Last updated: January 2024

Our Commitment to Data Protection

crux-mate is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take the privacy and security of your personal data seriously and have implemented appropriate measures to protect it.

Data Controller

crux-mate is the data controller for the personal information we collect through our website and services. This means we determine how your data is used and are responsible for protecting it.

Contact Details:
crux-mate
14 Cathedral Road
Pontcanna, Cardiff CF11 9LJ
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We only process personal data when we have a lawful basis to do so. The bases we rely on include:

Your Data Subject Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right to Be Informed

You have the right to be informed about how we collect and use your personal data. This notice, along with our Privacy Policy, fulfils this requirement.

Right of Access

You can request a copy of the personal data we hold about you. We will respond to your request within one month.

Right to Rectification

You have the right to have inaccurate personal data corrected or completed if it is incomplete.

Right to Erasure

You can request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected.

Right to Restrict Processing

You can ask us to limit how we use your data in certain circumstances.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you can request your data in a structured, commonly used, machine-readable format.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision Making

We do not use automated decision-making or profiling in ways that would have legal or similarly significant effects on you.

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected]. We may need to verify your identity before processing your request. There is no fee for most requests, but we may charge a reasonable fee if your request is clearly unfounded or excessive.

Processing of Children's Data

As our services are designed for children and teenagers, we take extra care when processing their data. We obtain parental or guardian consent before collecting data about children under 13. Parents and guardians can review, modify, or delete their child's data at any time.

Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

Data Breaches

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

International Transfers

We primarily store and process data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

Supervisory Authority

If you are not satisfied with our response to any complaint or believe our processing of your data does not comply with data protection law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk

Updates to This Notice

We may update this GDPR notice from time to time. Any changes will be posted on this page with an updated revision date.