Privacy Policy

Effective Date: August 2025

​

Crux Outdoors Ltd (“we”, “our”, “us”) is committed to protecting your privacy and complying with UK data protection laws, including the UK GDPR and the Data Protection Act 2018. This policy explains how we collect, use, store, and protect your personal data when you interact with us, whether through our website, by email, over the phone, or during the delivery of our services.

​

We act as the Data Controller for the personal information you provide to us.

​

1. What Information We Collect

 

We may collect and process the following types of personal data:

​

1.1 Contact Information

• Name, job title, organisation name

• Email address, telephone number, postal address

1.2 Project-Related Information

• Project scope, operational locations, schedules, and logistical details

• Names and roles of client representatives, crew, or team members

1.3 Safety & Operational Information

• Emergency contact details for individuals attending field training or recces

• Relevant medical information necessary for risk management and duty of care in remote or high-risk environments (only collected where necessary and with explicit consent)

1.4 Website & Communication Data

• Enquiry form submissions

• Email correspondence

• IP addresses, browser type, and usage data if using our website (collected via analytics tools and cookies — see Section 9)

​​

2. How We Collect Your Information

We collect information:

• Directly from you via email, phone, forms, or meetings

• From your organisation where they provide details of staff or participants

• During project delivery (e.g. recces, audits, training sessions)

• From publicly available sources (e.g. company websites, LinkedIn) where relevant to project delivery

​​

3. How We Use Your Information

We process your personal data for the following purposes:

• To respond to enquiries and provide quotes or proposals

• To plan, manage, and deliver contracted services

• To ensure health, safety, and welfare of those involved in our services

• To comply with legal or regulatory obligations

• To maintain records for accounting, audit, and insurance purposes

• To send relevant updates or communications where we have a lawful basis to do so

We will only use your information for the purpose it was collected and will not use it for unrelated purposes without your consent.

​

4. Lawful Basis for Processing

Our processing is based on one or more of the following lawful bases under the UK GDPR:

• Contract: Processing is necessary to perform a contract or take steps before entering into a contract.

• Legal Obligation: Processing is necessary to comply with legal or regulatory obligations.

• Legitimate Interests: Processing is necessary for our legitimate interests (e.g. business operations, safety management), provided these are not overridden by your rights.

• Consent: Where we process special category data (e.g. medical details), we will only do so with your explicit consent.

​​

5. Sharing Your Information

We will never sell your data. We may share it with:

• Trusted subcontractors, associates, or suppliers involved in delivering the contracted service (e.g. local guides, safety teams, transport providers)

• Emergency services or relevant authorities where necessary for safety or legal compliance

• Professional advisers such as lawyers, insurers, and accountants

• Regulatory bodies where legally required

All third parties who process your data on our behalf are required to respect the security of your data and act in compliance with data protection laws.

​

6. International Transfers

Some projects may involve transferring personal data outside the UK (e.g. when working with overseas fixers or suppliers). Where this occurs, we will ensure that appropriate safeguards are in place, such as contracts containing standard contractual clauses approved under UK data protection law.

​

7. Data Retention

We retain personal data only for as long as necessary for the purposes it was collected, including legal, accounting, or reporting requirements.

• Project-related data: 7 years after project completion (for insurance and legal purposes)

• Enquiry data: 2 years from last contact if no contract is formed

• Safety-related special category data: Deleted within 30 days after the conclusion of the relevant activity unless legally required to keep it longer

​​

8. Your Rights

Under UK GDPR you have the right to:

• Request access to your personal data (“Subject Access Request”)

• Request correction of inaccurate or incomplete data

• Request erasure of your data where there is no lawful basis for retention

• Object to processing based on legitimate interests

• Request restriction of processing in certain circumstances

• Withdraw consent where processing is based on consent

• Lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk

​​

To exercise any of these rights, contact us at:
Email: info@crux-outsdoors.com

​

9. Cookies & Website Analytics

If our website uses cookies or analytics:

• Cookies are small files stored on your device to improve your browsing experience

• We may use analytics tools to understand site usage and improve performance

• You can control or disable cookies through your browser settings

For full details, see our Cookie Policy [link if applicable].

​

10. Data Security

We take appropriate technical and organisational measures to protect your personal data from loss, misuse, unauthorised access, alteration, or disclosure. These include:

• Encrypted storage systems and secure cloud platforms

• Access controls and password protection

• Regular review of data security procedures

​​

11. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website with the effective date shown at the top.