top of page

Cookie
Policy

This Privacy Policy is effective from the 29th day of JULY 2025


Data Controller:
Crear Publishing Ltd


Data Subjects:
Website users and visitors


Data Controller Information


(1)    Data Controller: Crear Publishing Ltd, a company incorporated in England and Wales with registered office at 11 Elderberry Close, School Aycliffe, Newton Aycliffe, England, DL5 6GU, company registration number 14571634 ("Company", "we", "us", or "our").
(2)    Data Subjects: Individuals who visit, access, or use the Company's website and whose personal data is collected and processed in accordance with this Privacy Policy ("you", "your", or "users").


Introduction and Overview
   
(A)    Crear Publishing Ltd is a small UK-based company operating within the Other sector with 1-3 employees, engaged in various business activities through its website.
(B)    The Company operates a website that targets users globally and collects, processes, and stores personal data from website visitors and users in the course of its business operations.
(C)    The Company is committed to protecting the privacy and personal data of all individuals who interact with its website, regardless of their geographical location.
(D)    This Privacy Policy is implemented to ensure compliance with the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and other applicable international data protection laws and regulations.
(E)    The Company processes personal data for various legitimate business purposes including website functionality, customer communications, marketing activities, and service provision.
(F)    This Privacy Policy sets out the types of personal data collected, the lawful basis for processing, data retention periods, security measures, and the rights available to data subjects under applicable data protection legislation.
(G)    The Company recognizes its obligations as a data controller and is committed to transparent data processing practices in accordance with the principles of data protection by design and by default.


1.    Types of Personal Data Collected


1.1.    Company, we, us, or our means Crear Publishing Ltd, a company incorporated in England and Wales.
1.2.    Consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which they signify agreement to the processing of personal data relating to them.
1.3.    Cookies means small text files that are placed on your computer or mobile device when you visit our website to track and store information about your visit.
1.4.    Data Protection Laws means all applicable data protection and privacy laws including the General Data Protection Regulation, the Data Protection Act 2018, and any successor legislation.
1.5.    Data Subject means an identified or identifiable natural person whose personal data is processed by the Company.
1.6.    EEA means the European Economic Area.
1.7.    GDPR means Regulation (EU) 2016/679, the General Data Protection Regulation.
1.8.    ICO means the Information Commissioner's Office, the UK's independent data protection regulator.
1.9.    Lawful Basis means the legal ground under Data Protection Laws that permits the processing of personal data.
1.10.    Legitimate Interest means the lawful basis for processing personal data where it is necessary for the purposes of our legitimate interests, except where overridden by the interests or fundamental rights and freedoms of the data subject.
1.11.    Personal Data means any information relating to an identified or identifiable natural person.
1.12.    Processing means any operation performed on personal data including collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, transmission, dissemination, restriction, erasure or destruction.
1.13.    Retention Period means the length of time for which personal data will be stored before deletion or anonymisation.
1.14.    Special Categories of Personal Data means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation.
1.15.    Third Party means any natural or legal person, public authority, agency or body other than the data subject, the Company, and persons authorised to process personal data under the direct authority of the Company.
1.16.    Website means the K.L. Crear's website accessible at www.klcrear.com
1.17.    You, your, or user means any individual who visits, accesses, or uses the Website.


2.    Lawful Basis for Processing
   
2.1.    The Company processes Personal Data only where it has a valid Lawful Basis under applicable Data Protection Laws, including Article 6 of the GDPR.
2.2.    Consent: The Company processes Personal Data based on Consent where You have freely given, specific, informed and unambiguous indication of Your wishes by a statement or clear affirmative action signifying agreement to the Processing of Personal Data relating to You.
(a)    Consent is used as the Lawful Basis for marketing communications, newsletter subscriptions, and non-essential Cookies.
(b)    You may withdraw Your Consent at any time by contacting the Company or using the unsubscribe mechanisms provided.
2.3.    Contract: The Company processes Personal Data where Processing is necessary for the performance of a contract to which You are party or to take steps at Your request prior to entering into a contract.
(a)    This Lawful Basis applies to customer account management, order processing, service delivery, and customer support activities.
2.4.    Legitimate Interest: The Company processes Personal Data where Processing is necessary for the purposes of Legitimate Interests pursued by the Company, except where such interests are overridden by Your fundamental rights and freedoms.
(a)    Legitimate Interest is used for Website analytics, fraud prevention, network security, improving Website functionality, and direct marketing to existing customers.
(b)    The Company has conducted balancing tests to ensure that Your rights and interests do not override the Company's Legitimate Interests.
2.5.    Legal Obligation: The Company processes Personal Data where Processing is necessary for compliance with legal obligations to which the Company is subject under applicable laws.
(a)    This includes tax record keeping, regulatory compliance, and responding to lawful requests from authorities.
2.6.    For Special Categories of Personal Data, the Company will only process such data where an additional condition under Article 9 of the GDPR is met, alongside a Lawful Basis under Article 6.
3.    Purposes of Data Processing
3.1.    Website Operation and Functionality: We Process Personal Data to provide, maintain, and improve our Website's functionality, including enabling user navigation, delivering content, processing forms, and ensuring proper technical operation of our services.
3.2.    Customer Service and Communications: We Process Personal Data to respond to enquiries, provide customer support, handle feedback and complaints, and maintain records of our communications with You for quality assurance and training purposes.
3.3.    Marketing and Promotional Activities: We Process Personal Data to send newsletters, promotional materials, marketing communications, and information about our products and services, subject to obtaining appropriate Consent where required by applicable Data Protection Laws.
3.4.    Analytics and Website Improvement: We Process Personal Data to analyse Website usage patterns, user behaviour, and performance metrics to enhance user experience, optimize content delivery, and improve our services and Website functionality.
3.5.    Legal Compliance and Protection: We Process Personal Data to comply with legal obligations, respond to lawful requests from public authorities, protect our legal rights and interests, prevent fraud, and ensure compliance with applicable laws and regulations.
3.6.    Security and Safety: We Process Personal Data to maintain the security and integrity of our Website and systems, detect and prevent unauthorized access, protect against cyber threats, and ensure the safety of our users and business operations.
3.7.    Business Administration: We Process Personal Data for internal administrative purposes including record keeping, financial management, business planning, and operational efficiency.
3.8.    Contract Performance: Where You enter into any agreement with us, we Process Personal Data as necessary for the performance of such contract and to fulfil our obligations thereunder.


4.    Cookies and Tracking Technologies


4.1.    The Website uses Cookies and similar tracking technologies to enhance user experience, analyse website performance, and deliver personalized content and advertisements.
4.2.    Essential Cookies: The Company uses strictly necessary Cookies that are essential for the Website to function properly, including:
(a)    session management and user authentication;
(b)    security features and fraud prevention;
(c)    load balancing and website functionality; and
(d)    remembering user preferences and settings.
4.3.    Analytics Cookies: The Company deploys analytics Cookies to collect information about how visitors use the Website, including:
(a)    pages visited and time spent on each page;
(b)    traffic sources and user navigation patterns;
(c)    device and browser information; and
(d)    website performance and error reporting.
4.4.    Marketing and Advertising Cookies: Subject to Your Consent, the Company may use marketing Cookies to:
(a)    deliver targeted advertisements based on Your interests;
(b)    measure the effectiveness of marketing campaigns;
(c)    provide personalized content and recommendations; and
(d)    facilitate social media sharing and integration.
4.5.    Third Party Cookies: The Website may contain Third Party Cookies from service providers including:
(a)    Google Analytics for website traffic analysis;
(b)    social media platforms for content sharing;
(c)    advertising networks for targeted marketing; and
(d)    payment processors for transaction processing.
4.6.    Cookie Consent Management: The Company provides a cookie consent banner that allows You to:
(a)    accept or reject non-essential Cookies;
(b)    customize Your cookie preferences by category;
(c)    withdraw previously given Consent at any time; and
(d)    access detailed information about each cookie category.
4.7.    Managing Cookie Settings: You may control Cookies through:
(a)    the cookie preference centre available on the Website;
(b)    Your browser settings to block or delete Cookies;
(c)    third-party opt-out tools provided by advertising networks; and
(d)    device-level privacy settings for mobile applications.
4.8.    Impact of Disabling Cookies: Disabling certain Cookies may result in:
(a)    reduced Website functionality and user experience;
(b)    inability to access certain features or services;
(c)    requirement to re-enter information on subsequent visits; and
(d)    less relevant advertising and content personalization.
4.9.    Cookie Retention: Cookies are retained for varying periods depending on their type:
(a)    session Cookies are deleted when You close Your browser;
(b)    persistent Cookies remain until their expiration date or manual deletion;
(c)    analytics Cookies are typically retained for up to 26 months; and
(d)    marketing Cookies are retained for periods ranging from 30 days to 2 years.
4.10.    The Company regularly reviews and updates its cookie practices and will notify You of any material changes through the Website or direct communication where appropriate.


5.    Data Storage and Security Measures


5.1.    The Company implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk of Processing Personal Data, taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of Processing.
5.2.    Data Storage Location: Personal Data is primarily stored on secure servers located within the United Kingdom and the European Economic Area, with appropriate safeguards in place for any data stored outside these jurisdictions.
5.3.    Technical Security Measures: The Company employs the following technical security measures:
(a)    Encryption of Personal Data both in transit and at rest using industry-standard encryption protocols;
(b)    Secure Socket Layer (SSL) certificates for all data transmission via the Website;
(c)    Regular software updates and security patches for all systems handling Personal Data;
(d)    Firewalls and intrusion detection systems to prevent unauthorised access;
(e)    Regular automated backups of Personal Data with secure storage of backup copies.
5.4.    Organisational Security Measures: The Company maintains organisational safeguards including:
(a)    Access controls ensuring that only authorised personnel can access Personal Data on a need-to-know basis;
(b)    Regular training of staff on data protection requirements and security procedures;
(c)    Confidentiality agreements for all employees and contractors with access to Personal Data;
(d)    Regular review and assessment of security measures and data protection practices.
5.5.    Access Control: Access to Personal Data is restricted to authorised Company personnel whose roles require such access for legitimate business purposes, with individual user accounts and strong password requirements.
5.6.    Data Breach Response: In the event of a suspected or actual data breach, the Company will:
(a)    Investigate and contain the breach promptly;
(b)    Notify the ICO within 72 hours where required by Data Protection Laws;
(c)    Inform affected Data Subjects without undue delay where the breach is likely to result in high risk to their rights and freedoms;
(d)    Document all data breaches and remedial actions taken.
5.7.    The Company regularly reviews and updates its security measures to ensure they remain effective against evolving threats and comply with current Data Protection Laws and industry best practices.
5.8.    While the Company takes all reasonable precautions to protect Personal Data, no method of transmission over the internet or electronic storage is completely secure, and the Company cannot guarantee absolute security.


6.    Data Retention Periods


6.1.    The Company retains Personal Data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements.
6.2.    Marketing and Communications Data: Personal Data collected for marketing purposes, including email addresses and Consent records, will be retained for a maximum period of 2 years from the date of last engagement or until Consent is withdrawn, whichever occurs first.
6.3.    Account and Customer Data: Personal Data relating to customer accounts and service provision will be retained for the duration of the customer relationship plus 6 years following termination to comply with statutory limitation periods and tax obligations.
6.4.    Website Analytics Data: Technical data including IP addresses, Cookies, and usage statistics will be retained for a maximum period of 26 months from the date of collection.
6.5.    Correspondence and Enquiry Data: Personal Data contained in general enquiries, support requests, and correspondence will be retained for 3 years from the date of last communication.
6.6.    Legal Compliance: Notwithstanding the above periods, the Company may retain Personal Data for longer periods where required by Data Protection Laws, court orders, legal proceedings, or legitimate regulatory requirements.
6.7.    Automated Deletion: The Company implements automated systems where technically feasible to ensure Personal Data is deleted or anonymized upon expiry of the applicable Retention Period.
6.8.    Manual Review: Personal Data not subject to automated deletion processes will be reviewed annually and deleted or anonymized when no longer required for the stated purposes.
6.9.    Early Deletion: Data Subjects may request earlier deletion of their Personal Data by exercising their right of erasure, subject to the Company's legal obligations and Legitimate Interests.


7.    Third-Party Data Sharing


7.1.    The Company may share Your Personal Data with Third Parties only in the circumstances set out in this section and in accordance with applicable Data Protection Laws.
7.2.    Service Providers and Business Partners
(a)    We may share Personal Data with Third Party service providers who assist us in operating our Website, conducting our business, or providing services to You, including but not limited to:
(b)    Website hosting and maintenance providers;
(c)    Email marketing and communication platforms;
(d)    Payment processing services;
(e)    Analytics and website performance monitoring services;
(f)    Customer support and helpdesk services;
(g)    Professional advisors including legal, accounting, and consulting services.
7.3.    Data Processing Agreements
(a)    All Third Party service providers are bound by written data processing agreements that require them to process Personal Data only on our instructions and in compliance with applicable Data Protection Laws.
(b)    These agreements include appropriate technical and organisational security measures to protect Your Personal Data.
7.4.    Legal and Regulatory Requirements
(a)    We may disclose Personal Data where required by law, court order, or regulatory authority.
(b)    We may share Personal Data to protect our rights, property, or safety, or that of our users or others, including fraud prevention and debt collection.
7.5.    Business Transfers
(a)    In the event of a merger, acquisition, sale of assets, or similar business transaction, Personal Data may be transferred to the acquiring entity, subject to the same privacy protections outlined in this Privacy Policy.
7.6.    Marketing Partners
(a)    With Your explicit Consent, we may share certain Personal Data with selected marketing partners for promotional purposes.
(b)    You may withdraw this Consent at any time by contacting us using the details provided in section 12.
7.7.    Data Sale Prohibition
(a)    The Company does not sell, rent, or lease Personal Data to Third Parties for commercial purposes.
7.8.    Your Rights Regarding Third Party Sharing
(a)    You have the right to object to the sharing of Your Personal Data with Third Parties where our Lawful Basis is Legitimate Interest.
(b)    You may request information about the specific Third Parties with whom Your Personal Data has been shared by contacting us.


8.    International Data Transfers
   
8.1.    The Company may transfer Your Personal Data to countries outside the European Economic Area (EEA), including but not limited to the United States, for the purposes of website hosting, data analytics, customer support services, and other business operations.
8.2.    Where Personal Data is transferred to countries that do not have an adequacy decision from the European Commission, the Company ensures appropriate safeguards are in place by implementing one or more of the following measures:
(a)    Standard Contractual Clauses approved by the European Commission;
(b)    Binding Corporate Rules where the recipient is part of a group of undertakings with approved rules;
(c)    Certification schemes or codes of conduct together with binding enforceable commitments;
(d)    Other legally recognised transfer mechanisms under applicable Data Protection Laws.
8.3.    The Company conducts transfer impact assessments where required and implements additional technical and organisational measures to ensure the level of protection of Personal Data is not undermined by the international transfer.
8.4.    You have the right to request information about the safeguards in place for any international transfer of Your Personal Data and to obtain a copy of such safeguards where feasible.
8.5.    In circumstances where transfers are based on Your Consent, You have the right to withdraw such Consent at any time, though this will not affect the lawfulness of Processing based on Consent before its withdrawal.
8.6.    The Company will notify You of any material changes to international transfer arrangements that may affect Your Personal Data and Your rights in relation to such transfers.


9.    Individual Rights Under GDPR
   
9.1.    Right to be Informed: You have the right to be informed about the collection and use of Your Personal Data. This Privacy Policy provides You with information about how the Company processes Your Personal Data and Your rights in relation to that Processing.
9.2.    Right of Access: You have the right to obtain confirmation as to whether or not Personal Data concerning You is being processed, and where that is the case, access to Your Personal Data and information about how it is processed.
9.3.    Right to Rectification: You have the right to have inaccurate Personal Data rectified and incomplete Personal Data completed without undue delay.
9.4.    Right to Erasure: You have the right to obtain erasure of Your Personal Data without undue delay where:
(a)    the Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
(b)    You withdraw Your Consent and there is no other Lawful Basis for Processing;
(c)    You object to Processing and there are no overriding legitimate grounds for the Processing;
(d)    the Personal Data has been unlawfully processed; or
(e)    erasure is required for compliance with a legal obligation.
9.5.    Right to Restrict Processing: You have the right to obtain restriction of Processing where:
(a)    You contest the accuracy of the Personal Data;
(b)    the Processing is unlawful and You oppose erasure and request restriction instead;
(c)    the Company no longer needs the Personal Data but You require it for legal claims; or
(d)    You have objected to Processing pending verification of legitimate grounds.
9.6.    Right to Data Portability: Where Processing is based on Consent or contract and carried out by automated means, You have the right to receive Your Personal Data in a structured, commonly used and machine-readable format and to transmit that data to another controller.
9.7.    Right to Object: You have the right to object to Processing of Your Personal Data where:
(a)    Processing is based on Legitimate Interest or performance of a public interest task;
(b)    Personal Data is processed for direct marketing purposes; or
(c)    Personal Data is processed for scientific, historical research or statistical purposes.
9.8.    Rights Related to Automated Decision Making: You have the right not to be subject to automated decision-making, including profiling, which produces legal effects concerning You or similarly significantly affects You, except where such decision-making is necessary for contract performance, authorized by law, or based on Your explicit Consent.
9.9.    Exercising Your Rights: To exercise any of these rights, You may contact the Company using the contact details provided in this Privacy Policy. The Company will respond to Your request within one month of receipt, which may be extended by two months where necessary.
9.10.    Verification: The Company may request additional information to verify Your identity before responding to requests concerning Your Personal Data.
9.11.    Fees: No fee will normally be charged for exercising Your rights, however the Company may charge a reasonable fee for manifestly unfounded or excessive requests.
9.12.    Right to Complain: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of Your habitual residence, place of work, or place of alleged infringement. In the UK, the relevant supervisory authority is the ICO.


10.    Data Protection Contact Information


10.1.    If You have any questions, concerns, or requests regarding this Privacy Policy or the Company's processing of Your Personal Data, You may contact the Company using the following details:
(a)    Email: contact@crearpublishing.com
(b)    Postal Address: Crear Publishing Ltd, 11 Elderberry Close, School Aycliffe, Newton Aycliffe, England, DL5 6GU
10.2.    The Company will respond to all data protection inquiries and requests within one month of receipt, or such longer period as permitted under applicable Data Protection Laws.
10.3.    If You wish to make a complaint about how the Company processes Your Personal Data, You may contact the Company directly using the contact details set out in clause 10.1 above.
10.4.    You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection matters, if You are not satisfied with the Company's response or believe the Company has breached Data Protection Laws.
10.5.    The ICO can be contacted as follows:
(a)    Website: www.ico.org.uk
(b)    Telephone: 0303 123 1113
(c)    Postal Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
10.6.    If You are located outside the UK, You may also have the right to lodge a complaint with the supervisory authority in Your country of residence.


11.    Changes to Privacy Policy
   
11.1.    The Company reserves the right to update, modify, or replace this Privacy Policy at any time at its sole discretion to reflect changes in business practices, legal requirements, or technological developments.
11.2.    The Company will provide reasonable notice of any material changes to this Privacy Policy through one or more of the following methods:
(a)    posting a prominent notice on the Website;
(b)    sending notification by email to registered users where email addresses are available;
(c)    updating the "last updated" date at the top of this Privacy Policy.
11.3.    Material changes include but are not limited to:
(a)    changes to the types of Personal Data collected;
(b)    significant changes to the purposes for which Personal Data is processed;
(c)    changes to Third Party data sharing practices;
(d)    substantial modifications to Data Subject rights or procedures for exercising such rights.
11.4.    For non-material changes, including administrative updates, corrections, or clarifications, the Company may update this Privacy Policy without prior notice by revising the "last updated" date.
11.5.    All changes to this Privacy Policy will take effect immediately upon posting the revised Privacy Policy on the Website, unless otherwise specified in the notice of change.
11.6.    Your continued use of the Website following the posting of changes constitutes acceptance of those changes and agreement to be bound by the updated Privacy Policy.
11.7.    If You do not agree to any changes made to this Privacy Policy, You must discontinue use of the Website and may exercise Your rights under Data Protection Laws, including the right to withdraw Consent where applicable.
11.8.    The Company will maintain records of previous versions of this Privacy Policy for a reasonable period to demonstrate compliance with Data Protection Laws.


The current version of this Privacy Policy will always be available on the Website and supersedes all previous versions. This Privacy Policy has been approved and adopted by Crear Publishing Ltd on 29/07/2025 and shall take effect immediately upon publication on the Website.


Crear Publishing Ltd
By:
Name: Ryan Crear
Title: Director
Date: 29/07/2025

bottom of page