Frequently asked questions

Who is using my data?

CRYSTAL MOON TREE LTD

What is my data being used for?

Crystal Moon Tree Ltd stores and processes data to help us maintain your account, process and store transaction details, offer customer support, send system updates and send offer details.

What will happen to my data?

Crystal Moon Tree Ltd may use your data to send you information, updates and offers we think you’ll be interested in.

What data will be kept and stored?

Crystal Moon Tree Ltd stores registration details, transaction details, usage information and any information about your web preferences on our website.

What data will be shared with others?

We only share your data with regulators or government bodies if requested.

How long will my data be kept for?

Crystal Moon Tree Ltd will store your data for a period of [one year after your last attempted login. After this period, your account will be deleted. You can request your account to be deleted at any time.

Who will be able to access my data?

Crystal Moon Tree Ltd will never sell or share your data to any third-party, unless you grant us your explicit permission to do so.

How will my data be kept and made secure?

Crystal Moon Tree Ltd stores your data on secure servers that are based in the UK. Data is processed in the UK, and we use standard industry security protocols.

 

Privacy Notice

Date: 16.10.21

 

Crystal Moon Tree Ltd takes your privacy seriously. That is why we will only use your personal information to provide you with the products and services you have requested, as well as to administer your account. We will not sell or share your information with third-parties you grant us explicit permission to do so, and we will never use your personal data for any reason other than the reasons described within this policy.

About our privacy policy

Our privacy policy outlines your relationship with our company and explains in detail how we use the information that you provide us with.

About Crystal Moon Tree Ltd

Crystal Moon Tree is the trading name of [Crystal Moon Tree Ltd, which is registered in the United Kingdom and registered with the UK’s Information Commissioner’s Office under the Data Protection Act 2018. Our data controller is Lisa Burrows and we encourage you to get in touch with any questions you may have about Crystal Moon Tree Ltd.

 

You can reach us by:

Changing your preferences

If you’d like to change your web, contact or marketing preferences, you can do so at any time. Simply contact us at dpo@crystalmoontree.com to request the necessary amendments.

How we do business

Crystal Moon Tree Ltd is committed to upholding and maintaining your personal rights. We operate our business in-line with the European Union’s General Data Protection Regulation and observe your rights to change or withdraw your opt-in options at any time. As part of our ongoing commitment to uphold your rights, Crystal Moon Tree Ltd will also extend advice on how you can issue formal complaints to relevant authorities, such as the Information Commissioner’s Office.

Sensitive data

Crystal Moon Tree Ltd does not collect any sensitive data about you. Sensitive data refers to (but is not limited to) information about your race or ethnic background, religious or political affiliations, trade union affiliations, sexual orientation, criminal background or health background.

Who our privacy policy applies to

This privacy policy has been developed to inform users of Crystal Moon Tree Ltd how we use their data. Crystal Moon Tree Ltd is an online retail company and we need to process the data of individuals to offer our products and/or services. Bearing that in mind, our privacy policy applies to any and all individuals registered with us as a user, customer, administrator or in any other capacity.

What information this policy applies to

There is a lawful basis for processing your data, and this section of our privacy policy outlines how this applies to the personal information you provide us with or allow us to collect.

The information this policy applies to includes information that you:

  • Provide as part of any registration process
  • Provide as part of any campaign creation activity
  • Provide in the form of numerical data, metadata or communications
  • Give us as part of our ongoing relationship

 

This policy also applies to information that we:

  • Collect relating to how you interact with our website
  • Must process to complete purchases and other transactions

Consent

Please note that when you submit personal data on our website, you are giving Crystal Moon Tree Ltd your explicit consent that we can use that data in line with our privacy policy.

Opting-out

After giving Crystal Moon Tree Ltd your consent, you are free to amend your consent or withdraw your consent at any time. You have the right to object to the processing of your data. To opt-out, change your preferences or revoke your consent, simply contact us by emailing dpo@crystalmoontree.com .

Data processing and storage

Crystal Moon Tree Ltd collects and stores data in the UK. We will store your data for a period of one year after your last recorded login attempt unless otherwise noted and explicitly stated.

Crystal Moon Tree Ltd stores data relating to transactions, payments and orders for a period of up to seven years. This period may be extended under certain circumstances as part of our ongoing commitment to comply with UK and international law.

We use carefully selected and recognised third-parties to help us take payments, provide commerce services and manage company accounts. Some of these third-parties may operate outside the European Union.

Crystal Moon Tree Ltd may process your data based on more than one legal ground.

Circumstances under which we may be required to process your data under more than one legal ground may include:

Reason

Data type

Legal basis

Customer registration

Identity and contact information

To carry out a contract we’ve made with you

Processing and/or delivering your order

Identity, contact information, financial information, financial and transactional data

To carry out a contract we’ve made with you and to exercise our legitimate interests to recover debts owed

To manage our customer relationship with you

Identity, contact information, marketing and communications preferences

To carry out a contract we’ve made with you, to comply with legal obligations and to exercise our legitimate interests to keep our records updated

 

Marketing and communications

Crystal Moon Tree Ltd may send you marketing communications if you have given us your contact details and opted-in to marketing communications.

You can opt-out of these marketing communications and manage your preferences at any time.

Our company obligations

As a data controller, Crystal Moon Tree Ltd is legally responsible for the data you provide us with. In honouring that responsibility, we pledge to uphold our commitments under GDPR and the Data Protection Act 2018.

We will only ever use your data:

  • In ways that are both fair and legal
  • As described within this policy
  • In ways that are necessary for the purposes described

In addition, Crystal Moon Tree Ltd processes the personal data you submit to us or we collect as a data processor. As part of this role, Crystal Moon Tree Ltd takes all necessary precautions to secure the personal data we collect, process and store.

We may occasionally use the data you provide us with for marketing, relationship management or account management activities. These activities are designed to ensure you have adequate information about other products and/or services we offer, that we have reason to believe you may be interested in. You have the right to opt-out of these activities at any time.

Third-Parties

Crystal Moon Tree Ltd never shares your personal data with third-parties unless those parties have been explicitly mentioned within our privacy statement.

Our security

As part of our ongoing commitment to GDPR, Crystal Moon Tree Ltd will report any security breaches or attempted breaches to the relevant authorities within 24 hours. We will subsequently contact all those affected by the breach within 72 hours of its occurrence.

Legitimate interests

As part of the Data Protection Act 2018, Crystal Moon Tree Ltd observes the right to share selected information with third-parties that use data for non-marketing purposes. This could include (but is not limited to) organisations that provide credit assessments, identification services and fraud prevention activities.

Contact us

Crystal Moon Tree Ltd is committed to upholding your rights. If you have any questions, comments or concerns about this privacy policy or wish to exercise your rights in relation to your personal data, please contact Lisa Burrows at Crystal Moon Tree Ltd.

We will process any request within 20 days. Subject Access Requests are normally performed free of charge, but we may need to charge individuals for excessive or unreasonable data requests.

Crystal Moon Tree Ltd is committed to upholding the rights of individuals as defined under GDPR. This is why we observe the right of individuals to request any data that we may hold on them as part of a recorded subject access request.

 

We are committed to performing subject access requests in a timely and accurate manner. For guidance purposes, subject access requests should adhere to the following six steps:

 

  1. Receive and record the subject access request
  2. Verify the identity of the individual making the request
  3. Process the subject access request
  4. Verify response
  5. Respond to the subject with the relevant information
  6. Record the request and following interactions

B.  Subject access request form template

1. Please send an email to dpo@crystalmoontree.com stating your full name and email address if you’d like Crystal Moon Tree Ltd to supply you with a copy of any data relating to you that we may hold. Please note that the information you provide us with as part of this request form will be used solely to identify the data you are requesting and to respond to your request.

Crystal Moon Tree Ltd observes your right and entitlement to receive this information under the European Union’s General Data Protection Regulation and the Data Protection Act 2018.

As part of your subject access request, Crystal Moon Tree Ltd will also supply you with information about any processing activity that has taken place involving your personal data, as well as the period of retention that has been applied to the data in question.

After receiving this request, Crystal Moon Tree Ltd will provide you with a confirmation of receipt, as well as a confirmation of receipt concerning any additional information we may ask you for to process your request.

Upon your examination of this data, please note that you have the right to request corrections to be made, restrict use or tell us to delete your information.

2.    Are you requesting information about yourself?

Crystal Moon Tree Ltd is committed to protecting your data, and so to ensure that we are releasing your personal data to the right person, we will need you to supply us with proof of identity and address.

To verify your identity, please send us a scan or photocopy of one item from both of the categories below:

  • Proof of your identity
  • Passport
  • Driving licence
  • National identity card
  • Birth certificate
  • Proof of your address
  • Bank statement
  • Utility bill
  • Credit card statement (must be under three months old)
  • Current driving licence
  • Current TV licence
  • Local authority tax bill
  • HMRC tax document (must be under one year old)

Please do not send original copies of documentation.

If you are unable to provide us with sufficient evidence to verify your identity, Crystal Moon Tree Ltd reserves the right to refuse your subject access request.

3.    Are you requesting information on behalf of someone else?

If you are requesting data on the behalf of the individual that data relates to, you must include the following alongside your completed subject access request form:

  • Written consent from the data subject giving you authority to request this information
  • Proof of the data subject’s identity
  • Proof of your identity

To verify your identity and the identity of the data subject, please send us a scan or photocopy of one item from both of the categories below:

  • Proof of your identity
  • Passport
  • Driving licence
  • National identity card
  • Birth certificate
  • Proof of your address
  • Bank statement
  • Utility bill
  • Credit card statement (must be under three months old)
  • Current driving licence
  • Current TV licence
  • Local authority tax bill
  • HMRC tax document (must be under one year old)

Please do not send original copies of documentation.

If you are unable to provide us with sufficient evidence to verify your identity, Crystal Moon Tree Ltd reserves the right to refuse your subject access request.

C. What information are you requesting?

In your email, please tell us the information you would like to receive, alongside any information or details you think may assist us in identifying the data in question to process your request.

Please specify if you would like to receive any details relating to why Crystal Moon Tree Ltd is processing your data, who has access to that data and how we were supplied that data.

Please note there may be situations in which disclosure of data or information could adversely affect the rights of others. If we believe disclosure of data to you is not compatible with our duty to uphold the individual rights of others, we will explain this to you, outlining our reasoning.

Crystal Moon Tree Ltd will strive to process and complete your subject data access request in a fashion that is satisfactory to all parties; however, there may be times when we cannot provide you with copies of the data you have requested if it would take disproportionate effort. We reserve this right under the Data Protection Act 2018.

Please note that while Crystal Moon Tree Ltd strives to carry out and complete subject access requests to all individuals free of charge, we reserve the right under Article 12 of the General Data Protection Regulation to charge a nominal fee or refuse a request that is considered manifestly unfounded or excessive.

D.  Your declaration

You will be emailed a form like the one below as a declaration for us to process your subject access request.

I confirm that I have read the terms of this subject access request form and understand those terms. I hereby certify the information I have provided on this form is true and accurate.  I understand it is necessary to verify my identity and/or the identity of the aforementioned data subject to process this request. I understand I may be asked to submit more information to facilitate this request.

 

Signature: _________________________________________

Date: _____________________________________________

 

Data Breach Policy

Here at Crystal Moon Tree Ltd, we take privacy seriously. That is why we take every possible precaution to protect personal data, and actively work to avoid any data protection breaches which could compromise our data security, or the personal rights of our clients, customers, stakeholders or anyone else associated with our company.

To mitigate the risk that any such data compromise could pose, we have developed the following data breach policy. It is an integral part of our compliance responsibilities under the General Data Protection Regulation and Data Protection Act 2018, and is designed to develop clear lines of responsibility and processes that must be followed to adequately mitigate and manage data breach and security incidents.

What does this policy cover?

The scope of this data breach policy encompasses all personal and sensitive data our company holds. This data breach policy applies to everyone at our company – including employees, temporary or casual staff, consultants, suppliers, contractors, freelance workers or other data processors who are storing or processing data on the behalf of our company.

About data breaches

A data breach is defined as any incident, event or action that has the potential to compromise the availability of data, the integrity of data, confidentiality or our company’s data systems. This includes incidents or events that happen by accident or deliberately. Both confirmed and suspected incidents may qualify as a data breach.

For the purposes of this data breach policy, an incident may include (but is not limited to) any of the following:

  • Unauthorised use or accessing of data
  • Unauthorised modification of data
  • Loss of personal or sensitive data
  • Theft of personal or sensitive data
  • Loss or theft of equipment on which data has been stored
  • Individual error
  • Any attempts to gain access to data or our company IT systems (both successful or failed)
  • Defacement of web property
  • Physical incidents, like a fire, which could compromise IT systems

 

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.