top of page

Privacy Policy




The Crime Lab respects and values the privacy of all of our clients, employees, and suppliers and will only collect and use personal data in a way that is consistent with our obligations and rights under the law.


We hold personal data about our clients, employees, and suppliers and other individuals for a variety of business purposes and this statement, along with other Policies, sets out the protections in place to comply with our legal obligations.

Data Protection Officer

Our Data Protection Officer is Catherine Gaskin, who can be contacted by email at


What Data Do We Collect?

By personal data, we mean data about an individual that can identify them, for example their name, address, e-mail address, telephone number visual images social media and financial details.  It can relate to customers, (including prospective customers) employees, business contacts and suppliers.  Any reference to information or data in this policy is a reference to personal information about a living individual. The relationship with The Crime Lab will determine the extent of the information stored.


Where do we get our information from?

Information comes directly from the client/supplier/employee at the beginning of the relationship and could be information provided to us directly, electronically (through our website or an online portal, for example), information we get from online browsing activity, information from a third party or from publicly available sources such as social media platforms.  We may also receive information from other companies.  More detailed information can be found in our Cookie Policy.


Use of Personal Data?

Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract, because consent has been given to use personal data, or because it is in our legitimate business interests to use it. Personal data will be used for one of the following purposes:

·      Providing and managing an Account

·      Supplying our services to the client. Personal details are required in order for us to enter into a contract with the client

·      Personalising and tailoring our services

·      Communicating including responding to emails or calls.

·      Supplying information by email or post with opt-in (with option to unsubscribe or opt-out at any time by contacting us         directly

·      Analysing use of our Site and gathering feedback to enable us to continually improve Our Site and user experience

·      For any other purpose agreed at time to time

With permission and/or where permitted by law, we may also use personal data for marketing purposes, which may include contact by email, telephone and post with information, news, and offers on our services. We will not send any unlawful marketing or spam. We will always work to fully protect rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and there will always be the opportunity to opt-out.


Third Parties (including Google Analytics whose content appears on Our Site may use third-party Cookies, as detailed in our Privacy Policy Part 14. Please refer to Part 14 for more information on controlling cookies. Please note that we do not control the activities of such third parties, nor the data that they collect and use themselves. As such privacy policies of any such third parties should be check as required.


How Long Will We Keep Personal Data?

We will keep personal information in accordance with our internal retention policies.  We will determine the length of time we keep it based on the minimum retention periods required by law or regulation.  We will only keep personal information after this period of there is a legitimate and provable business reason to do so.


How and Where Do We Store or Transfer Personal Data?

We will only store or transfer personal data in the EEA. This means that it will be fully protected under the GDPR.  We will take all reasonable steps to make sure that any data is treated securely and in accordance with our Privacy Policy.

We’ll only transfer data to a recipient outside the EEA where permitted to do so by law (for instance, where the transfer is based on the standard data protection clauses adopted or approved by the European Commission, where the transfer is to a territory that is deemed adequate by the European Commission, or where the recipient is subject to an approved certification mechanism and the personal information is subject to appropriate safeguards etc.)

As sending information via email is not completely secure, anything sent is done so with risk.  Once received, we will secure information in accordance with our security procedures and controls.

Our company is hosted on the platform. provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through’s data storage, databases and the general applications. They store your data on secure servers behind a firewall.  

All direct payment gateways offered by and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

Do We Share Personal Data?

We may share personal data with other companies, such as specialist event delivery teams such as Zoom or Eventbrite, but only when specifically, applicable to business needs and only for the required amount of time.

We may sometimes contract with other third parties to supply certain services. These may include payment processing, delivery, and marketing. In some cases, those third parties may require access to some or all of the personal data that we hold.

If any personal data is required by a third party, we will take steps to ensure that the personal data is handled safely, securely, and in accordance with all rights and legal obligations, and the third party’s obligations under the law.

In some limited circumstances, we may be legally required to share certain personal data, such as, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.


Control of Personal Data?

In addition to rights under the GDPR, when personal data is submitted via our Site, options are given to restrict our use of personal data. In particular, we aim to give strong controls on our use of data for direct marketing purposes (including the ability to opt-out of receiving emails from us which is done by unsubscribing using the links provided in our emails and at the point of providing details and by account management.


Access to certain areas of our Site is possible without providing any personal data at all. However, to use all features and functions available there may be a requirement to submit or allow for the collection of certain data.

Use of Cookies may be restricted. For more information, please request to see our Privacy Policy, or Cookie Policy.


Access to Personal Data?

Please contact the DPO Catherine Gaskin with any Subject Access requests to discover what personal data is held by The Crime Lab..

Email address:

Changes to this Privacy Notice

We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection. 

bottom of page