Version: CRX_LEGA_PRVN_US_V01
This Privacy Policy describes how Crux Product Design Ltd and Crux Product Design LLC (collectively, “Crux,” “we,” “our” or “us”) collect, use and disclose personal information about you and your data privacy rights. Personal information is sometimes also referred to as personal data, personally identifiable information or other like terms that mean any information that directly or indirectly identifies you or is reasonably capable of being associated with you or your household. This Privacy Policy applies to personal information we collect online and offline, such as when you use our website; engage with us on social platforms; visit our office; supply to us; conduct business dealings with us; engage in our services, sales, marketing or events; participate in research studies; or otherwise interact with us (collectively, our “Services”). Please note that any health data that we collect is for research and protection of human subjects, including pursuant to the good clinical practice guidelines issued by the International Council for Harmonisation of Technical Requirements for Pharmaceuticals for Human Use.
Please note that our Services and this Privacy Policy are directed only to users in the United States. We may provide different or additional notices of our privacy practices with respect to other personal information collection practices not within the scope of this Privacy Policy, in which case this Privacy Policy will not apply. For example, if you reside in the United Kingdom or the European Economic Area, we maintain a separate privacy notice, which can be found at https://cruxproductdesign.com/privacy-policy-uk/.
We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this Privacy Policy. We may also provide you with an additional notice (such as by adding a statement to the Services or sending you a notification), in connection with making material changes to this Privacy Policy. We encourage you to review this Privacy Policy regularly to stay informed about our information practices and the choices available to you.
This Notice at Collection describes how we collect, use and disclose personal information.
We collect personal information you provide directly to us. For example, we collect personal information directly from you when you visit our website or engage with us on social platforms; visit our office; use our Services; supply to us; participate in research studies; express an interest in obtaining information about us or our Services; participate in activities related to our Services; contact us or conduct business dealings with us. The types of personal information that we may collect directly from you include the following:
We automatically collect certain personal information about your interactions with us or our Services, including:
We may obtain personal information from other sources. For example, we may collect information from other members of your organization, from our recruitment partners in response to a recruitment campaign and from your public profiles available online. This information may include your contact information and usage data collected through cookies and other trackers described in Section 3.
We may derive personal information or draw inferences about you based on the information we collect. For example, we may make inferences about your approximate location based on your IP address or infer that you are interested in certain Services based on your use of our website.
We may use the categories of personal information as identified in Section 2.1 above for the following purposes:
We may disclose your personal information in the following circumstances or as otherwise described in this Privacy Policy. To learn more about the categories of personal and sensitive personal information we may disclose and the categories of recipients, please see ‘Summary of Categories of Personal Information Collected and Disclosed’ in Section 6.1 below, which describes our prior 12 month and going forward personal information disclosure practices.
We store personal information for as long as necessary to carry out the purposes for which we originally collected it and for other legitimate business purposes, including to meet our legal, regulatory or other compliance obligations. Specifically, we will retain CCTV information for 30 days before automatically deleting the information. For other personal information, we will retain it as long as we have a relationship with you and generally between two to seven years after our relationship ends. We may, however, need to retain your personal information for a longer period of time if necessary for legal, contractual, tax and accounting obligations (e.g., information maintained as part of a litigation hold and financial and tax records). When we no longer need your personal information, we will either purge the information or deidentify or aggregate it such that it is no longer personal information. We will not attempt to re-identify such information, unless permitted or required by law.
We allow others to provide analytics services on our behalf. These entities may use cookies, web beacons, device identifiers, and other technologies to collect information about your use of our Services, including your IP address, web browser, mobile network information, pages viewed, time spent on pages, and links clicked. This information may be used by us and others to, among other things, analyze and track data, determine the popularity of certain content, and better understand your online activity.
You may update and correct certain account information at any time by emailing us at privacyteam@cruxproductdesign.com. If you wish to delete your account, please email privacyteam@cruxproductdesign.com, but note that we may retain certain information as required by law or for our legitimate business purposes.
Most web browsers are set to accept cookies by default. If you prefer, you can usually adjust your browser settings to remove or reject browser cookies. Please note that removing or rejecting cookies could affect the availability and functionality of our Services.
This website is not intended for or directed at children under the age of 18. In addition, we do not knowingly collect personal information from children under the age of 18 on websites or online services that we operate. We do, however, collect limited children’s information during clinical trials, with parental or guardian consent. For example, we may collect, in-person or over the phone, the child’s general age range. Further, when we collect information about the child, the child is described in a generic pseudonym, without any names or other identifying details. We also do not knowingly sell or share for cross-context behavioral or targeted advertising the personal information of children under the age of 18. If required or permitted under applicable laws, a parent or guardian may exercise the rights described in Section 6.4 below for children who participate in clinical trials, including reviewing and deleting the child’s information, and refusing to permit us to further collect and use the child’s information.
This section contains additional information from residents in the United States regarding our personal information handling practices and data privacy rights.
In the preceding 12 months, we have collected the categories of personal information set forth in the table below. For details about the precise data points we collect and the categories of sources of such collection, please see ‘Collection of Personal Information’ in Section 2.1 above. We collect personal information for the business and commercial purposes described in ‘Purpose and Use of Personal Information’ in Section 2.2 above. In the preceding 12 months, we have disclosed the following categories of personal information for business purposes to the following categories of recipients, which we also describe in greater detail in ‘Disclosure of Personal Information’ in Section 2.3 above:
| Category of Personal Information We Collect | Business Purpose for Disclosure and Processing | Category of Recipients |
|---|---|---|
| Identifiers, such as name, phone number, age, email address, postal address, social media information, IP address, or other similar identifier. We disclose and process this information to provide our Services and other reasons described in greater detail in Sections 2.1.2 and 2.1.3 above. We may have disclosed this information to service providers, contractors, and processors who provide services to us, such as telephony, email, enterprise resource planning, customer relationship management and other technical services. We may have also disclosed this information as described in Section 5 above. | We disclose and process this information to provide our Services and other reasons described in greater detail in Sections 2.1.2 and 2.1.3 above. | We may have disclosed this information to service providers, contractors, and processors who provide services to us, such as telephony, email, enterprise resource planning, customer relationship management and other technical services. We may have also disclosed this information as described in Section 5 above. |
| Any personal information described in the California Customer Records Act (Cal. Civ. Code § 1798.80(e)), such as name, postal address, telephone number, or financial information. | We disclose and process this information to provide our Services and other reasons described in greater detail in Sections 2.1.2 and 2.1.3 above. | We may have disclosed this information to service providers, contractors, and processors who provide services to us, such as telephony, email, enterprise resource planning, customer relationship management and other technical services. We may have also disclosed this information as described in Section 2.1.3 above. |
| Commercial information, such as records of services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | We disclose and process this information to provide our Services and other reasons described in greater detail in Sections 2.1.2 and 2.1.3 above. | We may have disclosed this information to service providers, contractors, and processors who provide services to us, such as telephony, email, enterprise resource planning, customer relationship management and other technical services. We may have also disclosed this information as described in Section 2.1.3 above. |
| Internet or other electronic network activity information, such as information regarding your interaction with our website. | We disclose and process this information to provide our Services and other reasons described in greater detail in Sections 2.1.2 and 2.1.3 above. | We may have disclosed this information to service providers, contractors, and processors who provide services to us, such as telephony, email, enterprise resource planning, customer relationship management and other technical services. We may have also disclosed this information as described in Section 2.1.3 above. |
| Geolocation data, such as IP address that reveals location at the city/region level. | We disclose and process this information to provide our Services and other reasons described in greater detail in Sections 2.1.2 and 2.1.3 above. | We may have disclosed this information to service providers, contractors, and processors who provide services to us, such as telephony, email, enterprise resource planning, customer relationship management and other technical services. We may have also disclosed this information as described in Section 2.1.3 above. |
| Professional or employment-related information, such as your title and company you work for. | We disclose and process this information to provide our Services and other reasons described in greater detail in Sections 2.1.2 and 2.1.3 above. | We may have disclosed this information to service providers, contractors, and processors who provide services to us, such as telephony, email, enterprise resource planning, customer relationship management and other technical services. We may have also disclosed this information as described in Section 2.1.3 above. |
| Audio, electronic, visual, thermal, olfactory or similar information, such as video collected through CCTV when you visit our office. | We disclose and process this information for security purposes and emergency preparedness as part of providing our Services, as described in greater detail in Sections 2.1.2 and 2.1.3 above. | We may have disclosed this information to service providers, contractors, and processors who provide services to us, such as telephony, email, enterprise resource planning, customer relationship management and other technical services. We may have also disclosed this information as described in Section 2.1.3 above. |
| Inferences drawn from any of the information identified herein. | We disclose and process this information to provide our Services and other reasons described in greater detail in Sections 2.1.2 and 2.1.3 above. | We may have disclosed this information to service providers, contractors, and processors who provide services to us, such as telephony, email, enterprise resource planning, customer relationship management and other technical services. We may have also disclosed this information as described in Section 2.1.3 above. |
| Sensitive personal information or data, such as information about health or medical conditions, racial or ethnic origin, financial account information and limited information about children that is collected offline for clinical trials. | We disclose and process this information to provide our Services and other reasons described in greater detail in Sections 2.1.2 and 2.1.3 above. | We may have disclosed this information to service providers, contractors, and processors who provide services to us, such as telephony, email, enterprise resource planning, customer relationship management and other technical services. We may have also disclosed this information as described in Section 2.1.3 above. |
Some browsers have incorporated “Do Not Track” features. Most of these features, when turned on, send a signal or preference to the websites you visit indicating that you do not wish to be tracked. Because there is not yet a common understanding of how to interpret the do not track signal, we currently do not respond to the browser do not track signals.
Under United States privacy laws, certain types of personal information are considered “sensitive” personal information or data and require additional data privacy rights and obligations. Crux collects information about health or medical conditions, racial or ethnic origin, financial account information and limited information about children for clinical trials (see ‘Children’ in Section 5 above), which may be considered sensitive personal information or data. Where required by law, we will obtain your consent before processing sensitive personal information. We will also only use your sensitive personal information for limited purposes, such as to perform the Services requested; to prevent, detect and investigate security incidents; to resist malicious, deceptive, fraudulent or illegal actions and prosecute those responsible; to ensure physical safety of natural persons; to verify or maintain the quality or safety of a product, service or device; to improve, upgrade or enhance a service or device; and for other permitted purposes. If you have any questions about our handling of sensitive personal information or to withdraw your consent, please ‘CONTACT US’ below in Section 7.
Data privacy laws afford consumers residing in the United States certain rights with respect to their personal information, subject to certain exceptions. If you reside in the United States, this section applies to you. Subject to certain limitations, you may have the following rights in the United States:
You may exercise your privacy rights and withdraw consent (to the extent we are processing your personal information based on consent) by calling our toll-free phone number at +1 (877) 2113624 or emailing us at privacyteam@cruxproductdesign.com. Where permitted or required by applicable law, we will verify your identity before honoring your privacy right request. We will verify your identity by asking you to provide personal information related to your recent interactions with us. We will honor your privacy rights request within 45 calendar days of receipt, unless an earlier response is required under the law or we request an extension as permitted by data privacy laws.
You may appeal a denial of your privacy right requests by calling us at our toll-free phone number at +1 (877) 2113624 or emailing us at privacyteam@cruxproductdesign.com. Within 45 days of receipt of an appeal, we will inform you in writing of any action taken in response to the appeal, including a written explanation of the reasons for the decisions. If we deny your appeal, you may submit a complaint to the Attorney General of your state.
If permitted or required by applicable law, you may exercise your privacy rights through an authorized agent (which may include a guardian or conservator). If we receive your request from an authorized agent, we may ask for evidence that you have provided such agent with a power of attorney or that the agent otherwise has valid written authority to submit requests to exercise rights on your behalf. If you are an authorized agent seeking to make a request, please Contact Us below in Section 14.
California law permits residents of California to request certain details about how their information is shared with third parties for direct marketing purposes. Under the law, a business must either provide this information or permit California residents to opt in to, or opt out of, this type of sharing. Crux qualifies for this alternative option and does not share your personal information for third parties’ direct marketing purposes. However, if you would like to nonetheless opt out of having information about you shared with third parties for direct marketing purposes under Shine the Light law, please email us at privacyteam@cruxproductdesign.com.
If you have any questions about this Privacy Policy, please contact us at:
CIC, 245 Main Street, Kendall Square, Cambridge, MA 02142
Tel: +1 (877) 211 3624 (TOLL FREE)
Email: privacyteam@cruxproductdesign.com
Should you have any queries regarding this privacy notice, Crux’s processing of your personal data or wish to exercise your rights you can contact Crux’s Privacy Team using this email address: privacyteam@cruxproductdesign.com or any of the details listed in Section 7 above.
If you are not happy with our response, you can contact the Information Commissioner’s Office. https://ico.org.uk/make-a-complaint