Privacy Policy - Castle Crew

Last updated: 9 January 2026

Castle Crew (“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store and protect personal data when you engage with us as a supplier, freelancer, sole trader, or limited company representative.

1. Who we are

Castle Crew operates as a crew services and supplier engagement company in the United Kingdom. We engage suppliers on a self-employed or business-to-business basis only.

For the purposes of UK data protection law, Castle Crew is the Data Controller.

Contact details:
Email: caroline.taylor@castlecrew.co.uk

Registered in the United Kingdom

2. What personal data we collect

When you complete our supplier onboarding form or engage with us, we may collect:

  • Name

  • Business name (if applicable)

  • Contact details (email address, phone number, address)

  • Company registration details (for limited companies)

  • Bank account details (for payment purposes)

  • Tax status (sole trader or limited company)

  • Insurance details

  • Compliance documentation where required

  • Any other information you provide in connection with contracts or services

3. How we use your data

We use personal data to:

  • Set you up as a supplier

  • Prepare, issue and manage contracts

  • Manage payments and accounting

  • Meet legal, regulatory, and compliance obligations

  • Communicate with you about work opportunities and engagements

  • Maintain accurate business records

Castle Crew does not act as an Employer of Record and does not provide tax, IR35, or employment law advice.

4. Lawful basis for processing

We process personal data under the following lawful bases:

  • Contractual necessity – to enter into and manage supplier contracts

  • Legal obligation – to comply with accounting, tax, and regulatory requirements

  • Legitimate interests – to operate our business and manage supplier relationships

5. Data storage and security

We store personal data securely and apply appropriate technical and organisational measures to protect it against unauthorised access, loss, or misuse.

Access is restricted to those who require the data for legitimate business purposes.

6. Data sharing

We may share personal data only where necessary, including with:

  • Professional advisers (e.g. accountants)

  • HMRC or other authorities where legally required

  • Clients, where required for contractual or compliance purposes

We do not sell personal data to third parties.

7. Data retention

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or regulatory requirements.

8. Your rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request erasure of data (where applicable)

  • Object to or restrict processing

  • Request data portability

Requests can be made using the contact details above.

9. Updates to this policy

We may update this Privacy Policy from time to time. The most current version will always be available on our website.

HOME SCREEN