Privacy Notice

This privacy notice is designed to help you understand how and why Cryptogem Partworks processes your personal data in relation to the services we provide and how we protect any information that you give us when you use this website.

is committed to ensuring that your privacy is protected, and all information provided to us will only be used in accordance with this privacy notice.  We may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.Partworks Cryptogem

Who are we?
Cryptogem Partworks is a ‘Data Controller’ as defined under UK Data Protection Legislation.  We are dedicated to the world of Partworks (a series of written publications and model parts released over a period of time), making available recycled (or as we like to think of them "preloved") Partworks so that collections and model building projects can finally be completed.

Address: Cryptogem Partworks Ltd, 14 London Road, Newark, NG24 1TW
Tel: 07914762591

Scope of this privacy policy

This privacy policy applies only to the actions of Cryptogem Partworks Ltd and Users with respect to this Website. It does not extend to any websites that can be accessed from this Website including, but not limited to, any links we may provide to social media websites.

What Personal Information do we collect?

To use all features and functions available on the Website, you may be required to submit certain Data.

We may collect the following information:
Why do we collect your personal information?

We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
Who do we share this information with?

Your information will only be shared with Mailing services so that purchased items can be delivered to the address you provided at checkout.

EKM Systems Ltd provides our email and shop platforms and operate as a data processor for Cryptogem Partworks, as part of their service provision they will have access to information. However as they a processor, they cannot use any data in a way that is incompatible with this privacy notice.

How long do we keep your information for?

Correspondence regarding a sale is kept for a maximum of 12 months. However information in relation to a sale is required to be kept for seven years.

What is our lawful basis for processing your information?

The processing of your personal information is based on the basis of fulfilling a contractual obligation, so we can sell and send purchased goods out to you. Information retained for accounting purposes is processed on the basis of Legal obligation, there is certain information we are legally obliged to retain. Any other contact between Cryptogem Partworks and members of the public is based upon consent.

Controlling your personal information and other rights

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.

You may request details of personal information which we hold about you for 12 months under Data Protection Legislation. If you would like a copy of the information held on you please write to us using the contact details provided previously or via the ‘Contact us page’ on our website..

If you would like your information to be erased (where appropriate), you would like to restrict the processing undertaken or you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible. We will promptly correct any information found to be incorrect.

Is data transferred outside the UK?

EKM's servers are all based in the UK.


We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

For further information please our Data Protection and Security Policy.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Third party websites and services

We may, from time to time, employ the services of other parties for dealing with certain processes necessary for the operation of the Website. The providers of such services have access to certain personal Data provided by Users of this Website.

Any Data used by such parties is used only to the extent required by them to perform the services that we request. Any use for other purposes is strictly prohibited. Furthermore, any Data that is processed by third parties will be processed within the terms of this privacy policy and in accordance with the Data Protection Act 1998.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.


If you have concerns about the way in which we have handled your personal data then please contact us using the details previously provided or by using the ‘Contact us’ page on our website.

If you are still unhappy with our response, you can contact the Information Commissioner’s Office (the data protection regulator) about the way in which we have handled your personal data:
First Contact Team
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow Cheshire
03031 231113

Data Protection & Security Policy

Statement of Policy and Purpose of Policy

1. Cryptogem Partworks Ltd (the Employer) is committed to ensuring that all personal information handled by us will be processed accordingly to legally compliant standards of data protection and data security.

2. The purpose is of this policy is to help us achieve our data protection and data security aims by:

(a) notifying our staff of the types of personal information that we may hold about them and what we do with that information;

(b) ensuring staff understand our rules and the legal standards for handling personal information relating to staff and others: and

(c) clarifying the responsibilities and duties of staff in respect of data protection and data security.

3. This is a statement of policy only and does not form part of your contract of employment. We may amend this policy at any time, in our absolute discretion.

Who is responsible for data protection and data security?

4. Maintaining appropriate standards of data protection and data security is a collective task shared between us and you. This policy and the rules contained in it apply to all staff of the Employer, irrespective of seniority, tenure and working hours, including all employees, directors and officers, consultants and contractors, casual or agency staff, trainees, homeworkers and fixed-term staff and any volunteers (Staff).

5. The board of directors of the Employer has overall responsibility for ensuring that all personal information is handled in compliance with the law and has appointed the Information Security Officer as the Data Protection Officer with day-to-day responsibility for data processing and data security.

6. All Staff have personal responsibility to ensure compliance with this policy, to handle all personal information consistently with the principles set out here and to ensure that measures are taken to protect the data security. Managers have special responsibility for leading by example and monitoring and enforcing compliance.

7. Any breach of this policy will be taken seriously and may result in disciplinary action.

What personal information and activities are covered by this policy?

8. This policy covers personal information:

(a) which relates to a living individual who can be identified either from that information in isolation or by reading it together with other information we possess;

(b) is stored electronically or on paper in a filing system;

(c) in the form of statements of opinion as well as facts;

(d) which relates to Staff (present, past or future) or to any other individual whose personal information we handle or control;

(e) which we obtain, hold or store, organise, disclose or transfer, amend, retrieve, use, handle, process, transport or destroy.

What personal information do we process about Staff and what do we do with it?

9. We collect personal information about you which:

(a) you provide or we gather before or during your employment or engagement with us;

(b) is provided by third parties, such as references or information from suppliers or another party that we do business with; or

(c) is in the public domain.

10. The types of personal information that we may collect, store and use about you include records relating to your:

(a) home address and contact details as well as contact details for your next of kin;

(b) recruitment (including your application form or cv, any references received and details of your qualifications);

(c) pay records, national insurance number and details of your taxes and any employment benefits such as pension and health insurance (including details of any claims made);

(d) any sickness absence or medical information provided;

(e) religious or philosophical beliefs (eg specific dietary or holiday requirements);

(f) sexual orientation, where this is disclosed to us (eg through providing details of your spouse or partner for the administration of benefits);

(g) telephone, email, Internet, fax or instant messenger use;

(h) performance and any disciplinary matters, grievances, complaints or concerns in which you are involved.

11. We will use information to carry out our business, to administer your employment or engagement and to deal with any problems or concerns you may have including:

(a) Staff Address Lists: to compile and circulate lists of home address and contact details, to contact you outside working hours.

(b) Sickness records: to maintain a record of your sickness absence and copies of any doctor's notes or other documents supplied to us in connection with your health, to inform your colleagues and others of that you are absent through sickness, as reasonably necessary to manage your absence, to deal with unacceptably high or suspicious sickness absence, to inform reviewers for appraisal purposes of your sickness absence level, to publish internally aggregated, anonymous details of sickness absence levels.

(c) Monitoring IT systems: to monitor your use of e-mails, Internet, telephone and fax, computer or other communications or IT resources.

(d) Disciplinary, grievance or legal matters: in connection with any disciplinary, grievance, legal, regulatory or compliance matters or proceedings that may involve you.

(e) Performance Reviews: to carry out performance reviews.

12. We confirm that that for the purposes of UK Data Protection Legislation, the Employer is a Data Controller of the personal information in connection with your employment. This means that we determine the purposes for which, and the manner in which, your personal information is processed.

13. If you consider that any information held about you is inaccurate then you should tell your line manager or the Data Protection Officer and, if we agree that the information is inaccurate then we will correct it. If we do not agree with the correction then we will note your comments.

14. We will take reasonable steps to ensure that your personal information is kept secure, as described later in this policy and in general, we will not disclose your personal information to others outside the Employer. However, we may need to disclose personal information about Staff:

(a) for the administration of your employment and associated benefits eg to the providers of our pension or insurance schemes; or

(b) to comply with our legal obligations or assist in a criminal investigation or to seek legal or professional advice in relation to employment issues, which may involve disclosure to our lawyers, accountants or auditors and to legal and regulatory authorities, such as HM Revenue and Customs;

(c) to other parties which provide products or services to us.

15. By providing your personal information to us, you consent to the use of your personal information (including any sensitive personal data) in accordance with this policy.

Data Protection Principles.

16. Staff whose work involves using personal data relating to Staff or others must comply with this policy and with the eight legal data protection principles which require that personal information is:

(a) Processed fairly and lawfully. We must always have a lawful basis to process personal information. In most (but not all) cases, the person to whom the information relates (the) must have given consent. The Subject must be told who controls the information (us), the purpose(s) for which we are processing the information and to whom it may be disclosed.

(b) Processed for limited purposes and in an appropriate way. Personal information must not be collected for one purpose and then used for another. If we want to change the way we use personal information we must first tell the Subject.

(c) Adequate, relevant and not excessive for the purpose.

(d) Accurate. Regular checks must be made to correct or destroy inaccurate information.

(e) Not kept longer than necessary for the purpose. Information must be destroyed or deleted when we no longer need it. For guidance on how long particular information should be kept, contact the Data Protection Officer.

(f) Processed in line with Subjects' rights. Subjects have a right to request access to their personal information, prevent their personal information being used for direct-marketing, request the correction of inaccurate data and to prevent their personal information being used in a way likely to cause them or another person damage or distress.

(g) Secure. See further information about data security below.

(h) Not transferred to people or organisations situated in countries without adequate protection.

17. Some personal information needs even more careful handling. This includes information about a person's racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health or condition or sexual life or about criminal offences. Strict conditions apply to processing this sensitive personal information and the Subject must normally have given specific and express consent to each way in which the information is used.

Data security

18. We must all protect personal information in our possession from being accessed, lost, deleted or damaged unlawfully or without proper authorisation through the use of data security measures.

19. Maintaining data security means making sure that:

(a) only people who are authorised to use the information can access it;

(b) information is accurate and suitable for the purpose for which it is processed; and

(c) authorised persons can access information if they need it for authorised purposes. Personal information therefore should not be stored on individual computers but instead on our central system.

20. By law, we must use procedures and technology to secure personal information throughout the period that we hold or control it, from obtaining to destroying the information.

21. Personal information must not be transferred to any person to process (eg while performing services for us on or our behalf), unless that person has either agreed to comply with our data security procedures or we are satisfied that other adequate measures exist.

22. Security procedures include:

(a) Physically securing information. Any desk or cupboard containing confidential information must be kept locked. Computers should be locked with a password or shut down when they are left unattended and discretion should be used when viewing personal information on a monitor to ensure that it is not visible to others.

(b) Controlling access to premises. Staff should report to security if they see any person they do not recognised in an entry-controlled area.

23. Telephone Precautions. Particular care must be taken by Staff who deal with telephone enquiries to avoid inappropriate disclosures. In particular:

(a) the identity of any telephone caller must be verified before any personal information is disclosed;

(b) if the caller's identity cannot be verified satisfactorily then they should be asked to put their query in writing;

(c) do not allow callers to bully you into disclosing information. In case of any problems or uncertainty, contact the Data Protection Officer.

24. Methods of disposal. Copies of personal information, whether on paper or on any physical storage device, must be physically destroyed when they are no longer needed. Paper documents should be shredded and CDs or memory sticks or similar must be rendered permanently unreadable.

Subject access requests

25. By law, any Subject (including Staff) may make a formal request for information that we hold about them, provided that certain conditions are met. The request must be made in writing. A fee is payable by the data subject for provision of this information. In some circumstances it may not be possible to release the information about the Subject to them eg if it contains personal data about another person.

26. Any member of staff who receives a written request should forward it to the Data Protection Officer immediately.


Find Out About Cookies and the Ones Used on our Website

A cookie is a small piece of data sent from a website and stored in a user's web browser.

Cookies provide website owners with details about your visit to their website, such as how you entered and navigated through the site. Cookies make your experience of using websites faster and easier. They are not programs and cannot carry viruses or install malware on your computer. Visit the about cookies website for more detailed information about cookies and how you can manage them.

Cookies used on our website

The following table lists the cookies you may come across on our website:

Name of cookie

Description and usage of cookie




Temporary cookie generated to test if cookies are enabled on the visitors browser.


72 hrs (3 days)


Stores a unique reference to visitors cart contents. Stores authentication details for customer logged in section.

Unique ID

On Exit


Stores a reference to the visitors order number after an order has been generated.

Unique ID

On Exit

Third party cookies

Google Analytics
Google Analytics is a web statistics package. We use Google Analytics to gather information about how visitors use our websites. We cannot obtain personnal  information from this data. For more information visit cookies and Google Analytics and the Google privacy center: privacy policy