Privacy policy - Crux Product Design

 
This privacy notice is intended for recruitment candidates and sets out your rights and answers any queries you may have about how Crux Product Design Ltd (hereinafter referred to as “Crux”) collects, uses and protects your personal data. If you have any questions or concerns about our notice, or our practices with regards to your personal data, please contact us at privacyteam@cruxproductdesign.com.

Thank you for your interest in joining us at Crux. We understand that privacy is important to you and we are committed to treating your personal information with care and integrity.
Please ensure that you read this notice, and any other notices you may be provided with when we collect or process your personal data. Doing so will help you make informed decisions about sharing your personal data with us.

Crux reviews and updates this privacy notice. We recommend checking periodically to ensure that you are happy with any changes.

This privacy notice applies to all candidate personal data collected, and/or any related services, sales, marketing or events (hereinafter referred to as our “Services”).
 

Who are we?

We are a product development consultancy registered under company number 04893244. Our services include research, design, engineering and prototyping, human factors testing, advanced analytics digital twin, simulation and on-market lifecycle management.

Crux is registered as a data controller with the Information Commissioner’s Office (ICO) under number ZA558972. A data controller determines the purposes and means of the processing of personal data.
 

How can you contact us about your data?

Crux Product Design Ltd
Flatiron Building
332-336 Paintworks
Bristol
BS4 3AR
United Kingdom

Tel: 0117 300 9788

Email: privacyteam@cruxproductdesign.com
 

Applying for a job

When you apply for a job with us, as part of our recruitment or on-boarding process before you start with us, Crux will collect and process personal data about you.
 

1. What personal data will we hold?

 
The personal data we process, where provided, includes but is not limited to:

• your name and contact details e.g. home address, email address and/or phone numbers;
• your educational and employment history;
• your salary and benefits package;
• further information contained within your CV or other documents you submit to us;
• information from the selection process;
• references and assessments relating to your work for previous employers;
• information to confirm your identity and right to work e.g. a copy of your passport or work permit;
• any access or support requirements you may have in attending an interview;
• details of any unspent criminal convictions;
• diversity monitoring information, if you prefer not to share this information it does not affect your application e.g. your ethnicity, sex, disability status, religion; and
• information relating to your feedback on our organisation.

If you are successful we will ask for more information as part of our onboarding process before you start e.g. National Insurance number, bank details, reasonable adjustments we can make to support you at Crux, next of kin information.
 
 

2. Where do we get your personal data from?

 
We obtain personal data directly from you, as well as from third parties such as recruitment agencies, background checking companies or former employers where seeking a reference. We may also check any publicly available social media profiles, where this is relevant, as part of our recruitment process e.g. for checking employment history.
 
 

3. How do we use this personal data and what is the basis for this use?
 

We use your personal data:

• to make recruitment decisions;
• if you are successful, to start your onboarding experience with us;
• to meet our accessibility and support requirements;
• to collate and analyse diversity and inclusion data (processed based on your explicit consent); and
• to prevent and detect fraud and other wrongdoing.

We process your personal data when one or more of the following applies:

• you have specifically given us your consent to process your data;
• our legitimate business interests, when considering you as a candidate for employment opportunities at Crux;
• if you are successful for our legal obligations as a potential employer; and
• if you are successful, to enter into an employment contract with you
   
   

4. Who will we share your personal data with?
 

Your personal data will be shared with Crux employees involved in the recruitment process. This includes the People team, interviewers involved in the recruitment process and managers in the business area, if access to the data is necessary for the performance of their roles.

We use other companies to provide us with applicant tracking software, new employee onboarding software, telephony, email and other IT services. We have put agreements in place with these companies to ensure that they will only process your personal data as requested by us and in accordance with data protection law.

If your application is successful, and we make you an offer of employment, Crux may then share data with former employers to obtain references.
 
 

5. How long will you keep my personal data?
 

We will not keep your personal data for longer than is necessary. We will keep the personal data connected to your job application (including any interview records) for 6 months from the end of the recruitment process before deleting your data securely. The retention period is determined based on our need to fulfil the purposes for which the data was collected and to comply with legal obligations.

In some instances, we may ask for your consent to retain your data for a longer period if a suitable position is not immediately available.

If your application for employment is successful, personal data gathered during the recruitment process will be use during your onboarding process and transferred to your employment file. The periods for which your data will be held will be provided to you in a new privacy notice.
 
 

6. What are your rights?
 

The rights available to you include:

• Asking us for copies of your personal information. There are some exceptions, which means you may not always receive all the information we process;

• Asking us to correct information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete;
• Asking us to delete your personal information;
• Asking us to restrict the processing of your information;
• Objecting to our processing of your personal information;
• Asking that we transfer information you have given us from one organisation to another, or to give it to you; and
• Complaining to us, you also have the right to make a complaint to the ICO about how we have used your personal data. https://ico.org.uk/make-a-complaint/.

Details of how to contact us are at the start of this privacy notice. We may ask you questions to verify your identity before actioning any request.
 

How we keep your personal data secure

Crux have put in place a number of measures to protect your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. These measures include:

• cyber security protocols;
• requiring everyone who works with us to agree to legally binding confidentiality obligations;
• using strong passwords and encryption for our users, servers and communications channels;
• access to personal data is limited by specific roles;
• ensuring that all staff are properly trained on how to handle your personal data as required by law;
• adherence to policies and procedures to ensure we can deal with any security breaches involving your personal data quickly and effectively and respond to any requests by you to exercise your rights; and
• contractual arrangements with third party service providers.
   

Where your personal data is stored

The personal data that we collect from you is stored within the United Kingdom or European Economic Area (“EEA”). In some cases, we may transfer your personal data to countries outside the United Kingdom and European Economic Area. Where we do so we will ensure that you are made aware that such transfers are compliant with the Data Protection Act 2018 or UK General Data Protection Regulation and that appropriate measures are put in place to keep your personal data secure.