1. PURPOSE OF THIS POLICY
1. C.ROWTH! LIMITED (Company number 12048225) of WeWork, 5 Merchant Square, London W2 1AY (we, us or our) owns, provides and operates the products and services offered on our website www.crowth.com (Crowth!) and our Crowth! app.
2. For the purposes of the Data Protection Act 1998 (Act), we are (i) a data controller (registered with the Information Commissioner’s Office for data protection: ZA730554), and (i) a data processor, in relation to data provided by clients who are the data controller.
3. This policy takes into account application in the European Union of the General Data Protection Regulation (GDPR) with effect from 25 May 2018.
2. WHO AND WHAT THIS POLICY APPLIES TO
1. We handle data in our own right and also for and on behalf of our clients.
4. If, at any time, an individual or client provides data or other information about someone other than himself or herself, the individual warrants that they have that person’s consent to provide such information for the purpose specified.
5. We do not provide services to or collect data from children (persons under the age of 18 years).
1. You can visit our website without telling us who you are or revealing any information about yourself, including your email address. In this case, our server may collect the name, address, the IP address and domain you used to access the website, the type and version of browser and operating system you are using, and the website you came from and visit next. This information is used by us to measure the number of visits, average time spent, page views, and other statistics about visitors to our website in general. We may also use this data to monitor site performance for systems administration purposes, to make our website easier and more convenient to use and to report information in aggregate form to our advisers (e.g. how many visitors log in to our website).
2. Refer to our Cookies Policy (below) for further information about the cookies we use to collect information from visitors to our website.
4. CONSENT – OPT IN, OPT OUT
1. In respect of information that we collect directly, an individual An individual may withdraw consent or opt to not have us collect their data and communicate with them at certain times by not providing express consent. This may prevent us from offering some or all of our services and may terminate access to some or all of the services we provide. They will be aware of this when:
1. Opt In.Where relevant, the individual will have the right to choose to have information collected and/or receive information from us; or
2. Opt Out. Where relevant, the individual will have the right to choose to exclude himself or herself from some or all collection of information and/or receiving information from us. An individual may revoke their consent at any time, and the decision to opt out will be made through the same media which allowed the individual to opt in (and potentially other media).
2. If an individual believes that they have received information from us that they did not opt in or out to receive, they should contact us on the details below.
5. THE INFORMATION WE COLLECT AND RECEIVE
1. In the course of our business it is necessary for us to collect and receive data where we have a legitimate interest, pursuant to contract or with your consent. This information allows us to identify who an individual is for the purposes of our business, to provide services to our clients, share data when asked of us, contact the individual in the ordinary course of business and transact with the individual.
2. Without limitation, the type of information we may collect or receive is:
1. Personal Information. We may collect or receive personal details such as an individual’s name and other information that allows us to identify who the individual is;
2. CV Information. Individuals may choose to provide us with their CV, to be viewed by users of our website or app and employers receiving the CV in connection with an advertised position;
3. Contact Information. We may collect or receive information such as an individual’s email address, telephone number, mailing address and other information that allows us to contact the individual;
4. Statistical Information. We may collect or receive information about an individual’s online and offline preferences, habits, movements, trends, decisions, associations, memberships, finances, purchases and other information for statistical purposes;
5. Digital Information. We may collect or receive your IP address and device-specific information, such as the hardware model, operating system version, advertising identifier, unique application identifiers, unique device identifiers, browser type, language, wireless network and mobile network information (including mobile phone number); and
6. Information provided to us. We may collect or receive any personal correspondence that an individual sends us, or that is sent to us by others about the individual’s activities, including activities with our clients and partners.
4. We may also collect or receive non-data about an individual such as information regarding their computer, network and browser.
6. HOW INFORMATION IS COLLECTED
1. Most information will be collected or received in association with:
1. an individual’s use of our website(s), app(s) and/or services, an enquiry about Crowth! or generally dealing with us;
2. our engagement to provide services to clients (including data processing) who provide us with information relating to individuals that are employees, staff or contacts of those individuals.
2. We may receive information from individuals that are employees or alumni of our clients that relates to potential candidates extracted from those employees’ or alumni’s business or social networks.
3. We may also receive data from other sources such as advertising, promotions, public records, mailing lists, contractors, staff, recruitment agencies and our business partners (such as Facebook or Twitter). In particular, information is likely to be collected as follows:
Services/engagements. When a client or individual engages our services and/or provides list, account, connection or other process whereby they enter data details or grant access to information in order to receive or access something, including a transaction or services.
Supply/Contact. When an individual supplies us with goods or services. or contacts us in any way;
Pixel Tags. Pixel tags enable us to send email messages in a format customers can read and they tell us whether mail has been opened.
4. If, at any time, a third party provides data or other information about any individual, we require that party warrants that they have that person’s consent to provide such information to us for the purpose specified.
5. Crowth! will publish changes to the way that information is collected at the point of collection and within this policy
7. HOW DATA IS STORED
1. The data that we collect from you and data which we receive from clients will be stored in the European Economic Area(EEA), but may be transferred to, and stored at, a destination outside the EEA, with and by third parties.
2. Data may also be processed by third parties and/or staff operating outside the EEA who work for us or for one of our third party partners. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing.
3. We will retain data for the period necessary to fulfil the purposes outlined in this policy unless a longer retention period is required or permitted by law.
8. WHEN DATA IS USED
1. Except as necessary and we have a legitimate interest:
1. Where acting as a data controller, we will not use any data other than for the purpose for which it was collected or with the consent from the individual. The purpose of collection is determined by the circumstances in which the information was collected and/or submitted;
2. Where acting as a data processor, we will not use data for any purpose other than the purpose specified by the data controller.
2. In particular, we provide CV information to our Crowth! Connectors who seek to find you employment with third party employers. Whereas Crowth! takes steps to only engage with reputable organisations, we cannot guarantee hat all third parties and employers will adhere to the limitations we impose on them. If at any time you would like your CV or details removed from our website, please email firstname.lastname@example.org and it shall be removed.
3. Job postings which are posted on our Crowth! app allow an individual to follow links to apply (and provide a CV) in response to a specific job posting. Although we use reasonable means to protect your personal information, Crowth! is not responsible for any improper use of your personal information that is beyond our reasonable control.
4. Information is used to enable us to operate our business, especially as it relates to an individual or the provision of services to a client – this may include (subject to necessary consent or pursuant to a relevant contract):
1. The provision of goods and services to a client, including;
The processing of information received from a client
The analysis of information received from a client
The presentation and reporting on information received from a client
2. Verifying an individual’s identity;
3. Communicating with a registered user, prospective or current client about:
Their relationship with us and our services;
Job opportunities or related services;
Our own marketing and promotions to customers and prospects;
Competitions, surveys and questionnaires, for which we will get express consent at the point of submission;
4. Answering inquiries and questions from individuals and communicating with future opportunities and/or registration;
Receiving and processing job applications on behalf of our clients where our clients do not have their own applicant tracking systems;
Giving developers information that is useful in determining appropriate new features, content and services;
Provide advertisers with aggregate, not individual, information about our customers;
Investigating any complaints about or made by an individual or client, or if we have reason to suspect that an individual or client is in breach of any of our terms and conditions or that an individual or client is or has been otherwise engaged in any unlawful activity; and/or
Carrying out regulatory checks and meeting our obligations to our regulators;
As required or permitted by any law (including the Act).
5. If you publicly post about Crowth!, or communicate directly with us, on a social media website, we may collect and process the data contained in such posts or in your public profile for the purpose of addressing any customers services requests you may have and to monitor and influence public opinion of Crowth!
9. WHEN DATA IS DISCLOSED
1. It may be necessary for us to disclose an individual’s data to third parties in a manner compliant with the Act in the course of our business, such as for processing activities like website hosting.
2. We will not sell an individual’s data to unrelated third parties, unless applicable consent has been obtained for us to partner with those companies to offer you related services, or employ other companies to perform tasks on our behalf and we need to share your information with them to provide products and services to you.
3. There are some circumstances in which we must disclose an individual’s information:
Where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity that a governmental authority should be made aware of;
As required by any law (including the Act) including court orders; and/or
In order to sell our business (as we may transfer data to a new owner).
4. We will not disclose an individual’s data to any entity outside of the EEA, unless that entity operates in an environment governed by requirements that are at least equivalent to the GDPR. We will take reasonable steps to ensure that any disclosure to an entity outside of the EEA will not be made until that entity has agreed in writing with us to safeguard data as we do.
5. We may partner with or utilise third-party service providers (such as Gmail from Google, Inc) to communicate with an individual or client and to store contact details about an individual or client. These service providers may be located outside the United Kingdom, including the United States of America.
6. If Crowth! gets involved in a merger, asset sale, financing, liquidation or bankruptcy, or acquisition of all or some portion of the business to another company, you consent to us sharing with that company before and after the transaction closes information: (i) that we hold in our capacity as data controller relating to an individual; and (ii) that we hold in our capacity as data processor subject to any confidentiality provisions between us and our clients.
10. THIRD PARTY SERVICES, WEBSITES AND ACCOUNTS
1. We may share an individual’s information and information received from individuals, clients and client employees with third parties for the processing and storage of that information. For example:
all information may be processed and stored with cloud service providers (such as Amazon Web Services);
information may be processed but not stored our by data partners.
2.We are not responsible for the privacy practices of third parties. We recommend that you read the privacy policies of third-party service providers so you can understand the manner in which your personal information will be handled by these providers.
3. In particular, remember that certain service providers may be located in or have facilities that are located in a different jurisdiction (including outside the EEA). So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
4. As an example, if you are located in United Kingdom and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation (including the USA Patriot Act).
5. The information we may obtain from those services often depends on your settings or their privacy policies. We recommend that you read any third-party privacy policies before entering any personal information.
6. When you click on links on our platform, they may direct you to third-party websites. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
12. THE SAFETY & SECURITY OF DATA
1. We will take all reasonable precautions to protect an individual’s and our client’s data from unauthorised access. This includes appropriately securing our physical facilities and digital networks.
2. The security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Each client and individual that provides information to us via the internet or by post does so at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, data where the absolute security of information is not always within our control.
3. We are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose an individual’s data to in accordance with this policy or any applicable laws). The collection and use of an individual’s or a client’s information by such third parties may be subject to separate privacy and security policies.
4. If an individual or client suspects any misuse or loss of, or unauthorised access to, their data, they should let us know immediately.
5. To the extent permitted by law, we are not liable for any loss, damage or claim arising out of another person’s use of the data where we were authorised to provide that person with the data.
13. HOW TO ACCESS AND/OR UPDATE INFORMATION
1. The Act gives you the right to request from us the data that we have about you.
2. If an individual cannot update his or her own information, we will correct any errors in the data we hold about an individual within one month of receiving written notice from them about those errors.
3. It is an individual’s responsibility to provide us with accurate and truthful data. We cannot be liable for any information that is provided to us that is incorrect.
4. We may charge an individual a reasonable fee for based on our administrative costs incurred in meeting any of their requests to disclose the data we hold about them if such a request is manifestly unfounded or excessive. We reserve the right to clarify the specific information your request relates to.
5. Information will be provided within one month of receipt of the request.
14. COMPLAINTS AND DISPUTES
1. You have the right to object to:
processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
direct marketing; and
processing for purposes of scientific/historical research and statistics unless we hold legitimate grounds for processing or the processing is for the establishment, exercise or defence of legal claims.
If an individual has an objection or complaint about our handling of their data, they should address their complaint in writing to the details below.
2. You have the right to lodge a complaint with a supervisory authority if you consider that the processing of your data infringes the General Data Protection Regulation.
3. If we have a dispute regarding an individual’s data, we both must first attempt to resolve the issue directly between us.
4. If we become aware of any unauthorised access to an individual’s data which is likely to result in a high risk for the rights and freedoms of the data subjects we will inform the individual without undue delay after becoming aware of it once we have established what was accessed and how it was accessed.
15. ADDITIONS TO THIS POLICY
Disclaimer: all the companies whose logos are shown on our website are used just for information, nomination and reference purposes, C.rowth! Limited is not trying to benefit commercially or claiming a business relationship with them.
16. CONTACTING US
All correspondence with regards to privacy should be addressed to:
5 Merchant Square
We ask that you contact us by email in the first instance.