CRU International Ltd. (‘CRU’, ‘we’, ‘us’, and ‘our’) is committed to respecting and protecting the privacy of individuals and to fully complying with all the requirements of the UK GDPR and all other applicable data protection laws and regulations.

If you have any questions or concerns about our use of your personal information, please contact us using the contact details provided elsewhere in this Privacy Notice.

This Privacy Notice informs you who we are, how we collect, use, secure and share personal information collected by us when you visit our website(s), enquire about or buy products, and/or services from us, send to, or receive from us, communications, (including marketing messages), register or attend our events or webinars, visit our offices or media pages, and through any other interactions we have with you. This Privacy Notice also informs you how you can exercise your rights.

This notice does not describe our processing of personal data relating to people who apply for jobs with us.  Neither does this notice describe our processing of personal data relating to our employees.  Our processing for employment-related purposes is set out in a separate notice that we make available to our employees.

Data Protection Officer

We have appointed a Data Protection Officer (DPO). If you wish to contact our DPO you can do so via: dataprotection@crugroup.com

What is personal information?

Personal information is anything that enables you to be identified or identifiable. Personal information is also called “personal data”. We collectively refer to handling, collecting, protecting, storing or otherwise using your personal information as ‘processing’.

Collecting (obtaining) your Personal Information 

Most of the personal information we process is provided to us directly by you, for example for one or more of the following reasons:

  • Entering into contractual negotiations with us
  • Asking us to provide a service to you or on your behalf
  • Searching and browsing our website(s) for content
  • Subscribing to or ordering newsletters and/or publications
  • Completing surveys that we use for research purposes
  • Registering for and/or attending our events and conferences
  • Submitting CVs or work history information
  • Contacting us for information
  • Filling in forms on our website
  • Providing us with business cards or other contact information

We may also obtain your personal information indirectly, such as from:

  • Websites
  • Social media
  • Lead generation providers

Lawful Bases (legal grounds) for Processing Personal Information

Our legal basis for collecting and using your personal information will depend on the personal information concerned and the specific context in which we collect it.

We will normally collect personal data from you on one or more of the following lawful bases: 

  • Consent: We may process your personal information after you have consented (agreed) to us doing so. Your consent may have been obtained by us, or by third parties on our behalf. You have the right to withdraw your consent at any time.
  • Contract: We may process your personal information when we need to deliver a contractual service to you or because you have asked us to do something before entering into a contract (e.g., provide a quote).
  • Legal obligation: We may process your personal information when we need to comply with a legal obligation.
  • Legitimate interest: We may process your personal information when we need to for our or another’s legitimate interests, where these interests are not overridden by your rights.

Purpose(s) for Processing Personal Information

We do not collect personally identifying information for sale to third parties.

We have set out below a description of all the ways we plan to use your personal information, what the lawful basis and/or legitimate interests is for the collection of these datae.

Please note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground(s) we are relying on to process your personal data where more than one ground has been set out in the table below.

Privacy

Using your Personal Information for Marketing Purposes

We may, from time to time, send you marketing materials or messages.

We will only use your personal information for marketing purposes in accordance with applicable legal requirements.

If you wish to unsubscribe from receiving marketing materials or messages, you should look for and follow the instructions we have provided in the relevant communications to you. Alternatively, you can at any time contact us to request that such communications cease by emailing customer.services@crugroup.com.

If you choose to unsubscribe from any or all mailings, we may retain information sufficient to identify you so that we can honour your request.

If you fail to provide personal information

Where we need to collect personal information by law, or under the terms of a contract we have with you and you fail to provide that information when requested, we may not be able to perform the contract we have or are trying to enter into with you or provide you with products/services you have requested.

Cookies

We use a cookies tool on our website to gain consent for the optional cookies we use. Cookies that are necessary for functionality, security and accessibility are set and are not deleted by the tool. For information about the cookies and any other similar technologies we use, please see our cookies policy.

Sharing your Personal Information 

We may transfer, share or disclose the personal data we collect from you to third parties (and their respective subcontractors, and /or their subsidiaries and affiliates) for:

  • The purposes for which the information has been submitted
  • The purposes listed above under use of personal information
  • The administration and maintenance of our websites
  • The promotion of our conferences and events and/or
  • Other internal or administrative purposes.

We may also transfer , share or disclose personal data to any other third -party service provider which is critical in the fulfilment and operation of our business e.g, providers of identity management, website hosting and management, data analysis, data backup, security, mailing services, hotels (and other venues in connection with where conferences and events we host or co-host ) and storage services etc.

The third-party providers may use their own third-party subcontractors that have access to personal data (sub-processors). It is our policy to use only third-party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by us, and to flow those same obligations down to their sub-processors.

Other disclosures:

We may also disclose personal information to third parties under the following circumstances:

  • When explicitly requested by you
  • When required to deliver publications or reference materials as requested by you
  • When required to facilitate conferences or events hosted by a third party
  • For regulatory compliance purposes; and/or
  • As otherwise set out in this privacy statement.

We may also disclose your personal information to law enforcement, other government agencies and to professional bodies and other third parties, as required by/or in accordance with applicable law or regulation. This includes disclosures outside the country where you are located.

Data processors

We share personal information with third parties that act as data processors to provide elements of our service by processing personal information on our instructions.

Where we use data processors, we have contracts in place with them to ensure that they cannot do anything with personal information we have shared with them unless we have instructed them to do it. They will hold it securely and retain it for the period we instruct them to.

These data processors commit to processing information in compliance with applicable data protection laws and to implementing appropriate security measures to protect your information.

Transfers of your personal information to outside the UK

Your personal information may be transferred (sent to or accessed from) outside the UK. Any such transfer will be only:

  • To you; or
  • To a recipient located in a country which provides an adequate level of protection for your personal information, for example a country in the European Union (EU), OR European Economic Area (EEA); or
  • To a recipient under a contractual agreement which satisfies UK legal requirements for the transfer of personal information, to ensure that appropriate safeguards are in place to protect your personal information in accordance with UK levels of data protection; or
  • When your personal information has first been anonymised

Retention (Storage) of Personal Information

We will retain your personal information only for long as we need it, given the purposes for which it was collected, or as required to do so by law.

This means we will retain your data for a minimum of six years, if you would like to know more about this, please contact us at customer.services@crugroup.com

Your data protection rights

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

  • Your right of access: You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.
  • Your right to rectification: You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. 
  • Your right to erasure: You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing: You have the right to ask us to restrict the processing of your information in certain circumstances.
  • Your right to object to processing: You have the right to object to processing if we are able to process your information because the process forms part of our public tasks or is in our legitimate interests.
  • Your right to data portability: This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. This right only applies if we are processing information based on your consent or under, or in talks about entering into, a contract and the processing is automated.

Security

We use appropriate technical and organisational measures to protect the personal data that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data. Please be aware that, we cannot guarantee the security of all personal information transmitted to or by us.

Only authorised persons are provided access to your personal data that we have collected, and all such individuals are bound by a duty of confidence.

Social Media

We use the following social media platform(s):

  • LinkedIn
  • X
  • BlueSky

We use these social media platforms to communicate and promote our services. If you message or interact with us on these platforms we may process your personal information to respond to you.

Automated Decision Making

We will not use your personal information for automated decision making or profiling

Visiting our premises

When you visit our premises you may provide your name and other personal information for security and safety reasons.

Conferences & Events

To help you maximise networking and business opportunities at our conferences and events, your job titles, company names and country may be included on our conference/event website. If you do not want any of this information to be included, please contact us at conferences@crugroup.com.

Links to other websites

Where we provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit. 

Our contact details

If you have any questions or complaints about this Privacy Notice or the way your personal information is processed by us, or would like to exercise one of your rights set out above, please contact us by one of the following means:

If you remain dissatisfied, you can make a complaint about the way we process your personal information to the Information Commissioner’s office (ICO), the UK supervisory authority (data protection regulator). Please follow this link to see how to do that. 

Updating

We may update this Privacy Notice from time to time. The ‘last updated’ date shows when it was last revised. We encourage you to review this notice periodically to stay informed about how we protect your personal data.

 

This Privacy Notice was last updated on 20.02.2026.  

Discover more about CRU: