Not Sure? Start Here

Privacy Policy

Last Updated: 09/02/2026

This Privacy Policy explains how CrewRights Ltd collects and uses personal data when you use our website, contact us, or purchase Services.

1) Data Controller (who controls your data)

Controller: CrewRights Ltd
Company number: 17022164
Registered office: 22 The Causeway, Kent, United Kingdom, ME4 3SR
Privacy contact email:  info@crewrights.com

We operate internationally and deliver Services online. Where applicable, we comply with UK GDPR and, where relevant, EU GDPR requirements for international users. CrewRights Ltd is registered with the UK Information Commissioner’s Office (ICO) under registration number C1884441.

2) Personal data we collect

We collect only the personal data reasonably necessary to provide the requested services or respond to your enquiry.

Depending on how you interact with CrewRights, we may collect:

– Identity and contact details (name, email, phone, role);
– Enquiry and intake information you provide (timeline, pay/leave details, contract details, relevant facts);
– Documents you upload (e.g., SEA/contract, payslips, bank confirmations, leave records, messages/emails/screenshots);
– Communications (emails and form submissions);
– Technical and usage data (IP address, device/browser, pages visited, cookie identifiers).

3) Special category data (sensitive data)

We do not request special category data (e.g., health data) as a standard. If you choose to provide sensitive information within documents or messages, we will process it only where necessary for your request and in accordance with applicable data protection laws.

4) How we use your data (purposes)

We use personal data to:
respond to enquiries and provide customer support;
deliver Services and prepare Deliverables;
manage payments, administration and record-keeping;
maintain website security and prevent misuse;
measure and improve website performance (analytics), where consent is given;
measure advertising performance (marketing cookies), where consent is given;
send marketing communications only where you opt in (and you can unsubscribe at any time).

5) Lawful bases for processing

Depending on the circumstances, we rely on:
Contract / steps prior to contract (to provide Services you request);
Legitimate interests (to operate, protect and improve our Services and respond to enquiries);
Consent (for marketing emails where required, and for non-essential cookies such as analytics/advertising);
Legal obligation (e.g., accounting/tax compliance).

6) Cookies, GA4 and Meta Pixel 

We use cookies and similar technologies. Non-essential cookies (including analytics and advertising cookies) are used only if you give consent via our cookie banner/settings.
For details, see our Cookie Policy.

7) Sharing data (service providers)

We may share personal data with vetted service providers who support website operation and service delivery, such as:
website hosting and security providers;
form/intake providers;
cloud storage providers used to store uploads and deliver files;
email and communications providers;
payment providers;
analytics and advertising platforms (subject to consent).

Service providers act as data processors under written agreements and are required to process personal data only on our instructions and to implement appropriate security measures.

We do not sell personal data.

8) International transfers

Some of our service providers (including cloud storage, analytics, advertising, and payment platforms) may process personal data outside the United Kingdom.

Where personal data is transferred internationally, we rely on appropriate safeguards, including UK adequacy regulations, the UK International Data Transfer Agreement (IDTA), or other legally recognised transfer mechanisms where required.

Where we access data from outside the UK (for example, when operating from Spain), such access occurs within jurisdictions recognised as providing adequate protection under UK law where applicable.

9) Security measures

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or alteration. These measures include access controls, secure cloud storage environments, password protection, and where appropriate, two-factor authentication.

Access to personal data is limited to authorised persons who require it for service delivery or administration.

No online transmission can be guaranteed as completely secure, but we take reasonable steps to safeguard information entrusted to us.

10) Retention

We keep personal data only as long as necessary:

  • enquiries with no purchase: up to 12 months;

  • client files and Deliverables: typically up to 24 months after completion of the relevant Service (unless a longer period is necessary for legitimate business reasons or required by law);

  • accounting and payment records: retained as required by law.

11) Your rights

Subject to applicable law, you may have the right to:

  • request access to your personal data;

  • request correction of inaccurate or incomplete data;

  • request erasure (the “right to be forgotten”);

  • request restriction of processing;

  • object to processing based on legitimate interests;

  • request portability of data where processing is based on contract or consent;

  • withdraw consent at any time where processing is based on consent (this does not affect prior lawful processing).

To exercise your rights, contact: info@crewrights.com.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) or, where applicable, your local data protection authority.

12) Automated decision-making 

We do not make decisions producing legal or similarly significant effects solely by automated means.

13) Updates

We may update this Privacy Policy from time to time. The latest version will be published on this page with an updated date.

CrewRights logo
Not Sure? Start Here