Zymo - Marketing Privacy Policy

Last updated: November 2025

This Privacy Policy explains how Crypsis IT Services Ltd ("we", "us", "our") collects, uses, and protects your personal information when you sign up for marketing updates or interact with us.
We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR), which cover email marketing and electronic communications.

Crypsis IT Services Ltd is the data controller for the personal information described in this policy.

---

1. Who we are

Zymo, part of Crypsis IT Services Ltd.

Company number: 09400680
Registered address: Chapps Farmhouse, Slaughterford Mill, Slaughterford, Chippenham, Wiltshire SN14 8RJ
Contact email: enquiries@zymo.org
Data Protection Contact: "Data Protection Lead"

---

2. What information we collect

We may collect the following personal information when you sign up for emails, request information, download a resource, or contact us:

• Name
• Email address
• Company name (optional)
• Job title or role (optional)
• Any other details you choose to provide

We only collect the minimum amount of data needed for marketing purposes, in line with UK GDPR's principles of data minimisation.

---

3. What we mean by "marketing communications"

Under PECR, marketing includes promoting our services or updates that may interest you. This may include:

• Newsletters
• Updates about services or products
• Event information
• Articles, resources, and tips
• Special offers or promotions

You will only receive these communications where allowed under PECR (for example, where you have opted in or you are an existing customer and have not opted out).

---

4. How we collect your information

We may collect your information:

• When you fill in a form on our website
• When you subscribe to our newsletter
• When you contact us directly (email, phone, social media)
• When you download content or request information
• When you become a customer and do not opt out of marketing
• From events or webinars where you give us permission to contact you

---

5. How we use your information

We use your personal information to:

• Send you marketing emails in line with PECR
• Personalise and improve our communications
• Keep a record of your marketing preferences
• Track email engagement (e.g., opens, clicks)
• Improve our services and website based on user behaviour

We will only use your information where we have a valid legal basis under UK GDPR.

---

6. Legal bases for processing (UK GDPR)

Under UK GDPR, our legal bases for processing your data for marketing purposes are:

Consent (Article 6(1)(a))

When you actively opt in to receive marketing communications (required under PECR for most email marketing).

Legitimate interests (Article 6(1)(f))

If you are an existing customer, PECR allows us to send you marketing about similar services, provided you can opt out at any time. This is sometimes called the "soft opt-in".

You can unsubscribe or change your preferences at any time.

---

7. Use of third-party CRM systems

We use a secure third-party Customer Relationship Management (CRM) system, MailerLite, to:

• Store and organise contact information
• Send and manage marketing emails
• Track email engagement
• Process unsubscribe requests

Some data may be stored on secure servers outside the UK. When this happens, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses) to keep your data compliant with UK GDPR.

We may share limited data with trusted service providers who help us deliver our marketing communications (for example, our email platform and analytics provider). These processors act only on our instructions and are bound by data protection obligations.

We never sell your data or share it with another organisation for their own marketing.

---

8. Cookies and website tracking

Our website may use cookies or similar technologies to understand how visitors use our site and support marketing activity. Where cookies are used for marketing or analytics, PECR requires us to ask for your consent.

Please see our separate Cookie Policy for details (if applicable).

---

9. Automated decision-making

We do not make automated decisions about you that have legal or significant effects.
We do not use profiling that would significantly affect your rights.

---

10. Children's data

Our marketing is aimed at adults. We do not knowingly collect personal information from anyone under 16.

---

11. How long we keep your information

We keep your personal information:

• For as long as you remain subscribed to our marketing updates, or
• For as long as necessary to maintain effective communication about your product purchases or services, unless you ask us to delete your information.

You can unsubscribe or request deletion at any time using the link in any email or by contacting us directly.

---

12. Your rights under UK GDPR

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Withdraw consent at any time
• Object to direct marketing (including the "soft opt-in")
• Request deletion of your data
• Restrict or challenge how your data is processed
• Request a copy of your data in a portable format

To exercise any of these rights, please contact us at enquiries@zymo.org.

---

13. How we protect your information

We use technical and organisational measures to keep your data secure, including:

• Encrypted data storage
• Password-protected systems
• Access controls
• Staff training
• Regular reviews of data processes and policies

---

14. How to complain

If you have concerns about how we use your personal data, please contact us first.

You also have the right to complain to the Information Commissioner's Office (ICO):
www.ico.org.uk

---

15. Changes to this policy

We may update this policy from time to time. Any changes will be posted on this page with an updated revision date.