Loading...

Privacy Policy

digitalization-ai

Privacy Policy

Last update

28 Sep, 2025

For further information please get in touch

By using this website you are deemed to have accepted this Privacy Policy.

  • Summary

    The Privacy Policy aims to respond to the increasingly pressing concern with the control of personal data, ensuring that all necessary precautions are taken to safeguard individual information in an attempt to prevent data breach incidents, while at the same time responding to the expectations of data subjects regarding the protection of their data.

  • Purpose and scope

    The main objective of Critical Software's Privacy Policy is to respond to the increasingly pressing concern for the protection of personal data by ensuring that all necessary precautions are in place to safeguard individual information in an attempt to prevent data breach incidents, while at the same time responding to data subjects' expectations regarding the protection of their data.

    For the purposes of this policy, "personal data" means any information relating to an identified or identifiable natural person, as defined in the General Data Protection Regulation (GDPR). This policy fully complies with the GDPR and applicable national data protection legislation.

    This policy is intended for individuals with whom we deal in our business, including candidates for employment with our company. It is not intended for our employees. We categorise these individuals ("data subjects") as follows:

    Individuals - academics, retired people, people between jobs, sole traders without employees and people who only contact us because of their personal interest in our business and technology.

    Corporate subscribers - deal with us in their capacity as employees or owners of companies that have other employees.

    Applicants - those who have applied for a job with us.

  • Policy description

    We obtain and process personal data in different ways, depending on the data subject, the purpose of the processing and how we obtained their personal data.

    In most circumstances, your data will only be processed in the United Kingdom or the European Economic Area (EEA). If, for any reason, it is necessary for your data to be processed elsewhere, we will inform you of this, any privacy risks involved and what we have done to minimise those risks. In most circumstances, we will also ask for your consent to this.

    Some of our data is stored, or processed by us, outside the UK/EU. In such circumstances, we ensure that our contracts with these processors and their processing comply with UK/EU data privacy rules and standards.

    You can, at any time, ask us to tell you what personal data we hold about you.

    You also have the right to ask us to rectify your data if it is inaccurate, erase it or restrict its processing. In some circumstances, you can ask us to provide your data in a format that allows you to transfer it digitally to another party.

    If we have asked you and you have given us your consent to process your data, you can withdraw that consent at any time.

    If our company were sold, all your data would be transferred to the buyer so that they could use it in the same way as we do today.

    If you are concerned about the processing of your data by our company, please let us know at [email protected].

  • Individual data

    If you deal with us as an individual, the following applies:

    Purpose. We process your data in order to respond to you and to be able to contact you on matters of mutual interest and to send you whitepapers, case studies and other related materials that may be of interest to you.

    Legitimate interest. We have a legitimate interest in doing so because you have indicated that you want us to do so, or because it is reasonable for us to do so. Therefore, we do not need your explicit consent.

    Marketing. If we use your data to send you marketing material about our services, other than solely for your interest, we will only do so with your consent. You can withdraw this consent at any time by following the "unsubscribe" link in our communication.

    Those with whom we share it. Some of our data, which may include your personal data, is stored off-site by third parties. Some is stored by our UK subsidiary, Critical Software Limited. Except for our marketing database, none of your personal data is stored outside the EEA or the UK.

    Retention. Your data will be kept for a maximum of ten years after our last interaction with you, unless you ask us to delete it sooner and we are able to do so.

    Why we need your data. Without your data, we wouldn't have the information we need to be able to communicate with you.

    Where we get it. Most of the data we hold comes from you. Some may have been obtained from your colleagues and friends.

  • Personal data of business subscribers

    If you deal with us as a business subscriber, the following applies:

    Purpose. We process your data so that we can contact you as part of your duties in your organisation and to record any information you provide us with. Such contact may include sending you a newsletter or marketing material, but only if they are relevant to your role. We may also need to use it to be able to recommend you or your organisation's goods and services to others.

    Legitimate interest. We have a legitimate interest in using your data for these purposes. We do not need your consent. However, you can tell us at any time that you do not wish us to contact you again or that you do not wish to receive marketing material.

    Those with whom we share it. Some of our data, which may include your personal data, is stored off-site by third parties. With the exception of our marketing database, none of your personal data is stored outside the EEA or the UK. We may, as part of a project we are working on with your organisation, provide it to other people working on the same project. We may also provide them to third parties who wish to obtain our recommendation about your organisation or someone like you.

    Conservation. Your contact details and other data will only be kept for as long as you maintain your role in your organisation or, if they are relevant to a project, for as long as we keep records of that project.

    Why we need your data. Your data is needed primarily so that we can contact you and for the purposes mentioned above.

    Where we got it. The usual source of your data is you or your organisation. Sometimes we may obtain them from your colleagues, mutual clients, other people involved in a project, publicity material published by your organisation or publicly available lists.

  • Candidates

    If you are a candidate for a job with our company, the following applies:

    Purpose. We process your data so that we can assess you for a role and contact you. Some of this contact may be through newsletters that keep you in touch with us and our news. You will be given the opportunity to unsubscribe if you wish.

    Legitimate interest. We have a legitimate interest in using your data for these purposes. We do not need your consent.

    Who we share it with. Some of our data, which may include your personal data, is stored off-site by third parties. None of your personal data is stored outside the EEA or the UK. If your role is to work for one of our clients, we may provide it to that client so that they can assess you. If we seek references for you, we will provide your name and details of the proposed role to your references. If we wish to verify your qualifications or suitability, we may provide sufficient information to identify you, elements you have told us about yourself and the proposed role to those who can verify the information you have provided.

    Retention. If we decide not to employ you, most of your personal data will be deleted/destroyed around six months after that decision is made and we will only keep enough data to identify that we have considered your application for a job but that it has not been accepted.

    If we think we might employ you in the future, we will retain all the data we have about you indefinitely, unless you ask us to to delete them. If we employ you, all data relating to you will be transferred to your HR file and used and retained in accordance with our employment policies.

    Why we need your data. Without your data, we wouldn't be able to assess you or contact you.

    Where we get it. The usual source of your data is you or a recruitment consultant or job board. Some data may come from referees or people we use to verify the information you provide.

  • Other disclosures

    In addition to disclosures reasonably necessary for the purposes identified elsewhere in this privacy policy, we may disclose information about you:

    • To the extent that we are required to do so by law

    • In connection with any legal proceedings or prospective legal proceedings

    • To establish, exercise or defend our legal rights

    • To the buyer (or prospective buyer) of any business or asset that we are (or are considering) selling.

    • Except in the cases provided for in our privacy policy, we will never provide your information to third parties.

  • Security of your personal data

    We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.

  • Compliance

    Compliance with the Privacy Policy is mandatory. Violation of the rules identified in this policy may result in the creation of an Information Security Incident and may ultimately result in disciplinary action.

  • Control

    The execution of the rules and principles identified in this policy is monitored by the CSO and the ISC. In addition, all employees of the organisation must report any deviation from the policy that they may encounter to the immediate Project Manager (PM), the Manager or the CSO.

Loading...