Selfwork Privacy Policy

Introduction

We are committed to protecting and respecting your privacy. This Privacy Policy (the "Policy" or "Privacy Policy") governs the collection and use of personal data by Selfwork GmbH (hereinafter "Selfwork Platform" or "Platform"). It explains how and why we use your personal data and applies to the personal data that you provide us directly, or that we may obtain from other sources.

We may use your personal data for any of the purposes described in this Policy.

References to "our," "us," or "we" within this Policy are to Selfwork GmbH (address: Schützengasse 4, 8001 Zürich, Switzerland), email: info@selfwork.com.

In this Policy we refer to "processing" your "personal data". Processing is taken to mean anything that is done to or with personal data (including simply collecting, storing, or deleting that data). Personal data is any information relating to an identified or identifiable living person. When "you" or "your" is used in this statement, we are referring to the relevant individual who is the subject of the personal data.

By using the Service, you agree to the terms of this Privacy Policy. Please read our Terms of Use https://legal.selfwork.com, as well for general guidance about your use of the Service. Except as otherwise expressly agreed, this Privacy Policy and our Terms of Use are the complete agreement between you and Selfwork Platform.

What's in this Privacy Policy?

In this Privacy Policy, you'll find:

• What information do we collect about you?
• How might we use that information?
• What information might we share with others?
• Your rights and choices about that information.

What types of personal data do we collect?

We process different categories of personal data to enable us to provide services to you, as further described below:

Special Categories of Personal Data

We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. Please do not provide us with any such information directly to the Platform.

The only exception to this is the identity verification (KYC) process, which is performed by Third-Party Verification Services, including but not limited to Stripe and SumSub, and may involve the processing of biometric data and government-issued identification documents. These third parties may collect your name, birthdate, address, government identification, and biometric data pursuant to the terms of their respective privacy policies. The Platform does not have direct access to this special category data.

If you choose to use our Services, you consent to the processing of your data by these Third-Party Verification Services. For details on how these providers handle your data, please review their respective privacy policies:

• Stripe: https://stripe.com/privacy
• SumSub: https://sumsub.com/privacy-notice

How we might use that information?

The reason these categories of personal data are processed, along with our lawful basis for doing so, are set out below. We may use your personal data for:

• Customer services and operations
• Analytics and marketing purposes
• Legal support and dispute management
• Data security purposes
• Working with third parties
• Internal business operations
• To enable us, our partners, and third-party suppliers to provide, manage, and improve the level of services
• To follow the law, a court order, or orders from government agencies
• For research and development purposes
• To monitor and detect violations as well as other potential misuses of our Website
• To detect and combat fraud or security issues
• To provide you with Services and improve our Services and for internal business purposes
• To maintain and upgrade the performance and security of our Website, software, systems, and networks
• To contact you about our programs, products, features, or services
• To enforce compliance with our Terms of Use and other policies
• To protect the Service, our employees, and our business's rights or safety

California residents' rights

We also are regulated under the California Consumer Privacy Act (CCPA), which applies to California residents.

Under the CCPA, California residents have several important rights:

Right to Know

You can ask us what personal data we hold about you and request a copy. This includes:

• The type and specific pieces of personal data we have collected
• The types of sources we collect the data from
• The purpose for collecting your personal data
• The third parties we share that data with

Right to Delete

You can request that we erase your personal data. There are some exceptions to this right if we:

• Need to complete the transaction for which the personal data was collected or if there is an ongoing business relationship or contract with you
• Detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity
• Need to identify and repair errors affecting Service functionality
• Exercise free speech or ensure another consumer can exercise (or other lawful right)
• Need to comply with the California Electronic Communications Privacy Act
• Engage in research in the public interest
• Enable solely internal uses that are in line with your expectations for using your personal data
• Need to comply with a legal obligation
• Otherwise, use your personal data internally in a way that's compatible with the reason we collected it in the first place

Sale of your personal data: We do not sell any of your personal data for any purposes.

Other Rights: California residents also have the right to request information about our disclosure of personal data to third parties for direct marketing purposes during the calendar year before your request. This request is free and may be made only once a year.

We also won't discriminate against you for exercising any of the rights listed above. If you would like to exercise any of those rights, please email us to info@selfwork.com. We may ask for additional info to verify that you're the owner of that data.

"Do Not Track" Policy as Required by California Online Privacy Protection Act (CalOPPA)

Our Service does not respond to Do Not Track signals. However, some third party websites do keep track of your browsing activities. If you are visiting such websites, you can set your preferences in your web browser to inform websites that you do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of your web browser.

What information might we share with others?

The data of the Policy holder is treated within the framework of confidentiality as a general principle, but this data will be available for sharing with the authorized government agencies and related parties. We may share any information that users provide or that we collect about them with our partners, third party suppliers, analytics providers, search engine service providers, and advertisers. We will share this information with third parties as follows:

• Legal compliance with the terms and conditions of the applicable law or requirement of regulators
• To protect rights, property, or maintain the integrity of Users, and the safety of our customers or other parties
• With service providers, contractors, and facilities that perform certain functions on our behalf
• For the purposes of research and development
• To support compliance verification procedures
• To respond to subpoenas, court orders, or other legal processes
• With our affiliates, or with their successors in the event of a merger, acquisition, or reorganization
• To provide Users with the ability to interact with each other or communicate with each other

Payment Processors

We transmit transaction metadata (including service description, service/works cost and amount, service/works deadlines, payment terms, and parties involved, customer ID, connected account ID, payout method token) to our Third-Party Payment Services, including Stripe Connect and Unlimit, for the exclusive purpose of payment processing. These Third-Party Payment Services are independent data controllers for all payment-related data, and all payment data is processed directly by them in accordance with their respective privacy policies. We do not share payment card details or sensitive financial information with any third party.

For details on how these providers handle your data, please review their respective privacy policies:

• Stripe: https://stripe.com/privacy
• Unlimit: https://www.unlimit.com/privacy-policy

Other than that, we will not share your personal data with anyone else. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with the Privacy Policy.

How long do we keep your personal data?

We only keep your personal data as long as it's required to provide you with the Service. Sometimes a longer period might be required by law.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In practice, we have established the following specific retention periods:

• Account Data: We retain the personal data you provide when you register an account (e.g., name, email, profile information) for 3 years from the date of your last login or account activity.
• Financial and Transaction Data: We are required by law to keep records of financial transactions and invoices for 7 years from the end of the financial year in which the transaction occurred.
• Project and Communication Data: Data related to your projects, orders, and communication with other users is retained for 3 years after the project completion to comply with our contractual obligations and resolve any potential disputes.
• Customer Support Data: Records of your communications with our support team are kept for 2 years after the resolution of your inquiry.
• Data for Legal Claims: In cases where we need to use data for the establishment, exercise, or defense of legal claims, we will retain the necessary data until the end of the relevant statutory limitation period.

Please note that in some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Furthermore, we may retain your personal data for a longer period in the event of a complaint, dispute, or if we reasonably believe there is a prospect of litigation relating to your personal data or our relationship with you.

Data Processing in Connection with Third-Party Payment Service

Selfwork Platform integrates with third-party payment processing providers ("Payment Processors") for payment processing purposes. In connection with this integration:

• Selfwork Platform transmits only necessary transaction details (e.g., including service description, service/works cost and amount, service/works deadlines, payment terms, and parties involved) to its Payment Processors for payment processing. This metadata does not contain any payment card information or other sensitive financial data;
• Payment card details and sensitive authentication data are processed exclusively by the Payment Processors and never pass through Selfwork Platform's systems;
• Selfwork Platform does not store, access, or process any payment card data;
• Each Payment Processor acts as a separate data controller (and, where applicable, processor) for payment processing purposes and is responsible for compliance with PCI DSS and other applicable payment regulations;
• Users are directed to review the privacy policy and data processing terms of the relevant Payment Processor for information about how payment data is processed; read our Data Processing Agreement (DPA) - Third-Party Service Integration Addendum (available at – https://legal.selfwork.com);
• Selfwork Platform is not responsible for any payment data breaches or issues arising from the Payment Processors' payment processing systems.

Selfwork Platform does not access, process, store, or control any payment-related data, including credit card numbers, bank account details, or other financial information. All payment data is entered directly by Users into the Payment Processors' secure payment interface and is processed solely by the Payment Processors in accordance with their respective privacy policies.

Cookies and Advertisements

Cookies: A cookie is a small amount of data that is sent to your browser from a web server and is stored on your computer's hard drive. Cookies are not spyware or adware and can't deliver viruses or run programs on your computer. Other similar methods include tracking pixels and web beacons.

For more information about our use of Cookies on our website, please view our Cookie policy here – https://legal.selfwork.com.

Third Party Privacy Policies

Selfwork Platform provides links to third-party services on which Selfwork Platform accounts are registered, operated, and supported. We use the following platforms:

• Google - https://policies.google.com/privacy?hl=en-IN
• Facebook - https://www.meta.com/help/policies/1138173423768570/
• Instagram - https://www.meta.com/help/policies/1138173423768570/
• WhatsApp - https://www.whatsapp.com/legal/privacy-policy
• LinkedIn - https://www.linkedin.com/legal/privacy-policy
• Telegram - https://telegram.org/privacy
• Botim - https://astratech.ae/privacy-policy/
• Amplitude - https://amplitude.com/privacy/archive/2023-09
• DigitalOcean - https://www.digitalocean.com/legal/privacy-policy
• Hetzner - https://www.hetzner.com/legal/privacy-policy/

This Privacy Policy does not apply to other server providers, cloud providers, host providers, advertisers, or websites. Thus, we are advising you to consult the respective Privacy Policies of these third-party service providers or the ad servers for more detailed information.

Children's privacy rights

The Services are not directed or intended for children, and we don't knowingly collect any personal data from children under the age of 18.

We take children's privacy seriously. It is important to safeguard the privacy of children, and we encourage parents to regularly monitor their children's use of online activities.

We will promptly delete Personal Data submitted by children unless legally obligated to retain such data.

If you have any concerns about your child's personal data, please contact us at info@selfwork.com

Transfers of your personal data

Our headquarters is located in Switzerland.

No matter where you live, by using the Service, you consent to the processing and transfer of your personal data in and to EU and EEA countries and the United States. This processing will be under the privacy policies of third parties that we share personal data with.

The laws of these countries governing data collection and use may not be as comprehensive or protective as the laws of the country where you live.

If you would like more information, please contact us (see "How to contact us" below).

EU residents' rights

We are regulated under the General Data Protection Regulation (GDPR), which applies across the European Union (including in the United Kingdom). We are responsible as a controller of personal data for GDPR purposes.

Your rights as an EU resident:

Under the GDPR, EU residents have several important rights:

• By law, you can ask us what information we hold about you, and you can ask us to correct it if it is inaccurate. If we have asked for your consent to process your personal data, you may withdraw that consent at any time.
• If we are processing your personal data for reasons of consent or to fulfill a contract, you can ask us to give you a copy of the information in a machine-readable format so that you can transfer it to another provider.
• If we are processing your personal data for reasons of consent or legitimate interest, you can request that your data be erased.
• Right to objection. It means that you can object to the processing for certain purposes, such as direct marketing.
• You have the right to ask us to stop using your information for a period of time.
• Finally, in some circumstances, you can ask us not to reach decisions affecting you using automated processing or profiling.
• Right to request. It gives you the right not to be subject to fully automatic decision-making, meaning the users can request that their personal data not be part of processing for any automatic decision-making, including profiling, if such processing has any significant or legal effects for the users.

Please note that the above-described rights for the users as data subjects may be limited if the personal data is necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims.

If you would like to exercise any of those rights, please email us at info@selfwork.com. We may ask for additional info to verify that you're the owner of that data.

Selfwork Platform will process and answer requests without undue delay and in any event within one month of the receipt of the request unless a longer period is required due to the complexity of the request. In this case, the response time can be up to three months in total. Also, in some cases where the law requires it, we may not be able to help with the above requests.

"Do Not Track" Policy

Our Service does not respond to Do Not Track signals. However, some third party websites do keep track of your browsing activities. If you are visiting such websites, you can set your preferences in your web browser to inform websites that you do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of your web browser.

How do we protect personal data?

We have taken steps and put security measures in place to prevent the accidental loss or misuse of personal data.

For example, we limit access to those who have a genuine business need. Those processing your information will do so only in an authorized manner.

We use other security measures as well, such as:

• Anti-virus software
• Encryption of data in transit and at rest
• Two-factor and Multi-factor authentication
• Regular backups
• Role-based access controls
• Firewalls and intrusion detection systems
• Regular security audits and penetration testing

We also have procedures in place to deal with any suspected data security breach. We'll notify you and any applicable regulator of a suspected data security breach when legally required.

As Selfwork Platform does not process or store payment data, we rely on our Payment Processors' security measures for all payment-related information. They implement industry-standard security protocols, including PCI DSS compliance, encryption, and fraud detection systems. For details on their security measures, please review the security documentation and privacy policies of the relevant Payment Processor.

Resolving Disputes

We hope that we can resolve any questions or concerns you raise about our use of your personal data.

Please contact us info@selfwork.com to let us know if you have questions or concerns. We will do our best to resolve the issue.

For EU residents, the GDPR also gives you the right to lodge a complaint with a supervisory authority. You may do this in the EEA state where you live, work, or where any alleged infringement occurred.

How will we notify you of changes?

This Privacy Policy applies to all personal data collected or provided to us. This Privacy Policy is subject to change, and we may make any necessary changes to this Privacy Policy. Selfwork Platform will notify you of material changes by posting information about the changes in the Services. Users are encouraged to check back and review this Privacy Policy from time to time so that users are always aware of what personal data is collected, how it is processed and for which purpose, and to whom it is disclosed. All continued use of and access to the Services is subject to this Privacy Policy and will signify users' acceptance of Privacy Policy and any potential changes to it.

We may make further updates from time to time. If we have your email address on file, we will inform you via email. Otherwise, we will post a message on the Service about the change.

How to contact us

Please contact us if you have any questions about this Privacy Policy or your personal data. You can do so using the following contact info:

• Email: info@selfwork.com
• Postal Mail: Schützengasse 4, 8001 Zürich, Switzerland.