase all data after a certain number of unsuccessful attempts to enter the PIN.
Control of personal information
The Company will supply details of any personal information held upon request, and reserves the right to make a small administrative charge in such cases.
If you believe that any information that the Company may hold about you is incorrect, please submit a request for change via the contact form on the Website. The Company will promptly make any required corrections.
In the event of a data breach, as the Company is registered with the Information Commissioner’s Office for data protection, there is a duty to report any breach within 72 hours of becoming aware of it.
The Company defines a data breach as:
- access by an unauthorised third party;
- deliberate or accidental action (or inaction) by a controller or processor;
- sending personal data to an incorrect recipient;
- computing devices containing personal data being lost or stolen;
- alteration of personal data without permission;
- loss of availability of personal data.
The Company understands that any individual or business likely to be subject to a high risk as a result of any breach has a right to be notified without delay and notes that no data is held on servers belonging to, and under the sole control of, the Company, but only on the servers of third-party providers (specifically and primarily Microsoft).
Any client data compromised as a result of the loss or theft of a laptop, tablet or mobile phone belonging to the Company is fully encrypted, and mobile devices contain only the data to which mobile access is required.
Referrals and Sponsored Links
Should the Website ever use referral programs, sponsored links or adverts, these may in turn employ cookies to monitor activity like conversion and referral tracking. Such cookies typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.
Contact & Communication
Users contacting the Website and/or the Company do so at their own discretion, and provide any such personal details requested at their own risk. Personal information is kept private and stored securely until such time as it is no longer required or has no use, as detailed in the Data Protection Act 1998.
Every effort has been made to ensure a safe and secure form to email submission process but such processes are used at the exclusive risk of the User..
The Website and the Company may use any information submitted by the User to provide details about the products and services they offer, or to assist in answering any questions, or to follow up on an earlier enquiry should that be relevant.
This may include using details to subscribe the User to any email newsletter program the Website operates. This will only happen if it was made clear to the User at the time of submission that permission was being given for such a service.
Details submitted by the User are never passed on to any third parties.
Although the Website makes every effort to include only safe and relevant external links, the User is advised to be cautious before clicking any links on the Website.
Neither the Website not the Company can guarantee or verify the contents of any externally link on a permanent basis, despite their best efforts, as external content is always subject to change. The User should therefore note that they click on external links at their own risk and the Website or the Company cannot be held liable for any damages or implications, however caused, incurred by visiting these links.
Adverts and Sponsored Links
The Website may rarely contain sponsored links and adverts. These will typically be served through partners, who will have their own detailed privacy policies relating directly to the adverts they serve.
Social Media Platforms
Communication, engagement and actions taken through external social media platforms, on which the Website and the Company participate, are subject to the terms and conditions as well as the privacy policies of each respective platform.
The User is advised to use social media platforms with due care. The Company will never ask for personal or sensitive information via social media platforms and would encourage the User to make contact through primary communication channels such as telephone or email.
The Website may use social sharing buttons which help share web content directly from web pages to the social media platform in question.
The User is advised that the social media platform may track and save any request to share a web page respectively through the User’s own social media platform account.
Shortened Links in Social Media
The Website or the Company may share web links to relevant web pages. By default some social media platforms shorten lengthy URLs (website addresses) using an external service such as bit.ly, t.co, tinyurl, or goo.gl (there are dozens of equivalents) .
The User is advised to exercise caution before clicking any shortened URLs published on social media platforms by the Website or the Company. Despite every effort to ensure that only genuine URLs are published, many social media platforms are prone to spam and hacking and therefore neither the Website nor the Company can be held liable for any damages or implications caused by visiting such shortened links.
Resources and Further Information
- Data Protection Act 1998
- Privacy and Electronic Communications Regulations 2003
- Privacy and Electronic Communications Regulations 2003 – The Guide
- Guide to the General Data Protection Regulation (GDPR)