Our commitment to protecting your data under UK GDPR
Last updated: January 2024
crux-mate is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take the privacy and security of your personal data seriously and have implemented appropriate measures to protect it.
crux-mate is the data controller for the personal information we collect through our website and services. This means we determine how your data is used and are responsible for protecting it.
Contact Details:
crux-mate
14 Cathedral Road
Pontcanna, Cardiff CF11 9LJ
United Kingdom
Email: [email protected]
We only process personal data when we have a lawful basis to do so. The bases we rely on include:
Under UK GDPR, you have the following rights regarding your personal data:
You have the right to be informed about how we collect and use your personal data. This notice, along with our Privacy Policy, fulfils this requirement.
You can request a copy of the personal data we hold about you. We will respond to your request within one month.
You have the right to have inaccurate personal data corrected or completed if it is incomplete.
You can request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected.
You can ask us to limit how we use your data in certain circumstances.
Where processing is based on consent or contract and carried out by automated means, you can request your data in a structured, commonly used, machine-readable format.
You have the right to object to processing based on legitimate interests or for direct marketing purposes.
We do not use automated decision-making or profiling in ways that would have legal or similarly significant effects on you.
To exercise any of these rights, please contact us at [email protected]. We may need to verify your identity before processing your request. There is no fee for most requests, but we may charge a reasonable fee if your request is clearly unfounded or excessive.
As our services are designed for children and teenagers, we take extra care when processing their data. We obtain parental or guardian consent before collecting data about children under 13. Parents and guardians can review, modify, or delete their child's data at any time.
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.
We primarily store and process data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.
If you are not satisfied with our response to any complaint or believe our processing of your data does not comply with data protection law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk
We may update this GDPR notice from time to time. Any changes will be posted on this page with an updated revision date.