Privacy Policy

Updated Privacy Policy Effective date: May 25, 2018

Welcome to goLance.com. goLance, Inc. provides an Internet and mobile-based platform designed to assist contractors to efficiently align themselves with the right clients, and for clients to search, hire, manage, track and pay talent, and for contractors to achieve profitably and manage their workload in the most effective way.

This Privacy Policy explains how goLance, its affiliates, assigns, contractors, agents, predecessors, and successors (collectively"goLance," "we," "us" or "our") collect, use, share and protect information in relation to the goLance website(www.golance.com) and any other websites, mobile applications, products, services, or any other software offered by goLance (collectively the"Website"), and your choices with respect to the collection and use of your information.

By using our Website you understand and agree that we are providing a platform for you to post content, including resumes, private information concerning your services, banking information, photos, comments and other materials (collectively "User Content") and to share User Content publicly. This means that other individuals who visit or utilize the Website ("Users") may search for, see, use, or share any of your User Content that you make publicly available through the Website, consistent with the terms and conditions of this Privacy Policy and our Terms of Use (which can be found at https://www.golance.com/terms-of-service).

1. Information Collected

goLance collects information that you provide in utilizing the Website in addition to information that is occasioned by your use of the Website.

Information you provide us directly:

  • Your username, password and e-mail address when you register to use the Website.
  • User Content that you post to the Website.
  • Communications between you and goLance or between you and any other User.
  • If you use the Website to make or receive payments, we will also collect certain payment information, such as credit card, PayPal or other financial account information, and billing address.
  • We may collect personal information, such as your date of birth, or taxpayer identification number, to validate your identity or as may be required by law, such as to complete tax filings ("Personal Information"). We may request documents to verify this information, such as a copy of your government-issued identification or photo or a billing statement.
  • You may create a profile, which consists of information about you, and may include Personal Information, photographs, examples of your work, information on work previously performed via the Service and outside the Service, skills, tests taken, test scores, hourly pay rates, feedback/rating information and other information, including your username ("Profile").

Information collected by Third Parties:

  • We use third-party analytics tools to help us measure traffic and usage trends for the Website. These tools collect information sent by your device or Website, including the web pages you visit, add-ons, and other information that assists us in improving the Website. We collect and use this analytics information with analytics information from other users so that it cannot reasonably be used to identify any particular individual User.

Cookies and similar technologies:

  • When you visit the Website, we may use cookies and similar technologies like pixels, web beacons, and local storage to collect information about how you use the Website and provide features to you.
  • We may ask advertisers or other partners to serve ads or services to your devices, which may use cookies or similar technologies placed by us or the third party.

Log file information:

  • Log file information is automatically reported by your browser each time you make a request to access (i.e., visit) a web page or app. It can also be provided when the content of the webpage or app is downloaded to your browser or device.
  • When you use the Website, our servers automatically record certain log file information, including your web request, Internet Protocol ("IP") address, browser type, referring / exit pages and URLs, number of clicks and how you interact with links on the Service, domain names, landing pages, pages viewed, and other such information. We may also collect similar information from emails sent to our users which then help us track which emails are opened and which links are clicked by recipients. The information allows for more accurate reporting and improvement of the Website.

Device identifiers:

  • When you use a mobile device like a tablet or phone to access the Website, we may access, collect, monitor, store on your device, and/or remotely store one or more "device identifiers." Device identifiers are small data files or similar data structures stored on or associated with your mobile device, which uniquely identify your mobile device. A device identifier may be data stored in connection with the device hardware, data stored in connection with the device's operating system or other software, or data sent to the device by goLance.
  • A device identifier may deliver information to us or to a third party partner about how you browse and use the Website and may help us or others provide reports or personalized content and ads. Some features of the Website may not function properly if use or availability of device identifiers is impaired or disabled.

Metadata:

  • Metadata is usually technical data that is associated with User Content. For example, Metadata can describe how, when and by whom a piece of User Content was collected and how that content is formatted.
  • Users can add or may have Metadata added to their User Content including a hashtag (e.g., to mark keywords when you post a photo), geotag (e.g., to mark your location to a photo), comments or other data. This makes your User Content more searchable by others and more interactive. If you geotag your photo or tag your photo using other's APIs then, your latitude and longitude will be stored with the photo and searchable (e.g., through a location or map feature) if your photo is made public by you in accordance with your privacy settings.

2. How Information is Stored

Your information collected through the Website may be stored and processed in the United States or any other country in which goLance, the businesses that are legally part of the same group of companies that goLance is part of, or that become part of that group ("Affiliates"), or third-party organizations that help us provide the Website to you ("Service Providers"). goLance, its Affiliates, and/or Service Providers may transfer information that we collect about you, including personal information across borders and from your country or jurisdiction to other countries or jurisdictions around the world. Personally identifiable information from residents of the European Union, other European Economic Area countries are protected in accordance with applicable law. By registering for and using the Website you consent to the transfer of information to the U.S. or to any other country in which goLance, its Affiliates or Service Providers maintain facilities and the use and disclosure of information about you as described in this Privacy Policy.

We use commercially reasonable safeguards to help keep the information collected through the Website secure and take reasonable steps (such as requesting a unique password) to verify your identity before granting you access to your account. However, we cannot ensure the security of any information you transmit to goLance or is otherwise posted on the Website or guarantee that information on the Website may not be accessed, disclosed, altered, or destroyed.

Please do your part to help us. You are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to emails between you and goLance, at all times. Your privacy settings may also be affected by changes the social media services you connect to goLance make to their services. We are not responsible for the functionality, privacy, or security measures of any other organization.

3. How Your Information May be Used

In addition to some of the specific uses of information we describe in this Privacy Policy, we may use information that we receive to:

  • help you efficiently access your information after you sign in
  • remember information so you will not have to re-enter it during your visit or the next time you visit the Website
  • provide personalized content and information to you and others, which could include online ads or other forms of marketing
  • provide, improve, test, and monitor the effectiveness of our Website
  • develop and test new products and features
  • monitor metrics such as total number of visitors, traffic, and demographic patterns
  • diagnose or fix technology problems
  • automatically update the Website or other services related to the Website

We will not rent or sell your information to third parties outside of goLance (provided goLance may transfer information among the various companies that it works with) without your consent, except as noted in this Policy.

Parties with whom we may share your information:

We may share User Content and your information (including but not limited to, information from cookies, log files, device identifiers, location data, and usage data) with goLance’s Affiliates. Affiliates may use this information to help provide, understand, and improve the Website (including by providing analytics) and Affiliates' own services (including by providing you with better and more relevant experiences). But these Affiliates will honor the choices you make about who can see your photos.

We also may share your information as well as information from tools like cookies, log files, and device identifiers and location data, with Services Providers. Our Website Providers will be given access to your information as is reasonably necessary to provide the Website under reasonable confidentiality terms.

We may also share certain information such as cookie data with third-party advertising partners. This information would allow third-party ad networks to, among other things, deliver targeted advertisements that they believe will be of most interest to you.

We may remove parts of data that can identify you and share anonymized data with other parties. We may also combine your information with other information in a way that it is no longer associated with you and share that aggregated information.

Parties with whom you may choose to share your User Content:

  • Any information or content that you voluntarily disclose for posting to the Website, such as User Content, becomes available to the public, as controlled by any applicable privacy settings that you set.
  • Any User Content that you make public is searchable by other users.
  • If you remove information that you posted to the Website, copies may remain viewable in cached and archived pages of the Website, or if other users or third parties using the Website have copied or saved that information.

What happens in the event of a change of control:

  • If we sell or otherwise transfer part or the whole of goLance or our assets to another organization (e.g., in the course of a transaction like a merger, acquisition, bankruptcy, dissolution, liquidation), your information such as name and email address, User Content and any other information collected through the Website may be among the items sold or transferred. You will continue to own your User Content. The buyer or transferee will have to honor the commitments we have made in this Privacy Policy.
Responding to legal requests and preventing harm:

  • We may access, preserve and share your information in response to a legal request (like a search warrant, court order or subpoena) if we have a good faith belief that the law requires us to do so. This may include responding to legal requests from jurisdictions outside of the United States where we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards. We may also access, preserve and share information when we have a good faith belief it is necessary to: detect, prevent and address fraud and other illegal activity; to protect ourselves, you and others, including as part of investigations; and to prevent death or imminent bodily harm. Information we receive about you may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm.

4. Third Party Services

We are not responsible for the practices employed by any websites or services linked to or from our Website, including the information or content contained within them. Please remember that when you use a link to go from our Website to another website or service, our Privacy Policy does not apply to those third-party websites or services. Your browsing and interaction on any third-party website or service, including those that have a link on our website, are subject to that third party's own rules and policies. In addition, you agree that we are not responsible and do not have control over any third- parties that you authorize to access your User Content. If you are using a third-party website or service and you allow them to access your User Content you do so at your own risk.

5. Third Party sites and Services

Our Website may contain links to other websites or services. If you choose to click on a third party link, you will be directed to that third party’s website. The fact that we link to a website is not an endorsement, authorization or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not exercise control over third party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit Personal Information from you. We encourage you to read the privacy policies or statements of the other websites you visit.

6. Changes to Our Privacy Policy

goLance may modify or update this Privacy Policy from time to time, so please review it periodically. We may provide you additional forms of notice of modifications or updates as appropriate under the circumstances. Your continued use of the Website after any modification to this Privacy Policy will constitute your acceptance of such modification.

7. Your information and Rights

You have the right to request access to the personal information that goLance holds about you. You may also request to correct or update out-of-date or inaccurate personal information that we hold about you. Your information can most easily be accessed by logging into your goLance online profile. There you have the ability to access and update various information that we collect about you such as contact information and email communication. You may request a copy of this information by contacting our Data Protection Officer/Privacy Office at legal@golance.com.

You may also delete your personal information by making updates to your information through your online account or by contacting our Data Protection Officer/Privacy Office at legal@golance.com. If you have deleted information from your profile, your account may have become deactivated and we may no longer have access to all prior information. It is not always possible to completely remove or delete information from our databases. Bear in mind that neither you nor goLance can delete all copies of information that has been previously shared with others on the Service. We may reject requests that are unreasonable or not required by law.

8. Personal data breach notification policy

  1. Introduction

    1.1 This policy sets out the policies and procedures of goLance(the "company") with respect to detection of personal data breaches, responding to personal data breaches and notification of personal data breaches to supervisory authorities, data controllers and data subjects.

    1.2 When dealing with personal data breaches, the company and all company personnel must focus on protecting individuals and their personal data, as well as protecting the interests of the company.

  2. Definitions

    2.1 In this policy:

    • (a) "appointed person" means the individual primarily responsible for dealing with personal data breaches affecting the company, being the Legal Team;
    • (b) "data controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
    • (c) "data processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
    • (d) "data subject" means an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
    • (e) "personal data" means any information relating to a data subject;
    • (f) "personal data breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed by the company (including any temporary or permanent loss of control of, or inability to access, personal data); and
    • (g) "supervisory authority" means the Information Commissioner's Office of the United Kingdom.

  3. Detection of personal data breaches

    • 3.1 The company has put in place technological measures to detect incidents which may result in personal data breaches. As at the date of this policy, those measures include reasonable administrative and managerial measures to safeguard your personal information against loss, left and unauthorized access, use and modification.
    • 3.2 The company has put in place organisational measures to detect incidents which may result in personal data breaches. As at the date of this policy, those measures include reasonable administrative and managerial measures to safeguard your personal information against loss, left and unauthorized access, use and modification.
    • 3.3 The company shall regularly review the technical and organisational measures it uses to detect incidents which may result in a personal data breach. Such reviews shall be carried out at least annually.

  4. Responding to personal data breaches

    • 4.1 All personnel of the company must notify the appointed person immediately if they become aware of any actual or possible personal data breach. This obligation shall be included in the staff handbook of the company.
    • 4.2 The appointed person is primarily responsible for investigating possible and actual personal data breaches and for determining whether any notification obligations apply. Where notification obligations apply, the appointed person is responsible for notifying the relevant third parties in accordance with this policy.
    • 4.3 All personnel of the company must cooperate with the appointed person in relation to the investigation and notification of personal data breaches. This obligation shall be included in the staff handbook of the company.
    • 4.4 The appointed person must determine whether the company is acting as a data controller and/or a data processor with respect to each category of personal data that is subject to a personal data breach. The company is likely to act as a data controller in relation to the following categories of personal data: name, email address and/or telephone number.The company is likely to act as a data processor in relation to the following categories of personal data: payment information.
    • 4.5 The steps to be taken by the appointed person when responding to a personal data breach may include:

      • (a) ensuring that the personal data breach is contained as soon as possible;
      • (b) assessing the level of risk to data subjects as soon as possible;
      • (c) gathering and collating information from all relevant sources;
      • (d) considering relevant data protection impact assessments;
      • (e) informing all interested persons within the the company of the personal data breach and the investigation;
      • (f) assessing the level of risk to the company; and
      • (g) notifying supervisory authorities, data controllers, data subjects and others of the breach in accordance with this policy.

    • 4.6 The appointed person shall keep a full record of the response of the company to a personal data breach, including the facts relating to the personal data breach, its effects and the remedial action taken. This record shall form part of the personal data breach register of the company.

  5. Notification to supervisory authority

    • 5.1 This section 5 applies to personal data breaches affecting personal data with respect to which the company is acting as a data controller.
    • 5.2 The company must notify the supervisory authority of any personal data breach to which this section 5 applies without undue delay and, where feasible, not later than 72 hours after the company becomes aware of the breach, save as set out in subsection 5.4.
    • 5.3 Personal data breach notifications to the supervisory authority must be made by the appointed person using the form set out in schedule 1 (Notification of personal data breach to supervisory authority). The completed form must be sent to the supervisory authority by secure and confidential means. The appointed person must keep a record of all notifications, and all other communications with the supervisory authority relating to the breach, as part of the personal data breach register of the company.
    • 5.4 The company will not notify the supervisory authority of a personal data breach where it is unlikely to result in a risk to the rights and freedoms of natural persons. The appointed person shall be responsible for determining whether this subsection 5.4 applies, and the appointed person must create a record of any decision not to notify the supervisory authority. This record should include the appointed person's reasons for believing that the breach is unlikely to result in a risk to the rights and freedoms of natural person. This record shall be stored as part of the personal data breach register of the company.
    • 5.5 To the extent that the company is not able to provide to the supervisory authority all the information specified in schedule 1 (Notification of personal data breach to supervisory authority) at the time of the initial notification to the supervisory authority, the company must make all reasonable efforts to ascertain the missing information. That information must be provided to the supervisory authority, by the appointed person, as and when it becomes available. The appointed person must create a record of the reasons for any delayed notification under this subsection 5.5. This record shall be stored as part of the personal data breach register of the company.
    • 5.6 The company must keep the supervisory authority informed of changes in the facts ascertained by the company which affect any notification made under this section 5.

  6. Notification to data controller

    • 6.1 This section 6 applies to personal data breaches affecting personal data with respect to which the company is acting as a data processor.
    • 6.2 The company must notify the affected data controller(s) of any personal data breach to which this section 6 applies without undue delay and, where feasible, not later than 72 hours after the company becomes aware of the breach. In addition, the company must comply with the provisions of the contract(s) with the affected data controller(s) relating to such notifications.
    • 6.3 Personal data breach notifications to the affected data controller(s) must be made by the appointed person using the form set out in schedule 2 (Notification of personal data breach to data controller). The completed form must be sent to the affected data controller(s) by secure and confidential means. The appointed person must keep a record of all notifications, and all other communications with the affected data controller(s) relating to the breach, as part of the personal data breach register of the company.
    • 6.4 To the extent that the company is not able to provide to the affected data controller(s) all the information specified in schedule 2 (Notification of personal data breach to data controller) at the time of the initial notification to the affected data controller(s), the company must make all reasonable efforts to ascertain the missing information. That information must be provided to the affected data controller(s), by the appointed person, as and when it becomes available.

  7. Notification to data subjects

    • 7.1 This section 7 applies to personal data breaches affecting personal data with respect to which the company is acting as a data controller.
    • 7.2 Notifications to data subject under this section 7 should, where appropriate, be made in consultation with the supervisory authority and in accordance with any guidance given by the supervisory authority with respect to such notifications.
    • 7.3 The company must notify the affected data subjects of any personal data breach to which this section 7 applies if the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, save as set out in subsection 7.5.
    • 7.4 Personal data breach notifications to the affected data subjects must be made by the appointed person in clear and plain language using the form set out in schedule 3 (Notification of personal data breach to data subject). The completed form must be sent to the affected data subjects by appropriate means. The appointed person must keep a record of all notifications, and all other communications with the affected data subjects relating to the breach, as part of the personal data breach register of the company.
    • 7.5 The company has no obligation to notify the affected data subject of a personal data breach if:

      • (a) the company has implemented appropriate technical and organisational protection measures (in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption), and those measures have been applied to the personal data affected by the personal data breach;
      • (b) the company has taken subsequent measures which ensure that a high risk to the rights and freedoms of data subjects is no longer likely to materialise;
      • (c) it would involve disproportionate effort (in which case, there shall instead be a public communication or similar measure whereby the data subjects are informed in an equally effective manner),

      providing that the appointed person shall be responsible for determining whether this subsection 7.5 applies, and the appointed person must create a record of any decision not to notify the affected data subjects. This record should include the appointed person's reasons for believing that the breach does not need to be notified to the affected data subjects. This record shall be stored as part of the personal data breach register of the company.

    • 7.6 If the company is not required by this section 7 to notify affected data subjects of a personal data breach, the company may nonetheless do so where such notification is in the interests of the company and/or the affected data subjects.

  8. Other notifications

    • 8.1 Without affecting the notification obligations set out elsewhere in this policy, the appointed person should also consider whether to notify any other third parties of a personal data breach. Notifications may be required under law or contract. Relevant third parties may include:

      • (a) the police;
      • (b) other law enforcement agencies;
      • (c) insurance companies;
      • (d) professional bodies;
      • (e) regulatory authorities;
      • (f) financial institutions; and/or
      • (g) trade unions or other employee representatives.

  9. Reviewing and updating this policy

    • 9.1 Legal Team shall be responsible for reviewing and updating this policy.
    • 9.2 This policy must be reviewed and, if appropriate, updated annually on or around May 25.
    • 9.3 This policy must also be reviewed and updated on an ad hoc basis if reasonably necessary to ensure:

      • (a) the compliance of the company with applicable law, codes of conduct or industry best practice;
      • (b) the security of data stored and processed by the company; or
      • (c) the protection of the reputation of the company.

    • 9.4 The following matters must be considered as part of each review of this policy:

      • (a) changes to the legal and regulatory environment;
      • (b) changes to any codes of conduct to which the company subscribes;
      • (c) developments in industry best practice;
      • (d) any new data collected by the company;
      • (e) any new data processing activities undertaken by the company; and
      • (f) any security incidents affecting the company.

9. Contact Us

If you have any questions about this Privacy Policy or the Website, please submit a request at legal@golance.com.