Cryptix AG (“we” or “us” or “Cryptix”) is a Swiss company with a registered address at Gotthardstrasse 26, CH-6300 Zug, with commercial Registry No. CHE-361.505.762 and its local subsidiary are data controllers in respect of personal data about you.
1. Data protection principles
We will comply with data protection law, which means that your data will be:
2. The kind of personal data we hold about you
In connection with your application to work with us, we may collect, store, and use the following categories of personal data about you:
3. How is your personal data collected?
We collect personal data about you from variety of sources. For example, data are collected from you, the candidate, recruitment agencies and publicly accessible sources (e.g. your profile on LinkedIn).
4. How is your personal data being used?
We need to process your personal data to decide whether to enter into a contract of employment with you. Article 6(1)(b) GDPR represents legal ground for processing of your personal data.
We will use the personal data we collect about you for the following purposes:
Having received your application form, your CV and covering letter (and your portfolio and recommendation letters, if any) and the results from your expertise test, which you may be asked to complete, we process that information to decide whether you meet the basic requirements to be shortlisted for the role. If we decide to further consider you for the position, we may invite you to an interview and further to complete certain additional assessments. We will use such information to decide whether to offer you the position with us. In the events required by local labor legislation you will be invited to undertake a medical examination with the authorized labor medicine center.
If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we may not be able to process your application properly or at all.
5. Who will we share your personal data with?
We will only share your personal data with our related companies within Cryptix Group and if applicable our third-party service providers.
All our third-party service providers and related companies are required to take appropriate security measures to protect your personal data. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may also share your personal data with any supervisory or any similar regulatory authority that is responsible for the enforcement of the Data Protection Law or other law enforcement authority upon their request.
6. Data transfer
We may transfer personal data received from you outside European Union (EU), Switzerland and European Economic Area (EEA) where such transfer is of a type authorized by Data Protection Law in the exporting country, for example in the case of transfers from within the EU/EEA to a country (such as Switzerland for example) or scheme (such as the US Privacy Shield) which is approved by the Commission of EU as ensuring an adequate level of protection or any transfer which falls within a permitted derogation.
7. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained if you write to firstname.lastname@example.org.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
8. Data retention
We will retain your personal data for a period up of 90 days after the recruitment process for the position you applied for with us has been completed or in certain cases for a longer period as defined further below. We retain your personal data for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. We may retain your personal data for a longer period if required to protect our position in the event of a legal claim or proceeding and/or in case we are required to comply with legal or regulatory requirements. After this period, we will securely destroy or anonymize your personal data in accordance with applicable laws and regulations (provided you have not given us your consent to further process your personal data in our talent file – see below).
If your application is successful, your personal data gathered during the recruitment process will be transferred to and retained in human resources file.
9. Consent to keep your personal data in our candidate file
We are interested in staying in contact with you after the recruitment process is completed, on the basis that a further opportunity may arise in the future and we may wish to consider you for that. Therefore, in the process of your application, we will ask you if you wish to stay in contact with us. Kindly note we can only stay in contact with you after the recruitment process for the position you are applying for with us will be completed if you provide your consent. We will also seek your consent in case you sent us your application as a general inquiry. It is completely up to you to decide whether you wish to give us your consent.
If you choose to stay in contact with us we retain your personal data for a period of 24 months after the recruitment process for the position you applied for with us has been completed. Note: If you sent us your application as a general inquiry, we retain your personal data for a period of 24 months after the receipt of your consent. After this period (or once you withdraw your consent), your personal data will be securely destroyed or anonymized in accordance with applicable laws and regulations.
10. Your rights (Right to access, correction, erasure and restriction)
As a data subject under Data Protection Law you have a number of rights, including the right to:
If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact us in writing by sending an email to email@example.com. We may also need to request specific information from you to help us confirm your identity and ensure your right to access your personal data.
11. Right to withdraw consent
You have the right to withdraw your consent for processing of your personal data at any time. To withdraw your consent, please contact us by sending an email to firstname.lastname@example.org.
Once we have received notification that you have withdrawn your consent, we will no longer process your application and we will dispose of (delete or anonymize) your personal data securely.
Our contact information:
Chairman of the Board of Directors: Bernhard Koch
Member of the Board of Directors: Anja Frauwallner
If you believe that the processing of your data violates data privacy law or that your data privacy rights have been violated in some other way, you can also lodge a complaint with your local data protection authority (see https://bit.ly/2UFW5JS ). In Switzerland this is the Swiss Federal Data Protection and Information Commissioner (FDPIC), who can be contacted via the following form: https://bit.ly/2UyCBa8. We would, however, appreciate the opportunity to deal with your concerns before you approach the authorities, so please contact us in the first instance.
© Cryptix (May, 2019)