This policy summarises the key points about how Crackle collects, uses and discloses personal data and ensures
compliance with the laws and regulations throughout jurisdictions where we operate.
What is personal data?
Personal data is information (including opinions) which relates to an individual and from which he or she can be
identified either directly or indirectly through other data which the company has or is likely to have in its possession. These individuals are sometimes referred to as data subjects and include clients and employees.
Responsibilities
Ross, founder of Crackle Digital Health is the Data Protection Officer of the personal data we process and is
therefore ultimately responsible for ensuring our systems, processes, suppliers, and employees comply with data
protection laws and regulations in relation to the information we handle. Our Data Protection Officer provides
guidance and advice to the company as required.
As a company, we believe it is the responsibility of the whole team to ensure that any personal data sent or
received is handled in the correct manner as outlined in our Data Security Policy and IT and Communications
Policy.
All Crackle employees must abide by this policy and the policies mentioned above when handling personal data
and must take part in any required security and data protection training. Any breach will be taken seriously and may result in disciplinary action.
Principles of data protection
The company has adopted the following principles to govern our use, collection and disclosure of personal data.
These principles have been established to create a uniform standard in our London office where we operate.
The company’s core principles provide that personal data must:
1. be processed fairly and lawfully and to the extent required under local law with valid and informed
consent;
2. be obtained for specific and lawful purposes;
3. be kept accurate and up to date;
4. be adequate, relevant and not excessive in relation to the purposes for which it is used;
5. not be kept for longer than is necessary for the purposes for which it is used;
6. be processed in accordance with the rights of individuals;
7. be kept secure to prevent unauthorised processing and accidental loss, damage or destruction; and
8. not be transferred to, or accessed from, another jurisdiction where these core principles cannot be met
unless it is adequately protected.
As a company the type of data we collect and process falls into one of the following categories:
1. personal data relating to our employees and obtained during the recruitment process;
2. participants in our events and other promotional activities;
3. personal data obtained and used in relation to providing digital services during the course of an
engagement.
Personal data relating to our employees and obtained during the recruitment process
TYPES OF DATA
Personal data such as name, address, contact details, education and employment history;
background checks (financial and criminal), ID and right to work status;
information relating to next of kin, and dependants;
financial information including bank details and identifiers (for example, National Insurance numbers);
we may process information revealing sensitive information such as health details, racial origin,
religious beliefs and information about offences/ alleged offences.
COLLECTION
Personal data will be collected from a number of sources including your application form/CV;
providers of background checks (eg Onfido) and referees;
providers of occupational health services;
notes and records kept throughout your employment including absences, expenses claims,
questionnaires, performance reviews and details of any grievances/disciplinary action.
USE
Personal data will be used for:human resources administration;
assessing suitability, eligibility and/or fitness to work;
learning and development;
to ensure the firm’s information and offices are secure;management purposes (including where necessary disciplinary purposes).
Photographs, education and career information may be used in marketing and promotional material for
the firm including our website and marketing material.
DISCLOSURE
Your personal data:
will not be transferred to our partners, or to service providers who support the operation
of our business;
may be stored within the Crackle information systems and within third party software
applications and services which have been procured to support the operation of the HR
function.
may be transferred to other third parties such as our insurers, legal and other
professional advisors, regulators, administrators and government departments, who may
be acting as data controller.
DATA RETENTION
Your personal data will be stored for the following time periods:
Data gathered prior to employment for recruitment purposes: 2 years from original
application.
Data gathered from employment commencement date: continuous whilst employed.
Data stored once employment has terminated: 2 years from date of termination.
If you require data to be deleted from our systems before these time periods have lapsed, then you
must request this in writing.
Participants in our events and other promotional activities
TYPES OF DATA
Information such as name and business information (email address, job title, who you work for).
Additional information may be processed where it is provided by you, for example in correspondence, in
connection with an event or in letting us know what areas you are interested in and when you wish to be
contacted by us.
This may include access or dietary requirements which may reveal information about
your health or religious beliefs.
Our websites may also collect your device’s unique identifier, such as an IP address.
COLLECTION
Information is collected via forms on our website or via email/call only.
USE
Personal data will be used to:complete any request you may make;
contact you with communications event or marketing updates in line with your
preferences.
DISCLOSURE
Personal data:will not be transferred to our partners, or to service providers who support the operation
of our business;
which is shared with service providers will be limited to that which is required for
providing the service and will be adequately protected;
will not be given to other third parties, apart from in limited circumstances such as, where
we run a joint event and you book onto it.
DATA RETENTION
We do retain data collected via our promotion activities for 1 year since the last interaction with you.
You may request the removal of your information at anytime.
Personal data obtained and used in relation to providing digital services during the course of an
engagement
TYPES OF DATA
Information processed for relationship management and service opening procedures such as name,
business information and identification documentation.
We do not encourage the use of personal email addresses and will insist that our clients only provide
work alias during the course of an engagement.
Additional personal data may be collected for a specific digital delivery but must be encrypted in transit.
COLLECTION
Relationship management and service opening information is collected from you directly and further
information (e.g. to verify your identity) may be collected from third parties, such as publicly available
sources.
THIRD PARTY PROCESSORS
We are not working with third party at this time.
USE
Relationship management and service opening data is used for providing digital services administration,
commercial purposes (eg creditworthiness) and as required by law (eg anti money laundering).
All other personal data will be used for the purposes of providing digital services and to comply with our
statutory/ regulatory obligations.
In relation to our digital services we will monitor and record information relating to use of the services.
This will include how and when the system is accessed and how data is uploaded.
DISCLOSURE
Personal data:will not be transferred to our partners, or to service providers who support the operation
of our business unless it is required for engagement purposes (eg: data migration).
In this case, all data that is transferred between Crackle, our clients and third party suppliers will be encrypted and deleted after use which is shared with service providers will be limited to that which is required for
providing the service and will be adequately protected.
DATA RETENTION
Once an engagement completes we will remove all personal subject data from our systems after one
month of completion/termination.
Individuals’ rights
Personal data must be processed in line with individuals’ rights, including the right to:
1. request a copy of their personal data;
2. request that their inaccurate personal data is corrected;
3. request that their personal data is deleted and destroyed when causing damage or distress; and
4. opt out of receiving electronic communications from the company.
Should you wish to make a request in line with your rights as an individual, please forward it to the Data Protection Officer.
Employees people must notify or inform the Data Protection Officer immediately if they receive a request in relation to personal data which the firm processes.
How to make a complaint
You should direct all complaints relating to how the firm has processed your personal data to the Data Protection
Officer. Employees must inform the Data Protection Officer immediately if they receive a complaint relating to how the company has processed personal data so that the company complaints procedure can be followed.
Security
Information security is a key element of data protection. The company takes appropriate measures to secure
personal data and protect it from loss or unauthorised disclosure or damage.
The company is Cyber Essentials certified and it is a requirement that all employees comply with the company’s IT & Communications policy, which is available in our central policy library.
Contact details
Data Protection Officer,
Crackle Health, 79-81 Borough Rd, London, SE11DN
Email: info@wearecrackle.com
To make Crackle work properly, we sometimes place small data files called cookies on your
device. Most big websites do this too.
What are cookies?
A cookie is a small text file that a website saves on your computer or mobile device when you
visit the site. It enables the website to remember your actions and preferences (such as login,
language, font size and other display preferences) over a period of time, so you don’t have to
keep re-entering them whenever you come back to the site or browse from one page to another.
How do we use cookies?
Crackle uses the following cookies on website, for the following purposes:
- if you have agreed (or not) to our use of cookies on website (this information will also
be stored in cookie, so we don’t have to ask you next time)
- Google Analytics: Crackle uses Google Analytics to analyse the use of this website.
Google Analytics generates statistical and other information about website use by
means of cookies, which are stored on users’ computers.
The information generated relating to our website is used to create reports about the use of the website.
Google will store and use this information.
More info how Google use cookies visit this site.
How to control cookies?
You can control and/or delete cookies as you wish – for details, see how to control cookies. You
can delete all cookies that are already on your computer and you can set most browsers to
prevent them from being placed. If you do this, however, you may have to manually adjust some
preferences every time you visit a site and some services and functionalities may not work.