Softpatch is committed to protecting the privacy and personal data of all individuals in the European Union (EU) and European Economic Area (EEA) in compliance with the General Data Protection Regulation (GDPR). This page outlines our GDPR compliance measures and your rights under this regulation.

The GDPR gives individuals in the EU/EEA greater control over their personal data and imposes strict obligations on organizations that process such data. We are fully committed to meeting these requirements and protecting your privacy rights.

1. Data Controller Information

Softpatch, Inc. is the data controller responsible for your personal data. We determine the purposes and means of processing your personal information.

2. Legal Basis for Processing

We process your personal data only when we have a valid legal basis under GDPR. The legal bases we rely on include:

2.1 Consent

We obtain your explicit consent before processing certain types of personal data, such as marketing communications or optional profile information. You can withdraw your consent at any time.

2.2 Contractual Necessity

We process personal data necessary to perform our contract with you, such as providing access to our platform, matching job seekers with opportunities, and processing payments.

2.3 Legitimate Interests

We process data based on our legitimate business interests, such as improving our services, preventing fraud, and ensuring platform security, provided these interests do not override your rights and freedoms.

2.4 Legal Obligations

We process personal data when required to comply with legal obligations, such as tax laws, employment regulations, and court orders.

3. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

3.1 Right of Access

You have the right to request confirmation of whether we process your personal data and to obtain a copy of your data. We will provide this information in a commonly used electronic format.

3.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data. You can update most information directly through your account settings.

3.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data under certain circumstances, such as when the data is no longer necessary for its original purpose or when you withdraw consent.

3.4 Right to Restriction of Processing

You can request that we limit the processing of your personal data in specific situations, such as when you contest the accuracy of the data or object to processing.

3.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

3.6 Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we have compelling legitimate grounds.

3.7 Right to Withdraw Consent

Where we process your data based on consent, you have the right to withdraw that consent at any time. This does not affect the lawfulness of processing before withdrawal.

3.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority in the EU member state of your residence, place of work, or where an alleged infringement occurred.

4. How to Exercise Your Rights

To exercise any of your GDPR rights, you can:

• Access your account settings to update or download your data
• Email us at support@softpatch.online with your request
• Use our dedicated GDPR request form (available in your account)
• Contact our Data Protection Officer directly

We will respond to your request within one month, though this may be extended by two additional months in complex cases. We will inform you of any such extension and the reasons for the delay.

5. Personal Data We Process

We process the following categories of personal data:

5.1 Identity Data

• Name, date of birth, nationality
• Profile photographs
• Government-issued ID (when required for verification)

5.2 Contact Data

• Email address, phone number
• Mailing address
• Social media profiles

5.3 Professional Data

• Work experience, education, qualifications
• Skills, certifications, portfolio
• Resume and cover letters

5.4 Financial Data

• Payment card information (processed by third-party payment processors)
• Billing address and transaction history

5.5 Technical Data

• IP address, browser type, device information
• Cookies and usage data
• Log files and analytics data

6. Data Sharing and Third Parties

We may share your personal data with the following categories of recipients:

• Other Users

  Job seekers and recruiters who use our platform

• Service Providers

  Cloud hosting, payment processing, email delivery, analytics

• Legal and Regulatory Authorities

  When required by law or to protect our rights

• Business Partners

  With your consent for specific services or integrations

All third-party service providers are required to implement appropriate security measures and process personal data only as instructed by us and in compliance with GDPR.

7. International Data Transfers

As we operate globally, your personal data may be transferred to and processed in countries outside the EU/EEA, including the United States. We ensure such transfers comply with GDPR through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with third-party processors
• Adequacy decisions by the European Commission
• Additional safeguards such as encryption and access controls

You can request a copy of the safeguards we have in place for international transfers by contacting our Data Protection Officer.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• Active accounts: Data retained while your account remains active
• Closed accounts: Data deleted within 90 days unless legal obligations require retention
• Financial records: Retained for 7 years to comply with tax and accounting laws
• Marketing data: Retained until you opt out or withdraw consent
• Legal claims: Data retained for the statute of limitations period

9. Security Measures

We implement technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit (TLS/SSL) and at rest (AES-256)
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection and security
• Incident response and breach notification procedures
• Regular backups and disaster recovery plans

10. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
• Notify affected individuals without undue delay if the breach is likely to result in a high risk
• Provide information about the nature of the breach, potential consequences, and measures taken
• Take immediate steps to contain and remediate the breach

11. Cookies and Tracking Technologies

We use cookies and similar technologies in compliance with the ePrivacy Directive. We obtain your consent before placing non-essential cookies on your device. You can manage your cookie preferences through:

• Our cookie consent banner when you first visit our website
• Your browser settings to block or delete cookies
• Your account privacy settings

For detailed information about our use of cookies, please refer to our Cookie Policy.

12. Automated Decision-Making and Profiling

We use automated processing and algorithms to match job seekers with opportunities and to improve our services. However, we do not make solely automated decisions that produce legal effects or similarly significantly affect you without human intervention.

You have the right to request human intervention, express your point of view, and contest any automated decision. Our matching algorithms are designed to be transparent, and you can request information about the logic involved in automated processing.

13. Children's Data

Our services are not intended for individuals under the age of 16 (or the applicable age of digital consent in your country). We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without appropriate consent, we will take steps to delete that information promptly.

14. Updates to This Policy

We may update this GDPR compliance statement from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting a notice on our platform or by email. Your continued use of our services after such changes constitutes acceptance of the updated policy.

15. Contact Information

For any questions, concerns, or requests regarding GDPR compliance or to exercise your rights, please contact:

16. Supervisory Authority

If you believe we have not addressed your concerns adequately, you have the right to lodge a complaint with a supervisory authority. You can contact the supervisory authority in:

• The EU member state of your habitual residence
• Your place of work
• The place where the alleged infringement occurred

A list of supervisory authorities can be found at: https://edpb.europa.eu/about-edpb/board/members_en