Last updated: June 19, 2026
Our Commitment to GDPR Compliance
Crown Window Solutions is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This page provides specific information about how we comply with GDPR requirements.
Data Controller Information
For the purposes of GDPR, the data controller is:
Crown Window Solutions
42 Marketplace Street
Oxford, Oxfordshire OX1 3DZ
United Kingdom
Email: [email protected]
Lawful Basis for Processing
We process personal data only when we have a lawful basis to do so. The lawful bases we rely on include:
Consent
When you submit a service request or contact form, you provide explicit consent for us to process your personal data for the purposes of responding to your inquiry and providing requested services.
Contractual Necessity
Processing your personal data is necessary to perform our contractual obligations when you engage our services, including scheduling assessments, providing quotations, and completing installations.
Legitimate Interests
We may process your data based on our legitimate business interests, such as improving our services, maintaining business records, and ensuring the security of our website. We always balance these interests against your rights and freedoms.
Legal Obligation
We may process your data to comply with legal obligations, such as tax and accounting requirements, health and safety regulations, and responding to lawful requests from authorities.
Your Rights Under GDPR
GDPR grants you specific rights regarding your personal data. These rights include:
Right to Access
You have the right to request confirmation of whether we process your personal data and to obtain a copy of that data. We will provide this information free of charge within one month of your request.
Right to Rectification
If you believe that any personal data we hold about you is inaccurate or incomplete, you have the right to request correction. We will update the information promptly upon verification.
Right to Erasure
Under certain circumstances, you have the right to request deletion of your personal data. This applies when:
- The data is no longer necessary for the purposes it was collected
- You withdraw consent and there is no other legal basis for processing
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
- Erasure is required to comply with a legal obligation
Right to Restriction of Processing
You may request that we restrict processing of your personal data in specific situations, such as when you contest the accuracy of the data or object to processing.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller where technically feasible.
Right to Object
You have the right to object to processing of your personal data where we rely on legitimate interests as the legal basis. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
Right to Withdraw Consent
Where we process your data based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing conducted before withdrawal.
Right Not to Be Subject to Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.
How to Exercise Your Rights
To exercise any of your GDPR rights, please contact us at [email protected]. In your request, please:
- Clearly state which right you wish to exercise
- Provide sufficient information to identify yourself
- Specify what information you are requesting or what action you want us to take
We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of any such extension.
Data Security Measures
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
- Encryption of data in transit and at rest where appropriate
- Regular security assessments and updates
- Access controls limiting data access to authorized personnel only
- Staff training on data protection principles
- Secure backup and recovery procedures
Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach poses a high risk, we will also notify affected individuals without undue delay.
International Data Transfers
We do not routinely transfer personal data outside the United Kingdom or European Economic Area. If such transfers become necessary, we will ensure appropriate safeguards are in place as required by GDPR.
Data Protection Officer
While we are not required to appoint a Data Protection Officer under GDPR, questions about data protection may be directed to our management team at [email protected].
Children's Data
Our services are not directed at children under 16 years of age. We do not knowingly collect or process personal data from children. If you become aware that a child has provided us with personal data, please contact us immediately.
Complaints and Supervisory Authority
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
Telephone: 0303 123 1113
Website: www.ico.org.uk
Updates to This Information
We may update this GDPR information from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated revision date.
Contact Us
For any questions or concerns about GDPR compliance or your data protection rights, please contact us at [email protected].