Privacy Notice

1. What is the purpose of this privacy notice?

  1. 1.1. GoWorkaBit (hereinafter we or us) is a flexible work platform that connects job seekers (hereinafter workers) with businesses (hereinafter companies) offering short-term and long-term work opportunities, allowing people to find work opportunities that fit their schedules.
  2. 1.2. We value your privacy and are committed to protecting your personal data. We process your personal data in accordance with the General Data Protection Regulation (the GDPR) and other applicable laws.
  3. 1.3. This privacy notice explains how we process, including collect, use and retain, your personal data when you or the legal entity you represent conclude a contract with us, including when you create an account on our platform, when you visit our website, when you communicate with us, or engage in any other actions that involve us receiving and processing your personal data.
  4. 1.4. If you disclose any personal data regarding any third parties, such as your employee, you are obligated to refer them to this privacy notice.

2. Who is the data controller of your personal data?

  1. 2.1. Controller of the personal data is a person, who determines the purposes and means of the processing of the personal data.
  2. 2.2. For the personal data processing activities described in this privacy notice, the controller of your personal data depends on the country in which you communicate, enter into a contract and perform work in. If you do so in Estonia, the controller is GoWorkaBit Estonia OÜ, a company registered under the laws of Estonia, with registry code 12679310. If you do so in Lithuania, the controller is UAB GoWorkaBit Lithuania, a company registered under the laws of Lithuania, with registry code 307139176.
  3. 2.3. If you have any questions on how we process personal data or wish to exercise your data subject rights, please contact us by writing to info@goworkabit.com.

3. What personal data do we process?

  1. 3.1. Personal data is any information that can be used to directly or indirectly identify you as an individual. We may process your following personal data:
    Category of personal data Types of personal data
    Worker Account Data
    • name
    • birthday
    • identification code
    • address
    • e-mail address
    • phone number
    • CV
    • information regarding application of tax exemption
    • bank account data, including IBAN
    If you create or connect your account with your Facebook or Google account:
    • name
    • profile picture
    • e-mail address
    Worker Application Data
    • name
    • identification code
    • residence address
    • information, including work experience, studies and skills
    • picture
    • motivational letter
    • phone number
    Worker Contract Data
    • health certificate (if necessary)
    • dates of service provision
    • place of work
    • completed work hours
    • amount, frequency and calculation basis of payments, including hours worked, payroll deductions
    Company Representative Data
    • name
    • e-mail address
    • phone number
    • the legal entity you represent
    • your position
    Survey and Feedback Data
    • survey and questionnaire responses, including answers to questions about your experience or motivation for joining the platform, country and city where you wish to work or provide work
    • feedback
    Communication Data
    • name
    • e-mail address
    • phone number
    • the legal entity you represent
    • your position
    • date and time of the communication
    • your message
    Marketing Data
    • name
    • e-mail address
    • phone number
    • the legal entity you represent
    • your position
    • obtained consent
    Usage Data
    • user ID
    • actions made, attributes to that action
    • error logs
    • clickstream data
    • session duration
    • user agent string
    • page load times
    Log Data
    • session ID
    • IP address
    • device information
    • date and time of your visit
    • visited pages and screens
    • referrer URL
    • session duration
    • geolocation data
    • network data
    Cookie Data We use cookies on our website, which may process, including collect, your personal data. For further information, please see the cookie banner.
  2. 3.2. If you do not provide the necessary data, we may not be able to contact you, conclude a contract with you or the legal entity you represent or fulfil any other purposes provided in this privacy notice.

4. What are the sources from where we collect your personal data?

  1. 4.1. We may collect the personal data:
    1. 4.1.1. from you, for example if you create account on our platform or contact us;
    2. 4.1.2. when you use our platform or visit the website, by generating the personal data;
    3. 4.1.3. from third parties, for example from the legal entity you represent, the person who invited you to our platform, social media platform provider if you create or connect your account with your social media account.

5. What are the purposes and legal basis of processing?

  1. 5.1. The legal basis for processing your personal data is determined by the purpose and context in which the data is collected. We may process your personal data for the following purposes and legal basis:
    Processing purpose Legal basis Category of personal data Retention Period
    Handling pre-contractual negotiations and communications, including receiving a consultation If we conclude a contract with an individual: taking and implementing pre-contractual measures of the potential contract to be concluded between us

    If we conclude a contract with a legal entity: our legitimate interest in taking and implementing pre-contractual measures of the potential contract to be concluded between the legal entity you represent and us    		 Worker Account Data
    Worker Application Data
    Company Representative Data
    Communication Data    		 Not more than 2 years following the last sign-in to the user account on GoWorkaBit platform
    Performing the contract, including managing the contractual relationship, providing and administering the platform, managing account, responding to communications, monitoring the fulfilment of the contract, paying out amounts due If we concluded a contract with an individual: performing the contract concluded between us

    If we process special categories of personal data (health certificate): performance of applicable legal obligation (communicable diseases prevention – for Estonia: legal obligations stemming from Communicable Diseases Prevention and Control Act; for Lithuania: legal obligations stemming from Law on Safety and Health at Work of the Republic of Lithuania, Law on the Health System of the Republic of Lithuania)

    If we concluded a contract with a legal entity: our legitimate interest in performing the contract concluded between the legal entity you represent and us    		 Worker Account Data
    Worker Application Data
    Worker Contract Data
    Company Representative Data
    Communication Data    		 Estonia: in case of service and assignment agreement: 3,5 years after contract completion; accounting source documents: 7 years as of the end of the financial year when the transaction was recorded

    Lithuania: in case of employment contract: up to 50 years, precise period being determined according to the General Index of Document Retention Periods, approved by the Chief Archivist of Lithuania by Order No. V-100 of 9 March 2011; in case of a contract with a legal entity: 10 years after contract completion
    Handling, reviewing, and responding to communications Our legitimate interest in ensuring effective communication Communication Data Not more than 2 years following the last sign-in to the user account on GoWorkaBit platform
    Receiving and analysing feedback and usage data to improve and enhance the platform and its services Our legitimate interest in improving, upgrading, personalising and enhancing our platform and services Worker Account Data
    Company Representative Data
    Survey and Feedback Data
    Usage Data
    Log Data    		 Not more than 2 years following the last sign-in to the user account on GoWorkaBit platform
    Providing access to the website, and diagnosing and resolving technical issues Our legitimate interest in operating, maintaining, and improving the platform and website, including ensuring security, diagnosing technical issues, and providing a stable and reliable service Usage Data
    Log Data    		 Not more than 2 years following the last sign-in to the user account on GoWorkaBit platform
    Conducting direct marketing to promote our services Consent Marketing Data Until the consent is revoked, but not more than 2 years following the last sign-in to the user account on GoWorkaBit platform
    Conducting direct marketing for existing workers and companies regarding similar services Our legitimate interest in promoting our platform and our services Marketing Data Not more than 2 years following the last sign-in to the user account on GoWorkaBit platform
    Measuring the effectiveness of marketing tools Our legitimate interest in improving the efficiency of marketing tools Marketing Data Not more than 2 years following the last sign-in to the user account on GoWorkaBit platform
    Storing information containing personal data in our backup systems Our legitimate interest in ensuring the continuity and security of data processing operations All data categories (as necessary) Same period as for original data
    Complying with legal or regulatory obligations or requests Performance of legal obligation All data categories (as necessary) Estonia: precise period is determined according to the applicable legal obligation

    Lithuania: precise period is determined according to the General Index of Document Retention Periods, approved by the Chief Archivist of Lithuania by Order No. V-100 of 9 March 2011
    Establishing, exercising, or defending legal claims, whether in court, administrative, or out-of-court proceedings Our legitimate interest in protection our, our clients' and/or employees' rights All data categories (as necessary) Estonia: 3,5 years after contract completion

    Lithuania: 10 years after contract completion

6. To whom may we transfer your personal data?

  1. 6.1. We may share your personal data with the following recipients:
    1. 6.1.1. companies who provide work opportunities;
    2. 6.1.2. service providers: accounting service provider, customer support service provider, marketing tools service provider;
    3. 6.1.3. business partners: to carry out joint ventures and collaborations to enhance business offerings;
    4. 6.1.4. our affiliates: to enhance operational efficiency, collaborate on product development, and ensure compliance and risk management across the organization;
    5. 6.1.5. public sector authorities, including supervisory and law enforcement authorities: to fulfil our statutory obligation, a court order, to establish exercise or defend our legal rights or in other cases where this is necessary to prevent and deter unlawful acts;
    6. 6.1.6. professional advisors: to maintain compliance, manage risks, and make informed decisions;
    7. 6.1.7. legal successors and/or potential acquirers: to facilitate business transitions such as mergers, acquisitions, or restructuring, ensuring continuity and compliance during the transfer of business operations and assets.
  2. 6.2. If we transfer personal data to recipients located outside the European Union or European Economic Area (hereinafter the EU/EEA), we implement safeguards, such as standard contractual clauses approved by the European Commission, to ensure that your personal data receives a level of protection comparable to that within the EU/EEA. Upon request, we will provide additional information regarding the safeguards in place.

7. How long do we retain your personal data?

  1. 7.1. We retain your personal data for as long as is necessary for the purposes set out in this privacy notice or until the legal obligation stipulates that we do so (for more precise data retention periods see table in section 5 hereabove). When determining the retention period for personal data, we consider the type of personal data being processed, including its nature and sensitivity, the purpose of processing, whether the purpose can be achieved by other means, and the potential risks and impact associated with personal data breaches. We also take into consideration the need to resolve disputes and enforce contracts.
  2. 7.2. Following the retention period, or if the respective personal data is no longer necessary for the processing purposes, we will erase the data, unless retention is required for compliance with legal obligations or for the establishment, exercise, or defence of legal claims.

8. What are your rights as a data subject?

  1. 8.1. As a data subject, you have the following rights, which you may exercise at any time, subject to the limitations imposed by applicable data protection laws:
    1. 8.1.1. Right to access: you have the right to request access, including receive a copy, of your personal data;
    2. 8.1.2. Right to rectification: you have the right to request that we correct any of your personal data if we process inaccurate or incomplete personal data. You can also update or modify your personal data at any time via your account settings on the platform;
    3. 8.1.3. Right to erasure: you have the right to request that we delete your personal data, for example when the personal data is no longer necessary for the purposes for which it was collected, the personal data has been unlawfully processed or if the personal data must be erased for compliance with a legal obligation to which we are subject to. You can delete your account at any time via your account settings on the platform;
    4. 8.1.4. Right to restrict the processing: you have the right to request that we restrict certain processing of your personal data, for example if the accuracy of the personal data is contested by you or if we no longer need your personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
    5. 8.1.5. Right to data portability: you have the right to receive your personal data which you have provided to us, in a structured, commonly used and machine-readable format and transmit those data to another controller if the processing is based on consent or on a contract and the processing is carried out by automated means;
    6. 8.1.6. Right to object: you have the right to object to the processing of your personal data, for example if we process your personal data for marketing purposes or when processing is based on our legitimate interests;
    7. 8.1.7. Right to withdraw your consent: if the processing of your personal data is based on your consent, you have the right to withdraw that consent at any time. The withdrawal of your consent does not affect the lawfulness of the processing of your personal data prior to the withdrawal;
    8. 8.1.8. Right to submit a complaint to a data protection authority: if you are not satisfied with our response to your request, or if you believe we are processing your personal data in violation of applicable law, you have the right to submit a complaint to your local data protection authority. In Estonia it is the Data Protection Inspectorate (www.aki.ee, info@aki.ee), and in Lithuania, the State Data Protection Inspectorate (www.vdai.lrv.lt, ada@ada.lt).
  2. 8.2. To exercise the above rights, please contact us as specified in Section 2 of this privacy notice. Please note that you should supply us with adequate information for us to respond to your requests. Prior answering your request, we may ask you to provide additional information for the purposes of authenticating you and evaluating your request.

9. Updates to this privacy notice

  1. 9.1. We may update or modify this notice from time to time to reflect changes in our personal data processing practices. The most recent version of the notice will always be available on this webpage. Please revisit this page regularly, especially before providing any new personal data.