This Privacy Policy explains how Crystal Electronics Ltd collects and uses personal data.

We provide electrical safety and compliance services including PAT testing and EICRs (Electrical Installation Condition Reports). Although our customers are often organisations, we may process personal data relating to individuals (for example, residents/tenants, site contacts, employees of our clients, and suppliers) as part of delivering these services.

Effective date – 01/01/2025

Data Controller / Point of contact

Crystal Electronics Ltd is the data controller for the personal data we process.

Email: electrical@crystalelectronics.co.uk
Address: 4 Titley Bawk Av, Earls Barton, Northamptonshire, NN6 0LA

What personal data we process

Depending on your relationship with us, we may process:

  • Contact details: name, phone number, email address, postal address
  • Organisation details: job title, employer/client (where relevant)
  • Site/property details: service address, access notes, appointment notes
  • Service and compliance records: test results, certificates and reports (including PAT and EICR), remedial recommendations, and supporting evidence such as photos (where required)
  • Communications: emails, messages and call notes
  • Billing and contract administration: purchase orders, invoices, payment status (we do not store full card details)
  • Website usage data: IP address, device/browser information, pages visited and cookies

What lawful basis do we use to process personal data?

We process personal data under one or more of the following lawful bases:

  • Contract: where processing is necessary to deliver services you (or your organisation) have requested.
  • Legal obligation: where we must process data to meet legal or regulatory requirements.
  • Legitimate interests: where we have a legitimate business interest in processing data (and those interests are not overridden by your rights). This includes contacting relevant people to arrange and complete safety testing and to communicate safety-critical findings.
  • Consent: where required by law (for example, certain types of marketing).

Lawful basis (sales and marketing contact for compliance)

Where we process personal data within our sales and marketing function, we may do so on the grounds that we have a legitimate business interest under current data protection law.

We process the data as part of our service to UK-based businesses so that they can comply with regulatory obligations under UK health and safety law. This means that it may be in the public interest that you are contacted about compliance (and in some situations it may also be necessary to meet a legal obligation).

These legal pre-requisites mean that we do not always need consent from you to contact you about compliance. Please see exemptions here

We have carried out a thorough Legitimate Interests’ Assessment (LIA) to ensure we have balanced your interests and any risk posed to you against our own interests, ensuring our processing is proportionate and appropriate.

Because we have not sought your consent for this type of contact, you have the right to object to unsolicited calling/communications based on legitimate interests. Under data protection law, once you have stated your objection to us, we must NOT contact you again for that purpose.

Why we need your personal information and how we use it

We use personal data to:

  • Provide, schedule and manage electrical services including PAT testing, EICRs, repairs and remedial works
  • Issue certificates/reports and maintain service records
  • Communicate with you (or relevant site contacts) about appointments, access and service delivery
  • Contact you about electrical safety and compliance, including urgent findings, failed items and remedial actions
  • Manage customer service queries and complaints
  • Administer contracts, billing and payments
  • Improve our services and website

Contact about safety and compliance (PAT testing and EICRs)

Where necessary, we may contact you by phone, email or post in relation to electrical safety and compliance, including:

  • Arranging or confirming PAT/EICR appointments
  • Following up on access issues (e.g., no access/no show) to complete safety testing
  • Notifying you (or the relevant responsible person) of urgent safety findings and required remedial actions

Where this contact is not marketing, we generally rely on legitimate interests and/or legal obligation (depending on the context). You have the right to object to processing based on legitimate interests (see Your rights).

Telephone call recording  data retention

Where we record business-related telephone calls, we do so for business purposes only, such as:

  • Where recording is required to fulfil a contract (service)
  • Where recording is required to protect the interests of one or more participants
  • Where recording is in our legitimate interests, unless those interests are overridden by your rights

If you request a copy of a call recording, you can do so by making a subject access request using the contact details in this policy.

We do not store sensitive authentication data (such as full payment card details) within call recordings.

Marketing preferences

If we send marketing communications, you can opt out at any time by using the unsubscribe link (where provided) or by emailing electrical@crystalelectronics.co.uk.

Please note: opting out of marketing will not stop essential service communications, including messages relating to appointments, certification, and safety/compliance.

Who we share your data with

We may share personal data where necessary with:

  • Our clients/contract administrators (e.g., housing associations, councils, facilities management companies) for scheduling, compliance reporting and service delivery
  • Engineers and operational teams, including vetted subcontractors where required
  • IT and system providers that support our operations (e.g., job management, communications, document storage)
  • Professional advisers (e.g., insurers, auditors, legal advisers)
  • Regulators or authorities where required by law

We do not sell your personal data.

How we protect your information

We use appropriate technical and organisational measures to protect personal data from loss, misuse, unauthorised access, alteration or disclosure. Access is limited to those who need it for their role.

How long we keep your data

We keep personal data for as long as necessary for the purposes set out in this policy, including to meet legal, regulatory, contractual and audit requirements.

In practice, safety testing and certification records (including PAT and EICR documentation) may be retained for multiple years to support compliance, audit trails and repeat testing programmes.

Your rights

You have rights under UK data protection law, including the right to:

  • Request a copy of the personal data we hold about you
  • Ask us to correct inaccurate or incomplete data
  • Request deletion of your data (where applicable)
  • Object to processing based on legitimate interests
  • Request restriction of processing (where applicable)
  • Request data portability (in certain circumstances)
  • Withdraw consent (where processing is based on consent)

To exercise your rights, contact us at electrical@crystalelectronics.co.uk.

You also have the right to complain to the Information Commissioners Office (ICO): https://ico.org.uk

Cookies

Cookies are small text files placed on your device to collect standard internet log information and visitor behaviour information. This helps us understand how our website is used and improve it.

You can control cookies through your browser settings. For more information about cookies, visit https://www.allaboutcookies.org

International transfers

If we use suppliers that store or process data outside the UK, we ensure appropriate safeguards are in place.

Changes to this policy

We may update this Privacy Policy from time to time. The latest version will be published on our website with the effective date shown at the top.

Privacy Policy

Copyright © 2024 Crystal Electronics Limited (04657875), All Rights Reserved.