Privacy Policy

Last updated: 8 May 2026

1. Introduction

At crystalbyte, we are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect information when you use our website and services.

We respect your privacy rights and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

We collect and process the following types of personal data:

2.1 Information you provide directly

  • Name and contact details (email address)
  • Programme preferences and enquiry details
  • Any additional information you choose to share in messages or forms
  • Information about children/teenagers (age, learning needs) when relevant to programme delivery

2.2 Information collected automatically

  • Browser type and version
  • Operating system
  • Pages visited and time spent on our website
  • Referring website or source
  • IP address (anonymised where possible)

3. How We Use Your Information

We use your personal data for the following purposes:

  • To respond to your enquiries and provide requested information
  • To deliver our educational programmes and services
  • To communicate with you about programme details, scheduling, and updates
  • To improve our website and services
  • To comply with legal obligations
  • To send relevant information about our programmes (only with your consent)

4. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Consent: When you voluntarily provide information through forms or communications
  • Contract: To fulfil our obligations when you book a programme
  • Legitimate interests: To improve our services and maintain our website
  • Legal obligation: When required by law

5. How We Protect Your Data

We implement appropriate technical and organisational measures to protect your personal data:

  • Secure data storage and transmission protocols
  • Access controls limiting data access to authorised personnel only
  • Regular security assessments and updates
  • Staff training on data protection practices

6. Data Retention

We retain your personal data only for as long as necessary:

  • Enquiry data: 2 years from last contact
  • Client data: 7 years after programme completion (for safeguarding and legal purposes)
  • Website analytics: 26 months
  • Marketing data: Until you withdraw consent

7. Sharing Your Information

We do not sell your personal data. We may share information with:

  • Service providers who help us deliver programmes (under strict confidentiality agreements)
  • Legal or regulatory authorities when required by law
  • Professional advisors (accountants, lawyers) bound by confidentiality

All third parties are required to maintain appropriate security and use data only for specified purposes.

8. Your Rights

Under UK GDPR, you have the following rights:

  • Right to access: Request copies of your personal data
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your data (subject to legal requirements)
  • Right to restrict processing: Request limitation on how we use your data
  • Right to data portability: Request transfer of your data in a structured format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent at any time for consent-based processing

To exercise any of these rights, contact us at [email protected]

9. Children's Privacy

Our services involve working with children and teenagers. We:

  • Obtain parental consent before collecting data about children under 16
  • Collect only data necessary for programme delivery
  • Apply enhanced security measures for children's data
  • Maintain strict confidentiality and safeguarding protocols

10. Cookies

Our website uses cookies to improve functionality and user experience. See our Cookies Policy for detailed information about how we use cookies and how to manage your preferences.

11. International Transfers

Your data is primarily stored and processed within the United Kingdom. If we need to transfer data outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Significant changes will be communicated directly to registered users.

13. Contact Us

For questions about this Privacy Policy or how we handle your data:

Email: [email protected]
Address: 27 Piccadilly Gardens, Manchester, M1 2AP, United Kingdom

14. Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Telephone: 0303 123 1113