top of page

Privacy Policy

Effective Date: 11th June 2026

CROSMO Ltd is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and protect any personal information you provide to us. We operate in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

What Information Do We Collect?

Depending on the nature of our services, we may collect, receive or process the following categories of personal data:

• Contact details, including names, email addresses, telephone numbers, postal addresses and job titles.

• Information provided through website enquiry forms, email correspondence, telephone conversations, meetings or consultations.

• Information supplied by Clients in connection with specific projects, which may include resident, employee, stakeholder or customer contact information.

• Survey responses, consultation feedback and travel behaviour information voluntarily provided by residents, employees, stakeholders or members of the public.

• Technical information generated through the use of our website, including information collected through essential website technologies.

We do not intentionally collect special category personal data unless it is necessary for a specific project and an appropriate lawful basis exists under UK GDPR.

How Do We Use Your Information?
 

We may use personal information to:

• Respond to enquiries and provide requested information.

• Prepare quotations and proposals for our services.

• Deliver, manage and monitor projects.

• Conduct surveys, engagement activities, consultations and monitoring exercises.

• Contact residents, employees, stakeholders or members of the public in connection with projects we undertake on behalf of our Clients.

• Maintain business records and contractual relationships.

• Comply with legal, regulatory and professional obligations.

 

Where we contact households using address information supplied by a Client, communications may be addressed generically (for example, "To The Occupier") and processed under the lawful basis of legitimate interests where appropriate.

Lawful Basis for Processing

 

Under UK GDPR, we process personal data under one or more of the following lawful bases:

• Consent – where individuals voluntarily provide information or agree to participate in surveys, consultations or other activities.

• Legitimate Interests – where processing is necessary for our business operations, delivery of our services, responding to enquiries, stakeholder engagement activities, or project-related communications, provided such interests do not override the rights and freedoms of individuals.

• Contract – where processing is necessary to perform a contract or take steps prior to entering into a contract.

• Legal Obligation – where processing is required to comply with applicable laws or regulatory requirements.

Data Controller and Data Processor Responsibilities

 

For information collected directly by CROSMO Ltd for the operation of our business, we act as the Data Controller.

For certain projects, we may process personal data on behalf of our Clients. In these circumstances, the Client remains the Data Controller and CROSMO Ltd acts as a Data Processor, processing personal data only in accordance with the Client's instructions and applicable UK GDPR.

 

How Is Your Information Stored?

Data provided directly to our business email account is stored within our email provider's system for the purposes of managing and responding to enquiries, maintaining Client relations and delivering our services. We take reasonable technical and organisational measures to protect your information from unauthorised access, disclosure, or misuse.

 

Website enquiry form submissions are processed through Wix and are sent directly to our business email account. Information may be temporarily stored within Wix’s secure systems for the purpose of managing and responding to enquiries.

 

Data Retention

We only retain personal information for as long as necessary to:

  • Respond to enquiries

  • Maintain business records

  • Meet legal, accounting, or regulatory requirements

 

If no business relationship develops, enquiry information may be deleted periodically.

What Are Your Rights?

 

Under UK data protection law, you have rights including:

  • The right to access your personal data

  • The right to request correction of inaccurate data

  • The right to request deletion of your data

  • The right to object to processing

  • The right to lodge a complaint with the UK Information Commissioner’s Office (ICO)

 

You can learn more at the Information Commissioner’s Office (ICO).

 

Cookies

This website may use essential cookies required for website functionality.

If analytics or additional cookies are used in future, this policy will be updated accordingly.

 

Third-Party Services

 

Our website may be hosted or operated using third-party platforms such as Wix, which may process technical website data in accordance with their own privacy policies. Third-party providers may store or process data outside the United Kingdom where appropriate safeguards are in place in accordance with applicable data protection laws.

We may share personal data with trusted third-party service providers where necessary to operate our business and deliver our services. Such providers process personal data only on our instructions, are subject to appropriate confidentiality obligations, and are required to implement appropriate security measures.

 

Changes to This Policy

 

We may update this Privacy Policy from time to time. Any updates will be posted on this page with a revised effective date.

Contact Us

If you have any questions regarding this Privacy Policy or your personal data, please contact us via the details provided on this website.

bottom of page