This Privacy Statement defines how Crystalline Swimming Pools and Spas LTD (i.e. the Company) collects and uses the data.
The personal data processing is handled cautiously as obliged by the General Data Protection Regulation (GDPR 2016/679), the applicable Cypriot legislation on the protection of personal data, as well as any other potentially applicable National and European legislation for specific areas of law, including the Electronic Communications and Postal Services Regulation (Law 112(I)/2004, as applicable).
What does “Personal Data” Signifies?
Personal data refers to any information that directly or indirectly identifies a person. Indirect identification is conducted in conjunction with additional information, such as name, postal or email address, a phone number, or possibly a unique device identification number.
Collection of Information
The Company may gather information when a person/user:
- Registers as a customer or a member in a database or registers to receive notifications via e-mail, sms or other commercial communication channels
- Places an order on our website www.crystalline.com.cy
- Participates in contests/competitions
- Accesses the website via another platform (apps, IOS, Android, Facebook, Google)
- Navigates the website using cookies and similar technologies (learn more about the cookies policy below)
- Communicates with the company (i.e. via email, social media, phone)
- Interacts with advertisements and apps from the Company and/or third parties, where a link to this Statement is included.
While filling out the order form on our website (www.crystalline.com.cy), you will be prompted to give the following information:
- name
- address
- post code
- phone
- payment method (of the order) and credit card details
Your data may be used by the Company for the following purposes:
- To contact you regarding the delivery of an order; confirm and identify you if and where is necessary; provide information about new or alternative items offered; inform you about special offers; arrange the receipt of prizes following a contest draw or the receipt of personalized gifts.
- To meet regulatory requirements if needed, such as validating your age and status as a user of our products
- To provide sales services to you, such as processing your requests/orders/payments or resolving queries you may have, as well as providing warranty services
- To support all the above along with managing your accounts, the ability to use contact points, to communicate with you, personalize your experience, and manage/resolve any issues.
- To serve legal or compliance purposes, such as preventing, detecting, or investigating a crime, preventing loss, fraud, or any other improper use of our products and services, for internal/external auditing, information security, or to defend and apply our rights to privacy, security, property or third parties.
Access to Information & Use of Personal Data:
By providing your personal information you acknowledge that it will be used by the Company’s employees and partners for the purposes stated above.
Unless compelled by law, the Company is prohibited from sharing your personal information with others without your prior consent. However, if required by law or it is based on a court order, it is permissible to collect, use, and reveal your personal data that has been obtained online without your previous consent.
We will notify you in advance if we intend to use personal information processed with your consent for purposes other than those specified in such consent, while in circumstances where the processing is based on your consent, we will use your personal data for different purposes only with your permission.
We may use the information we have acquired as part of our existing customer relationship to alert you about products or services, but you may object to such usage at any moment, whether during the collection of your data or whenever you send a message. Follow the instructions in the email you receive to stop receiving marketing communications.
Transfer of Businesses
Please be advised that we will transmit data in the scenario of any reorganisation, restructuring, merger or sale, or other transfer of assets (known as “Transfer of Businesses”). The data being transferred will include personal information – on a reasonable extent – and as required for the Transfer of Businesses, provided that the receiver agrees to respect your personal information in accordance with applicable data protection legislation. We will continue to protect the confidentiality of any personal data and will notify impacted individuals if the personal data is subject to a different privacy policy.
Children’s Personal Data
In compliance with the current local law, the Company will not collect or handle personal data of minors under the age of 16, unless parental consent is obtained; if we discover that a child’s personal information was gathered inadvertently, we will remove it immediately.
Sensitive Data
In certain occasions, we may process specified types of personal data about you, known as “sensitive data”. This may be sensitive dada you have made public and if necessary we may process it to establish, prosecute, or defend legal claims. Additionally we may use your sensitive data if you have freely provided prior and separate permission in a specific context for a specific purpose.
Transaction security
The Company is committed to protecting the privacy and confidentiality of the data it gathers from users to its website; therefore it has implemented procedures to safeguard users’ data against unauthorised access or disclosure, loss or misuse, and modification or destruction, ensuring that (this data) is accurate and handled correctly.
Your connection is secure since it employs TLS technology with a 256-bit key. TLS technology uses a key code to encrypt data before it is transmitted over the (TLS) connection.
The unique key code ensures secure connection between the data and the server. Browsers such as Internet Explorer, Mozilla Firefox, and Safari support the TLS protocol and should be used to connect to the www.crystalline.com.cy website.
Our information security policies and processes are closely linked with widely acknowledged international standards and are evaluated and updated on a regular basis, as needed, to suit our business needs, technological advances, and regulatory obligations.
In the unlikely scenario of an incident of data breach involving personal information, the Company shall comply with any laws or regulations requiring breach notification.
Your Legal Rights
The Company will respect and protect your legal rights and thoroughly address any issues you may have as you raise them.
You may view information on you legal rights established by applicable data protection laws:
Right to Revoke Consent: In case the processing of personal data is based on your consent, you have the right to withdraw it (your consent) any time you wish.
Right to Make Amendments: You have the right to request that we rectify your personal information. However, you can check and modify your personal data by logging into your personal account at www.crystalline.com.
Right to Limit the Processing: You have the right to request that we limit the processing of your personal data in case:
- You are concerned about the accuracy of your personal data over the period during which we will need to verify its veracity
- Processing is illegal; therefore you prefer us to limit the processing of your data rather than annihilating it
- We no longer require your personal information, but you do, in order to support, exercise, or defend legal interests, or
- You have an objection to the processing of your data, whilst we determine whether our legitimate interests outweigh yours.
Right to Access Information: You may request information about personal data that we store for you! This includes information about the categories of personal data we own or manage, the purposes for which they are used, the source from which they were collected, if not directly by you, and to whom they have been shared, in each case. You can receive a free copy of the personal data we maintain for you. We have the right to charge a fair fee for any additional copies requested.
Right to Transfer Information: Where technically practicable, we shall transfer your data to another controller – indicated by you – upon your request, provided that the processing is based on your consent or is required for contractual procedures.
Right to Erase Information: You may request from us to delete your personal data, if:
- Your personal data is no longer required for the purposes for which it was originally obtained or processed
- You exercise your right to object to further processing of your personal data
- You withdraw your consent (where the processing is based on it) and there is no other legal basis for processing
- Your personal data have been processed illegally! This excludes the case where processing is required to comply with a mandate from the law, that necessitates processing by us – specifically for a legal duty/fulfilling obligations – to support, pursue, or defend legal claims
Right to Object: You have the right to object to the processing of your personal data at any time, given that the processing is not based on your permission but on ours or on a third party’s legitimate interests. In this case we shall no longer handle your personal data unless we can demonstrate compelling legitimate reasons and a compelling interest in processing or supporting, exercising, or defending legal claims. If you oppose to the processing, you have to clarify whether you want your personal data deleted or restricted.
Right to File Complaint: If you believe that the applicable privacy law has been violated, you may file a complaint with the data protection supervisory authority in the country where you live or where the alleged violation has been observed.
Important Notes:
Time period: We will make every effort to meet your request within 30 days. However, for specific reasons related to the legal right you exercise or the intricacy of your request, the time limit may be extended.
Restriction of access: Under some legal conditions, we may be unable to offer access to all or some of your personal data. If we deny your request for access, we will notify you of the reason why.
Non-recognition: Sometimes, due to the identifiers you provide in your application, we might be unable to locate your personal data. Personal data gathered through browser cookies and data obtained from social networks, when you submit a comment under an alias unknown to us, are two instances of personal data that we cannot look for with your name and email address.
In such cases, we will be unable to cooperate with your request to assert your legal rights as mentioned in this article, unless you supply us with additional information that allows us to identify you as a data subject.
Retention of your personal data
If you’d rather not to be contacted in the future you can send us your request, yet please note that we will not remove all of your personal data. To that end, the Company keeps records including information about people who requested no further contact (for example, via group e-mail messages). Unless you specify otherwise, we consider your requests to be consent for the storage of your personal data for the purposes of maintaining that file.
Contact Info
Please address any further queries about data protection or any requests to exercise your legal rights to the data controller at dpo@ctcgroup.com.cy
You may also reach out to Cyprus’s Office of the Commissioner for Personal Data Protection at commissioner@dataprotection.gov.cy
Periodic Amendments
The Company is constantly updating and improving its website and its products or services, as well as renewing this policy. It is advisable to read this policy on a regular basis to stay up to date on any changes to the content. The amendments on this policy are conducted without any prior notice to users.
Acceptance of the Privacy Procedures applied by the crystalline.com.cy
When you use www.crystalline.com.cy, you immediately consent to and accept this Privacy Statement, as well as the website’s terms and conditions announced through it.