31st October

Croud partners with ECI to drive ambitious global growth

Read More
GB/US

Croudie privacy notice

Data Controller

Data Controller: Croud Inc. Ltd., The Bard Building, 9th & 10th Floors, 20, Curtain Road, London, EC2A 3NG

Data Protection Officer: Heidi Ayton, [email protected], +44 1939 839996

Privacy Notice

The Croud Group (the organisation) collects and processes personal data relating to its Croudies to manage the freelance relationship. The organisation is committed to being transparent about how it collects and uses that personal data and to meeting its personal data protection obligations.

What personal data does the organisation collect?

The organisation collects and processes a range of personal data. This includes:

  • your name, address and contact details, including email address and telephone number, timezone;
  • confirmation of your identification such as a copy of your national ID card, passport or other photographic identification;
  • the terms and conditions of your freelance agreement;
  • details of your qualifications, skills, experience and employment history, including start and end dates as a freelancer with the organisation;
  • details of any of the organisation’s exams taken and the results;
  • information about your stated hourly rate;
  • details of your bank account name, number;
  • information about your nationality and your location;
  • details of your availability for work;
  • details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence;
  • any relevant tax registration number(s);
  • (optional if you agree to provide this data) equal opportunities and diversity and inclusion monitoring information, including information about your ethnic origin, sexual orientation, health, schooling, parental schooling, disability, parental status and religion or belief. This data is collected anonymously and will not be personally identifiable accordingly.

The organisation collects this personal data in a variety of ways. For example, personal data is collected through application forms, portfolios of work or resumes;  public online social media profiles, from correspondence with you; or through meetings or other assessments.

Personal data is stored in our proprietary software, some of which is available to our inhouse teams to be able to provide you with relevant work when available. Access to banking information is available only to our finance and network teams.

The organisation provides you with access to its free online learning and development platform, Croud Campus, which requires personal data of your name and email to provide you with this service. This data, plus any personal information that you choose, at your discretion, to add to your Croud Campus profile will be stored with 360 Learning, our technology provider for Croud Campus. Your name, email (accessible by admins only) and any information you enter to your Croud Campus profile may be viewed by other Croudies and Croud employees.

Why does the organisation process personal data?

The organisation needs to process personal data to enter into a contractual relationship with you and to meet its obligations under this partnership. For example, it needs to process your data to provide you with freelance work opportunities and to pay you in accordance with any freelance hours you complete.

In some cases, the organisation needs to process personal data to ensure that it is complying with its legal obligations. For example, it is required to collect a VAT number in order to pay UK freelance workers.

In other cases, the organisation has a legitimate interest in processing personal data before, during and after the end of the freelance relationship. Processing freelance personal data allows the organisation to:

  • run task allocation and collaboration processes;
  • operate and keep a record of disciplinary and grievance processes;
  • operate and keep a record of freelancer performance and related processes;
  • ensure that freelancers are receiving the pay to which they are entitled;
  • ensure effective business administration;
  • offer free access to learning and development opportunities in Croud Campus;
  • provide references on request for current or former freelancers; and
  • respond to and defend against legal claims.

Where the organisation relies on legitimate interests as a reason for processing personal data, it has considered whether or not those interests are overridden by the rights and freedoms of freelance workers and has concluded that they are not.

Who has access to personal data?

Internal data transfers

Your personal data will be shared internally across the Croud group, including with members of the finance and network team, inhouse employees in the business areas in which you work, product and development employees if and when access to the personal data is necessary for performance of their roles.

International data transfers

Your personal data may be transferred to countries outside the UK and the European Economic Area (EEA) to facilitate being able to pick up freelance opportunities with the company’s American and UAE teams. Personal data is transferred outside the EEA through the company’s internal proprietary tools for the purposes of enabling freelancers to pick up job offers and the inhouse teams to be able to offer jobs out. The company’s proprietary tools provide access to your contact details and experience to inhouse teams only.

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data; or
  • Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.

Please contact [email protected] if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

External data transfers

The organisation  may also share your personal data with the external parties set out below for the purposes set out in the section above.

    • Service providers acting as processors who provide services such as freelancer payment processing services (for example NAB, Bankline, WISE and Xero) and IT and system administration services.
    • Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
    • HM Revenue & Customs, regulators and other authorities based in the United Kingdom.
    • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

How does the organisation protect personal data?

The organisation takes the security of your personal data seriously. The organisation has internal policies and controls in place to try to ensure that your personal data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.  Restrictions are in place based on a need to know basis. 

Inhouse employees will have access to necessary personal data in our proprietary tools to perform their duties as an employee which may include access to information of freelance hourly rates, skills and qualifications, access to performance and work records. Inhouse employees will not have access to documents relating to payments and bank details unless their job role includes administering payments to you. Access to payments and bank details is controlled by and restricted to the finance function and audited on a frequent basis. 

Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of personal data.

For how long does the organisation keep data?

The organisation will hold your personal data for the duration of your time on the Croudie Network. The period for which your personal data is held after you leave the network is one year unless you request otherwise.

With regards to Croud Campus, this is a free and optional service that we offer to you as part of your Agreement with Croud. You may prefer not to use this service and request your Croud Campus profile to be removed at any time, whilst still being able to offer your services as a Croudie.

Your rights

As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your personal data on request;
  • require the organisation to change incorrect or incomplete personal data;
  • require the organisation to delete or stop processing your personal data, for example where the personal data is no longer necessary for the purposes of processing;
  • object to the processing of your personal data where the organisation is relying on its legitimate interests as the legal ground for processing; and
  • ask the organisation to stop processing personal data for a period if that personal data is inaccurate or there is a dispute about whether or not your interests override the organisation’s legitimate grounds for processing personal data.

If you would like to exercise any of these rights, please contact our DPO, [email protected],  +44 1939 839996.

For EEA Residents: Please contact our EU Representative at [email protected]. Alternatively, they can be reached by post (The DPO Centre, Alexandra House, 3 Ballsbridge Park, Dublin, D04C 7H2) or +353 1 631 9460. www.dpocentre.com.

If you believe that the organisation has not complied with your personal data protection rights, you can complain to the Information Commissioner.

What if you do not provide personal data?

You have some obligations under your freelance agreement to provide the organisation with personal data. 

Certain information, such as contact details, work experience, certifications and payment details, have to be provided to enable the organisation to enter a freelance agreement with you. If you do not provide other information, this will hinder the organisation’s ability to administer certain actions arising as a result of the freelance agreement efficiently.

Automated decision-making

Freelance relationship and agreement decisions are not based solely on automated decision-making.

 

Last updated: 23rd December 2024