Who We Are

Krembex operates from 4 Egerton Place, Plymouth, Devon, PL4 9DE, United Kingdom. We provide educational services focused on building personal resilience through structured learning programmes. When we refer to "we," "us," or "our" in this document, we mean Krembex.

We're bound by UK data protection laws, including the Data Protection Act 2018 and UK GDPR. These laws give you rights over your personal information and place responsibilities on us to handle it properly.

Information We Collect

Information You Give Us Directly

When you enquire about our programmes or sign up for our services, we collect various types of information. Here's what we typically ask for:

• Your name and contact details (email address, phone number, postal address)
• Background information about your current situation and what you hope to achieve
• Payment information when you enrol in a programme
• Your feedback and responses during learning activities
• Any correspondence you send us through email or contact forms

Information We Collect Automatically

Like most websites, ours collects some technical information automatically when you visit. This includes your IP address, browser type, the pages you view, and how long you spend on different sections. We use this to understand how people use our site and where we can make improvements.

How We Use Your Information

We're not in the business of collecting data for the sake of it. Everything we gather serves a specific purpose related to delivering our resilience programmes effectively.

• Delivering the learning programme you've enrolled in and tracking your progress
• Sending you materials, updates, and information relevant to your programme
• Processing payments and maintaining financial records
• Responding to your questions and providing support when you need it
• Improving our programmes based on feedback and learning outcomes
• Meeting our legal obligations, including tax reporting and record-keeping

Legal Basis for Processing

UK data protection law requires us to have a valid reason for processing your personal information. Here's what applies to different types of data we handle:

Contractual necessity: Most of what we do with your data is necessary to deliver the service you've signed up for. If you enrol in a resilience programme, we need your information to provide that programme.

Legal obligation: Some data processing happens because the law requires it. For instance, we must keep financial records for tax purposes.

Legitimate interests: We have legitimate business reasons for some data use, like improving our website or preventing fraud. We balance these interests against your rights and only proceed when it's reasonable to do so.

Consent: For things like marketing communications, we ask for your explicit consent. You can withdraw this at any time.

Sharing Your Information

We keep your information within our organisation as much as possible. But there are times when we need to share it with carefully selected third parties:

• Payment processors who handle transactions securely (they only see what's necessary to process payments)
• Email service providers who help us send programme materials and updates
• Cloud storage providers who host our systems securely
• Professional advisers (accountants, lawyers) when necessary for business operations
• Law enforcement or regulatory bodies if legally required

All third parties we work with are carefully vetted and bound by strict confidentiality agreements. They can only use your data for the specific purposes we've authorised.

International Data Transfers

We primarily store data within the UK. However, some of our service providers (like email platforms or cloud storage) may process data in other countries. When this happens, we ensure appropriate safeguards are in place through standard contractual clauses or other approved mechanisms that meet UK data protection standards.

How We Protect Your Data

Security isn't just about technology—though we use industry-standard encryption and secure systems. It's also about our processes and culture.

We use encrypted connections (SSL/TLS) for all data transmission. Our systems are password-protected and regularly updated. Access to personal information is restricted to staff members who genuinely need it for their work. And we train everyone on data protection responsibilities.

That said, no system is completely immune to risks. If we ever experience a data breach that poses a risk to your rights, we'll notify you and the relevant authorities as required by law.

Your Rights

UK data protection law gives you several rights over your personal information. These aren't just theoretical—we're set up to respond to requests promptly.

Access Your Information

You can request a copy of the personal information we hold about you. We'll provide this free of charge within one month, along with details about how we're using it.

Correct Inaccurate Data

If you spot something that's wrong or out of date, let us know. We'll update it promptly. This is especially important for contact details so you don't miss programme communications.

Request Deletion

You can ask us to delete your personal information in certain circumstances—for instance, if you withdraw consent for marketing communications. However, we may need to retain some records for legal or contractual reasons (like financial records for tax compliance).

Object to Processing

If we're processing your data based on legitimate interests, you have the right to object. We'll stop unless we can demonstrate compelling legitimate grounds that override your interests.

Restrict Processing

In some situations, you can ask us to limit how we use your data—for example, if you're challenging the accuracy of information we hold.

Data Portability

Where technically feasible, you can request your data in a structured, commonly used format so you can transfer it elsewhere.

Cookies and Similar Technologies

Our website uses cookies—small text files stored on your device. Most are essential for the site to function properly (like remembering your login session). Others help us understand how visitors use the site so we can improve it.

You can control cookie settings through your browser. Blocking certain cookies might affect how well the site works for you, but essential functions should still be accessible.

Children's Privacy

Our programmes are designed for adults. We don't knowingly collect information from anyone under 16. If you're a parent or guardian and believe your child has provided us with personal information, please contact us immediately so we can delete it.

Data Retention

We don't keep your information longer than necessary. Retention periods vary depending on the type of data and legal requirements:

• Programme-related information: kept for the duration of your programme plus three years for reference and quality purposes
• Financial records: retained for seven years to comply with HMRC requirements
• Marketing communications: stored until you unsubscribe or we no longer have a legitimate reason to contact you
• Website analytics: typically 26 months, after which data is anonymised or deleted

Once retention periods expire, we securely delete or anonymise data so it can no longer identify you.

Changes to This Policy

We review this privacy policy periodically to ensure it remains accurate and compliant with current laws. If we make significant changes, we'll notify you through email or a prominent notice on our website before the changes take effect.

The date at the top of this page shows when we last updated the policy. We recommend checking back occasionally, especially if your relationship with us is ongoing.

Making a Complaint

We hope you'll never need this section. But if you're unhappy with how we've handled your personal information, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection regulator.

That said, we'd appreciate the chance to address your concerns directly first. Often, we can resolve issues quickly through direct communication.