US Privacy Policy

Version: CRX_LEGA_PRVN_US_V01

Your Privacy Rights

This Privacy Policy describes how Crux Product Design Ltd and Crux Product Design LLC (collectively, “Crux,” “we,” “our” or “us”) collect, use and disclose personal information about you and your data privacy rights. Personal information is sometimes also referred to as personal data, personally identifiable information or other like terms that mean any information that directly or indirectly identifies you or is reasonably capable of being associated with you or your household. This Privacy Policy applies to personal information we collect online and offline, such as when you use our website; engage with us on social platforms; visit our office; supply to us; conduct business dealings with us; engage in our services, sales, marketing or events; participate in research studies; or otherwise interact with us (collectively, our “Services”). Please note that any health data that we collect is for research and protection of human subjects, including pursuant to the good clinical practice guidelines issued by the International Council for Harmonisation of Technical Requirements for Pharmaceuticals for Human Use.

Please note that our Services and this Privacy Policy are directed only to users in the United States. We may provide different or additional notices of our privacy practices with respect to other personal information collection practices not within the scope of this Privacy Policy, in which case this Privacy Policy will not apply. For example, if you reside in the United Kingdom or the European Economic Area, we maintain a separate privacy notice, which can be found at https://cruxproductdesign.com/privacy-policy-uk/.

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this Privacy Policy. We may also provide you with an additional notice (such as by adding a statement to the Services or sending you a notification), in connection with making material changes to this Privacy Policy. We encourage you to review this Privacy Policy regularly to stay informed about our information practices and the choices available to you.

Notice At Collection

This Notice at Collection describes how we collect, use and disclose personal information.

2.1        Collection of Personal Information
2.1.1    Personal Information You Provide to Us:

We collect personal information you provide directly to us. For example, we collect personal information directly from you when you visit our website or engage with us on social platforms; visit our office; use our Services; supply to us; participate in research studies; express an interest in obtaining information about us or our Services; participate in activities related to our Services; contact us or conduct business dealings with us. The types of personal information that we may collect directly from you include the following:

  • Contact Information and Identifiers: We collect certain identifiers and contact information from you, such as name, age, phone number, email address, vehicle details, postal address, social media information and other similar identifiers;
  • Security Videos: We may collect video information using CCTV when you visit our office;
  • Financial and Transactional Information: We collect financial information and information regarding the Services you purchased, obtained or considered, and your purchasing or consuming histories or tendencies;
  • Professional or Employment-Related Information: We collect information regarding the company you work for and your title; and
  • Sensitive Personal Information: We also collect certain personal information that is considered sensitive personal information or data, such as information about health or medical conditions, racial or ethnic origin, financial account information and limited information from a parent or guardian about their child, which is collected over the phone or in person for clinical trials (see ‘Children’ in Section 8.3 below for more information).
2.1.2    Personal Information We Collect Automatically

We automatically collect certain personal information about your interactions with us or our Services, including:

  • Device and Usage Information: We collect information about how you access our Services, including data about the device and network you use, such as your IP address, unique device identifiers, language preferences, device name, device geolocation and other similar data. We also collect information about your activity on our Services, such as access times, pages viewed, links clicked and the page you visited before navigating to our Services; and
  • Information Collected by Cookies and Similar Tracking Technologies: We and others that control collection of personal information may use tracking technologies, such as cookies and web beacons, to collect information about you. Cookies are small data files stored on your hard drive or in device memory that help us improve our Services and your experience, see which areas and features of our Services are popular and count visits. Web beacons (also known as “pixel tags” or “clear GIFs”) are electronic images that we may use on our Services and in our emails to help deliver cookies, count visits and understand usage and campaign effectiveness. For more information about cookies and how to disable them, see ‘YOUR CHOICES’ in Section 4 below.
2.1.3    Personal Information We Collect from Other Sources

We may obtain personal information from other sources. For example, we may collect information from other members of your organization, from our recruitment partners in response to a recruitment campaign and from your public profiles available online. This information may include your contact information and usage data collected through cookies and other trackers described in Section 3.

2.1.4    Personal Information We Derive

We may derive personal information or draw inferences about you based on the information we collect. For example, we may make inferences about your approximate location based on your IP address or infer that you are interested in certain Services based on your use of our website.

2.2        Purpose and Use of Personal Information

We may use the categories of personal information as identified in Section 2.1 above for the following purposes:

  • Provide, maintain and improve our Services;
  • Conduct business dealings with our partners, service providers, contractors or processors;
  • Provide quotations, communicate contractual information, enable project communication, communicate project deliverables and provide service updates;
  • Process transactions and send you related information, including confirmations, receipts and invoices;
  • Conduct clinical trials, assess eligibility for a research study and contact you in relation to research studies;
  • Personalize and improve your experience on our Services;
  • Send you technical notices, security alerts, and support and administrative messages.;
  • Respond to your comments and questions and provide customer service;
  • Communicate with you about Services and events offered by Crux and others and provide news and information that we think will interest you (see ‘YOUR CHOICES’ in Section 4 below for information about how to opt out of these communications at any time);
  • Monitor and analyze trends, usage and activities in connection with our Services;
  • Detect, investigate and prevent security incidents and other malicious, deceptive, fraudulent or illegal activity and protect the rights and property of Crux and others;
  • Debug to identify and repair errors in our Services;
  • Comply with our legal and financial obligations; and
  • Carry out any other purpose described to you at the time the information was collected.
2.3        Disclosure of Personal Information

We may disclose your personal information in the following circumstances or as otherwise described in this Privacy Policy. To learn more about the categories of personal and sensitive personal information we may disclose and the categories of recipients, please see ‘Summary of Categories of Personal Information Collected and Disclosed’ in Section 6.1 below, which describes our prior 12 month and going forward personal information disclosure practices.

  • Our Service Providers, Contractors and Processors: We may disclose your personal information to service providers, contractors and processors who provide services to us, such as telephony, email, enterprise resource planning, customer relationship management and other technical services;
  • Legal Disclosures: We may disclose personal information if we believe that disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements. We may also disclose personal information if we believe that your actions are inconsistent with our user agreements or policies, if we believe that you have violated the law or if we believe it is necessary to protect the rights, property and safety of Crux, our users, the public or others;
  • Disclosed to Advisors and Lawyers: We may disclose personal information to our lawyers and other professional advisors where necessary to obtain advice or otherwise protect and manage our business interests;
  • Disclosed During Change of Ownership: We may disclose personal information in connection with, or during negotiations concerning, any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company;
  • Among Our Family of Companies: Personal information may be disclosed between and among Crux and our current and future parents, affiliates, and subsidiaries and other companies under common control and ownership;
  • With Your Consent: We may disclose personal information with your consent or at your direction; and
  • Disclosure of Non-Personal Information: We may also retain or disclose aggregated or de-identified information that cannot reasonably be used to identify you. When doing so, we publicly commit to maintain and use the information in an aggregated or de-identified form and not attempt to re-identify the information, unless permitted or required by law.
2.4        Retention of Personal Information

We store personal information for as long as necessary to carry out the purposes for which we originally collected it and for other legitimate business purposes, including to meet our legal, regulatory or other compliance obligations. Specifically, we will retain CCTV information for 30 days before automatically deleting the information. For other personal information, we will retain it as long as we have a relationship with you and generally between two to seven years after our relationship ends. We may, however, need to retain your personal information for a longer period of time if necessary for legal, contractual, tax and accounting obligations (e.g., information maintained as part of a litigation hold and financial and tax records). When we no longer need your personal information, we will either purge the information or deidentify or aggregate it such that it is no longer personal information. We will not attempt to re-identify such information, unless permitted or required by law.

Analytics

We allow others to provide analytics services on our behalf. These entities may use cookies, web beacons, device identifiers, and other technologies to collect information about your use of our Services, including your IP address, web browser, mobile network information, pages viewed, time spent on pages, and links clicked. This information may be used by us and others to, among other things, analyze and track data, determine the popularity of certain content, and better understand your online activity.

Your Choices

4.1        Account Information

You may update and correct certain account information at any time by emailing us at privacyteam@cruxproductdesign.com. If you wish to delete your account, please email privacyteam@cruxproductdesign.com, but note that we may retain certain information as required by law or for our legitimate business purposes.

4.2        Cookies

Most web browsers are set to accept cookies by default. If you prefer, you can usually adjust your browser settings to remove or reject browser cookies. Please note that removing or rejecting cookies could affect the availability and functionality of our Services.

Children

This website is not intended for or directed at children under the age of 18. In addition, we do not knowingly collect personal information from children under the age of 18 on websites or online services that we operate. We do, however, collect limited children’s information during clinical trials, with parental or guardian consent. For example, we may collect, in-person or over the phone, the child’s general age range. Further, when we collect information about the child, the child is described in a generic pseudonym, without any names or other identifying details. We also do not knowingly sell or share for cross-context behavioral or targeted advertising the personal information of children under the age of 18. If required or permitted under applicable laws, a parent or guardian may exercise the rights described in Section 6.4 below for children who participate in clinical trials, including reviewing and deleting the child’s information, and refusing to permit us to further collect and use the child’s information.

Disclosures For Individuals in the United States

This section contains additional information from residents in the United States regarding our personal information handling practices and data privacy rights.

6.1        Summary of Categories of Personal Information Collected and Disclosed

In the preceding 12 months, we have collected the categories of personal information set forth in the table below. For details about the precise data points we collect and the categories of sources of such collection, please see ‘Collection of Personal Information’ in Section 2.1 above. We collect personal information for the business and commercial purposes described in ‘Purpose and Use of Personal Information’ in Section 2.2 above. In the preceding 12 months, we have disclosed the following categories of personal information for business purposes to the following categories of recipients, which we also describe in greater detail in ‘Disclosure of Personal Information’ in Section 2.3 above:

Category of Personal Information We CollectBusiness Purpose for Disclosure and ProcessingCategory of Recipients
Identifiers, such as name, phone number, age, email address, postal address, social media information, IP address, or other similar identifier. We disclose and process this information to provide our Services and other reasons described in greater detail in Sections 2.1.2 and 2.1.3 above.
We may have disclosed this information to service providers, contractors, and processors who provide services to us, such as telephony, email, enterprise resource planning, customer relationship management and other technical services. We may have also disclosed this information as described in Section 5 above.
We disclose and process this information to provide our Services and other reasons described in greater detail in Sections 2.1.2 and 2.1.3 above.We may have disclosed this information to service providers, contractors, and processors who provide services to us, such as telephony, email, enterprise resource planning, customer relationship management and other technical services. We may have also disclosed this information as described in Section 5 above.
Any personal information described in the California Customer Records Act (Cal. Civ. Code § 1798.80(e)), such as name, postal address, telephone number, or financial information.We disclose and process this information to provide our Services and other reasons described in greater detail in Sections 2.1.2 and 2.1.3 above.We may have disclosed this information to service providers, contractors, and processors who provide services to us, such as telephony, email, enterprise resource planning, customer relationship management and other technical services. We may have also disclosed this information as described in Section 2.1.3 above.
Commercial information, such as records of services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.We disclose and process this information to provide our Services and other reasons described in greater detail in Sections 2.1.2 and 2.1.3 above.We may have disclosed this information to service providers, contractors, and processors who provide services to us, such as telephony, email, enterprise resource planning, customer relationship management and other technical services. We may have also disclosed this information as described in Section 2.1.3 above.
Internet or other electronic network activity information, such as information regarding your interaction with our website.We disclose and process this information to provide our Services and other reasons described in greater detail in Sections 2.1.2 and 2.1.3 above.We may have disclosed this information to service providers, contractors, and processors who provide services to us, such as telephony, email, enterprise resource planning, customer relationship management and other technical services. We may have also disclosed this information as described in Section 2.1.3 above.
Geolocation data, such as IP address that reveals location at the city/region level.We disclose and process this information to provide our Services and other reasons described in greater detail in Sections 2.1.2 and 2.1.3 above.We may have disclosed this information to service providers, contractors, and processors who provide services to us, such as telephony, email, enterprise resource planning, customer relationship management and other technical services. We may have also disclosed this information as described in Section 2.1.3 above.
Professional or employment-related information, such as your title and company you work for.We disclose and process this information to provide our Services and other reasons described in greater detail in Sections 2.1.2 and 2.1.3 above.We may have disclosed this information to service providers, contractors, and processors who provide services to us, such as telephony, email, enterprise resource planning, customer relationship management and other technical services. We may have also disclosed this information as described in Section 2.1.3 above.
Audio, electronic, visual, thermal, olfactory or similar information, such as video collected through CCTV when you visit our office.We disclose and process this information for security purposes and emergency preparedness as part of providing our Services, as described in greater detail in Sections 2.1.2 and 2.1.3 above.We may have disclosed this information to service providers, contractors, and processors who provide services to us, such as telephony, email, enterprise resource planning, customer relationship management and other technical services. We may have also disclosed this information as described in Section 2.1.3 above.
Inferences drawn from any of the information identified herein.We disclose and process this information to provide our Services and other reasons described in greater detail in Sections 2.1.2 and 2.1.3 above.We may have disclosed this information to service providers, contractors, and processors who provide services to us, such as telephony, email, enterprise resource planning, customer relationship management and other technical services. We may have also disclosed this information as described in Section 2.1.3 above.
Sensitive personal information or data, such as information about health or medical conditions, racial or ethnic origin, financial account information and limited information about children that is collected offline for clinical trials.We disclose and process this information to provide our Services and other reasons described in greater detail in Sections 2.1.2 and 2.1.3 above.We may have disclosed this information to service providers, contractors, and processors who provide services to us, such as telephony, email, enterprise resource planning, customer relationship management and other technical services. We may have also disclosed this information as described in Section 2.1.3 above.
6.2        “Do Not Track” Requests

Some browsers have incorporated “Do Not Track” features. Most of these features, when turned on, send a signal or preference to the websites you visit indicating that you do not wish to be tracked. Because there is not yet a common understanding of how to interpret the do not track signal, we currently do not respond to the browser do not track signals.

6.3        Sensitive Personal Information

Under United States privacy laws, certain types of personal information are considered “sensitive” personal information or data and require additional data privacy rights and obligations. Crux collects information about health or medical conditions, racial or ethnic origin, financial account information and limited information about children for clinical trials (see ‘Children’ in Section 5 above), which may be considered sensitive personal information or data. Where required by law, we will obtain your consent before processing sensitive personal information. We will also only use your sensitive personal information for limited purposes, such as to perform the Services requested; to prevent, detect and investigate security incidents; to resist malicious, deceptive, fraudulent or illegal actions and prosecute those responsible; to ensure physical safety of natural persons; to verify or maintain the quality or safety of a product, service or device; to improve, upgrade or enhance a service or device; and for other permitted purposes. If you have any questions about our handling of sensitive personal information or to withdraw your consent, please ‘CONTACT US’ below in Section 7.

6.4        Your Privacy Rights

Data privacy laws afford consumers residing in the United States certain rights with respect to their personal information, subject to certain exceptions. If you reside in the United States, this section applies to you. Subject to certain limitations, you may have the following rights in the United States:

  1. Right to Delete. You have the right to request us to delete the personal information we have collected about you;
  2. Right to Correct. You have the right to request us to correct inaccurate personal information we maintain about you;
  3. Right to Confirm Processing, Know and Access. You have the right to confirm whether we are processing your personal information and know and access the personal information we have collected about you, including the categories of personal information; the categories of sources from which the personal information is collected; the business or commercial purpose for collecting, selling or sharing personal information; the categories of personal information and service providers, contractors and third parties to whom we disclosed personal information; and the specific pieces of personal information we have collected about you. You have the right to receive this information in a format, to the extent technically feasible, that is portable, usable and allows you to transmit the personal information to a person without impediment or hindrance;
  4. List of Specific Third Parties: You have the right, at our option, to receive a list of the specific third parties, other than natural persons, to which we have disclosed either: (a) your personal information or (b) any personal information;
  5. Rights Related to Profiling. You have the right to opt out of the processing of your personal information for profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer. Please note that we do not engage in such profiling activities and therefore you do not need to take any further action;
  6. Rights Related to Sharing for Cross-Context Behavioral or Targeted Advertising or Sale. Privacy laws may provide the right to opt out of the sharing of your personal information for cross-context behavioral or targeted advertising or the sale of your personal information. Please note, however, that we do not sell personal information for monetary consideration or share personal information for cross-context behavioral or targeted advertising, and have not done so in the prior 12 months. You may contact us if you have any questions;
  7. Rights Related to Sensitive Personal Information or Data. Data privacy laws may provide additional protection for sensitive personal information or data. Please see ‘Sensitive Personal Information’ in Section 6.3 above for more information;
  8. Right to No Discrimination. You have the right not to be discriminated against for exercising any of your privacy rights. This includes us not: (a) denying you goods or services; (b) charging you different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; (c) providing you a different level or quality of goods or services; (d) suggesting to you that you will receive a different price or rate for goods or services or a different level or quality of goods or services; and (e) retaliating against you for exercising your privacy rights; and
  9. Right to Appeal. If we decline to take action in response to your exercise of a privacy right, we will inform you of the reason for denying your request and provide you instructions on how to appeal the decision.
6.5        Instructions on How to Exercise Your Privacy Rights

You may exercise your privacy rights and withdraw consent (to the extent we are processing your personal information based on consent) by calling our toll-free phone number at +1 (877) 2113624 or emailing us at privacyteam@cruxproductdesign.com. Where permitted or required by applicable law, we will verify your identity before honoring your privacy right request. We will verify your identity by asking you to provide personal information related to your recent interactions with us. We will honor your privacy rights request within 45 calendar days of receipt, unless an earlier response is required under the law or we request an extension as permitted by data privacy laws.

6.6        Appealing a Denial of a Privacy Right Request

You may appeal a denial of your privacy right requests by calling us at our toll-free phone number at +1 (877) 2113624 or emailing us at privacyteam@cruxproductdesign.com. Within 45 days of receipt of an appeal, we will inform you in writing of any action taken in response to the appeal, including a written explanation of the reasons for the decisions. If we deny your appeal, you may submit a complaint to the Attorney General of your state.

6.7        Authorized Agents

If permitted or required by applicable law, you may exercise your privacy rights through an authorized agent (which may include a guardian or conservator). If we receive your request from an authorized agent, we may ask for evidence that you have provided such agent with a power of attorney or that the agent otherwise has valid written authority to submit requests to exercise rights on your behalf. If you are an authorized agent seeking to make a request, please Contact Us below in Section 14.

6.8        Shine the Light Disclosure for California Residents

California law permits residents of California to request certain details about how their information is shared with third parties for direct marketing purposes. Under the law, a business must either provide this information or permit California residents to opt in to, or opt out of, this type of sharing. Crux qualifies for this alternative option and does not share your personal information for third parties’ direct marketing purposes. However, if you would like to nonetheless opt out of having information about you shared with third parties for direct marketing purposes under Shine the Light law, please email us at privacyteam@cruxproductdesign.com.

Contact Us

If you have any questions about this Privacy Policy, please contact us at:

CIC, 245 Main Street, Kendall Square, Cambridge, MA 02142

Tel: +1 (877) 211 3624 (TOLL FREE)

Email: privacyteam@cruxproductdesign.com

How To Find Out More About How Crux Handles Your Personal Information

Should you have any queries regarding this privacy notice, Crux’s processing of your personal data or wish to exercise your rights you can contact Crux’s Privacy Team using this email address: privacyteam@cruxproductdesign.com or any of the details listed in Section 7 above.

If you are not happy with our response, you can contact the Information Commissioner’s Office. https://ico.org.uk/make-a-complaint