Last updated as of 09/28/2022.
We at Refer.Dev (“Platform”, “we,” “us,” or “our”) respect your privacy and therefore aim to equip you with the best understanding of our privacy practices and assure you that your data will remain secure. This Privacy Policy (“Policy”) describes, among other things, the categories of personal data we collect, how we use it, and which rights you have with respect to your personal data.
Please read this Policy carefully. This Policy applies to you when you visit our website at: https://refer.dev/(“Site”) and subdomains in order to simply surf the Site, contact us or register on the Site.
The provisions of this Policy shall be interpreted in conjunction with (1) our Terms of Use and (2) respective User Agreement.
1. Definitions
We use the following definitions in this Policy:
“Platform” shall mean an online platform Refer.Dev located on the Site, through which you may obtain Services as defined in our Terms of Use.
“Customer” shall mean an individual entrepreneur or legal entity who signs up to the Platform to place Vacancies and receive other Services.
“Recruiter” shall mean an individual who is authorized by the Customer to act on its behalf.
“Seeker” shall mean collectively the Customer and Recruiter.
“Referrer” shall mean an individual, individual entrepreneur or legal entity who signs up to the Platform to provide Recommendations and receive other Services.
“Specialist” shall mean a person who is a specialist in a certain area and whose contact details and CV are provided in a relevant Recommendation.
“Recommendation” shall mean a recommendation containing contact details and CV of a Specialist provided by the Referrer to the Seeker under corresponding Vacancy.
“Vacancy” shall mean an announcement on the search for service providers to participate in the Customer’s project, which contains requirements to a Specialist and terms of a Reward payment.
“Account” shall mean a unique account registered by you to enable access and use of the Platform and its Services as defined in our Terms of Use.
“Visitor” shall mean a person who simply surfs the Site without creating an Account.
“data controller” shall mean the natural or legal person who (either alone or jointly with others) determines the purposes and means of the processing of personal data.
“data processor” shall mean the natural or legal person who processes personal data on behalf of the data controller.
“data subject” shall mean any living individual who uses our Site.
“personal data” shall mean any information relating to you and helping identify you (directly or indirectly) such as your name, last name, email, location data, etc.
“processing” shall mean any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“third party” shall mean a natural or legal person, public authority, agency or body other than the data subject, data controller, data processor and persons who, under the direct authority of the data controller or data processor, are authorized to process personal data.
2. General
We divided the typical use scenario of the Site into several roles: the Customer and the Recruiter (hereinafter together referred to as the “Seeker”), the Referrer and the Visitor. Depending on your use case, you can be attributed to one of them as described above.
|
We act as a data controller in relation to the personal data you provide to us while using the Site. We act as a data processor in relation to the personal data contained in Recommendations provided to us by the Referrer. In this case, the Referrer is a data controller of such personal data. |
When you submit the personal data through our Site, we may ask for your consent to some kind of processing of the personal data you provide, as described in this Policy, to enable us to provide you with the requested information or services, if no other legal ground can be used.
We do not aim to and do not knowingly collect nor process data of persons under the age of 16 without parental consent. If we become aware that we have inadvertently collected data of persons under the age of 16 without parental consent, we will take reasonable steps to delete it as soon as possible, unless we obtain the legal guardian’s permission. If you are a parent or legal guardian and you learn that your child is using our Site and you do not want it to, please contact us via “Contact Us” form on the Site.
3. What Data Do We Collect
We collect personal data you provide to us directly, such as the information you enter yourself, and personal data we obtain automatically, such as information about your device and what parts of our Site you interact with.
We use your personal data collected through the Site only for the purposes listed in this Policy. We may share your personal data with third parties solely as defined herein. We do not use automated decision-making and profiling.
We collect the following data of the Seeker and the Referrer:
| Type of Personal Data | Purposes | Legal basis |
| 1. Contact information of the Referrer (collected via the registration form on the Site): |
| Performance of a contract |
| To record the processing activities under Art. 30 of the General Data Protection Regulation (the “GDPR”) and comply with other applicable laws | Legal obligation | |
| 2. Message information that may contain your personal data, obtained when communicating with us through any channel available on the Site | To respond to your questions and requests submitted to us via the means of communication available on the Site | Performance of a contract |
| To record the processing activities under Art. 30 of the GDPR and comply with other applicable laws | Legal obligation | |
| 3. Automatically created data such as:
| To help us develop and improve the functionality of the Site. | Your consent |
| To ensure the functionality of the Site and to prevent any fraudulent actions or intervention of the malware | Our legitimate interest | |
| To record the processing activities under Art. 30 of the GDPR and comply with other applicable laws | Legal obligation |
We collect the following data of the Visitors:
Automatically created data (as defined above);
Message information (as defined above) in case such Visitors contact us.
We aim to minimize the data we collect about you to the extent strictly necessary to enable you to use our Site or provide you with special features when you give us your consent.
4. Legal Grounds for Use of Your Data
We only process your personal data if we have a lawful basis for doing so. The legal grounds for processing your personal data are as follows:
1. Contractual obligation
We need to process your personal data to perform our obligations under the contract with you e.g., our Terms of Use and relevant User Agreement. When you ask us to get in contact with you, this can be deemed the request of you to form a contract. However, we may ask you to give us a clear consent in case of doubt.
2. Your consent
We collect some kinds of personal data you choose to give us and process it based on the consent you expressly grant to us at the time we collect such data.
We require the minimum amount of your personal data that is necessary to fulfil the purpose of your interaction with our Site.
You may withdraw your consent to the processing of your personal data at any time. Please remember that the withdrawal of consent does NOT automatically mean that the processing before the withdrawal is considered unlawful. You may withdraw the consent to the processing of your personal data by contacting us via the “Contact Us” form available on the Site.
3. Legitimate interest
We process your personal data to prevent any fraudulent actions or security threats and to provide you with the desired information and services. Also we need some data to enable our Site to run smoothly and give you a pleasant user experience. We use only strictly necessary data under this legal ground.
4. Legal obligation
We process your personal data to fulfil the applicable legal obligations arising mainly from the GDPR or national law. If you send us the request to fulfil your rights, we may ask you for some personal data we already have to identify you and achieve compliance with the applicable law.
5. We Use Cookies
Some data listed above (namely, identifiers and usage data) we collect using cookies and other tracking technologies..
Cookies are small pieces of data that websites send to your browser. They are stored on your device, which might be a personal computer, a mobile phone, a tablet or any other device. Cookies help us enhance your user experience and remember your choices and other information, namely as follows:
to recognize your device and settings;
to define you as a unique user to personalize your user experience (e.g. keep the language preference);
to store your preferences and settings;
to analyse your usage of the Site to improve our Site and services;
to ensure the functionality of the Site;
to prevent fraud;
for marketing purposes.
You may opt-out the cookies
You can set your web browser to limit the types of cookies you allow, or refuse cookies altogether. If you do so, please be aware that some or all features of the Site may be unavailable to you, and your experience may be different or less functional.
6. Data Security, Integrity and Retention
We will only store and process your personal data for a reasonable period of time, which is based on the purpose for which we are using your data. Once that purpose has been fulfilled, we will securely delete or anonymize your data (so that we or anyone else, can no longer identify you based on it) unless we are required to retain the data longer to comply with our legal obligations or as expressly permitted by law. However, we may not delete or anonymize your data if we are compelled to keep it under Article 30 of the GDPR and (or) other applicable law.
You may request to delete your personal data by sending us a request via the “Contact Us” form on the Site.
We have implemented appropriate organizational, technical, administrative, and physical security measures that are designed to protect your personal data from unauthorized access, disclosure, use, and modification. We regularly review our security procedures and policies to consider appropriate new technology and methods. Please be aware that, despite our best efforts, no system can be 100% secured from unauthorized access to your data by third parties, but we do our best to early detect and mitigate the likely risks.
7. Data Sharing and Disclosure
We may share your personal data with our contractors, third-party service providers and other third parties. Where possible, we always sign data processing agreements (DPAs) and Non-Disclosure Agreements (NDAs) with our third parties.
Sharing personal data with other data controllers
We may share and disclose your personal data to other data controllers:
Google Ads (Google LLC, USA): to deliver relevant online advertising to you on search results or other websites. You may familiarize yourself with Google privacy policy here.
Sharing personal data with data processors
In some cases, we are unable to provide you with the whole bunch of the Site features and functionalities solely on our own. This is why we may share your data with third parties who perform services on our behalf, like fraud and abuse prevention, data storage and analysis, marketing services, communication tools services, email and hosting services. They will have access to your personal data to the extent necessary to perform their function, but they are prohibited from using your information for other purposes unless you have specifically given them consent to do so.
Therefore, we may share and disclose your personal data to other data processors, namely:
Google Analytics (Google LLC, USA): to analyse statistical data on how the Site visitors use the Site in order to improve our Site’s functionality and your experience. You may familiarize yourself with Google privacy policy here;
Amazon Web Services, AWS (Amazon.com, Inc., USA): to provide secure transfer and storage of personal data on the servers. You may familiarize yourself with AWS privacy policy here;
Our Contractors. Subject to reasonable organizational and technical safeguards, we may disclose some of your personal data to our outsource specialists or employees, namely:
technical specialists to improve our Site and your experience as well as to deliver the functionality of the Site;
sales and marketing specialists to provide you with better client service;
chat managers to communicate with you and respond to your requests;
legal and accounting professionals to make our business accurate and transparent.
8. Transferring Your Personal Data Outside of the European Economic Area
Your personal data may be transferred to the countries outside the EU or the EEA, particularly if our service suppliers and contractors are non-EU/EEA based. Where these countries do not fall under Article 45 of the GDPR on the adequate level of data protection, we may transfer your personal data if the appropriate safeguards were put in place as determined under Article 46 of the GDPR.
These steps include implementing the Standard Contractual Clauses (SCC) approved by the European Commission. We put supplementary measures in place when transferring data outside the EU and the EEA, where appropriate.
In specific situation when we may not rely on the Articles 45 and 46 of the GDPR, we may transfer your personal data under Article 49 of the GDPR on the derogations for specific situations, namely:
your consent;
performance of the contract to which you and we are parties or you asked us to take steps to enter into an agreement;
protection of your vital interests, if applicable.
Disclosure of personal data to other data controllers and/or data processors will be done in accordance with the applicable personal data laws and regulations.
9. What Rights Do You Have Regarding Your Personal Data?
You may enjoy the bunch of rights with respect to your personal data by submitting your request via “Contact Us” form on the Site.
When we act as a data processor with respect to a particular processing of personal data, you may exercise your rights under the GDPR in respect of and against a data controller of such personal data.
Please be aware that in some cases we may ask you to provide us with additional information in order to verify your identity and proceed with your request.
Right of access. You may ask us to provide you with a copy of your personal data collected, along with information regarding the nature, processing and disclosure of that personal data.
Right to rectification. You may ask us to update, correct or supplement the false, missing or incomplete personal data.
Right to erasure (“right to be forgotten”). You may ask us to delete your personal data collected, except for the cases it is prohibited by appropriate laws.
Right to restriction of processing. You may ask us to restrict further processing where: (1) your personal data is not correct or outdated; (2) the processing is unlawful.
Right to data portability. You may ask us to transfer a copy of your personal data to another organization or to you.
Right to object. Where the processing of your personal data is based on the necessity for the performance of a task carried out in the public interest or of our legitimate interests, or for direct marketing purposes, you may raise objections to such processing on grounds relating to your particular situation. This also applies to profiling based on these provisions, if any.
Right to withdrawal of consent. You may withdraw the consent when your personal data are processed upon it (see section Legal Grounds for Use of Your Data).
Right to lodge a complaint. You may lodge a complaint with the supervisory data protection authority pertaining to the processing of your personal data.
10. Limitation of Liability
PLEASE, BE AWARE THAT WE ACT MERELY AS A DATA PROCESSOR IN RELATION TO THE PERSONAL DATA OF SPECIALISTS CONTAINED IN RECOMMENDATIONS, WHICH REFERRERS PROVIDE TO US.
The Referrer is a data controller of such personal data and therefore shall be responsible for implementation of appropriate technical and organizational measures to ensure the safety of personal data contained in Recommendations and to be able to demonstrate that processing is performed in accordance with the applicable data protection laws.
The Referrer consequently shall be liable for obtaining consent to disclose and transfer such personal data to the Platform and the Seeker and shall be able to prove such consent.
The Referrer hereby agrees to hold the Platform harmless of all claims related to the personal data of Specialists contained in Recommendations.
11. Changes to the Privacy Policy
We may update or amend this Policy from time to time due to the implementation of new technologies, in accordance with best practices in our industry, law requirements or for other purposes. We will send a notice to you if these changes are major and we will obtain your consent where required by applicable laws. Such notification may be provided via your email address or announcement on the Site and/or by other means, consistent with applicable law.
In any case, we encourage you to regularly review this Policy to check for any changes.
12. Contact Us
If you have any privacy-related questions or unresolved issues, please do not hesitate to contact us through “Contact Us” form on the Site or other means of communication that are available on the Site.