GDPR Privacy Policy – Protecting Your Data | Learn More

GDPR Privacy Policy

Last updated: 10 January 2025

This Privacy Policy explains how Crystals Healing (“Company”, “we”, “us”, “our”) collects, uses, discloses and protects your personal data when you use our website and services. It also describes your privacy rights under the UK GDPR and the EU GDPR.

Who we are

Controller: Crystals Healing
Address: 72 Conifer Way, Wembley, HA0 3QR, London, UK
Email: contact@crystalshealing.co.uk
Contact form: crystalshealing.co.uk/pages/contact-us

Key definitions

• Personal Data: any information about an identified or identifiable person.
• Processing: any operation performed on personal data (collection, storage, use, etc.).
• Controller: the party deciding why and how personal data is processed (that’s us).
• Processor: a third party processing data on our behalf (e.g., payment or delivery partners).

What data we collect

• Identity & contact: name, email, telephone, billing/shipping address.
• Order data: items purchased, order notes, gift messages.
• Payment data: last 4 digits/transaction IDs from payment providers (we do not store full card details).
• Support data: messages you send us via email/contact form.
• Usage & device: IP address, browser, device type, pages viewed, timestamps, referral URLs.
• Cookie & tracking: see our Cookie Policy for details.

How we use your data (purposes & lawful bases)

• To provide the website and process your orders (contract) — create your account, fulfill orders, deliver via Royal Mail, handle returns.
• Customer support & communications (contract / legitimate interests) — respond to queries, service messages.
• Payments & fraud prevention (contract / legitimate interests / legal obligation) — via our payment processors.
• Analytics & site improvement (consent / legitimate interests) — understand performance and improve UX.
• Marketing (email) (consent / legitimate interests) — only if you opt in; you can unsubscribe anytime.
• Legal & compliance (legal obligation / legitimate interests) — accounting, tax, regulatory requests.

Third parties (processors) we rely on

We share data with trusted providers strictly as needed to deliver our services, for example:

• Payments (e.g., card processors, PayPal): process transactions and fraud checks.
• Shipping: Royal Mail (labels, delivery, tracking where applicable).
• Store platform & hosting: secure hosting, site functionality, logs.
• Analytics & emails: performance insights and service/marketing emails (if opted in).

Each processor is bound by data processing agreements and may only process data per our instructions.

Cookies & similar technologies

We use essential, functional, performance and (where consented) marketing cookies. For full details and choices, please see our Cookie Policy. You can adjust preferences in your browser and via our cookie banner (where available). Note: essential cookies are required for checkout and security.

International data transfers

Your data may be processed in the UK, EEA, or other locations of our processors. Where transfers occur outside the UK/EEA, we use appropriate safeguards (e.g., UK/EU Standard Contractual Clauses and supplementary measures) to protect your data.

How long we keep your data

• Orders & invoices: typically 6 years (legal/accounting requirements).
• Support messages: up to 24 months after resolution, unless required longer.
• Marketing data: until you withdraw consent/unsubscribe or after defined inactivity periods.
• Cookies/analytics: per our Cookie Policy and vendor settings.

Your rights (UK/EU GDPR)

• Access — get a copy of your data.
• Rectification — correct incomplete or inaccurate data.
• Erasure — request deletion (where applicable).
• Restriction — limit processing in certain cases.
• Portability — receive data in a machine-readable format.
• Object — to processing based on legitimate interests and to direct marketing.
• Withdraw consent — where processing relies on consent.

To exercise your rights, email contact@crystalshealing.co.uk. We may need to verify your identity. We aim to respond within one month.

Complaints

If you are in the UK, you can contact the Information Commissioner’s Office (ICO): ico.org.uk. If you are in the EEA, please contact your local Data Protection Authority.

Children’s privacy

Our services are not directed to children under 13, and we do not knowingly collect personal data from children under 13. If you believe such data has been provided, contact us and we will delete it.

Security

We use appropriate technical and organisational measures to protect your data. No method of transmission or storage is 100% secure; we continually work to improve our safeguards.

Links to other websites

Our site may contain links to third-party sites. We are not responsible for their content or privacy practices. Please review their privacy policies.

Changes to this policy

We may update this policy from time to time. We will post changes here and update the “Last updated” date. Significant changes may also be notified by email or banner.

Contact us

• Website: crystalshealing.co.uk
• Contact form: crystalshealing.co.uk/pages/contact-us
• Email: contact@crystalshealing.co.uk
• Address: 72 Conifer Way, Wembley, HA0 3QR, London, UK