Privacy Policy

Introduction

CrystalPeak Ltd ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website, use our services, or interact with us in any way.

As a company based in Cyprus and operating within the European Union, we comply with the General Data Protection Regulation (GDPR) and all applicable data protection laws.

Data Controller Information

CrystalPeak Ltd is the data controller for the personal data we process. Our contact information is:

Data Collection

The data we collect includes personal information you voluntarily provide to us and information automatically collected when you use our website and services. We collect the following types of personal data:

Information You Provide

• Contact information (name, email address, phone number)
• Professional information (company, job title, industry)
• Communication preferences and marketing consents
• Information provided in contact forms, surveys, or consultations
• Payment and billing information for our services

Automatically Collected Information

• Website usage data (pages visited, time spent, click patterns)
• Technical information (IP address, browser type, device information)
• Cookies and similar tracking technologies (see our Cookie Policy)
• Referral sources and marketing campaign data

How We Use Your Information

We use your personal data for various purposes based on legitimate business interests, contractual necessity, and your consent. How we use your information includes the following activities:

• Providing and delivering our online learning monetisation services
• Responding to your enquiries and providing customer support
• Processing payments and managing billing for our services
• Sending marketing communications about our services (with your consent)
• Improving our website, services, and customer experience
• Conducting business analysis and market research
• Complying with legal obligations and protecting our business interests
• Preventing fraud and ensuring the security of our systems

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Consent: When you provide explicit consent for marketing communications or cookie usage
• Contract: When processing is necessary to provide our services to you
• Legitimate Interests: For business operations, website improvement, and security
• Legal Obligation: When required by law, such as for tax or regulatory compliance

Data Sharing and Disclosure

We do not sell your personal data to third parties. We may share your information in the following circumstances:

• With trusted service providers who assist in delivering our services
• With analytics and advertising platforms (Google Analytics, Google Ads) subject to your consent
• When required by law or to protect our legal rights
• In connection with a business transfer or acquisition (with appropriate safeguards)

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with our legal obligations. Our data retention periods are as follows:

• Contact enquiries: 3 years from last contact
• Customer data: 7 years after service completion (for tax and legal compliance)
• Marketing data: Until consent is withdrawn or 3 years of inactivity
• Website analytics: 26 months (Google Analytics default)
• Security logs: 12 months

Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for marketing purposes
• Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

To exercise any of these rights, please contact us at privacy@crystalpeak.top or +357 26317974.

International Data Transfers

As we operate within the EU, your personal data is primarily processed within the European Economic Area (EEA). When we use third-party services that may transfer data outside the EEA (such as Google services), we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions recognising equivalent data protection standards
• Appropriate technical and organisational measures to protect your data

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and staff training on data protection
• Secure hosting and backup procedures
• Incident response procedures for data breaches

Children's Privacy

Our services are not directed at children under the age of 16, and we do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and updating the "last updated" date. We encourage you to review this policy periodically.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please reach out to us:

Supervisory Authority

You have the right to lodge a complaint with the relevant supervisory authority if you believe we have not handled your personal data in accordance with applicable data protection laws. In Cyprus, the supervisory authority is the Commissioner for Personal Data Protection.