Croudie Privacy Notice.

Data Controller

Data Controller: Croud Inc. Ltd., 1st Floor, Trinity, 39, Tabernacle Street, London, EC2A 4AA

Data Protection Officer: Heidi Ayton, [email protected], +44 01743 211165

Privacy Notice

The Croud Group (the organisation) collects and processes personal data relating to its Croudies to manage the freelance relationship. The organisation is committed to being transparent about how it collects and uses that personal data and to meeting its personal data protection obligations.

What personal data does the organisation collect?

The organisation collects and processes a range of personal data. This includes:

• your name, address and contact details, including email address and telephone number, timezone;
• confirmation of your identification such as a copy of your national ID card, passport or other photographic identification;
• the terms and conditions of your freelance agreement;
• details of your qualifications, skills, experience and employment history, including start and end dates as a freelancer with the organisation;
• details of any of the organisation’s exams taken and the results;
• information about your stated hourly rate;
• details of your bank account name, number;
• information about your nationality and your location;
• details of your availability for work;
• details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence;
• any relevant tax registration number(s);
• (optional if you agree to provide this data) equal opportunities and diversity and inclusion monitoring information, including information about your ethnic origin, sexual orientation, health, schooling, parental schooling, disability, parental status and religion or belief. This data is collected anonymously and will not be personally identifiable accordingly.

The organisation collects this personal data in a variety of ways. For example, personal data is collected through application forms, portfolios of work or resumes;  public online social media profiles, from correspondence with you; or through meetings or other assessments.

Personal data is stored in our proprietary software, some of which is available to our inhouse teams to be able to provide you with relevant work when available. Access to banking information is available only to our finance and network teams.

The organisation provides you with access to its free online learning and development platform, Croud Campus, which requires personal data of your name and email to provide you with this service. This data, plus any personal information that you choose, at your discretion, to add to your Croud Campus profile will be stored with 360 Learning, our technology provider for Croud Campus. Your name, email (accessible by admins only) and any information you enter to your Croud Campus profile may be viewed by other Croudies and Croud employees.

Why does the organisation process personal data?

The organisation needs to process personal data to enter into a contractual relationship with you and to meet its obligations under this partnership. For example, it needs to process your data to provide you with freelance work opportunities and to pay you in accordance with any freelance hours you complete.

In some cases, the organisation needs to process personal data to ensure that it is complying with its legal obligations. For example, it is required to collect a VAT number in order to pay UK freelance workers.

In other cases, the organisation has a legitimate interest in processing personal data before, during and after the end of the freelance relationship. Processing freelance personal data allows the organisation to:

• run task allocation and collaboration processes;
• operate and keep a record of disciplinary and grievance processes;
• operate and keep a record of freelancer performance and related processes;
• ensure that freelancers are receiving the pay to which they are entitled;
• ensure effective business administration;
• offer free access to learning and development opportunities in Croud Campus;
• provide references on request for current or former freelancers; and
• respond to and defend against legal claims.

Where the organisation relies on legitimate interests as a reason for processing personal data, it has considered whether or not those interests are overridden by the rights and freedoms of freelance workers and has concluded that they are not.

Who has access to personal data?

Your personal data will be shared internally across the Croud group, including with members of the finance and network team, inhouse employees in the business areas in which you work, product and development employees if and when access to the personal data is necessary for performance of their roles.

The organisation shares your personal data with third parties in order to be able to pay its freelance partners and to offer free access to learning and development opportunities. The organisation may also share your personal data with third parties in the context of a sale of some or all of its business. In those circumstances the personal data will be subject to confidentiality arrangements.

The organisation also shares your personal data with third parties that process personal data on its behalf, notably in connection with paying freelancers through our finance partners NAB, Bankline and Xero. 

Your personal data may be transferred to countries outside the European Economic Area (EEA) to facilitate being able to pick up freelance opportunities with the company’s Australian, American, Serbian and UAE teams. Personal data is transferred outside the EEA through the company’s internal proprietary tools for the purposes of enabling freelancers to pick up job offers and the inhouse teams to be able to offer jobs out. The company’s proprietary tools provide access to your contact details and experience to inhouse teams only.

How does the organisation protect personal data?

The organisation takes the security of your personal data seriously. The organisation has internal policies and controls in place to try to ensure that your personal data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.  Restrictions are in place based on a need to know basis. 

Inhouse employees will have access to necessary personal data in our proprietary tools to perform their duties as an employee which may include access to information of freelance hourly rates, skills and qualifications, access to performance and work records. Inhouse employees will not have access to documents relating to payments and bank details unless their job role includes administering payments to you. Access to payments and bank details is controlled by and restricted to the finance function and audited on a frequent basis. 

Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of personal data.

For how long does the organisation keep data?

The organisation will hold your personal data for the duration of your time on the Croudie Network. The period for which your personal data is held after you leave the network is one year unless you request otherwise.

With regards to Croud Campus, this is a free and optional service that we offer to you as part of your Agreement with Croud. You may prefer not to use this service and request your Croud Campus profile to be removed at any time, whilst still being able to offer your services as a Croudie.

Your rights

As a data subject, you have a number of rights. You can:

• access and obtain a copy of your personal data on request;
• require the organisation to change incorrect or incomplete personal data;
• require the organisation to delete or stop processing your personal data, for example where the personal data is no longer necessary for the purposes of processing;
• object to the processing of your personal data where the organisation is relying on its legitimate interests as the legal ground for processing; and
• ask the organisation to stop processing personal data for a period if that personal data is inaccurate or there is a dispute about whether or not your interests override the organisation’s legitimate grounds for processing personal data.

If you would like to exercise any of these rights, please contact our DPO, [email protected],  +44 1742 211165.

For EEA Residents: Please contact our EU Representative at [email protected]. Alternatively, they can be reached by post (The DPO Centre, Alexandra House, 3 Ballsbridge Park, Dublin, D04C 7H2) or +353 1 631 9460. www.dpocentre.com.

If you believe that the organisation has not complied with your personal data protection rights, you can complain to the Information Commissioner.

What if you do not provide personal data?

You have some obligations under your freelance agreement to provide the organisation with personal data. 

Certain information, such as contact details, work experience, certifications and payment details, have to be provided to enable the organisation to enter a freelance agreement with you. If you do not provide other information, this will hinder the organisation’s ability to administer certain actions arising as a result of the freelance agreement efficiently.

Automated decision-making

Freelance relationship and agreement decisions are not based solely on automated decision-making.