Candidates Privacy Policy

If you are applying for a job position with one of the companies within Cryptix group please read this Cryptix candidates privacy policy carefully to understand how and why your personal data will be used, namely for the purposes of the recruitment, and how long it will be retained for. It provides you with certain information that must be provided under the General Data Protection Regulation ((EU) 2016/679) (GDPR) and laws implementing or supplementing the GDPR; and to the extent applicable, the data protection or privacy laws of any other country (collectively: data protection law).

Cryptix AG (“we” or “us” or “Cryptix”) is a Swiss company with a registered address at Gotthardstrasse 26, CH-6300 Zug, with commercial Registry No. CHE-361.505.762 and its local subsidiary are data controllers in respect of personal data about you.

1. Data protection principles

We will comply with data protection law, which means that your data will be:

• Used lawfully, fairly and in a transparent way;
• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
• Relevant to the purposes we have told you about and limited only to those purposes;
• Accurate and kept up to date;
• Kept only as long as necessary for the purposes we have told you about;
• Kept securely.

2. The kind of personal data we hold about you

In connection with your application to work with us, we may collect, store, and use the following categories of personal data about you:

• The information you have provided to us via our email on your application, including name, title, address, telephone number, personal email address and LinkedIn profile;
• The information you have provided in your curriculum vitae, covering letter and your portfolio or in your reference letters (if any);
• The information about you that is available from a publicly accessible source (such as your profile on LinkedIn);
• The information about your entitlement to work in the country where the local subsidiary is located;
• The information whether you have a disability for which we need to make adjustments during the recruitment process;
• The information you provide to us during your interview;
• The results of your expertise tests that you may undertake as part of your recruitment process with us (if you undertake one);
• The information from your ID or passport document (provided we need such information to organize a live interview or for other such reason during the recruitment process);
• The information from your labor medical examination (provided you are considered as finalist for the position and considered this is a regulatory employment requirement).

3. How is your personal data collected?

We collect personal data about you from variety of sources. For example, data are collected from you, the candidate, recruitment agencies and publicly accessible sources (e.g. your profile on LinkedIn).

4. How is your personal data being used?

We need to process your personal data to decide whether to enter into a contract of employment with you.  Article 6(1)(b) GDPR represents legal ground for processing of your personal data.

We will use the personal data we collect about you for the following purposes:

• Assessing your skills, qualifications, and suitability for the job position you are applying to (or for any job position we have open in the future in case you have sent us your application as a general inquiry or further consented to staying in contact with us);
• Communicating with you about the recruitment process;
• Keeping records related to our recruitment processes;
• Complying with legal or regulatory requirements or for purposes connected to legal claims or proceedings.

Having received your application form, your CV and covering letter (and your portfolio and recommendation letters, if any) and the results from your expertise test, which you may be asked to complete, we process that information to decide whether you meet the basic requirements to be shortlisted for the role. If we decide to further consider you for the position, we may invite you to an interview and further to complete certain additional assessments. We will use such information to decide whether to offer you the position with us. In the events required by local labor legislation you will be invited to undertake a medical examination with the authorized labor medicine center.

If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we may not be able to process your application properly or at all.

5. Who will we share your personal data with?

We will only share your personal data with our related companies within Cryptix Group and if applicable our third-party service providers.

All our third-party service providers and related companies are required to take appropriate security measures to protect your personal data. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

We may also share your personal data with any supervisory or any similar regulatory authority that is responsible for the enforcement of the Data Protection Law or other law enforcement authority upon their request.

6. Data transfer

We may transfer personal data received from you outside European Union (EU), Switzerland and European Economic Area (EEA) where such transfer is of a type authorized by Data Protection Law in the exporting country, for example in the case of transfers from within the EU/EEA to a country (such as Switzerland for example) or scheme (such as the US Privacy Shield) which is approved by the Commission of EU as ensuring an adequate level of protection or any transfer which falls within a permitted derogation.

7. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained if you write to privacy@cryptix.ag.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

8. Data retention

We will retain your personal data for a period up of 90 days after the recruitment process for the position you applied for with us has been completed or in certain cases for a longer period as defined further below. We retain your personal data for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. We may retain your personal data for a longer period if required to protect our position in the event of a legal claim or proceeding and/or in case we are required to comply with legal or regulatory requirements. After this period, we will securely destroy or anonymize your personal data in accordance with applicable laws and regulations (provided you have not given us your consent to further process your personal data in our talent file – see below).

If your application is successful, your personal data gathered during the recruitment process will be transferred to and retained in human resources file.

9. Consent to keep your personal data in our candidate file

We are interested in staying in contact with you after the recruitment process is completed, on the basis that a further opportunity may arise in the future and we may wish to consider you for that. Therefore, in the process of your application, we will ask you if you wish to stay in contact with us. Kindly note we can only stay in contact with you after the recruitment process for the position you are applying for with us will be completed if you provide your consent. We will also seek your consent in case you sent us your application as a general inquiry. It is completely up to you to decide whether you wish to give us your consent.

If you choose to stay in contact with us we retain your personal data for a period of  24 months after the recruitment process for the position you applied for with us has been completed. Note: If you sent us your application as a general inquiry, we retain your personal data for a period of 24 months after the receipt of your consent. After this period (or once you withdraw your consent), your personal data will be securely destroyed or anonymized in accordance with applicable laws and regulations.

10. Your rights (Right to access, correction, erasure and restriction)

As a data subject under Data Protection Law you have a number of rights, including the right to:

• Request access to your personal data. You have the right to request a copy of the personal data we hold about you and to check that we are lawfully processing it.
• Request correction of your personal data. You have the right to request correction of any personal data we hold about you that is inaccurate, incorrect, or out of date.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data, where there is no lawful reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
• Object to processing of your personal data. You have the right to object to process of your personal data where we are relying on a legitimate interest as the legal basis for processing.
• Request restriction of processing your personal data. You have the right to request that we restrict the processing of your personal data (for example, while we verify or investigate your concerns with this information, or we no longer need your personal data for the purposes of the processing, but they are necessary for the establishment, exercise or defense of legal claims).
• Request transfer of your personal data. You have the right to request an export of your personal data.

If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact us in writing by sending an email to privacy@cryptix.ag. We may also need to request specific information from you to help us confirm your identity and ensure your right to access your personal data.

11. Right to withdraw consent

You have the right to withdraw your consent for processing of your personal data at any time. To withdraw your consent, please contact us by sending an email to privacy@cryptix.ag.

Once we have received notification that you have withdrawn your consent, we will no longer process your application and we will dispose of (delete or anonymize) your personal data securely.

12. Contact

If you have any questions or concerns regarding our Candidate Privacy Policy or if you believe our Candidate Privacy Policy or applicable laws relating to the protection of your personal information have not been respected, you can file a complaint with us by using the contact details listed below and we will respond to let you know when you can expect a further response. We can request additional details from you regarding your concerns and may need to engage or consult with other parties in order to investigate and address your issue. We will keep records of your request and any resolution. Our contact information:

Our contact information:
Cryptix AG
Gotthardstrasse 26
CH-6300 Zug
Switzerland

Chairman of the Board of Directors: Bernhard Koch
Member of the Board of Directors: Anja Frauwallner

Email: office@cryptix.ag
Telephone: +41 41 725 02 50
UID: CHE-361.505.762

If you believe that the processing of your data violates data privacy law or that your data privacy rights have been violated in some other way, you can also lodge a complaint with your local data protection authority (see https://bit.ly/2UFW5JS ). In Switzerland this is the Swiss Federal Data Protection and Information Commissioner (FDPIC), who can be contacted via the following form: https://bit.ly/2UyCBa8.   We would, however, appreciate the opportunity to deal with your concerns before you approach the authorities, so please contact us in the first instance.

YOU EXPRESSLY ACKNOWLEDGE THAT YOU HAVE READ THIS CANDIDATE PRIVACY POLICY AND YOU UNDERSTAND THE RIGHTS, OBLIGATIONS, TERMS AND CONDITIONS SET FORTH HEREIN AND. BY APPLYING TO ANY OPEN POSITION THOUGH OUR WEBSITE, YOU EXPRESSLY CONSENT TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS CANDIDATE PRIVACY POLICY AND GRANT US THE RIGHTS SET FORTH HEREIN.

© Cryptix (May, 2019)