Book a Demo Contact
Combined Shape Icons/Fonctionnal/Close/L

Privacy Notice for Candidates, Employees And Contractors


For any questions or complaints, please contact [email protected]
Last update: May 7 2024

 

Introduction

1.1.    This privacy notice (“Privacy Notice”) sets out how the Crisis24 group of companies which collectively include Crisis24 Inc, Crisis24 Limited, Crisis24 Consulting Limited, Crisis24 SAS, Crisis24 GmbH, Crisis24 Pte. Limited, Crisis24 Pty Limited, Crisis24 Protective Solutions Limited, LP, FAM International Logistics, Inc., Patriot Global Group, Inc., Patriot Global NYC, LLC and their subsidiaries,  (collectively, "Crisis24" or “our” or “we” or “us”) handle the Personal Data of candidates applying for employment opportunities with Crisis24 as well as how Crisis24 processes the Personal Data of its current and former employees and contractors (together, “you” or “your”).

1.2.    In this Privacy Notice, “Personal Data” means any information identifying an individual, known as a “Data Subject” or information relating to a Data Subject that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Personal Data includes “Special Category Data” (defined in paragraph 8 below) and pseudonymized Personal Data (meaning replacing information that directly or indirectly identifies an individual with one or more artificial identifiers or pseudonyms) but excludes anonymous data or data that has had the identity of an individual permanently removed and which cannot identify an individual. Personal Data can be factual (for example, a name, email address, location, or date of birth) or an opinion about that person’s actions or behavior.


Scope

2.1.    It is important that you read and retain this Privacy Notice, so that you are aware of how and why we are using your information and what your rights are under applicable Data Protection Laws (as defined below). Relevant legislation that regulates the way in which Crisis24 may use Personal Data include but are not limited to the following:


2.1.1    General Data Protection Regulation ((EU) 2016/679) (“GDPR”);

2.1.2    United Kingdom (“UK”) Data Protection Act 2018 and GDPR as incorporated into UK legislation;

2.1.3    Swiss Federal Act on Data Protection of 19 June 1992 as revised and updated from time to time;

2.1.4    DIFC Data Protection Law No. 5 of 2020; 

2.1.5    Personal Data Protection Act 2012 of Singapore;

2.1.6    California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act (“CCPA”), and

2.1.7    Canadian Personal Information Protection and Electronic Documents Act 2000 and applicable provincial laws.

(collectively “Data Protection laws”).

 

Purpose

3.1.    Crisis24 (more specifically, the legal entity within the Crisis24 group responsible for recruitment of the applicable role or which employs or engages you (as the case may be) is a “data controller”. This means that we are responsible for deciding how we hold and use your Personal Data.

3.2.    You are reading a copy of this Privacy Notice because you are applying (or may have applied) for work with us (whether as an employee, worker, or contractor) or you are engaged by us as an employee or contractor. The purpose of this Privacy Notice is to explain to you how and why your Personal Data will be used by Crisis24 and how long it will usually be retained for. This Privacy Notice contains certain information that we must provide to you pursuant to applicable Data Protection Laws. We may update this Privacy Notice at any time and in which case, we will provide you with an updated copy of this notice as soon as reasonably practical.


Data Protection Principles

4.1.    When processing your Personal Data, we will comply with applicable Data Protection Laws and principles, which means that your Personal Data will be:

4.1.1    used lawfully, fairly and in a transparent way;

4.1.2    collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;

4.1.3    relevant to the purposes we have told you about and limited only to those purposes;

4.1.4    accurate and kept up to date;

4.1.5    kept only as long as necessary for the purposes we have told you about;

4.1.6    kept securely; and

4.1.7    not transferred to another country without appropriate safeguards being in place.


The Kind Of Information We Hold About You

5.1    In connection with your application for work with us, and if applicable, our subsequent engagement with you, we will collect, store, and use the following categories of Personal Data about you:

5.1.1    the information you have provided to us in your curriculum vitae, covering letter and correspondence;

5.1.2    the information you have provided on our application form and, in the event we choose to offer you a position with us whether as an employee or contractor, information you have provided on our onboarding forms, including name, title, address, telephone number, personal email address, date of birth, gender, employment history, qualifications, marital status, dependents, next of kin and emergency contact information, bank account details, tax status information, national insurance/social number (as applicable);

5.1.3    any information you provide to us during an interview;

5.1.4    any information you provide to us or that we process during the course of your employment or engagement with us (as the case may be) including:

(a)    salary, annual leave, pension and benefits information;
(b)    fees payable to you and payroll records;
(c)    start date and, if different, the date of your continuous employment;
(d)    leaving date and your reason for leaving;
(e)    location of employment or workplace;
(f)    copy of passport and/or immigration status;
(g)    employment records (including job titles, work history, working hours, holidays, training records and professional memberships);
(h)    compensation history;
(i)    performance information;
(j)    disciplinary and grievance information;
(k)    CCTV footage and other information obtained through electronic means such as swipe card records;
(l)    information about your use of our information and communications systems;
(m)    photographs; and
(n)    results of vetting and employment status checks.

5.2.    We may also collect, store and use “Special Category Data” about you. Please refer to paragraph 8 of this Privacy Notice for further information. We anticipate that we may process the following Special Category Data about you:

5.2.1    information about your race or ethnicity, religious beliefs, sexual orientation and political opinions;

5.2.2    information about your health, including any medical condition, health, and sickness records; and

5.2.3    information about criminal convictions and offences.


How Is Your Personal Data Collected?

6.1.    We collect Personal Data about candidates, employees and/or contractors (as the case may be) from the following sources:

6.1.1    you, the candidate, employee or contractor (as applicable), including from company devices issued to you;

6.1.2    recruitment agency (if applicable);

6.1.3    background check provider and credit reference agencies (as applicable);

6.1.4    the UK Disclosure and Barring Service (or equivalent service in your jurisdiction of residence or nationality) in respect of criminal convictions;

6.1.5    your named referees (if applicable); and

6.1.6    our personnel, in the event you are engaged or employed by us.


How We Will Use The Information About You

7.1.    We will only use your Personal Data when Data Protection Laws allow us to. Most commonly, we will use your Personal Data in the following circumstances:

7.1.1    where we need to perform the contract we have entered into with you, for example when we need to pay you;

7.1.2    where we need to comply with a legal obligation, for example when we are required to make disclosures in legal proceedings or provide information to a regulator; and
7.1.3    where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

7.2.    We will use information we collect about you to allow us to decide whether to offer you a position, and if you are successful in the recruitment process, we will continue to collect information about you which is necessary to perform our contract with you and to enable us to comply with our legal obligations. If you are an unsuccessful candidate, we will process your Personal Data only when making a decision about your recruitment. If you become an employee or contractor, we will process your Personal Data in the following situations:

7.2.1    making a decision about your recruitment, appointment or engagement;

7.2.2    if applicable, determining the terms on which you will work for us or be engaged by us;

7.2.3    checking you are legally entitled to work or perform the services (as applicable) in the relevant jurisdiction;

7.2.4    paying you and, if you are an employee or deemed employee for tax purposes, deducting tax and national insurance contributions (or the equivalent), if applicable;

7.2.5    providing any additional benefits as applicable to your engagement;

7.2.6    enrolling you in a pension arrangement in accordance with our statutory automatic enrolment duties, if applicable;

7.2.7    liaising with the trustees or managers of a pension arrangement operated by a Crisis24 group entity, your pension provider and any other provider of employee benefits, if applicable;

7.2.8    administering the contract we have entered into with you;

7.2.9    business management and planning, including accounting and auditing;

7.2.10    if applicable, conducting performance reviews, managing performance and determining performance requirements;

7.2.11    making decisions about salary reviews and compensation or the amount of fees we will pay you;

7.2.12    assessing qualifications for a particular job or task, including decisions about promotions;

7.2.13    if applicable, arranging travel in order for you to perform your role;

7.2.14    gathering evidence for possible grievance or disciplinary hearings;

7.2.15    making decisions about your continued employment or engagement;

7.2.16    making arrangements for the termination of our working relationship;

7.2.17    education, training and development requirements;

7.2.18    dealing with disputes (legal or otherwise) involving you, or other employees, workers and contractors, including accidents at work;

7.2.19    ascertaining your fitness to work;

7.2.20    managing sickness absence;

7.2.21    complying with health and safety obligations;

7.2.22    to investigate and prevent fraud or other suspected criminal activity;

7.2.23    to monitor your use of our information and communication systems to ensure compliance with our internal policies;

7.2.24    to ensure network and information security, including preventing unauthorized access to our computer and electronic communications systems and preventing malicious software distribution;

7.2.25    to conduct data analytics studies to review and better understand employee retention and attrition rates; and

7.2.26    equal opportunities monitoring (if deemed applicable).

7.3.    Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your Personal Data.

7.4.    Our personnel, including employees and, where you are providing services to us, contractors, may process your Personal Data. Our personnel will only have access to your Personal Data on a need-to-know basis and as required in order to perform their relevant role-related functions or to provide services to you. If you are an employee, your Personal Data may be processed by, amongst others, our Human Resources Department and Finance Department, and in the event of a disciplinary issue, our Legal Department. For example, our Human Resources Department may access your Personal Data to process payroll, maintain records relating to your employment and monitor your performance. In the event you are providing services to us by way of a contractor agreement or consultancy agreement, examples of the relevant departments which may process your Personal Data include our Contractor Human Resources Department, Travel Department, Finance Department, and the management team of the project you are deployed on. For example, our Finance Department may process limited Personal Data about you such as your bank details and name to pay you for the services you have rendered, and our Travel Team may process Personal Data such as your passport and contact details to arrange flights for you. Due to the high risk areas, we work in, we will also keep a record of and process your Personal Data relating to your next of kin details.

7.5.    If you fail to provide information when requested, we may not be able to consider your application to work for us (such as evidence of qualifications or work history) or we may not be able to perform our contract with you. For example, if we require a credit check or references for a role and you fail to provide us with relevant details, we will not be able to take your application further, or if you work for us and fail to provide information we have requested, we may not be able to perform the contract we have entered into with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as confirming your right to work in the relevant jurisdiction).
7.6.    We will only use your Personal Data for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Unless paragraph 7.7 applies, if we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

7.7.    Please note that we may process your Personal Data without your knowledge or consent, in compliance with this Privacy Notice, where this is required or permitted by law.

How We Use Special Category Data Information

8.1.    Under the Data Protection Laws there are certain types of Personal Data which are recognized as being more sensitive than other data. This data is called “Special Category Data” and includes information revealing racial or ethnic origin, religious or similar beliefs, trade union membership, physical or mental health conditions, biometric or genetic data. In some jurisdictions this category also includes information about a Data Subject’s criminal history. We will process Special Category Data in accordance with our Privacy Policy.

8.2.    We will use Special Category Data in the following ways:

8.2.1    we will use information about your physical or mental health, or disability status to consider whether we need to provide appropriate adjustments during the recruitment process and to ensure your health and safety in the workplace and to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits including statutory maternity pay, statutory sick pay, pensions and health insurance;

8.2.2    we will use information about your health to confirm your fitness for the role or to provide services to us (as the case may be);

8.2.3    we will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation (if and to the extent such information is gathered), to ensure meaningful equal opportunity monitoring and reporting; 

8.2.4    If we reasonably believe that you or another person are at risk of harm and the processing is necessary to protect you or them from physical, mental or emotional harm or to protect physical, mental or emotional well-being; and

8.2.5    we may need to process information about your race or national or ethnic origin or religious beliefs in accordance with our obligations to disclose this information to relevant government authorities to procure appropriate work permits or visas (as applicable) for you.

8.3.    In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.

8.4.    We do not need your consent if we use Special Category Data in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law.

8.5.    We also do not need your consent where the purpose of the processing is to protect you or another person from harm or to protect your well-being and if we reasonably believe that you need care and support, are at risk of harm and are unable to protect yourself.


Information About Criminal Convictions

9.1.    We envisage that we will process information about your criminal history and convictions (if any).

9.2.    We will collect information about your criminal convictions history to determine whether we would like to offer you the role (conditional on checks and any other conditions, such as references, being satisfactory). We are entitled (and sometimes required dependent on the role and client) to carry out criminal records checks in order to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the role.

9.3.    Where appropriate, we may also conduct routine checks whilst you are working for us, or we may be notified of such information directly by you in the course of you working for us. We will use information about criminal convictions and offences to confirm your initial and ongoing eligibility for any particular role, due to client requirements or to comply with certain obligations at law in respect of the role.


Automated Decision-Making

10.1.    You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making. We will however require certain qualification criteria to be fulfilled in order for you to be eligible for certain roles. Confirmation of whether you meet these initial criteria shall be subject to an automated process, but any final decision of awarding a role shall not be automated.


Data Sharing

11.1.    Why might you share my Personal Data with third parties?

11.1.1    We will only share your Personal Data with third parties including service providers (for example a payroll company we have appointed to process your payroll), where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so. For example, if you are providing services to us whilst on a project and require urgent medical attention and are incapacitated, we may provide limited medical information to a healthcare provider so they may provide medical assistance to you.

11.1.2    We may share your Personal Data with other third parties, for example in the context of the possible sale or restructuring of the business. In this situation we will, so far as possible, share anonymized data with the other parties before the transaction completes. Once the transaction is completed, we will share your personal data with the other parties if and to the extent required under the terms of the transaction.

11.1.3    We may also need to share your Personal Data with a regulator or to otherwise comply with the law. This may include making returns to government authorities and disclosures to shareholders, such as directors’ remuneration reporting requirements.

11.2.    When might you share my Personal Data with other entities in the group?

11.2.1    We will share your Personal Data with other entities in the Crisis24 group as part of our regular reporting activities on corporate performance, in the context of a business reorganization or group restructuring exercise, for system maintenance support and hosting of data, as well as any administrative requirements as necessary where it is another Crisis24 group entity which carries out that function.
11.3.    Which third-party service providers process my Personal Data?

11.3.1    “Third Parties” includes third-party service providers (including contractors and designated agents) and other entities within the Crisis24 group. The following are some of the activities which are carried out by third-party service providers: payroll, insurance, pension administration, benefits provision and administration, IT services.

11.3.2    We will share personal data regarding your participation in any pension arrangement operated by a Crisis24 group entity with the trustees or scheme managers of the arrangement in connection with the administration of the arrangements, to the extent applicable.

11.4.    How secure is my information with third-party service providers and other entities in our group?

11.4.1    All Third Parties are required to take appropriate security measures to protect your Personal Data in line with our Privacy Policy. We do not allow Third Parties to use your Personal Data for their own purposes. We only permit them to process your Personal Data for specified purposes and in accordance with our instructions.

11.5.    Transferring information internationally

11.5.1    Sharing your Personal Data for the required processing may involve transferring your data inside, as well as outside the jurisdiction from where it is collected, whether that be, but not limited to, the Dubai International Financial Centre (“DIFC”), the European Economic Area (“EEA”), UK, Canada, or the USA .

11.5.2    There may not an adequacy decision by the DIFC’s Data Protection Commissioner, the European Commissioner or the Information Commissioner’s Office (or as the case may be by a regulator with respect to the jurisdiction where your Personal Data is collected), in respect of all of the countries to which your Personal Data will be sent. This means that some of the countries to which we transfer your data are not deemed to provide an adequate level of protection for your Personal Data. However, to ensure that your Personal Data does receive an adequate level of protection we have put in place appropriate measures to ensure that your Personal Data is treated by other Crisis24 group entities or as the case may be, third parties, in a way that is consistent with, and which respects the Data Protection Laws.

11.5.3    In accordance with our obligations with regards the Data Protection Laws, whenever we transfer your personal data out of the EEA, the UK, Canada, USA, DIFC  (as the case may be), we will ensure that a similar degree of protection is afforded to it by using contractual obligations including, where applicable, the standard contractual clauses approved by the relevant data protection authority in our agreements with any co-controllers or processers as the case may be as issued and amended from time to time by the relevant authorities.


Data Security

12.1.    We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used, or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your Personal Data on our instructions, and are subject to a duty of confidentiality.

12.2.    We have put in place procedures to deal with any suspected Personal Data breach and will notify you and/or any applicable regulator where we are legally required to do so.


Data Retention

13.1    We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of your Personal Data are set out in the Data Retention Policy . To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.


13.2    In some circumstances we may anonymize your Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer an employee, worker, or contractor of Crisis24 we will retain and securely destroy your Personal Data in accordance with applicable laws and regulations, including the Data Protections Laws.


Rights Of Access, Correction, Erasure, And Restriction

14.1.    Under certain circumstances, by law you have the right to:

14.1.1    request access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it;

14.1.2    request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;

14.1.3    request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below). Please note this is a qualified right and there may be instances where we are not able to comply with your request because we have an obligation to retain your information, we will provide further information to you about this on request;

14.1.4    object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes;

14.1.5    request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it; and

14.1.6    request the transfer of your Personal Data to another party.

14.2.    If you want to review, verify, correct, or request erasure of your Personal Data, object to the processing of your personal data, or request that we transfer a copy of your Personal Data to another party, please contact us in writing (see below).

14.3.    It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during the course of your commercial relationship with us.

14.4.    If you choose to exercise any of your rights in this paragraph 14, you will not be subject to discrimination or any lesser treatment by us. 

14.5.    You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

14.6.    We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

14.7.    We do not sell the Personal Data we collect, nor do we share it with third parties for cross-contextual behavioral advertising. 


Right to Withdraw Consent

15.1.    In the limited circumstances where you may have provided your consent to the collection, processing, and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Data Protection Officer at [email protected]. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

 

Data Privacy Officer & Your Right to Complain

16.1.    Our Data Privacy Officer (“DPO”) oversees compliance with this Privacy Notice. If you have any questions about this Privacy Notice or how we handle your Personal Data, please contact the DPO via email at [email protected] or otherwise contact the Legal Department for further assistance. You have the right to make a complaint at any time to the relevant body in applicable jurisdictions for data protection issues.


Changes To This Privacy Notice

17.1.    We reserve the right to update this Privacy Notice at any time, and we will provide you with a new Privacy Notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your Personal Data. Please continue to refer back to this Privacy Notice, the terms of which may be updated from time to time.


If you have any questions about this Privacy Notice, please contact the relevant Data Privacy Officer if applicable, or alternatively the Legal Department via [email protected]


October 2023.