Please read 'we', 'us' or 'our' to mean 'Completely Crystals®' throughout this document and 'you', 'yours' or 'their' refers to you yourself as the customer.
Please note: We do not store credit card details nor do we share customer details with any 3rd parties.
Data Transfer / Security
1. Any sensitive data transferred between our customers and ourselves uses encrypted 256-bit TLS1.2 (which succeeds SSL3.0) technology. Therefore, you can always be sure of the best security with us online.
1.1 A secure link is established when users login to their user account.
1.2 Your web-browser will display the padlock symbol when your connection is secure.
1.3 You should always have a secure connection when going through the checkout as either a guest or a member.
1.4 Our company's online secure payments structure has passed the relevant industry standard PCI DSS compliance testing in accordance with the Official PCI Security Standards Council.
2. Online payments are made through the PayPal™ or WorldPay™ secure-payment systems.
2.1 Once you have made your orders and been through our checkout system you can choose to be redirected to an official PayPal/WordPay site where they will process the payment for us.
2.2 If you do not have a PayPal/WorldPay account then payments can also be made to us by using a credit or debit card via the WordPay payment gateway. There is also an option to do this via PayPal.
2.3 We have a system to take your card details on our site (in conjunction with WorldPay) so that you do not have to redirect to a payment gateway. We will not be storing any of your card details on our site. Any data transferred is securely encrypted.
3. Names and address are stored in a physically secure, password protected server (in the UK) when you create an account with us. When sending and receiving your information it is always encrypted using TLS1.2 (which succeeds SSL3.0) technology.
3.1 Accounts can be created or deleted at anytime should you so wish to do so.
3.2 There is no charge for creating an account with us.
3.3 You must have an account in order to receive and use Reward Points for money off your next purchase and also to take advantage of exclusive coupon codes. Your can also track your order history, initiate returns and keep a wish list with an account.
3.4 Should you wish to cancel/close your account, please contact us and we can do this for you.
3.5 Your information is only used for simple account order processing and if we need to contact you.
3.6 We do not share any of your account information with third parties apart from shipping companies soley for the purpose of dispatching your order to your given shipping address.
3.7 We store basic account information for people who order via eBay. You have the right to view/amend or delete this data.
3.8 You may choose whether or not to receive a newsletter.
4. Any data that is kept by us is subject to the relevant Data Protection Act laws.
4.1 None of your details will ever be passed on or revealed to a third party for marketing purposes by us.
4.2 We make every effort to make sure that your information is kept securely.
4.3 You have the right to check the data we hold about you by logging into your account online and you may at any time request an alteration or deletion of data held by us. You may also cancel your account with us at any time.
Active Data Analysis and Monitoring
5. We actively monitor customer usage statistics of our website usage for our own statistical purposes by using Google Analytics.
5.1 Google Analytics does not provide us with any information which could personally identify any particular user of our site to us.
6.1 Tracking data is used for simple basic functionality of the site; for example:- in order to help a member to log into their account (https://completelycrystals.com cookies) and for tracking visitor statistics (google.com cookies).
6.2 We may track visitor statistics using Google Analytics for re-marketing purposes (shown as double-click.com on your cookie list).
6.3 Tracking can be disabled with Ads preference manager from Google or with the Opt-out tool also from Google. This data will be used for display advertising purposes.
Last updated 23/05/2018.
Our Company Information Security Policy
The Company handles sensitive cardholder information daily. Sensitive Information must have adequate safeguards in place to protect the cardholder data, cardholder privacy, and to ensure compliance with various regulations, along with guarding the future of the organisation.
The Company commits to respecting the privacy of all its customers and to protecting any customer data from outside parties. To this end management are committed to maintaining a secure environment in which to process cardholder information so that we can meet these promises.
Employees handling sensitive cardholder data should ensure:
- Handle Company and cardholder information in a manner that fits with their sensitivity and classification;
- Limit personal use of the Company information and telecommunication systems and ensure it doesn’t interfere with your job performance;
- The Company reserves the right to monitor, access, review, audit, copy, store, or delete any electronic communications, equipment, systems and network traffic for any purpose;
- Do not use e-mail, internet and other Company resources to engage in any action that is offensive, threatening, discriminatory, defamatory, slanderous, pornographic, obscene, harassing or illegal;
- Do not disclose personnel information unless authorised;
- Protect sensitive cardholder information;
- Keep passwords and accounts secure;
- Request approval from management prior to establishing any new software or hardware, third party connections, etc.;
- Do not install unauthorised software or hardware, including modems and wireless access unless you have explicit management approval;
- Always leave desks clear of sensitive cardholder data and lock computer screens when unattended;
- Information security incidents must be reported, without delay, to the individual responsible for incident response locally – Please find out who this is.
We each have a responsibility for ensuring our company’s systems and data are protected from unauthorised access and improper use. If you are unclear about any of the policies detailed herein you should seek advice and guidance from your line manager.