Legal

Privacy Policy

Effective Date: 5 May 2026
Version 1.0 — Last Updated: 2026-05-05

This Privacy Policy explains how Crown Shrine ("we", "us") handles personal data when you use crown-shrine.com (the "Service"). It is written to comply with the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018.

1. Data Controller

Crown Shrine is the data controller for personal data processed through the Service.
Contact: privacy@crown-shrine.com
Postal address: Crown Shrine, 14 Cowley Street, London SW1P 3LZ, United Kingdom.

We do not currently have a legal obligation to appoint a Data Protection Officer.

2. Categories of Data Collected

Identifiers: name and email address you provide when contacting us.
Technical data: IP address (truncated where possible), browser type and version, device type, language, time of visit.
Usage data: pages visited, links clicked, referring page (only if you consent to analytics cookies).
Cookie preferences: your choices in the cookie banner (stored in your browser's localStorage, not on our servers).

We do not collect financial information. We do not knowingly collect data from anyone under 13.

3. Purposes of Processing & Legal Basis

Purpose	Legal basis (UK GDPR Art. 6)
Operating and securing the Service	Legitimate interests (Art. 6(1)(f))
Responding to email enquiries	Legitimate interests / pre-contract (Art. 6(1)(f) / 6(1)(b))
Optional analytics cookies	Consent (Art. 6(1)(a))
Storing your cookie preferences	Legitimate interests / legal obligation under PECR
Complying with legal obligations	Legal obligation (Art. 6(1)(c))

4. Third-Party Sharing

We share personal data only with the following categories of recipients:

Hosting provider: serves static files of this site on our behalf.
Email provider: handles correspondence sent to addresses on the crown-shrine.com domain.
Font provider (Google Fonts): serves typefaces used on this site. Your browser makes a request to fonts.googleapis.com on each page load.
Law-enforcement authorities: if compelled by valid legal process.

We do not sell, rent or trade personal data.

5. International Data Transfers

Where a service provider is located outside the United Kingdom or European Economic Area, we rely on UK adequacy regulations or appropriate safeguards (such as Standard Contractual Clauses) under Article 46 UK GDPR.

6. Retention Periods

Email correspondence: 24 months from last reply, then archived or deleted.
Server access logs: 30 days, then automatically deleted.
Cookie-preference record (in your browser): 12 months or until you clear it.

7. Your Rights under UK GDPR

You have the following rights, free of charge:

Right of access — to a copy of the personal data we hold about you (Subject Access Request).
Right to rectification — to correct inaccurate or incomplete data.
Right to erasure ("right to be forgotten") — in certain circumstances.
Right to restrict processing — to limit how we use your data.
Right to data portability — to receive your data in a portable format.
Right to object — to processing based on legitimate interests.
Right to withdraw consent — at any time, where processing is based on consent.
Right to lodge a complaint — with the Information Commissioner's Office (ico.org.uk) or your local supervisory authority.

To exercise any right, write to privacy@crown-shrine.com. We will respond within one month, in line with Art. 12(3) UK GDPR.

8. Children's Data

The Service is not directed at children under 13. If you believe a child has provided us with personal data, please contact us so we can delete it.

9. Security Measures

We use TLS encryption for all traffic, restrict administrative access to the editorial team, apply security updates promptly and store correspondence on encrypted devices.

10. Changes to this Policy

Material changes will be flagged on the home page and the Last Updated date above will be revised. We may update minor wording at any time.

11. Contact

For all privacy matters: privacy@crown-shrine.com.

Related: Terms of Use · Cookie Policy.