Who This Policy Covers

This privacy notice explains how Crystalline Max Ltd uses personal data collected through its website and WhatsApp booking service. It applies to customer enquiries, booking requests, service-location data, before and after job media, and payment-related communications.

Data We Collect

• Identity and contact data such as name, email address, phone number, and WhatsApp contact details.
• Booking data such as selected service, add-ons, quoted total, requested date and time, booking status, and payment status.
• Location data such as service address and postcode.
• Service evidence such as before and after job photographs taken by assigned staff.
• Operational records such as staff assignment and job completion details.
• Technical data such as browser information and diagnostic logs needed to operate the website.

How And Why We Use Personal Data

• To manage customer enquiries and booking requests received via WhatsApp.
• To verify service locations and allocate jobs to staff.
• To provide progress updates, before/after evidence, and job-completion confirmation.
• To process or reconcile payment events.
• To detect misuse and preserve records for complaints, disputes, and fraud prevention.

Our Lawful Bases

Depending on the interaction, Crystalline Max Ltd relies on one or more of the following lawful bases under UK GDPR: contract performance for booked services, legitimate interests in running and securing the business, legal obligations where records must be retained, and consent where a particular communication or optional processing activity requires it.

Processors And Service Providers

The website uses standard hosting infrastructure. WhatsApp (operated by Meta) is used for customer communications and booking management. Payment processing may be handled through Stripe or agreed offline arrangements. These providers act as processors or sub-processors where they process data on behalf of Crystalline Max Ltd.

International Transfers

Some service providers may process data outside the United Kingdom. Where that happens, Crystalline Max Ltd expects processing to take place under contractual or technical safeguards intended to meet UK GDPR standards for international data transfers.

Retention

Booking records, service photos, and related operational data are retained for as long as reasonably necessary to deliver services, maintain customer history, handle complaints or disputes, meet tax/accounting needs, and defend legal claims.

• Active booking records: retained while the customer relationship remains live and for a reasonable audit period afterwards.
• Before/after job media and operational records: retained for service evidence and complaint handling for up to 24 months unless a longer period is needed for a dispute.
• Payment-related records: retained in line with accounting and tax obligations.

Your Rights Under UK GDPR

Subject to applicable law, you may request access to your personal data, correction of inaccurate data, deletion, restriction, objection, and portability. You may also complain to the UK Information Commissioner's Office if you believe your data has been handled unlawfully. Crystalline Max Ltd may ask for identity verification before acting on a request.

Cookies And Browser Storage

The website uses essential browser storage and technical cookies required for site operation. Non-essential analytics or marketing cookies are not used without an appropriate consent mechanism.

Security

Crystalline Max Ltd uses appropriate technical and organisational measures to protect personal data. No internet service can be guaranteed completely secure, so users should also keep their own credentials protected.

Contact And Complaints

Privacy requests and complaints should be sent to admin@ctmds.co.uk. If you are not satisfied with the response, you may complain to the UK Information Commissioner's Office.