Privacy Policy

---

Privacy policy / Processing Notice

Crystalight LTD (“Crystalight”, “we”, “us”, “our”) is committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purposes of the Data Protection Act 1998 (the Act) and the General Data Protection Regulation ( “GDPR”), the data controller is Crystalight LTD, 251/253 Wells Road, Malvern, WR14 4JF

About Crystalight LTD

Crystalight LTD is a Property Investment and Management company (registered in England under number 03281350). The registered office is Registered Office: 6 Manor Park Business Centre, Mackenzie Way, Cheltenham, Gloucestershire GL51 9TX.

All written and oral information provided in our publications and through our services (including via the telephone) is given in good faith and aimed at those letting, and renting, residential and commercial property. Crystalight LTD, its officers or employees cannot be held responsible for any adverse effects or consequential losses following the provision of information given in good faith.

Crystalight LTD is committed to act in the best collective interests of our business and the wider sector.

Information we may collect from you

1. We require to process and retain certain of your personal information that you have provided to us. From time to time we may pass any or all of that personal information on to third parties who may carry out specific work on our behalf for processing. Full details of the personal information we hold, why we hold that information, how long it is held for and with whom that information is shared are set out in this Fair Processing Notice.

• In the event that we require your consent to process and retain any of your personal information we shall seek your written permission to do so separately.

• In terms of the EU General Data Protection Regulation 2016/6769 (hereinafter “GDPR”) and #*( UK Data Protection Act 1998– final title not yet confirmed at 11.04.18) you are entitled to request and inspect personal information of yours that we hold. Should you wish to inspect any personal information of you that we hold your request to inspect this should be made in writing and your request should detail the specific information that you are seeking. We will provide you with a copy of any personal information held (which constitutes “Personal Data” in terms of the GDPR) within one month of receipt of your written request.

Reasons/purposes for processing information

We process personal information to enable us as to carry out property management services; promote and advertise our services; maintain our own accounts and records; and support and manage our employees.

Type/classes of information processed

We process information relevant to the above reasons/purposes. This may include:

• personal details
• family details
• lifestyle and social circumstances
• employment and educations details
• goods and services
• financial details
• all information contained in references

We also process sensitive classes of information that may include:

• racial or ethnic origin
• religious or other beliefs
• trade union membership
• physical or mental health details

Who the information is processed about

We process personal information about:

• customers
• tenants
• professional advisers and consultants
• complainants, enquirers
• suppliers
• landlords
• employees

Who the information may be shared with

We sometimes need to share the personal information we process with the individual them self and also with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.

Where necessary or required we share information with:

• business associates
• suppliers of goods or services
• financial organisations
• credit reference agencies
• debt collection and tracing agencies
• local and central government
• police forces
• security organisations
• current, past and prospective employers
• employment and recruitment agencies
• educators and examining bodies
• other companies in the same group

Transfers

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA“). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfillment of your enquiry, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

Where we store your personal data

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA“). By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

All information you provide to us is stored on our secure servers and in paper file format that is kept in secure cabinets/locations in the offices we work from at Abbey College Malvern, 253 Wells Road, Malvern, WR14 4JF

Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted electronically; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

We will usually retain any data for 6 years after your last renewal or any other contact we have with you – unless you request earlier destruction.

Disclosure of your information

 We may disclose your personal information to third parties:

• If Crystalight LTD or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our website terms of use and other agreements; or to protect the rights, property, or safety of Crystalight LTD, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
• Where an enquiry regarding a possible complaint about you is received, we will confirm to the complainant or their representative your link to Crystalight LTD and may share information with the local authority.

Your rights

We aim to comply with the GDPR [General Data Protection Regulation] which includes the following rights for individuals:

• The right to be informed;
• The right of access;
• The right to rectification;
• The right to erasure;
• The right to restrict processing;
• The right to data portability;
• The right to object; and
• The right not to be subject to automated decision-making including profiling. Our lawful basis for processing your data is that you supplied it initially.

Access to information

The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act.

Changes to our privacy policy

Any changes we may make to our privacy policy will be notified to you by e-mail or to your address.

Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to rentals@crystalightltd.co.uk.