Site in progress — content and design updates are ongoing. Stay tuned for the full Crylo Tech experience.

PHONE NUMBER

+ 44 78 816 73 483

Privacy Policy

Effective Date: 24 September 2025
Company: Crylo Tech Ltd
Registered Address: 128 City Road, London, United Kingdom, EC1V 2NX
Contact: Phone +44 7881 673483 · Email crylotechltd@gmail.com

  1. Purpose and Scope
    1.1 This Privacy & Data Processing Policy (the “Policy”) outlines how Crylo Tech Ltd (“Crylo Tech,” “we,” “us,” or “our”) collects, uses, stores, shares, and protects personal data in connection with the services we offer both online and offline. This Policy details the categories of personal data we process, the purposes for processing, the legal grounds for processing, retention policies, security measures, cross-border transfer safeguards, the rights of data subjects, and the procedures for exercising those rights.
    1.2 This Policy applies to personal data processed by Crylo Tech in its role as a data controller, and, where applicable, as a data processor, in relation to Crylo Tech’s websites, customer portals, software-as-a-service (SaaS) offerings, hosted environments, mobile and desktop applications, professional services, support activities, recruitment processes, and vendor management. References to “Services,” “Products,” and “Deliverables” include online and electronic transmission mechanisms unless specified otherwise.
    1.3 This Policy should be read together with any applicable contractual Data Processing Agreement (DPA), Order Forms, Statements of Work (SOWs), or specific privacy notices relevant to particular products. If there is any inconsistency between this Policy and a DPA, the DPA will take precedence over this Policy in relation to the processing covered by that DPA.
  2. Controller, Accountability, and Contact Details
    2.1 Crylo Tech Ltd is the data controller for the processing activities described in this Policy unless otherwise stated in a contract. Crylo Tech’s company registration number is [insert number], and its registered address is 128 City Road, London, United Kingdom, EC1V 2NX.
    2.2 If you have any questions about this Policy, data subject requests, or privacy inquiries, please contact Crylo Tech at crylotechltd@gmail.com or by telephone at +44 7881 673483. We will acknowledge and handle requests in accordance with applicable law.
    2.3 Crylo Tech has appointed a Data Compliance Lead who oversees data protection compliance, maintains records of processing activities, and coordinates responses to data subject requests and regulatory inquiries. Contact details for the Data Compliance Lead are available upon request.
  3. Legal and Regulatory Framework; Supervisory Authority
    3.1 Crylo Tech processes personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable UK laws. These laws provide individuals with rights concerning their personal data and impose obligations on organizations that process personal data.
    3.2 The Information Commissioner’s Office (ICO) is the supervisory authority for data protection matters in the UK. Crylo Tech recognizes the ICO’s role and will cooperate with inquiries and regulatory processes. However, Crylo Tech does not claim certification by the ICO; the ICO is a regulator, not a certifying body.
  4. Categories of Personal Data and Typical Sources
    4.1 The personal data Crylo Tech processes may include one or more of the following, depending on the services provided and the context:
    Identity and Contact Data: e.g., name, business and personal email, telephone number, job title, postal address
    Account and Credentials: e.g., usernames, passwords (hashed), authentication tokens
    Transactional and Financial Data: e.g., invoicing details, payment instrument identifiers, billing address
    Technical and Usage Data: e.g., IP address, device identifiers, browser type, connection logs, cookies, and telemetry
    Contractual and Project Data: e.g., specifications, business correspondence, uploaded client materials
    Recruitment and HR Data: e.g., CVs, interview notes, employment records
    Support Data: e.g., customer support tickets, logs, chat transcripts
    Special Category Data: where necessary, e.g., health information for reasonable workplace adjustments
    4.2 Sources of personal data include:
    Direct collection from data subjects
    Automated collection through the use of our digital services (e.g., logs, cookies)
    Clients and business contacts who provide contact details
    Third-party platforms and public sources
    Service providers engaged for supporting functions (e.g., background checks, payment processors)
  5. Purposes of Processing and Lawful Bases
    5.1 Crylo Tech processes personal data for the following primary purposes, relying on the stated lawful bases where applicable:
    5.1.1 To fulfill contracts with customers and suppliers, including providing services, hosting customer data, delivering support, implementing configurations, and performing billing and debt collection (lawful basis: performance of a contract)
    5.1.2 To comply with legal, regulatory, and tax obligations, including accounting, recordkeeping, and responding to lawful requests from public authorities (lawful basis: legal obligation)
    5.1.3 To operate, secure, and improve our services, including fraud prevention, security monitoring, incident response, capacity planning, and product development (lawful basis: legitimate interests)
    5.1.4 To manage recruitment, contractor engagement, payroll, and personnel administration (lawful basis: performance of a contract and/or legitimate interests; special category data processed only with explicit consent or another lawful basis)
    5.1.5 To send service-related communications, including transactional messages, security alerts, and account notices (lawful basis: performance of a contract or legitimate interests)
    5.1.6 To carry out marketing and client relationship management where consent has been given, or where legitimate interests permit direct marketing (lawful basis: consent or legitimate interests)
    5.1.7 To process payment instructions and prevent fraud, including anti-money laundering and sanctions screening (lawful basis: legal obligation and legitimate interests)
    5.1.8 To anonymize or pseudonymize personal data for analytics, testing, and product improvement (lawful basis: legitimate interests)
    5.2 Crylo Tech maintains records documenting the lawful basis for each processing activity. Specific information will be provided in response to subject access requests where required.
  6. Processing of Special Category Data and Criminal Conviction Data
    6.1 Crylo Tech does not routinely process special category data (e.g., health, racial/ethnic origin, political opinions) except where necessary and with explicit consent or other lawful basis, such as health information for workplace adjustments.
    6.2 Processing of criminal conviction data will only occur where necessary, such as for background checks required for particular roles, and will be handled with enhanced protections.
  7. Recipients, Categories of Recipients, and Disclosures
    7.1 Personal data may be disclosed to categories of recipients such as affiliated group companies, service providers (hosting, payment processing, CRM, email delivery), professional advisors, authorities, and prospective business purchasers.
    7.2 Where Crylo Tech engages third-party processors, contracts will ensure compliance with UK GDPR, including obligations to act on documented instructions and implement appropriate security measures.
  8. International Transfers and Safeguards
    8.1 Crylo Tech may transfer personal data outside the UK for operational purposes. Transfers will only occur where appropriate safeguards are in place, such as UK-approved standard contractual clauses, adequacy decisions, or other lawful transfer mechanisms.
    8.2 Information about specific transfer mechanisms will be provided upon request. Where necessary, additional technical controls, such as encryption, will be implemented.
  9. Retention Policy and Deletion/Anonymisation
    9.1 Personal data will be retained only for as long as necessary to fulfill the purposes of processing, comply with legal obligations, and resolve disputes. Retention schedules are maintained and mapped to the categories of data.
    9.2 When personal data is no longer needed, Crylo Tech will securely delete or anonymize it according to established retention procedures. Anonymized data is no longer considered personal data and may be used for analytics.
  10. Security Measures and Governance
    10.1 Crylo Tech implements appropriate technical and organizational measures to protect personal data from unauthorized processing, accidental loss, or damage. These measures include access controls, encryption, vulnerability management, monitoring, and incident response protocols.
    10.2 Access to personal data is restricted to authorized personnel only, based on job function, and is subject to confidentiality agreements. Regular security testing and vendor reviews are conducted.
  11. Data Breach and Incident Notification Procedures
    11.1 Crylo Tech has an incident response plan to identify, assess, and mitigate personal data breaches. If a breach likely risks individuals’ rights, Crylo Tech will notify the Information Commissioner’s Office (ICO) and affected individuals within the required legal timeframe.
    11.2 Crylo Tech will notify affected customers and processors as required by contract and cooperate with authorities to resolve breaches.
  12. Data Subject Rights and How to Exercise Them
    12.1 Individuals have rights under the UK GDPR, including rights of access, rectification, erasure, restriction, objection, portability, and withdrawal of consent.
    12.2 To exercise these rights, data subjects should contact Crylo Tech at crylotechltd@gmail.com or by phone at +44 7881 673483. Crylo Tech will respond to requests within the timeframes required by law.
    12.3 If an individual remains unsatisfied with Crylo Tech’s response, they have the right to lodge a complaint with the ICO.
  13. Automated Decision-Making and Profiling
    13.1 Crylo Tech does not engage in solely automated decision-making with legal or similar effects. Where profiling or automated processing occurs, Crylo Tech will ensure safeguards are in place to protect the rights of individuals.
  14. Processors, Sub-processors, and Contractual Controls
    14.1 Crylo Tech engages third-party processors to deliver certain services. All processors are subject to due diligence and contractual data processing agreements ensuring compliance with UK GDPR requirements.
    14.2 A list of current processors is available on request, and Crylo Tech will disclose sub-processors where required.
  15. Transfers in the Context of Mergers and Business Reorganizations
    15.1 In the event of a business reorganization, sale, or merger, personal data may be transferred to prospective buyers, advisors, or third parties involved in the transaction. Crylo Tech will ensure such transfers comply with applicable data protection laws.
  16. Children and Age-Appropriate Protections
    16.1 Crylo Tech’s services are not designed for children, and Crylo Tech does not knowingly collect personal data from children. Where services may be used by minors, Crylo Tech will implement age-appropriate consent mechanisms where required by law.
  17. Marketing and Electronic Communications
    17.1 Crylo Tech may send marketing communications where lawful. If consent is required, it will be obtained and recorded; where legitimate interests are relied upon, a legitimate interest assessment will be performed.
  18. Transparency, Accountability, and Recordkeeping
    18.1 Crylo Tech maintains records of processing activities and conducts internal reviews to ensure compliance. Documentation includes lawful bases, retention schedules, and security measures.
  19. Data Protection Impact Assessments (DPIAs) and Privacy by Design
    19.1 Crylo Tech conducts DPIAs when processing may result in high risks to individuals’ rights. Crylo Tech follows privacy-by-design principles to ensure that privacy considerations are integrated into the development of products and services.
  20. Complaints, Supervisory Authority, and Contact Details
    20.1 For questions, complaints, or requests regarding personal data, contact Crylo Tech at crylotechltd@gmail.com or by phone at +44 7881 673483. If dissatisfied with the response, individuals can lodge a complaint with the ICO.
  21. Changes to this Policy and Publication Practice
    21.1 Crylo Tech may update this Policy to reflect changes in law or operational practices. Material changes will be communicated to users, and minor updates will be recorded in the policy version history.
  22. Miscellaneous
    22.1 If any provision of this Policy is found to be invalid, the remaining provisions will continue in full effect. This Policy is governed by the laws of England and Wales.
  23. Contact for Privacy Inquiries and Data Subject Rights
    For privacy inquiries and to exercise data subject rights, please contact Crylo Tech at crylotechltd@gmail.com or by phone at +44 7881 673483.