Privacy

Privacy Policy

Introduction

Krostilar Engineering Ltd ("we," "us," "our," or "Company") is committed to protecting your privacy and ensuring you have a positive experience on our website and when dealing with our business. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our website or services. Your use of our website and services signifies your acknowledgement of this Privacy Policy.

1. Information We Collect

We may collect information about you in a variety of ways. The information we may collect on the site includes:

1.1 Information You Voluntarily Provide

  • Contact Information: When you fill out contact forms, request quotes, or inquire about our services, we collect your name, email address, telephone number, company name, and any other information you choose to provide.
  • Communication Data: When you send us emails or messages, we retain copies of your correspondence, attachments, and any information contained therein.
  • Account Information: If you create an account with us, we collect username, password, and profile information you provide.
  • Transaction Data: We collect information related to purchases, invoices, payment details (processed securely through third-party payment processors), and delivery addresses.
  • Support Information: When you contact our customer support team, we collect details about your inquiry, issue, and our responses.

1.2 Information Collected Automatically

  • Device Information: We collect information about your device, including device type, operating system, browser type, and unique device identifiers.
  • Usage Data: We collect information about how you interact with our website, including pages visited, time spent on pages, links clicked, and referral sources.
  • Location Data: We may collect general location information based on IP address to provide localized services and understand geographic traffic patterns.
  • Cookies and Tracking Technologies: We use cookies, web beacons, pixels, and similar tracking technologies to enhance your experience and analyze website performance.

2. Legal Basis for Processing

Under UK GDPR and Data Protection Act 2018, we process your personal data on the following legal bases:

  • Contractual Necessity: Processing necessary to perform our contract with you or take steps at your request before entering into a contract.
  • Legal Obligation: Processing necessary to comply with legal obligations under UK and EU law.
  • Legitimate Interests: Processing necessary for legitimate interests pursued by us or third parties, provided your interests do not override these.
  • Consent: Where you have explicitly consented to specific processing activities, such as marketing communications.

3. How We Use Your Information

We use the information we collect in various ways, including:

  • To provide, operate, and maintain our website and services;
  • To process transactions and send related information;
  • To respond to your inquiries, comments, and questions;
  • To send promotional communications, newsletters, and marketing materials (with your consent);
  • To improve our website, products, and services;
  • To monitor and analyze trends, usage, and activities for security purposes;
  • To personalize your experience and deliver targeted content;
  • To comply with legal obligations and enforce our terms and conditions;
  • To prevent fraudulent transactions and protect against abuse;
  • To facilitate technical support and customer service.

4. Sharing Your Information

We may share your information in the following circumstances:

4.1 Third-Party Service Providers

We engage third-party service providers to perform services on our behalf, including:

  • Payment processors and financial institutions;
  • Cloud hosting and storage providers;
  • Email service providers and communication platforms;
  • Analytics and marketing service providers;
  • Shipping and logistics partners;
  • Customer relationship management (CRM) systems.

These service providers are contractually obligated to use your information only as necessary to provide services to us and are bound by confidentiality agreements.

4.2 Business Transfers

If we are involved in a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or proceeding, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

4.3 Legal Requirements

We may disclose your information if required to do so by law or if we believe in good faith that disclosure is necessary to:

  • Comply with applicable laws, regulations, or legal processes;
  • Enforce our Terms of Service and other agreements;
  • Protect the security or integrity of our services;
  • Protect the rights, privacy, safety, or property of Krostilar Engineering Ltd, our users, or the public.

4.4 Consent

We may share your information with third parties when you have given explicit consent or requested such sharing.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law. Retention periods vary depending on the type of data and the purpose of processing:

  • Contact Information: Retained for the duration of our business relationship plus 3 years for tax and accounting purposes.
  • Transaction Data: Retained for 6 years in accordance with UK tax regulations.
  • Website Usage Data: Typically retained for 12 months.
  • Marketing Communications: Retained until you unsubscribe or withdraw consent.
  • Support Records: Retained for 2 years after final interaction.

When information is no longer necessary, we will delete or anonymize it securely unless legal obligations require longer retention.

6. Your Rights Under UK GDPR

Under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, you have the following rights:

6.1 Right of Access

You have the right to request access to the personal data we hold about you. We will provide a copy of your data within 30 days of your request.

6.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data we hold about you.

6.3 Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, including when the data is no longer necessary for the original purpose or you withdraw consent.

6.4 Right to Restrict Processing

You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

6.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

6.6 Right to Object

You have the right to object to processing of your personal data for marketing purposes or based on legitimate interests. You can opt out of marketing communications at any time.

6.7 Rights Related to Automated Decision Making

You have the right not to be subject to automated decision-making (including profiling) that has a legal or similarly significant effect on you, except where necessary for contract performance or with explicit consent.

6.8 Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at the details provided below. We will respond to your request within 30 days.

7. Security of Your Information

We implement appropriate technical and organizational security measures designed to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of sensitive data in transit and at rest;
  • Secure password policies and authentication mechanisms;
  • Regular security audits and vulnerability assessments;
  • Access controls and user authentication;
  • Staff training on data protection and security;
  • Firewalls and intrusion detection systems;
  • Secure disposal of data when no longer needed.

However, no method of transmission over the internet is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security. You acknowledge and accept this risk.

8. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience and analyze how our website is used.

8.1 Types of Cookies

  • Essential Cookies: Necessary for website functionality, security, and basic operations.
  • Analytical Cookies: Help us understand how visitors use our website to improve performance.
  • Marketing Cookies: Allow us to deliver targeted advertisements and track campaign effectiveness.
  • Preference Cookies: Remember your preferences and settings for future visits.

8.2 Cookie Management

You can control cookies through your browser settings and opt out of certain tracking technologies. Most browsers allow you to refuse cookies or alert you when cookies are being sent. However, blocking cookies may affect website functionality. For more information about cookies, visit www.allaboutcookies.org.

We also comply with our separate Cookies Policy, which provides detailed information about our use of cookies and tracking technologies.

9. Third-Party Links

Our website may contain links to third-party websites, applications, and services that are not operated by us. This Privacy Policy does not apply to third-party websites, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party sites before providing your personal information.

10. International Data Transfers

Your personal data may be transferred to, stored in, and processed in countries other than the United Kingdom, including countries that may not have data protection laws equivalent to those in the UK. By using our website and services, you consent to the transfer of your information to countries outside the UK. We implement appropriate safeguards for international transfers, including Standard Contractual Clauses approved by relevant authorities.

11. Children's Privacy

Our website and services are not intended for children under 13 years of age, and we do not knowingly collect personal data from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete such information promptly. If you believe we have collected data from a child under 13, please contact us immediately.

12. California Consumer Privacy Act (CCPA)

If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA). These rights include the right to know, delete, and opt-out rights. We comply with CCPA requirements and will respond to requests within the timeframe specified by law.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by updating the "Last Updated" date and, when appropriate, by providing additional notice (such as adding a statement to our homepage or sending you an email notification). Your continued use of our website and services following the posting of revised Privacy Policy means you accept and agree to the changes.

14. Contact Us

If you have questions about this Privacy Policy, our privacy practices, or wish to exercise your rights, please contact us:

Krostilar Engineering Ltd
Unit 12, Westway Industrial Estate
London W3 7RU
United Kingdom
Email: info@krostilar.com
Phone: +44 20 8743 1188
VAT: GB482019573
Registration Number: 13420958

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to ensure compliance with UK GDPR. You can contact our DPO regarding data protection matters at info@krostilar.com with "DPO" in the subject line.

Supervisory Authority

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the independent UK authority for data protection:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
Website: www.ico.org.uk
Phone: 0303 123 1113

15. Definitions

Personal Data: Any information relating to an identified or identifiable natural person.

Processing: Any operation performed on personal data, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, transmission, or deletion.

Controller: The natural or legal person determining the purposes and means of processing personal data (Krostilar Engineering Ltd).

Processor: A natural or legal person processing personal data on behalf of the controller.

Data Subject: The individual to whom personal data relates.

Last Updated: January 2026

We use cookies Krostilar Engineering Ltd uses cookies to enhance your experience. Privacy · Cookies