Privacy Policy
Data Protection / GDPR
Where we get your data and how we use it
When you purchase something from our website, as part of the process, we collect the personal information you give us such as your name, address, email address and if you have consented to receive our email newsletters. Krystalight only use this information to send you emails about new products, discounts and other updates.
Consent to collect it
When you provide us with personal information to complete a transaction, place an order online or place an order over the phone, we imply that you consent to our collecting it and using it.
How do I withdraw my consent?
If you change your mind you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at [email protected]
Disclosure
We will not disclose your information to any third parties. We would only disclose your information if required to by law.
Where we hold your Data and how it is protected.
Krystalight is hosted on the Create.net platform. Create.net provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through Create.net’s data storage, databases and the general Create.net applications. They store your data on secure servers behind a firewall.
Stripe, Klarna and Clearpay process payments for any products purchased from our website, and are fully GDPR compliant. Neither us or Stripe retain any financial information you may submit as part of the purchasing process. Stripe monitors every transaction, 24/7 to prevent fraud, email phishing and identity theft. Every transaction is heavily guarded behind Stripes advanced encryption. If something appears suspicious, their dedicated team of security specialists will identify suspicious activity and help protect you from fraudulent transactions.
All direct payment gateways offered by Create.com, including Stripe, Clearpay and Klarna adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
SumUp process payments for products purchased in person and by telephone order. SumUp are fully GDPR and PCI-DSS compliant.
Krystalight also is fully PCI-DSS compliant.
Krystalight, Stripe, Clearpay, Klarna, Create or SumUp will never ask for any sensitive information. Krystalight will never share your information for any commercial purpose. We will share your email address with our couriers to enable them to keep you informed of delivery progress.
To protect your personal information, we take all reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
Links
When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.