Privacy Notice
Last updated: July 23, 2025
1. Who We Are
Controller: Crantech Ltd
Address: Unit 4, Storm 12 Plaza Shopping Centre, 54 St Mary's Rd, Southampton, SO14 0BH, UK
Email: info@crantech.ltd
2. What Data We Collect
We collect:
- Identity Data: name, email, phone
- Contact Data: billing address, email, phone
- Usage Data: website interactions, service usage
3. How & Why We Use Your Data
We process your personal data for specific purposes, with matching lawful bases under Article 6 GDPR:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Service provision & support | Identity, Contact, Usage | Performance of contract (Art 6(1)(b)) |
| Website performance & improvement | Technical, Usage | Legitimate interest (Art 6(1)(f)) |
| Marketing and communications | Contact | Consent (Art 6(1)(a))—you may withdraw anytime |
| Legal compliance | Contact, Technical | Legal obligation (Art 6(1)(c)) |
4. Cookies & Tracking
Our site uses cookies and similar tech. You'll be asked to consent to non-essential cookies. These are listed in our separate Cookie Policy, which you can manage or withdraw consent in-browser.
5. Data Sharing & International Transfers
We may share data with:
- Service providers: e.g., cloud hosting, payment processors
- Legal authorities: if required by law
All data processors comply with GDPR and enter Standard Contractual Clauses when transferring data outside UK/EU.
6. Data Retention
We retain your data based on these criteria:
- Identity & Contact Data: for the duration of our service agreement plus 6 years (for tax/legal compliance)
- Technical & Usage Data: up to 24 months to improve services
After these periods, data is securely deleted unless required otherwise by law or contract.
7. Your Rights
You have the following rights under GDPR:
- Access your data
- Rectify inaccuracies
- Erase data ("right to be forgotten")
- Restrict processing
- Data portability
- Object to processing (including marketing)
- Withdraw consent (where given)
- Lodge a complaint with the UK ICO
To exercise any right, contact us at info@crantech.ltd.
8. Automated Decision‑Making
We do not use fully automated decision-making or profiling that produces legal or similarly significant effects.
9. Data Security & Accountability
We employ technical and organizational measures (encryption, staff training, access controls) to protect data. Our privacy program includes:
- Privacy by design methods
- Maintain record of processing activities (ROPA)
- Conduct Data Protection Impact Assessments (DPIAs) as needed
10. Data Breach Notification
In the event of a personal data breach:
- We notify the UK ICO within 72 hours
- Notify affected individuals promptly if there is a high risk to their rights
11. Policy Changes
We will notify users of significant changes via email or prominent website notice at least 30 days before they take effect. Updated notices will be dated.