The present Policy complies with the General Data Protection Regulation (EU) 2016/679 dated April 27, 2016 and the laws of the Republic of Estonia.
For the purposes of this Policy:
(i) The terms “Soshace”, “We”, “Our” and their use in any case are identical;
(ii) Personal Data (“Personal Data”, “Data”) means any information that allows an individual to be identified by reference to an identifier. The identifier may be a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual;
(iii) Processing of personal data comprises: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
(iv) “Soshace” Platform means a comprehensive set of solutions comprised of software, hardware, domain names and any materials, as well as of the organizational, legal and technical solutions and documents accessible at the URL-address: https://soshace.com/ or at any web-site / URL-address to which Soshace may grant access to clients and/or contractors.
1. What data we collect and why.
2. Whose Data We Collect.
3. Our Purposes and Legitimate Interests in Data Collection and Processing.
4. Legal Basis for Data Processing.
5. When and how you give consent to your data processing.
6. Rejection of Processing. Consent Withdrawal.
7. Your Rights.
8. Age and Capacity Limitations
9. Use of Information
10. Retention Periods. Information Deletion and Review.
11. Data Protection Measures.
12. Joint Use, Disclosure and Data Transfer.
13. Informing Upon Data Transfer.
14. Third-Party Services that We Use.
15. Cross-Border Transfer.
16. Policy Modifications and Updates.
17. Contact Us.
1. WHAT DATA WE COLLECT AND WHY
Contact and individual data: surname, name, patronymic name (if applicable); telephone numbers, emails, Skype and other messengers names/numbers, postal addresses etc. They are necessary to connect with clients and contractors, including prospective ones.
Social networks accounts. Necessary to check the commercial goodwill of the client and contractor, and to select reliable partners to cooperate with in future.
Photo. This is necessary to perform the identification upon the repeated contact. We receive photo from open social networks accounts, web-sites of prospective clients, conference video records or together with CV, or in any other similar way.
Identification documents. They are necessary to identify persons upon agreements execution. The passports, including international passports, may be required in order to check tax residency of the client (if the client is an individual) or contractor, and the exact services of price estimation as well as for the estimation and payment of taxes.
Audio and video conference records. These include video images, text data, voice etc. They are necessary to control the independence of passing the tests by the contractors, to assess their professional and communication skills, record the arrangements made with the clients, contractors and record issues that require further negotiations.
Conference text minutes. They are necessary to record the arrangements made with clients, contractors, and record issues that require further negotiations.
Professional experience and education documents: CVs, degree certificates, diplomas, certificates etc. They are necessary to confirm the contractors’ experience and education.
Portfolio: drawings, sketches, designs, programs, source code parts, including the links to the works deposited on third-party resources, as well as access to such resources. They are necessary to assess the contractor’s professional skills and experience as well as to present his/her services to prospective clients.
Clients, contractors and third-party feedbacks. They are necessary to assess the quality of cooperation via the “Soshace” Platform, decide on further cooperation with clients or contractors, or to correct the condition of cooperation, including the pricing policy.
IP-address, time and date of contact, visitor’s geographical location. These data are necessary to identify the visitors who repeatedly contact us and for marketing analysis. To be collected by services of Google Analytics and Yandex.Metrika that we use on our web-site.
Cookies. These are small pieces of data that web browsers place on your computers and other devices to improve their interaction with the users. The cookies are created by web-sites to store the users’ information, settings, search and demonstration of the information most relevant to the users’ interests, to remember you log into your account, and for other purposes.
Cookies used by Soshace are necessary to perform the analysis of the users’ behavior, to improve the web-site usability, promote Soshace’ services and develop new services. Soshace utilizes two types of cookies: session and persistent cookies.
Session Cookies. Exist only during an online session and disappear from your computer when you close your browser or turn off your device. We use session cookies to identify you as the user while you are visiting our web-site. This information allows us to process your online actions and requests.
Persistent Cookies. Remain on your device even if you turn it off. They store a unique identifier for your browser. Persistent cookies help us to identify you as a person who has already visited our web-site before. We use the persistent cookies on secure basis. For example, we do not store account numbers or passwords in persistent cookies.
Web Beacons. Our partners, including the Service Providers, may apply a software technology known as “Web Beacons”. A web beacon is an often-transparent graphic image, usually no larger than 1 x 1 pixels, that is placed on a web-site or in an email that is used to monitor the behaviour of users visiting a web-site or sending an email. It is often used in combination with cookies. This technology helps to know what content on a web-site is effective to promote its services. Web beacons may be used to count visitors of a web-site and views of web-pages, to monitor how the visitors navigate a web-site and for other purposes.
Embedded Scripts. We and our partners, including the Service Providers, may apply technology known as “Embedded Scripts”. This is a program code that is designed to collect information about your interactions with our web-site; for example, what web-links you click on.
Time-Tracking Systems Data. As a part of our agency services we may collect the contractors’ services time-tracking data. These data serve as a basis for payment of the delivered services and ensure the control over the performance under the agreements we have concluded. We apply the system by making the contractor’s screenshots every 10 – 20 minutes. The screenshots and other time-tracking information may be transferred to the client entered into the services agreement and the “Soshace” Platform cooperation agreement.
ATTENTION TO CONTRACTORS! PLEASE ENSURE THAT YOU DO NOT KEEP ANY EXTRANEOUS INFORMATION ON YOUR SCREENS THAT ARE NOT RELEVANT TO THE SERVICES BEING DELIVERED. SOSHACE SHALL NOT BE RESPONSIBLE OR LIABLE WITH RESPECT TO ANY OCCASIONAL COLLECTION AND TRANSFER OF SUCH DATA.
2. WHOSE DATA WE COLLECT
The persons whose data we collect and process (“Data Subjects”) are:
– managers and employees of our clients engaged in the cooperation via the “Soshace” Platform, as well as of the prospective clients that we could engage in future and which we may contact to in accordance with our purposes and legitimate interests.
– the contractors engaged in the cooperation via the “Soshace” Platform, as well as the prospective contractors who we could engage in future and who we could contact in accordance with our purposes and legitimate interests.
– visitors of our web-site https://soshace.com, either leaving any personal data for the feedback or not so.
3. OUR PURPOSES AND LEGITIMATE INTERESTS IN DATA COLLECTION AND PROCESSING
(i) Promotion as an agent of services of contractors wishing to cooperate via the “Soshace” Platform, including the search and engagement of the prospective clients interested in such services, creating of new promotion materials on behalf of our contractors, such as CVs, video, reports and profiles;
(ii) Search and engagement as an agent of skilled contractors whose services are demanded by the clients wishing to cooperate via the “Soshace” Platform;
(iii) Conclusion of agreements with the clients and/or the contractors;
(iv) Assistance with the document flow between the clients and the contractors, facilitating the settlements between them, and other agency services;
(v) Receipt of the agency services fee.
(vi) Protection of our rights and interest or seeking legal or other appropriate remedy in case of the breach of contractual obligations (if so).
5. WHEN AND HOW YOU GIVE CONSENT TO YOUR DATA PROCESSING
(i) Upon the primary contact: when you visit our web-site the data collection via cookies starts and you are requested to confirm your consent with further collection of your data (“Click-Consent”);
(ii) When you fill in and send us the feedback form this means your consent to process all the data you place in such form;
(iii) When you send us (including when you request us to draft on your behalf, where appropriate) any documents and information, including CVs, cover letters, copies of passports, diplomas, bank details etc., by email, Skype, other messengers, this means your consent to process all the data you have sent;
(iv) If we receive your data from a third-party source and not from you directly than the fact that, upon the primary contact by phone, email, Skype, other messengers, you continue communicating with us and not clearly object against any further contacting to you, means your consent to the processing of your data;
ATTENTION! IF BY ANY REASON THE CONSENT REQUESTED BY SOSHACE HAS NOT BEEN GRANTED OR HAS BEEN GRANTED ON THE TERMS AND CONDITIONS THAT PRECLUDE SOSHACE FROM FURTHER COOPERATION WITH YOU, SOSHACE MAY TERMINATE SUCH COOPERATION.
6. REJECTION OF PROCESSING. CONSENT WITHDRAWAL
If you wish to unsubscribe from our marketing messages please click on the “Unsubscribe” link placed at the bottom of any email received from us.
If any of your rights may be implemented by electronic automated means (for example, rejection of the data processing in your private area on the “Soshace” Platform, on our web-site, etc.) you may implement your rights following the above described procedure.
To reject your data processing during the phone talk or in person you may tell about your rejection to Soshace’ manager or employee. Soshace will immediately take all measures to terminate further processing in accordance with this Policy.
ATTENTION! IF YOU HAVE INDICATED YOUR EMAILS OR TELEPHONE NUMBERS OR SKYPE AND OTHER MESSENGERS NAMES/NUMBERS AS THE CONTACT DETAILS FOR THE PURPOSES OF PERFORMANCE UNDER THE AGREEMENTS YOU CONCLUDED WITH SOSHACE, CLIENTS AND/OR CONTRACTORS ENGAGED BY SOSHACE IN THE COOPERATION VIA THE “SOSHACE” PLATFORM, YOU MAY NOT REGECT OF THE CONTACTING YOU UPON ANY ISSUES FOLLOWING SUCH AGREEMENTS.
All requests relevant to the rejection of your data processing, withdrawal or modification of the consent to processing granted before please send to the email indicated in section 17. Contact Us.
7. YOUR RIGHTS
Access Right. You are entitled to know what your data we process (the categories of data), the purposes of processing, the recipients (if so), periods of data retention, your rights to control your data; the source of data receipt (if the data are received not from you directly), measures of protection and other information in accordance with this Policy or law applicable to Soshace or its business. The information of the data stored is provided in WORD or PDF formats by default, and once the data are stored in an electronic form it may be given in a commonly used machine-readable format (XML).
Right to Rectify. You are entitled in any time to request us to change, rectify, supplement or update you data.
Right to Erasure (“Right to Be Forgotten”). Right to withdraw the consent. You are entitled to request us in any time to cease your data processing and to withdraw or change your consent to processing granted before. Anyway, we reserve the right to store the minimal necessary data in order to exclude any occasional contact you and to ensure your “right to be forgotten”. Please read more in section 10. Retention Periods. Information Deletion and Review.
Right to Data Portability. You may receive all the information about you that we may store in an electronic form, in a commonly used machine-readable format (XML) to be further transferred to a third party at your choice.
Right to Object. You may object to further processing of your data if the specific situation gives grounds for this and if we do not have a legitimate interest in such processing. Provided your data are used for marketing you may send us your objections in any time.
No abuse of right. Please pay attention that the right to information erasure, as well as the right to rectify the information or right to object the processing shall not be used as a way to avoid the fulfillment of your contractual undertakings before Soshace, clients and/or contractors engaged by Soshace that you have voluntarily and knowingly accepted earlier. Under these circumstances Soshace shall be entitled to reject the erasure or modification of the data if they are necessary to fulfill the contractual undertakings, including the facilitating of legal proceedings. Provided the data become the subject to unconditional erasure due to decision of a competent authority, officer or court Soshace shall be entitled to early terminate all agreements with you and demand the loss recovery that may be caused by such information erasure / modification or termination of the agreements.
8. AGE AND CAPACITY LIMITATIONS
We neither collect nor process personal data of anyone under the age of 16 or whose capacity is restricted by court decision or by any other competent authority and who is under custody. If you are a parent or legal guardian of such person and believe that we might have any information from or about such person, please contact us. We will delete the occasionally received data immediately upon receipt of your request.
9. USE OF INFORMATION
Soshace uses your data exclusively in strict compliance with this Policy.
We neither disclose nor transfer your data to third parties with exceptions set out in this Policy.
Soshace in no circumstances either trade your data with third persons or has any profit exclusively from payable transfer of your data to third parties.
Except for the common grounds and purposes of the data use described in this Policy Soshace may use your data to:
(ii) Send you by post, email or other means the materials that may be interesting for your, including our marketing proposals;
(ii) Provide other persons with statistical information in a form that does not lead to your identification;
(iii) Notify you of the changes to our documents and policies governing the cooperation via the “Soshace” Platform.
No 100 % automated decisions. No data are processed and no decision including the decision on cooperation, conclusion or termination of agreements or profiling is taken in Soshace exclusively on the basis of processing by automated means. All and any data and circumstances are carefully and personally reviewed by our employees and managers. In case of any doubt or disagreement the final decision is made by the General Director of Soshace.
10. RETENTION PERIODS. INFORMATION DELETION AND REVIEW
The information is stored and used only during a minimum period of time necessary to implement the purposes and legitimate interests of Soshace. We draw a distinction between the retention periods depending on the categories of data, as set out below.
Contact and individual data. To be stored permanently, not to be erased for the purposes of identification and implementation of the “right to be forgotten”. May be encrypted for safe storage.
For example, to avoid disturbing communication we store your details in a hash-code. If any of our employees attempts to contact you we will be notified by our client relationships managements system (CRM) that the use of your contact data for emailing/calling you is prohibited.
Social networks accounts. To be stored permanently, not to be erased for the purposes of identification and implementation of the “right to be forgotten”. May become invalid if you have deleted or closed your account on your own.
Photo. To be stored during the retention period of other data (documents) carrying the photo: CVs, social network accounts etc.
Identification documents. Audio- and video conference records. Conference text minutes. Professional experience and education documents. Portfolio. To be stored for Three (3) years following the completion of cooperation. This retention period is necessary to ensure the legal process in accordance with the laws of the Republic of Estonia.. If the agreement with the client or contractor is governed by the laws of other state the retention period may be increased to the limitation period prescribed by the applicable law of such state, but in no case it will be less than six (6) years.
Clients, contractors and third-party feedbacks. To be stored for Three (3) years following the completion of cooperation. This retention period is necessary to ensure the legal process in accordance with the laws of the Republic of Estonia.. If the agreement with the client or contractor is governed by the laws of other state the retention period may be increased to the limitation period prescribed by the applicable law of such state, but in no case it will be less than five (5) years.
Time-Tracking Systems Data. To be stored until full payment of the contractors’ services and/or Soshace’ agency services under the agreement with the client. If there is any dispute or disagreement with the Client or such dispute or disagreement is likely to appear the data shall be stored for Three (3) years following the completion of cooperation. This retention period is necessary to ensure the legal process in accordance with the laws of the Republic of Estonia. If the agreement with client or contractor is governed by the laws of other state the retention period may be increased to the limitation period prescribed by the applicable law of such state, but in no case it will be less than five (5) years.
If you are interested in continuous cooperation with Soshace, including regular search of the contractors or clients and conclusion of the services agreements in future, we may store, use, transfer to third parties or process otherwise any categories of your data listed above, for indefinite time, until you notice us that we shall cease your data processing. In this case, the data will be subject to periodical review after the storage periods elapse, and if such periods are not determined – not less than once in two years.
IP-address, time and date of contact, visitor’s geographical location. May be stored and used as long as we use Google Analytics and Yandex.Metrika services, in accordance with Google and Yandex privacy policies. If the data are collected by cookies, including third-party cookies, they are subject to deletion in the same manner with the cookies to be deleted. If the data have been introduced to the client relationship management (CRM) system that we use, the data may be deleted together with your profile in the system.
Cookies. Session Cookies to be deleted immediately upon the termination of the session and close-up of your browser or turn-off your device.
Persistent Cookies are to be stored for one week.
Third-Party Cookies to be deleted upon our completion of third-party services use, or in accordance with such third-party’ privacy or cookies policies.
Web Beacons. Soshace does not use web beacons. If they are used by our partners including third-party services installed on our web-site the retention periods and storage purposes will be determined by the respective Service Provider.
Еmbedded Scripts. The scripts may be temporarily downloaded onto your device and are deleted when you close your browser or turn off your device.
11. DATA PROTECTION MEASURES
Soshace ensures the protection of personal data stored by means of some technical and organizational security measures, including but not limited to:
– use of secure communication protocols to transfer the data via Internet, applying TLS 1.2 encryption;
– employees’ limited access to the personal data: each employee is permitted to access only the data he/she needs for work, via private area login and password;
– all Soshace’ employees undertake to ensure the information confidentiality and execute the non-disclosure agreements.
Soshace may apply pseudonymisation and encryption of the data stored, to avoid occasional leakages and uncontrolled disclosures.
Pseudonymisation means the personal data processing in such a manner that the personal data can no longer be attributed to you without the use of additional information. Such additional information is stored separately and available only to Soshace’ employees who are responsible for the personal data processing.
Encryption means using an algorithm to transform the data and make them unreadable for unauthorized users. The encrypted data may only be decrypted and readable with a key that is kept by Soshace’ employees who are responsible for the processing of the personal data.
12. JOINT USE, DISCLOSURE AND DATA TRANSFER
Soshace may share your information or jointly use it as specified below.
Clients and contractors. We provide the clients and/or the contractors engaged by us in the cooperation via the “Soshace” Platform all the information necessary to conclude agreements and facilitate payments, including but not limited to: full names of the contact persons, their telephone numbers, emails, Skype and other messengers’ names/numbers, bank account details to be indicated in the agreements and payment documents (for contractors or clients as individuals).
Service Providers. They render the services to Soshace, including technical means: client relationship management (CRM) system, Skype and other messengers, analytic services by Google and Yandex, etc. Our Service Providers may collect the information about your visits and activities on our web-site, as well as gain access to their own technologies placed on your computer or other device (including cookies, web beacons and embedded scripts) to show you targeted advertisements.
We may also use cloud email services such as Gmail or Yandex.Mail that may also store the correspondence with you.
You may view the list of the third-party services that we use together with the web links to the privacy policies that they apply in section 14. Third-Party Services that We Use.
Payment agents. These are the banks, including correspondent banks, payment systems. Soshace transfers them payment details of the parties necessary to perform under the concluded agreements, to receive and make the payment for the services delivered. Soshace may transfer any other data that such agents may request due to the conduct of clients due diligence (“Know Your Client” and similar procedures), for internal investigations by the compliance departments and for the investigations conducted in accordance with Anti-Money Laundering and Counter-Terrorism Financing laws.
Control authorities empowered to automatic receipt of information upon payments or conclusion, or implementation of the international agreements: finance monitoring offices, tax offices etc. These authorities may also receive the information bypass Soshace.
Compelled / Mandatory Disclosure. This may occur if we receive requests and prescriptions from the authorities and their officers, including finance monitoring office, tax office, law-enforcement agencies etc. The information is transferred for the purposes of your rights protection, your safety or for the protection of rights and safety of other persons, for compliance with the law, investigation of fraud, enforcement of court orders or to ensure a legal process.
Disclosure due to the contractual breach. We may transfer your data to third parties in case of breach of the obligations under a contract with us. Anyway, we do not transfer your data earlier than thirty (30) days or longer than five (5) years after the breach has occurred
We transfer the information on request of the authorities as it is, not reviewing and not rectifying it. We also do not verify the legality of the requests coming to us, and may at our discretion only notify you of the facts of receipt of such requests and transfer of the requested information provided such notification is necessary due to the applicable law.
Contractors’ profiles public disclosure. To perform under our agreements with independent contractors and to find the clients for them we release to the public on the “Soshace” Platform the contractors’ profiles which may include: name and first letter of the surname; the skills (technology stack known), project experience and education details.
13. INFORMING UPON DATA TRANSFER
If there is no other way specified by this Policy or applicable law and it is not clear from the circumstances that you have already been informed, Soshace may inform you upon the transfer of your personal data in the following ways:
– email from an employee of Soshace referring to the data transferred and their recipient. We may not specify the purposes of transfer if they are clear from the circumstances or already known to you, including by reading through this Policy;
– via private area on the “Soshace” Platform and /or our web-site (if you have the account);
– by phone, Skype or other similar message.
14. THIRD-PARTY SERVICES THAT WE USE
Our web-site and the “Soshace” Platform use the installed services that may collect and process your data. Below you may see the list of the services together with the web-links to the privacy policies that they apply.
(i) We use Google Drive to collect and store files, graphics and other materials: https://policies.google.com/privacy.
(ii) We use Google Analytics: https://policies.google.com/privacy?hl=en, and Yandex.Metrika: https://metrica.yandex.com/about/info/privacy-policy, to receive the analytics of visitors’ activities on our web-site and effectiveness of its content.
(iii) We use Intercom chat: https://www.intercom.com/terms-and-policies#privacy, to communicate with our prospective clients and contractors.
(iv) We use client relationship management (CRM) system HubSpot: https://legal.hubspot.com/privacy-policy, to store, organize and structure the client and contractors data, to send them notices, invoices and for other actions.
(v) We use services provided by Hunter.io: https://hunter.io/privacy-policy, and AmazingHiring: https://amazinghiring.com/privacy/, to search contact details of prospective clients and contractors. We use services provided by “Headhunter”, LLC: https://hh.ru/article/personal_data, to search prospective contractors and receive their CVs and cover letters.
The web-links to the privacy policies mentioned above are for your convenience only, and Soshace shall not be responsible for their validity. If any link becomes invalid (for example, Service Provider changes URL-address of the document) we recommend you finding the document on the Service Provider’s web-site on your own.
Soshace shall not be responsible for collections and processing of your data by any Service Provider, except when Soshace, acting as a user of such services, may delete information available to us.
You need to contact the aforesaid services directly and follow their privacy policies regarding all matters of your data processing. Soshace may assist you and perform the acts that obviously dependent on us as the user of these services, and require neither a legal advice nor a legal process, nor cause a workload for our staff that, in our opinion, may be significant.
Soshace shall be entitled in any time at its own discretion refuse from the use of any of the aforesaid services, as well as to start using any other, without further notice.
15. CROSS-BORDER TRANSFER
Soshace engages skilled contractors from different countries, mainly from LATAM, Europe, CIS. The data of managers and employees of clients that we engage in cooperation via the “Soshace” Platform, may be transferred to these countries upon (or prior to) the conclusion of the service agreements with the contractors.
To ensure the adequate level of protection of the personal data received and/or transferred by Soshace to other countries not providing such level of protection Soshace may process the data coming from the EU in accordance with the Standard Contractual Clauses for Controllers as approved by the European Commission and available at: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32004D0915 (as amended, superseded or updated from time to time) (“Standard Clauses”). The Standard Clauses, if used by us in specific circumstances, shall become an integral part of this Policy.
The Standard Clauses shall be mandatory for you as a contractor if you wish to cooperate via the “Soshace” Platform, subject to the following circumstances:
(i) You are based on the territory of countries that do not belong to the EU or have no adequate level of personal data protection*;
(ii) You receive the data of individuals based on the territory of the EU.
* The countries with adequate level of personal data protection are: Andorra, Argentina, Canada (commercial organizations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the United States of America (limited to the Privacy Shield framework).
16. POLICY MODIFICATIONS AND UPDATES
17. CONTACT US
You may address all complaints, inquiries, request on rectifications, modification of deletion of your data, as well as any other information relevant to your personal data, to: firstname.lastname@example.org.