GDPR Compliance

Your data protection rights

Our Commitment to Data Protection

Crystal Hatch is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller

Crystal Hatch is the data controller responsible for your personal data. Our contact details are:

Crystal Hatch
42 Harborne Park Road
Harborne
Birmingham
B17 0BH
United Kingdom
Email: [email protected]

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

1. Right to Be Informed

You have the right to know how we collect and use your personal data. This information is provided in our Privacy Policy.

2. Right of Access

You can request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond within one month of receiving your request.

3. Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected or completed.

4. Right to Erasure (Right to Be Forgotten)

In certain circumstances, you can request that we delete your personal data. This right is not absolute and only applies in specific situations defined by GDPR.

5. Right to Restrict Processing

You can request that we restrict how we use your personal data in certain circumstances, such as when you contest the accuracy of the data.

6. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

7. Right to Object

You have the right to object to processing of your personal data based on legitimate interests, direct marketing, or processing for research or statistical purposes.

8. Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. We do not currently use automated decision-making processes.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

Please include your full name, contact information, and details of your request. We may need to verify your identity before processing your request.

Response Times

We will respond to your request within one month of receipt. In complex cases, we may extend this period by up to two additional months, and we will inform you if this is necessary.

Lawful Basis for Processing

We process personal data under the following lawful bases:

Data Protection Principles

We ensure that all personal data is:

International Data Transfers

We do not transfer personal data outside the United Kingdom. If this changes, we will ensure appropriate safeguards are in place and inform you accordingly.

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach.

Children's Data

We take special care when processing data of children under 16. Parental or guardian consent is obtained where required, and parents have the right to access, rectify, or delete their child's data.

Complaints

If you believe we have not handled your data properly, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk

Updates to This Statement

We may update this GDPR compliance statement from time to time. Please check this page regularly for updates.