Kromek Privacy Policy

Kromek Privacy Policy

Our websites are brought to you by Kromek Ltd of Netpark, Thomas Wright Way, Sedgefield, County Durham, TS21 3FD (we, our, us).

We are the data controller and we are committed to being transparent about how we handle your personal information, protect the privacy and security of your personal information, and meeting our data protection obligations under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

This notice explains how we collect, store and use your personal data when you visit our websites and when you interact with us. It also describes the types of data we collect, how we use this data to ensure we provide relevant and timely services to you, and your rights to control our use of that data.

Changes to this privacy policy
We reserve the right to update or amend this privacy policy at any time, including where we intend to further process your personal information for a purpose other than that for which the personal information was collected or where we intend to process new types of personal information. We will issue you with a new privacy policy when we make significant updates or amendments. We may also notify you about the processing of your personal information in other ways.

Data protection principles
We collect, use and process a range of personal information about our customers and other interested parties, e.g. distributors, prospective customers, etc.

Under the GDPR, there are six data protection principles that we comply with. These provide that the personal information we hold about you is:

  1. Processed lawfully, fairly and in a transparent manner.
  2. Collected only for specified, explicit and legitimate purposes that have been clearly explained to you and not further processed in a way that is incompatible with those purposes.
  3. Adequate, relevant and limited to what is necessary in relation to those purposes.
  4. Accurate and, where necessary, kept up to date.
  5. Kept in a form which permits your identification for no longer than is necessary for those purposes.
  6. Processed in a way that ensures appropriate security of the data.

We are processing your information under the GDPR basis of legal obligation, performance of a contract (for customers and distributors and partners) and legitimate business interest (for website visitors and other enquiries). The purposes for which we are processing, or will process, your personal information are to:

  • Enable us to maintain accurate and up-to-date user, prospective customer (obtained from sales enquiries) and other interested parties details (including details of whom to contact in the event of an emergency).
  • Where you are an existing customer, to comply with statutory and/or regulatory requirements and obligations, e.g. sending you service messages informing you of product updates and changes.
  • Keep you informed through various marketing communications that you have consented to receive.
  • Administer the contracts you have entered into with us.
  • Please note that we may process your personal information without your consent, in compliance with these rules, but only where this is required or permitted by law.

Your personal information
Collecting very specific, relevant information is a necessary part of being able to provide you with the products and services you are interested in or are purchasing and to ensure a better user experience on our websites.

We will only use your personal information according to the principles set out in the GDPR. Essentially, we hold your data securely, and will never do anything with it that could be considered irresponsible.

By visiting our websites and in providing any data about yourself to us, you are confirming that you have read, understood and agree to our policies and practices. If you are at all uncertain about any aspect of our policies and practices, please contact us and refrain from using this and our other websites.

Visitors to our websites
We collect certain information or data about you when you use our websites.

This includes:

  • Questions, queries, downloads and feedback you leave, including your email address if you add it.
  • Anonymised information about how you arrived at our website, details about your web browser, IP address, and information about the systems you are using to access the website.
  • Clickstream data, which is information on how you use our website, using cookies, page tagging and tracking techniques.

This helps us to:

  • Improve our website and marketing and other communications by monitoring how you use it and respond to any feedback you send us (if you’ve asked us to).

We use several third-party products to collect website activity information (Google Analytics, SEMRush and Hotjar). This is a common way for websites to discover how visitors are using the site. Unless you voluntarily submit personal information to us (for example, by sending us an e-mail, downloading material or completing the contact form), we can’t personally identify you using this data.

You can update your cookie preferences for our website at this link: here

Marketing communication and database
We use a customer relationship management software (Gold-Vision CRM and Gold-Vision Connect) to hold the details of Kromek contacts and to deliver most of our marketing communications (we also use MailChimp). We gather statistics around email opening and clicks in order to improve our communication. All our marketing communication features an appropriate and easy way for you to opt out of receiving further communications of that type.

Security and performance
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. However, the transmission of information via the internet is not completely secure. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Social media contacts
We use Sprout Social provider to manage our social media interactions.
If you send us a private or direct message via social media the message will be stored by by this third party. It will not be shared with any other organisations.

Links to other websites
Our sites may, from time to time, contain links to and from other websites, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Change of purpose
We will only use your personal information for the purposes for which we collected it. If we need to use your information for a purpose other than that for which it was collected, we will provide you, prior to that further processing, with information about the new purpose.

Who has access to your personal information?
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006.

We may share your information with selected third parties including:

  • business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you; and
  • analytics and search engine providers that assist us in the improvement and optimisation of our websites.

We may disclose your personal information to third parties:

  • in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
  • if all, or substantially all, of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets; and
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation and other agreements; or to protect the rights, property, or safety of our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

How do we protect your personal information?
We have put in place measures to protect the security of your personal information. We have internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know in order to perform their job duties and responsibilities. Where your personal information is shared with third-party service providers (e.g distributors) we require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law.

Data breach
The Company also has in place procedures to deal with any suspected data security breach and we will notify the Information Commissioner’s Office (or any other applicable supervisory authority or regulator) and you of a suspected breach where we are required to do so.

How long do we keep your personal information?
The Company will only retain your personal information for as long as is necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, tax, health and safety, reporting or accounting requirements.

Marketing information from clients and other interested parties is kept for five-years from the date it was collected, at which time the contact is asked if they would like their details retained for a further five-years. Personal information which is no longer to be retained will be securely and effectively destroyed or permanently erased.

Your Rights
You can:

  • Request access to your personal information – this is usually known as making a data subject access request and it enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request rectification of your personal information – this enables you to have any inaccurate or incomplete personal information we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request the erasure of your personal information – this enables you to ask us to delete or remove your personal information where there’s no compelling reason for its continued processing, e.g. it’s no longer necessary in relation to the purpose for which it was originally collected.
  • Request restriction of processing of your personal data – this enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Object to processing of your personal data – where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Data portability – this gives you the right to request the transfer of your personal information to another party so that you can reuse it across different services for your own purposes.
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
  • Complain. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
    If you wish to exercise any of these rights, please contact

We may need to request specific information from you in order to verify your identity and check your right to access the personal information or to exercise any of your other rights. This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.

If you have any questions about this privacy policy or how we handle your personal information, please contact:

Data Protection Team
Thomas Wright Way
County Durham
TS21 3FD
+44 (0) 1740 626060