Crystal D takes the privacy and security of your personal information very seriously. We are committed to the responsible use of any information you provide to us. We highly value all of our customers and want to provide you with a secure online experience.
If you have any questions about this Policy, please feel free to contact us through our website or write to us at: Crystal D, 505 Atwater Circle, St. Paul, MN 55103.
This Privacy Statement describes how we collect and use your information and gives you options as to how we use it. We suggest that you review this Privacy Statement periodically as we may update it from time to time.
What kind of data is collected?
When you voluntarily make a purchase with Crystal D, we collect information that you provide such as your name, email address, postal address, phone number, and other information necessary to process your order. You may decline to submit personal information to any of our services, in which case Crystal D may not be able to offer those services to you. Credit card and other payment account information may be collected and are maintained securely in encrypted form by OmniSheild Assure, a third party processor.
When you visit our website, we collect your Internet service provider’s address, the webpage from which you came, and a record of your activity on our site. We also collect the information you provide to us when you register, activate an account, fill out a survey or questionnaire, or contact us.
How is your data used?
The information we receive allows us to personalize our product offerings and your experience. It also enables us to process your purchases, confirm orders, customize the content and layout of our pages, notify you about updates to our websites and products, and provide you with information.
The information you supply to us is added to our client database. You may receive periodic contact from us about new products and services, discounts, surveys, promotions, or upcoming events.
We do not sell your information to any third parties and do not have any third party links or advertisements featured on our sites. We do not transfer personal data downstream to any other suppliers since all customer service and shipping takes place in one facility in the United States.
We may share information with governmental agencies or other companies assisting us in fraud prevention or investigation. We may do so when: (1) permitted or required by law, or (2) trying to protect against or prevent actual or potential fraud or unauthorized transactions, or (3) investigating fraud which has already taken place. The information is not provided to these entities or companies for marketing purposes.
How do we secure your data against misuse?
We are dedicated to ensuring any information provided to Crystal D by our customers is transmitted in a secure way. Crystal D has never encountered any sort of data and/or security breach, which we accredit to our strict adherence to information security policies. In the rare event we do encounter any sort of breach, we are able to immediately notify anyone affected.
Here are some examples of security measures we use to protect your personal information:
• Usernames and passwords are required to access our websites.
• We use Secure Sockets Layer (SSL) to protect personal information in certain areas of our websites during transport across the Internet. The presence of SSL encryption may be indicated by https in the browser URL or the image of a closed lock or solid key in the browser window. These indications may not be present in mobile services that use SSL.
Additional protections to guard customer data include IP controls to access systems, physical security, and security needed to maintain PCI compliance.
Your information is kept on password protected, limited access servers. Wherever possible and applicable, Crystal D servers reside behind a corporate firewall that maintains controls on access to the system from both our internal network and the Internet. These servers reside in the Crystal D corporate headquarters in the United States.
Additionally, as we do not market our services or websites to children, we do not collect personal information from children under the age of 13.
California Privacy Rights
California residents may request a list of certain third parties to which we have disclosed personally identifiable information. You may make one request per calendar year. In your request, please attest to the fact that you are a California resident and provide a current California address for your response.
MRF Requirements and UnitedHealth Care Support
To access the machine-readable files created and published by UnitedHealth Care, please click here: https://transparency-in-coverage.uhc.com/