Who are we?
Crux Risk LLP
T: +44 (0) 20 7112 8620
Crux Risk is a risk and crisis management services provider. We provide a spectrum of risk mitigation and response services to a wide range of industry sectors.
Commitment to personal security
Crux Risk takes your personal data seriously and is committed to protecting your data to the best of our ability.
What does this policy cover?
- what personal data we collect about you;
- where we collect personal data about you from;
- how we use your personal data;
- how long we keep your personal data for;
- who we share your personal data with;
- what happens if you do not provide us with the information we request
or ask that we stop processing your information;
- how we transfer and store your personal information;
- what rights do you have in relation to the data we hold on you;
- how we will contact you; and
- how you can contact us.
What personal data do we collect?
We only collect the information necessary for us to be able to perform the services you have instructed us to carry out for you, or where underwriters and/or brokers with whom you are insured have asked us to contact you about our services. We will only collect and hold sensitive information (special category data) with your explicit consent where the collection and holding of such data is essential to the services we are providing to you or we are legally obliged to.
Where do we collect personal data about you from?
The following are the different sources we may collect personal data about you from:
- Directly from you. This is information you provide to us directly in writing or by word of mouth.
- Through publicly available sources. We use the following public sources:
- The internet
- By referral. When you have been referred to us by third parties.
How do we use your personal data?
We only use your personal data to enable us to carry out the services we are providing to you, or if you are providing services to us, or could provide services to us in the future. Where we have provided casework services to you we will hold case data unless you expressly ask us not to. During casework, Crux Risk maintains a log of events and actions for legal purposes.
How long do we keep your personal data for?
We retain your information for as long as is necessary for us to use your information to complete casework or to comply with legal obligations. However, please be advised that we may retain some of your information after you cease to use our services to enable us to comply with regulatory bodies, for example, OFAC, SOCA or the Courts.
Who do we share your personal data with?
We do not share your personal data with any third parties unless
there is an explicit reason to do so and your consent has been given.
Data is shared and processed internally amongst Crux Risk partners and
associates where appropriate.
What happen if you do not provide us with the information we request or ask that we stop processing your information?
If you do not provide the personal data necessary, or withdraw your consent for the processing of your personal data, we may not be able to provide services to you.
Transfer and storage of personal information
Crux Risk operates globally and some personal information may be transferred to and/or stored in jurisdictions outside the EEA that do not have laws that provide specific protection for personal information. Where we transfer or store your personal information outside the EEA we will only do where we are satisfied that there is an adequate level of protection for your personal information
What rights do you have in relation to the data we hold on you?
By law, you have a number of rights when it comes to your personal data. Further information and advice about your rights can be obtained from the data protection regulator in your country.
- The right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Policy.
- The right of access
- The right to rectification
You are entitled to have your information corrected if it’s inaccurate or incomplete.
- The right to erasure
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
- The right to restrict processing
You have rights to ‘block’ or suppress the further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
- The right to data portability
You have rights to obtain and reuse your personal data for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
- The right to object to processing
You have the right to object to certain types of processing, including processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities).
The right to lodge a complaint
You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.
The right to withdraw consent
If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.
We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:
- baseless or excessive/repeated requests, or
- further copies of the same information.
Alternatively, we may be entitled to refuse to act on the request.
Please consider your request responsibly before submitting it. We’ll respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.
How will we contact you?
We may contact you by phone, email or social media. If you prefer a particular contact means over another please just let us know.
How can you contact us?
If you are unhappy with how we've handled your information or have further questions on the processing of your personal data, please address your communication to our Data Protection Officer at:
Crux Risk LLP
T: +44 (0) 20 7112 8620