Privacy (transparency) notice pursuant to General Data Protection Regulation Arts 13 and 14.
This notice is intended for individuals with whom we deal in our business, including candidates for jobs with us. It is not intended for our employees.
We categorise those individuals (“data subjects”) as follows:
- Individuals - academics, the retired, those between jobs, sole traders without employees and those who only contact us because of their personal interest in our business and technology.
- Corporate subscribers - deal with us in their capacity as employees or owners of businesses which have other employees.
- Candidates - those who have applied for a job with us.
We obtain and process personal data in different ways depending upon the data subject, the purpose of the processing and way in which we obtained your personal data.
In most circumstances, your data will only be processed within the UK or EEA. If for any reason we need to have your data processed elsewhere we will inform you of that, any privacy risks involved and what we have done to minimise those risks. In some circumstances, we would also seek your consent for that.
Some of our data is stored, or otherwise processed for us, outside the UK/EU. In those circumstances we ensure that our contracts with those processors and their processing comply with UK/EU data privacy standards and rules.
You can at any time ask us to tell you what personal data relating to you we hold.
You also have the right to ask us to rectify your data if it is inaccurate, erase it or restrict the processing of it. In some circumstances, you can ask us to provide it to you in a format which would allow you to transfer it digitally to another.
Where we have requested and you have given us consent to process your data you may withdraw that consent at any time.
Were our business to be sold all your data would be transferred to the purchaser so that they could use it in the same way as we do now.
If you are at all concerned about our processing of your data please let us know by emailing [email protected].
Purpose. We process your data in order to respond to you and so that we can contact you about matters of mutual interest, and send you white papers, case studies and other related materials that may be of interest.
Legitimate Interest. We have a legitimate interest in doing that as you will have indicated that you wish us to do so or it is reasonable for us to assume that. We do not need your consent.
Marketing. If we were to use your data in order to send you marketing material about our services, otherwise than for your interest only, we will only do so with your consent. That consent can be withdrawn by you at any time by following the “unsubscribe” link on our communication.
Those with whom we share it. Some of our data, which could include your personal data, is stored off site by third parties. Some is stored by our UK subsidiary, Critical Software Technologies. Except for our marketing database none of our personal data is stored outside the EEA or UK.
Retention. Your data will be retained for up to ten years after our last interaction with you unless you ask us to delete it earlier and we are able to do that.
Why we need your data. Without your data we would not have the information necessary to be able to communicate with you.
Where we get it. Most of your data held by us will have come from you. Some may have been obtained from your colleagues and friends.
Purpose. We process your data to enable us to contact you in your role within your organisation and in order to record any information that you provide to us. That contact may include sending you a newsletter or marketing material but only if they are relevant to your role. We may also need to use it in order that we can recommend you or the goods and services of your organisation to others.
Legitimate Interest. We have a legitimate interest in using your data for those purposes. We do not need your consent. You can however at any time tell us that you do not wish for us to contact you again at all, or that you do not wish to receive marketing material.
Those with whom we share it. Some of our data, which could include your personal data, is stored off site by third parties. Some is stored by our UK subsidiary, Critical Software Technologies. Except for our marketing database none of our personal data is stored outside the EEA or UK. We may, in connection with a project on which we are working with your organisation, provide it to others working on the same project. We may also provide it to third parties seeking our recommendation of your organisation or someone like you.
Retention. Your contact and other data will only be held for as long as you retain your role in your organisation or, if it was relevant to a project, for so long as we retain the records of that project.
Why we need your data. Your data is needed principally so that we can contact you and otherwise for the purpose set out above.
Where we got it. The usual source of your data is you or your organisation. On occasions we may obtain it from your colleagues, from mutual clients, from others involved in a project or from publicity material published by your organisation or publicly available directories.
If you have indicated that you would like to join our team and we decide to keep your details “on file” and have informed you of that, we will send you newsletters and similar material to keep in touch. You can unsubscribe at any time.
Purpose. We process your data (your contact details, career history and other relevant information) to enable us to assess you for a role and contact you. Some of that contact may be by way of newsletters keeping you in touch with us and our news. You will be offered the opportunity to unsubscribe if you wish.
Legitimate Interest. We have a legitimate interest in using your data for those purposes. We do not need your consent.
Those with whom we share it. Some of our data, which could include your personal data, is stored off site by third parties. Some is stored by our UK subsidiary, Critical Software Technologies. None of our personal data, except that on our marketing database, is stored outside the EEA or UK. We may, if your role would be working for one of our customers, provide it to that customer to allow them to assess you. If we seek references for you we will supply your name and details of the proposed role to your referees. If we wish to verify your qualifications or suitability we may provide information sufficient to identify you, things that you have told us about yourself and the proposed role to those that can verify the information you have given us.
Retention. If we decide not to employ you, most personal data about you will be deleted/destroyed approximately six months after that decision is made and we will retain only sufficient data to identify that we have considered you for employment but that your application was unsuccessful. If we think we might want to employ you in future we will retain indefinitely all the data that we have about you unless you ask us to delete it. If we employ you, all the data about you will be transferred to your HR file and used and retained in accordance with our policies for employment.
Why we need your data. Without your data we would be unable to assess you, or contact you.
Where we got it. The usual source of your data is you or a recruitment consultant or “job board”. Some data may come from referees or those we use to verify the information that you provide.
- To the extent that we are required to do so by law
- In connection with any legal proceedings or prospective legal proceedings
- In order to establish, exercise or defend our legal rights
- To the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
The website contains links to other websites. We are not responsible for the privacy policies or practices of third-party websites.
Please let us know if the personal information which we hold about you needs to be corrected or updated.
By using this website you are deemed to have accepted these Terms and Conditions of use.
Terms & Conditions
Critical Software and its subsidiaries have made every possible effort to ensure the accuracy of all the information contained on this website. Notwithstanding our commitment to provide accurate and updated information, this website should not be considered a strict reflection of the products and services offered by Critical Software and neither does it constitute a confirmed offer to sell or a solicitation to buy any product or service.
All copyright, trademarks and all other intellectual property rights, including databases on the website and its content, are the property of Critical Software or authorised for its use. It is prohibited to copy, reproduce, re-edit, publish, broadcast or transmit any text, image, graphic, logotype, icon or software code that appears on the website for any public or private purpose, without the prior written authorisation of Critical Software.
It is forbidden to adapt, modify or recreate any of the information or materials that appear on this website or to utilise them for any purpose that is not strictly personal and not-for-profit. The user also accepts to access and use the website only for lawful purposes.
Due to the inherent nature of the internet, errors, interruptions and delays may occur in the service at any time. Accordingly, this website is provided without any warranties of any kind and Critical Software does not accept any liability arising from any interruption to the website whatsoever.
A cookie is a small text file that identifies your computer on our server. Cookies themselves do not identify the individual user, only the computer used. Cookies are not used to collect personal information.
At any time, the user is able to configure their web browser to accept all cookies, to notify them when a cookie is issued, or not to receive any cookies. The way the user does this depends on the web browser they use. Please consult the "Help" function on your web browser to learn more.
If you accept cookies, they may remain on your computer for many years, unless you delete them. If you disable cookies, the use of sites in general may be limited. Below, you will find a list of the main cookies we use, together with a note on what they are used for.
PHPSESSID: This cookie is essential and allows our website to respond to any action you execute on the site, such as completing an enquiry form. The website does not function correctly if this cookie is disabled.
critical_accepted_cookies: This cookie indicates if a website visitor has accepted the cookies or not.
__cfduid: These cookies are necessary to provide the CloudFare service. More detailed information can be found at:
__hluid, __hssc, __hssrc, __hstc, hubspotutk: These cookies are necessary to provide the Hubspot service. More detailed information can be found at:
_ga, _gat, _gat_WebProperty2, _gid: Cookies which start with “_ga” allow for analytics software functions. These functions aim to analyse website visits and provide anonymous information such as the browsers used, return visits and marketing activity responses. This information is used to help us improve the website as well as your online experience of it.
Web browsers make it possible to exert a certain amount of control over cookies by configuring the browser as you wish. The majority of web browsers allow you to block cookies, or block cookies on specific sites. Web browsers may also help you to delete cookies when you close the browser. However, this may mean that any opt-outs or preferences defined on the site will be lost. To learn more about cookies, including how to see what cookies have been created and how to manage and block them, visit the site www.allaboutcookies.org. This site contains information on how to manage your configurations for the various web browsers available. However, you should always remember that disabling cookies may affect your overall website experience, to one extent or another.
Modern Slavery Act and Human Trafficking Statement for the Financial Year 2022
This statement is made on behalf of the Critical Software S.A. Group (including all of its subsidiaries) pursuant to the section 54 (1) of the Modern Slavery Act 2015 and comprises our slavery and human trafficking statement.
Critical takes a zero tolerance stance to slavery and human trafficking and is committed to ensuring that its business has no involvement in either. Modern slavery is a crime and a violation of fundamental human rights. It takes various forms, such as slavery, servitude, forced or compulsory labour and human trafficking, all of which have in common the deprivation of a person's liberty by another in order to exploit them for personal or commercial gain.
Critical Software’s Policies on Slavery and Human Trafficking
Critical will not support or deal with any business knowingly involved in modern slavery or human trafficking.
We have a Code of Conduct in place signed off at director level, which applies to all staff across the Critical Group, to reflect and enforce our commitment to conduct all our business in an honest and ethical manner.
All Critical staff are required to read, understand and follow our Code of Conduct.
To ensure our supply chains and contractors comply with our values, we operate according to principles of responsible sourcing, including that they pay employees the prevailing minimum wage applicable within their relevant country of operations. Our Code of Conduct outlines our expectations of our supply chains.
Our supply chains include suppliers of:
- IT hardware and software, including software licenses and open source software
- Data storage services
- Professional services from our advisers including our lawyers, accountants, auditors and public relations advisers
- Office equipment
- Office cleaning and other office facilities services.
The vast majority of our suppliers are based in Europe. They are required to take steps to prevent modern slavery and human trafficking in their own businesses and supply chains, whether under the Modern Slavery Act 2015 or equivalent legislation in other jurisdictions.
We do not employ significant numbers of temporary or agency staff. We only use specified, reputable recruitment agencies.
We strive to take all reasonable and practical steps to ensure that our standards are being implemented throughout our business and our supply chain, and that local legislation and regulations are complied with. We will assess any instances of non-compliance on a case-by-case basis and will then tailor remedial action appropriately. We will only trade with those who fully comply with this policy. As part of our initiative to identify and mitigate risk (including in relation to that of human trafficking and slavery) we operate a range of policies and procedures within the Critical Software Group. These include the policies and procedures identified in the Code of Conduct in relation to whistleblowing, anti-money laundering and anti-bribery.
This statement is made pursuant to section 54(1) of the Modern Slavery Act 2015 and constitutes the Critical Group's slavery and human trafficking statement for the financial year ended 31 December 2022.
This statement has been approved by the Board of Directors at Critical Software, S.A. on 4th April 2023.
Click here to download a copy of our statement.
Critical Software's Anti-Corruption Policy
With the aim of strengthening and complementing the principles of the Code of Conduct, this Policy reinforces the Company's culture and reaffirms the commitment to integrity, legality, and transparency, as well as to the highest standards of conduct. Any violation of anti-corruption legislation is not tolerated.
At Critical Software the fight against corruption is of great importance to the success and integrity of our businesses and ultimately our organization. It is essential for Critical that businesses follow strong anti- corruption policies and programs to prevent and detect corrupt practices.
This policy aims to establish guidelines and procedures that promote a culture of transparency, integrity, and ethical behavior within the organisation.
To effectively enforce the guidelines and procedures of this policy the organization have established a compliance program that aims to prevent and detect corrupt practices. The compliance program will be overseen by the compliance officer, who will ensure that all employees received regularly training on the program.
The compliance program includes the following components:
The organisation conducts risk assessments to identify areas where corruption risks have a high and very high probability to occur and proper measures to prevent or mitigate those risks. The risk assessment shall be updated regularly to ensure that new risks are identified and addressed.
Policies and Procedures
The organisation shall establish policies and procedures that address specific corruption risks identified in the risk assessment. The policies and procedures shall be made available to all employees, and regular training will be provided.
The organisation will conduct due diligence on third parties, such as suppliers, contractors, and agents, to ensure that they comply with the organisation's anti-corruption policy.
Monitoring and Reporting
The compliance officer will monitor the effectiveness of the compliance program and report regularly to senior management and the board of directors. Any suspected cases of corruption will be reported to the relevant authorities.
Training is essential for ensuring that all employees understand the risks of corruption and the importance of maintaining high ethical standards. Regular training will be provided to all employees of the Company regarding good practices and measures to prevent corruption practices.
Code of Conduct
Critical condemns any practice of corruption, bribery, or related offenses, whether in an active or passive manner, as well as other forms of undue influence or illegal conduct. It imposes strict compliance with these principles in all its internal and external relationships, whether with private or public entities.
The organisation has established a code of conduct that outlines the values, principles, and behaviours expected of all employees. The code of conduct is based on international best practices, applicable laws, and regulations. The code of conduct covers areas such as conflicts of interest, bribery, gifts, and entertainment.
In particular, it is expressly prohibited for all Employees to:
- Accept any advantages or offers in exchange for preferential treatment of any third party, in order to influence an action or decision.
- Offer or accept, under any circumstances and regardless of value, money, checks, and other goods subject to legal restrictions.
- Influence the decisions of business partners through any illegal means or actions that may appear to contradict applicable standards.
- Obtain any benefit or advantage for the company, the employee, or third parties through unethical practices or actions contrary to the duties of the position, including corruption, improper receipt of benefits, or trafficking of influence.
Whistleblowing is an important tool for preventing and detecting corruption. Employees should feel safe to report any suspected cases of corruption without fear of retaliation. To ensure this, the organisation has established a whistleblowing system that guarantees confidentiality, anonymity, and protection for the whistleblower.
All employees are aware of the whistleblowing policy and the process for reporting suspected cases of corruption. The whistleblowing system will be overseen by the ombudsperson who shall ensure that all reports are properly investigated and appropriate action is taken.
Validity and Review
This Policy shall come into effect on the date of its approval by the Board of Directors and shall be reviewed every 3 (three) years or whenever there are any changes, particularly in the organisational or corporate structure of the Company, which justify its revision.
Any changes to the Policy must be approved by the Board of Directors.
Click here to download a copy of our statement.