SOSHACE PRIVACY POLICY

The present Privacy Policy has been developed and adopted as mandatory for Soshace, a company registered in accordance with the laws of Florida, address of the principal place of business: 7901 4th St N, Suite 20091 Saint Petersburg, FL, 33702 (“Soshace”), and for any other legal entity, representative office or branch held or controlled by Soshace, or affiliated with Soshace in any other manner (“Affiliates”), as well as by all and any manager and employee of Soshace and its affiliates.

The present Privacy Policy governs the conditions and procedures for collecting and further processing personal data of individuals, including data coming from EU residents: categories of the data collected, purposes and legal basis of the data processing, rights of data subjects, retention periods, organizational and technical measures of personal data protection, etc.

The present Policy complies with the General Data Protection Regulation (EU) 2016/679 dated April 27, 2016.
For the purposes of this Policy:

(i) The terms “Soshace”, “We”, and “Our” and their use, in any case, are identical;

(ii) Personal Data (“Personal Data”, “Data”) means any information that allows an individual to be identified by reference to an identifier. The identifier may be a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual;

(iii) Processing of personal data comprises collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

(iv) “Soshace” Platform means a comprehensive set of solutions comprised of software, hardware, domain names, and any materials, as well as organizational, legal, and technical solutions and documents accessible at the URL address https://soshace.com/ or at any website/URL address to which Soshace may grant access to clients and/or contractors.

CONTENT
1. What data do we collect and why?
2. Whose Data We Collect.
3. Our Purposes and Legitimate Interests in Data Collection and Processing.
4. Legal Basis for Data Processing.
5. When and how you give consent to your data processing.
6. Rejection of Processing. Consent Withdrawal.
7. Your Rights.
8. Age and Capacity Limitations
9. Use of Information
10. Retention Periods. Information Deletion and Review.
11. Data Protection Measures.
12. Joint Use, Disclosure, and Data Transfer.
13. Informing Upon Data Transfer.
14. Third-Party Services That We Use.
15. Cross-Border Transfer.
16. Policy Modifications and Updates.
17. Contact Us.

1. WHAT DATA WE COLLECT AND WHY
Contact and individual data: surname, name, patronymic name (if applicable); telephone numbers, emails, Skype and other messengers names/numbers, postal addresses, etc. They are necessary to connect with clients and contractors, including prospective ones.

Social network accounts. The commercial goodwill of the client and contractor must be checked, and reliable partners must be selected with whom to cooperate in the future.

Photo. This is necessary to identify upon repeated contact. We receive photos from open social network accounts, prospective clients’ websites, conference video records, together with CVs, or in any other similar way.
Identification documents. They are necessary to identify persons upon agreement execution. The passports, including international passports, may be required to check the client’s tax residency (if the client is an individual) or contractor and the exact services of price estimation as well as for the estimation and payment of taxes.

Audio and video conference records. These include video images, text data, voice, etc. They are necessary to control the independence of the contractors’ passing of the tests, assess their professional and communication skills, record the arrangements made with the clients and contractors, and record issues that require further negotiations.

Conference text minutes are necessary to record the arrangements made with clients and contractors and issues that require further negotiations.

Professional experience and education documents: CVs, degree certificates, diplomas, certificates, etc. They are necessary to confirm the contractors’ experience and education.

Portfolio: drawings, sketches, designs, programs, source code parts, including the links to the works deposited on third-party resources, as well as access to such resources. They are necessary to assess the contractor’s professional skills and experience and present his/her services to prospective clients.

Clients, contractors, and third-party feedback are necessary to assess the quality of cooperation via the “Soshace” Platform, decide on further cooperation with clients or contractors, or correct the condition of cooperation, including the pricing policy.

IP address, time and date of contact, and visitor’s location. These data are necessary to identify the visitors who repeatedly contact us and for marketing analysis. This will be collected by Google Analytics and Yandex services. Metrika that we use on our website.

Cookies are small pieces of data that web browsers place on your computers and other devices to improve user interaction. Websites create cookies to store users’ information and settings, search for and demonstrate the information most relevant to users’ interests, remind users to log into their accounts, and for other purposes.

Cookies used by Soshace are necessary to analyze users’ behavior, improve the website’s usability, promote Soshace’s services, and develop new services. Soshace utilizes two types of cookies: session and persistent cookies.
Session Cookies exist only during an online session and disappear from your computer when you close your browser or turn off your device. We use session cookies to identify you as the user while visiting our website. This information allows us to process your online actions and requests.

Persistent Cookies. Remain on your device even if you turn it off. They store a unique identifier for your browser. Persistent cookies help us identify you as someone who has already visited our website. We use the persistent cookies on a secure basis. For example, we do not store account numbers or passwords in persistent cookies.
Third-Party Cookies. To enhance our website administration and collect statistical data, we can use the services of third parties (“Service Providers”) that allow us to track visitors’ behavior without identifying them. These services may also place cookies on your device. The placement, use, and deletion of such cookies will be governed by the respective service provider’s privacy policy or cookie policy.

Web Beacons. Our partners, including the Service Providers, may apply a software technology called “Web Beacons”. A web beacon is an often-transparent graphic image, usually no larger than 1 x 1 pixels, placed on a website or in an email that is used to monitor the behavior of users visiting a website or sending an email. It is often used in combination with cookies. This technology helps to know what content on a website effectively promotes its services. Web beacons may be used to count website visitors and views of web pages, monitor how visitors navigate a website, and for other purposes.
Embedded Scripts. We and our partners, including the Service Providers, may apply “Embedded Scripts” technology. This program code is designed to collect information about your interactions with our website, for example, what web links you click on.

Time-Tracking Systems Data. As a part of our agency services, we may collect the contractors’ service time-tracking data. These data serve as a basis for payment of the delivered services and ensure control over the performance under our concluded agreements. We apply the system by making the contractor’s screenshots every 10 – 20 minutes. The screenshots and other time-tracking information may be transferred to the client entered into the services agreement and the “Soshace” Platform cooperation agreement.

ATTENTION TO CONTRACTORS! PLEASE ENSURE THAT YOU DO NOT KEEP ANY EXTRANEOUS INFORMATION ON YOUR SCREENS THAT IS NOT RELEVANT TO THE SERVICES BEING DELIVERED. SOSHACE SHALL NOT BE RESPONSIBLE OR LIABLE CONCERNING ANY OCCASIONAL COLLECTION AND TRANSFER OF SUCH DATA.

2. WHOSE DATA WE COLLECT
The persons whose data we collect and process (“Data Subjects”) are:

– managers and employees of our clients engaged in cooperation via the “Soshace” Platform, as well as prospective clients that we could engage in the future and whom we may contact in accordance with our purposes and legitimate interests.

– the contractors engaged in cooperation via the “Soshace” Platform, as well as prospective contractors whom we could engage in the future and whom we could contact in accordance with our purposes and legitimate interests.

– visitors to our website https://soshace.com either leave any personal data for feedback or not.

3. OUR PURPOSES AND LEGITIMATE INTERESTS IN DATA COLLECTION AND PROCESSING
(i) Promotion as an agent of services of contractors wishing to cooperate via the “Soshace” Platform, including the search and engagement of the prospective clients interested in such services, creating of new promotion materials on behalf of our contractors, such as CVs, video, reports, and profiles;

(ii) Search and engagement as an agent of skilled contractors whose services are demanded by the clients wishing to cooperate via the “Soshace” Platform;

(iii) Conclusion of agreements with the clients and/or the contractors;

(iv) Assistance with the document flow between the clients and the contractors, facilitating the settlements between them, and other agency services;

(v) Receipt of the agency services fee.

(vi) Protection of our rights and interests or seeking legal or other appropriate remedy in case of the breach of contractual obligations (if so).

5. WHEN AND HOW YOU GIVE CONSENT TO YOUR DATA PROCESSING
(i) Upon the primary contact: when you visit our website, the data collection via cookies starts, and you are requested to confirm your consent with further collection of your data (“Click-Consent”);

(ii) When you fill in and send us the feedback form, this means your consent to process all the data you place in such form;
(iii) When you send us (including when you request us to draft on your behalf, where appropriate) any documents and information, including CVs, cover letters, copies of passports, diplomas, bank details, etc., by email, Skype, other messengers, this means your consent to process all the data you have sent;

(iv) If we receive your data from a third-party source and not from you directly, then the fact that, upon the primary contact by phone, email, Skype, or other messengers, you continue communicating with us and not object against any further contacting to you, means your consent to the processing of your data;

ATTENTION! IF, FOR ANY REASON, THE CONSENT REQUESTED BY SOSHACE HAS NOT BEEN GRANTED OR HAS BEEN GRANTED ON THE TERMS AND CONDITIONS THAT PRECLUDE SOSHACE FROM FURTHER COOPERATION WITH YOU, SOSHACE MAY TERMINATE SUCH COOPERATION.

6. REJECTION OF PROCESSING. CONSENT WITHDRAWAL
If you wish to unsubscribe from our marketing messages, please click the “Unsubscribe” link at the bottom of any email we receive.

If any of your rights may be implemented by electronic automated means (for example, rejection of the data processing in your private area on the “Soshace” Platform, on our website, etc.), you may implement your rights following the above-described procedure.

If you reject data processing during a phone call or in person, you may tell Soshace’s manager or employee about your rejection. Soshace will immediately take all measures to terminate further processing in accordance with this Policy.

ATTENTION! IF YOU HAVE INDICATED YOUR EMAILS OR TELEPHONE NUMBERS OR SKYPE AND OTHER MESSENGERS NAMES/NUMBERS AS THE CONTACT DETAILS FOR THE PURPOSES OF PERFORMANCE UNDER THE AGREEMENTS YOU CONCLUDED WITH SOSHACE, CLIENTS AND/OR CONTRACTORS ENGAGED BY SOSHACE IN THE COOPERATION VIA THE “SOSHACE” PLATFORM, YOU MAY NOT REGECT OF THE CONTACTING YOU UPON ANY ISSUES FOLLOWING SUCH AGREEMENTS.

All requests relevant to the rejection of your data processing, withdrawal, or modification of the consent to processing granted before please send to the email indicated in section 17. Contact Us.

7. YOUR RIGHTS
Access Right. You are entitled to know what data we process (the categories of data), the purposes of the processing, the recipients (if so), periods of data retention, your rights to control your data, the source of data receipt (if the data are received not from you directly), measures of protection and other information in accordance with this Policy or law applicable to Soshace or its business. The information stored is provided in WORD or PDF formats by default, and once the data are stored in an electronic form, it may be given in a commonly used machine-readable format (XML).

Right to Rectify. You are entitled to request that we change, rectify, supplement, or update your data at any time.

Right to Erasure (“Right to Be Forgotten”). Right to withdraw consent. You are entitled to request us at any time to cease processing your data and to withdraw or change your consent to processing granted before. However, we reserve the right to store the minimal necessary data to exclude any occasional contact with you and to ensure your “right to be forgotten.” Please read more in section 10. Retention Periods. Information Deletion and Review.

Right to Data Portability. You may receive all the information about you that we store in electronic form, in a commonly used machine-readable format (XML), to be further transferred to a third party of your choice.

Right to Object. You may object to further processing of your data if the specific situation gives grounds for this and if we do not have a legitimate interest in such processing. Provided your data are used for marketing, you may send us your objections anytime.

Right to Opt-Out of Text Messages. By submitting your phone number, you consent to receive our text messages. However, you can opt out of receiving these messages at any time. Simply text “STOP” to [designated phone number or shortcode] to opt out. Once you opt out, you will no longer receive text messages from us unless you choose to opt back in later. We respect your privacy and will promptly honor your request to cease communication via text messages.

No abuse of rights. Please pay attention that the right to information erasure, as well as the right to rectify the information or right to object to the processing, shall not be used as a way to avoid the fulfillment of your contractual undertakings before Soshace, clients, and/or contractors engaged by Soshace that you have voluntarily and knowingly accepted earlier. Under these circumstances, Soshace shall be entitled to reject the erasure or modification of the data if necessary to fulfill the contractual undertakings, including facilitating legal proceedings. Provided the data become the subject to unconditional erasure due to the decision of a competent authority, officer, or court, Soshace shall be entitled to early terminate all agreements with you and demand the loss recovery that may be caused by such information erasure/modification or termination of the agreements.

8. AGE AND CAPACITY LIMITATIONS
We neither collect nor process the personal data of anyone under 16 or whose capacity is restricted by court decisions or any other competent authority and who is under custody. If you are a parent or legal guardian of such person and believe we might have any information from or about such person, please contact us. We will delete the occasionally received data immediately upon receipt of your request.

9. USE OF INFORMATION
Soshace uses your data exclusively in strict compliance with this Policy.

We neither disclose nor transfer your data to third parties, with exceptions set out in this Policy.

Soshace, in no circumstances, either trades your data with third persons or makes any profit exclusively from the payable transfer of your data to third parties.

Except for the common grounds and purposes of the data use described in this Policy, Soshace may use your data to:

(ii) Send you by post, email, or other means the materials that may be interesting for you, including our marketing proposals;

(ii) Provide other persons with statistical information in a form that does not lead to your identification;

(iii) Notify you of the changes to our documents and policies governing the cooperation via the “Soshace” Platform.

There are no 100 % automated decisions. No data are processed, and no decision, including the decision on cooperation, conclusion or termination of agreements or profiling, is taken in Soshace exclusively on the basis of processing by automated means. All data and circumstances are carefully and personally reviewed by our employees and managers. In case of any doubt or disagreement, the final decision is made by the General Director of Soshace.

10. RETENTION PERIODS. INFORMATION DELETION AND REVIEW
The information is stored and used only for the minimum period necessary to implement Soshace’s purposes and legitimate interests. We distinguish the retention periods depending on the data categories, as set out below.
Contact and individual data. To be stored permanently, not to be erased to identify and implement the “right to be forgotten”. May be encrypted for safe storage.

For example, to avoid disturbing communication, we store your details in a hash code. If any of our employees attempt to contact you, our client relationships management system (CRM) will notify us that using your contact data for emailing/calling you is prohibited.

Social network accounts are to be stored permanently, not erased, for the purposes of identification and implementation of the “right to be forgotten.” They may become invalid if you have deleted or closed your account on your own.

Photo. This data (documents) carrying the photo should be stored during the retention period of other data (CVs, social network accounts, etc.).

Identification documents. Audio- and video conference records. Conference text minutes. Professional experience and education documents. Portfolio. To be stored for Three (3) years following the completion of cooperation. This retention period is necessary to ensure the legal process in accordance with the local and state laws.. If the agreement with the client or contractor is governed by the laws of another state, the retention period may be increased to the limitation period prescribed by the applicable law of such state, but in no case will it be less than six (6) years.

Clients, contractors, and third-party feedback. To be stored for Three (3) years following the completion of cooperation. This retention period is necessary to ensure the legal process is in accordance with local and federal laws. If the agreement with the client or contractor is governed by the laws of another state, the retention period may be increased to the limitation period prescribed by the applicable law of such state, but in no case will it be less than five (5) years.

Time-Tracking Systems Data. This will be stored until full payment of the contractors’ services and/or Soshace’s agency services is made under the agreement with the client. If there is any dispute or disagreement with the Client or such dispute or disagreement is likely to appear, the data shall be stored for Three (3) years following the completion of cooperation. This retention period is necessary to ensure the legal process in accordance with the local and state laws. If the agreement with the client or contractor is governed by the laws of another state, the retention period may be increased to the limitation period prescribed by the applicable law of such state, but in no case will it be less than five (5) years.

If you are interested in continuous cooperation with Soshace, including regular search of the contractors or clients and conclusion of the services agreements in the future, we may store, use, transfer to third parties or process otherwise any categories of your data listed above, for indefinite time, until you notice us that we shall cease your data processing. In this case, the data will be subject to periodical review after the storage periods elapse and if such periods are not determined – not less than once in two years.

IP address, time and date of contact, and visitor’s location. May be stored and used as long as we use Google Analytics and Yandex.Metrika services, in accordance with Google and Yandex privacy policies. If the data are collected by cookies, including third-party cookies, they are subject to deletion in the same manner as the cookies to be deleted. If the data have been introduced to the client relationship management (CRM) system that we use, the data may be deleted from your profile.

Cookies. Session Cookies are to be deleted immediately upon the termination of the session and close-up of your browser or turn off your device.

Persistent Cookies are to be stored for one week.

Third-party cookies will be deleted upon our completion of using third-party services or in accordance with such third-party’s privacy or cookies policies.

Web Beacons. Soshace does not use web beacons. If they are used by our partners, including third-party services installed on our website, the retention periods and storage purposes will be determined by the respective Service Provider.
Еmbedded Scripts. The scripts may be temporarily downloaded onto your device and are deleted when you close your browser or turn off your device.

11. DATA PROTECTION MEASURES
Soshace ensures the protection of personal data stored using some technical and organizational security measures, including but not limited to:

– use of secure communication protocols to transfer the data via the Internet, applying TLS 1.2 encryption;

– employees’ limited access to the personal data: each employee is permitted to access only the data he/she needs for work via private area login and password;

– All Soshace employees are responsible for ensuring the confidentiality of information and executing non-disclosure agreements.

Soshace may apply pseudonymization and encryption of the data stored to avoid occasional leakages and uncontrolled disclosures.

Pseudonymization means personal data processing in such a manner that the personal data can no longer be attributed to you without the use of additional information. Such additional information is stored separately and available only to Soshace employees who are responsible for the personal data processing.

Encryption means using an algorithm to transform the data and make them unreadable to unauthorized users. The encrypted data may only be decrypted and readable with a key kept by Soshace’s employees, who are responsible for processing the personal data.

12. JOINT USE, DISCLOSURE AND DATA TRANSFER
Soshace may share your information or jointly use it as specified below.

Clients and contractors. We provide the clients and/or the contractors engaged by us in the cooperation via the “Soshace” Platform all the information necessary to conclude agreements and facilitate payments, including but not limited to: full names of the contact persons, their telephone numbers, emails, Skype and other messengers’ names/numbers, bank account details to be indicated in the agreements and payment documents (for contractors or clients as individuals).

Service Providers. They render services to Soshace, including technical means such as a client relationship management (CRM) system, Skype and other messengers, analytic services by Google and Yandex, etc. Our Service Providers may collect information about your visits and activities on our website and gain access to their technologies placed on your computer or other device (including cookies, web beacons, and embedded scripts) to show you targeted advertisements.

We may also use cloud email services such as Gmail or Yandex. Mail that may also store the correspondence with you.
You may view the list of the third-party services we use and the web links to the privacy policies they apply in section 14. Third-Party Services That We Use.

Payment agents. These are the banks, including correspondent banks and payment systems. Soshace transfers the payment details of the parties necessary to perform under the concluded agreements to receive and make the payment for the services delivered. Soshace may transfer any other data that such agents may request due to the conduct of clients due diligence (“Know Your Client” and similar procedures), for internal investigations by the compliance departments and for the investigations conducted in accordance with Anti-Money Laundering and Counter-Terrorism Financing laws.

Control authorities, such as finance monitoring offices and tax offices, are empowered to automatically receive information upon payment conclusion or implementation of international agreements. These authorities may also receive the information bypassing Soshace.

Compelled / Mandatory Disclosure. This may occur if we receive requests and prescriptions from the authorities and their officers, including the finance monitoring office, tax office, law-enforcement agencies, etc. The information is transferred for the purposes of your rights protection, your safety, or for the protection of the rights and safety of other persons, for compliance with the law, investigation of fraud, enforcement of court orders, or to ensure a legal process.

Disclosure due to the contractual breach. We may transfer your data to third parties in case of a breach of the obligations under a contract with us. Anyway, we do not transfer your data earlier than thirty (30) days or longer than five (5) years after the breach has occurred

We transfer the information at the request of the authorities as it is, not being reviewed and rectified. We also do not verify the legality of the requests coming to us and may, at our discretion, only notify you of the facts of receipt of such requests and transfer of the requested information provided such notification is necessary due to the applicable law.

Contractors’ profiles public disclosure. To perform under our agreements with independent contractors and to find the clients for them, we release to the public on the “Soshace” Platform the contractors’ profiles, which may include the name and first letter of the surname; the skills (technology stack known), project experience and education details.

13. INFORMING UPON DATA TRANSFER
If there is no other way specified by this Policy or applicable law and it is not clear from the circumstances that you have already been informed, Soshace may inform you upon the transfer of your personal data in the following ways:

– email from an employee of Soshace referring to the data transferred and their recipient. We may not specify the purposes of transfer if they are clear from the circumstances or already known to you, including by reading through this Policy;

– via private area on the “Soshace” Platform and /or our website (if you have the account);

– by phone, Skype or other similar message.

14. THIRD-PARTY SERVICES THAT WE USE
Our website and the “Soshace” Platform use the installed services that may collect and process your data. Below, you may see the list of the services and the web links to the privacy policies they apply.

(i) We use Google Drive to collect and store files, graphics, and other materials: https://policies.google.com/privacy.

(ii) We use Google Analytics: https://policies.google.com/privacy?hl=en and Yandex.Metrika: https://metrica.yandex.com/about/info/privacy-policy to receive analytics on visitors’ activities on our website and the effectiveness of its content.

(iii) We use Intercom chat, https://www.intercom.com/terms-and-policies#privacy, to communicate with prospective clients and contractors.

(iv) We use the client relationship management (CRM) system HubSpot (https://legal.hubspot.com/privacy-policy) to store, organize, and structure the data of clients and contractors, send them notices and invoices, and perform other actions.

(v) We use services provided by Hunter.io: https://hunter.io/privacy-policy and AmazingHiring: https://amazinghiring.com/privacy/ to search for contact details of prospective clients and contractors. We also use services provided by Headhunter, LLC: https://hh.ru/article/personal_data to search for prospective contractors and receive their CVs and cover letters.

The web links to the privacy policies mentioned above are for your convenience only, and Soshace shall not be responsible for their validity. If any link becomes invalid (for example, the Service Provider changes the URL address of the document), we recommend that you find the document on the Service Provider’s website on your own.

Soshace shall not be responsible for collecting and processing your data by any Service Provider, except when Soshace, acting as a user of such services, may delete information available to us.

You need to contact the aforesaid services directly and follow their privacy policies regarding all matters related to your data processing. Soshace may assist you and perform acts dependent on us as the user of these services, and they require neither legal advice nor legal process nor cause a workload for our staff that, in our opinion, may be significant.

Soshace shall be entitled to refuse the use of any of the aforesaid services and to start using any other without further notice at any time.

15. CROSS-BORDER TRANSFER
Soshace engages skilled contractors from different countries, mainly from LATAM, Europe, and CIS. The data of managers and employees of clients with whom we engage in cooperation via the “Soshace” Platform may be transferred to these countries upon (or before) the conclusion of the service agreements with the contractors.

To ensure the adequate level of protection of the personal data received and/or transferred by Soshace to other countries not providing such level of protection, Soshace may process the data coming from the EU in accordance with the Standard Contractual Clauses for Controllers as approved by the European Commission and available at: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32004D0915 (as amended, superseded or updated from time to time) (“Standard Clauses”). If used by us in specific circumstances, the Standard Clauses shall become an integral part of this Policy.

The Standard Clauses shall be mandatory for you as a contractor if you wish to cooperate via the “Soshace” Platform, subject to the following circumstances:

(i) You are based on the territory of countries that do not belong to the EU or have no adequate level of personal data protection*;

(ii) You receive the data of individuals based on the territory of the EU.

————————–
* The countries with adequate level of personal data protection are: Andorra, Argentina, Canada (commercial organizations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the United States of America (limited to the Privacy Shield framework).

16. POLICY MODIFICATIONS AND UPDATES
This Privacy Policy may be revised periodically without further notice. All the matters of personal data processing by Soshace are governed by this Policy as amended, extended, or reenacted from time to time. We recommend to regularly visiting this page to stay aware of the latest amendments to our Privacy Policy

17. CONTACT US
You may address all complaints, inquiries, and requests for rectifications, modification, or deletion of your data, as well as any other information relevant to your personal data, to [email protected].