Privacy Policy

Background Lines 1

PRIVACY NOTICE

Last updated June 11, 2024

We want you to feel comfortable when you are using Internal Talent Marketplace, our software and its underlying functions through our web app and not have to worry about the security of your data. That is why data protection is an important part of our corporate philosophy. 

In this Privacy Policy, you will find all the information about which Personal Data we collect and process and for what purpose. Equally, we will also inform you of your data protection rights and how you can assert them.

General Principles 

What is Personal Data?

Personal Data is “any information relating to an identified or identifiable natural person. This includes, for example, name or address data, telephone number, mobile number, or online identifiers such as your device id and your IP address.

What is Special Category Data?

Special category data is Personal Data that needs more protection because it is sensitive. This includes Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data. As well as, data concerning health, a person’s sex life; and a person’s sexual orientation. In order to lawfully process Special Category Data, it is necessary to consent to the processing.

What is processing?

“Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means. The term is broad and covers virtually any handling of data.

What law applies?

We will only use your Personal Data in accordance with the applicable data protection laws, in particular the UK’s Data Protection Act (“DPA”) and the EU’s General Data Protection Regulation (“GDPR”), and of course only as described in this Privacy Policy.

Who is responsible for data processing?

The responsible party within the meaning of the DPA and the GDPR is Gigged Ltd of BECO Building, 58 Kingston Street, Glasgow G58BP, Scotland (“Gigged Ltd”, “we”, “us”, or “our”). If you have any questions about this policy or our data protection practices, please contact us using [email protected] or write to us at the above address.

What are the Legal Bases for processing Personal Data

In accordance with the DPA and the GDPR, we have to have at least one of the following legal bases to process your Personal Data: a) you have given your consent, b) the data is necessary for the fulfilment of a contract / pre-contractual measures, c) the data is necessary for the fulfilment of a legal obligation, or d) the data is necessary to protect our legitimate interests, provided that your interests are not overridden. 

Who is the competent data protection authority?

The Information Commissioner’s Office – Scotland, Queen Elizabeth House, Sibbald Walk, Edinburgh, EH8 8FT, Telephone: 0303 123 1115 www.ico.org.uk. If you believe that the processing of your Personal Data is not lawful, you can lodge a complaint with a data protection supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach the ICO or any other supervisory authority,

How long and where will you keep my data?

We process and store your Personal Data only for the period of time required to achieve the respective processing purpose or for as long as a legal retention period exists (in particular commercial and tax law in accordance with the UK’s Commercial Law and Fiscal Code). Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted. 

What Personal Data do we process?

Technical Data

When you access our web app, some access data is recorded automatically and stored in a log file on our web app’s server. This means if you browse and simply have a look at our web app, we process a) the IP address of your computer, b) the date and time of your access, c) the name and URL of the accessed file, d) the browser used, e) the amount of bytes transferred, f) the status of the page request, g) the session ID and g) the referrer URL. The legal basis for processing is our legitimate interest.

Contacting us

You can contact us in various ways and data is always collected in the process. You provide us with most of the data that we process when you contact us such as your name, and email address. This data is collected and processed exclusively for the purpose of contacting you and processing your request and then deleted again, provided that there is no legal obligation to retain it. 

Contracting with us

We process the personal data that arises when you use our web app in order to provide our contractual services. In particular, this includes our support, correspondence with you, invoicing, fulfilment of our contractual, accounting and tax obligations. Accordingly, the data is processed on the basis of the fulfilment of our contractual obligations and our legal obligations.

If you register through our web app, we will request mandatory and, where applicable, non-mandatory data in accordance with our registration form (username’ full name, email address, company details, phone number, mailing addresses, job titles). The entry of your data is encrypted so that third parties cannot read your data when it is entered. For the purpose of logging in to our web app, you will provide your password together with your username. We will hold your data for further orders as long as you have your account and user contract with us. 

Alternatively, you are able to sign up using the convenience login and sign up from Google LLC, Facebook (Meta Platforms Inc.). For convenience login and sign up, you will be asked to provide your basic information (i.e., name, email address, and display picture) linked to your account. When registering via convenience functions, you agree to the relevant terms and conditions and consent to certain data from your Google/Facebook profile being transferred to us. 

Lastly, we process data in the context of administrative tasks as well as organisation of our operations, financial accounting and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The purpose and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services.

The legal basis for processing the above is our legitimate interest, the provision or initiation of a contractual service and your consent.

Payment Data

If you take out a subscription, your payment data will be processed via our payment service provider Stripe. Payment data will solely be processed by our payment service provider Stripe and we have no access to any Payment Data you may submit. The legal basis for the provision of a payment system is the establishment and implementation of the user contract for the use of the service.

When using Internal Talent Marketplace and our Services

We process the data involved in your use of our services which may include both Personal Data and Special Category Data (“Service Data”) in order to be able to provide you access to our web app and use of our Services.

We recognise that you own your Service Data and provide you with complete control of your Service Data by providing you the ability to (i) access your Service Data, (ii) share your Service Data through supported third-party integrations, and (iii) request export or deletion of your Service Data. 

When we process Service Data, we become your Data Processor or in other words, we will process the Service Data involved in your use of our SaaS in accordance with your instructions and shall use it only for the purposes agreed between you and us.

We ensure that access by our employees to your data is only available on a need-to-know basis, restricted to specific individuals, and is logged and audited. We communicate our privacy and security guidelines to our employees and enforce privacy and protection safeguards strictly.

Some jurisdictions may require you to disclose your use of our SasS as your processor in your privacy policy and/or data processing agreement as applicable. For this purpose all Service Data processed by us will be processed in accordance with the DPA and GDPR and we take appropriate legal precautions and corresponding technical and organisational measures to ensure the protection of your Service Data.

Further and if you are providing us with Personal Data relating to a third party, you agree a) that you have in place all necessary appropriate consents and b) that such third party has read this Privacy Policy. You agree to indemnify us in relation to all and any liabilities, penalties, fines, awards, or costs arising from your non-compliance with these requirements.

The legal basis for the processing of your Service Data is our obligation to fulfil the contract we have with you. 

Google Calendar Sync and Integration

We collect and store your Google calendar data for calendars you authorise to connect to the Services. This means that if you consent to synchronise your Google calendar with our Services, we may collect (if included in your calendar data) the following Personal Data from your Google Calendar and Google Contacts account: i) Event name; ii) Event date; iii) Event time; iv) Event description; v) Event location; vi) Contacts’ names; vii) Contacts’ email; viii) Contacts’ telephones; ix) Contacts’ organisation; x) Contacts’ postal address; xi) Contacts’ birthday; x) Contacts’ gender. We add/import the following Personal Data from your gigged.ai account to your Google Calendar & Google Contacts account (if included in your calendar data): i) Event name; ii) Event date; iii) Event time; iv) Event description; v) Event location; vi) Contacts’ names; vii) Contacts’ email; viii) Contacts’ telephones; ix) Contacts’ organisation; x) Contacts’ postal address; xi) Contacts’ birthday; x) Contacts’ gender. Through this integration, we will have access to your calendar and any information available there (“ Calendar Data”).

We use your Google Calendar Data to: i) Populate your Google Calendar & Google Contacts data in your gigged.ai account; ii) Populate your Service Data in your Google Calendar & Google Contacts account; iii) Keep your Google Calendar & Google Contacts in sync with your gigged.ai account and vice versa; iv) Send booking confirmation emails, booking cancellation emails, booking update emails or booking reminder emails to the contacts imported from Google Calendar & Google Contacts – prior to sending out such emails your consent will be sought each time.

Notwithstanding anything else in this Privacy Policy, we: i) only use the necessary Calendar Data to provide the Services; i) do not transfer Calendar Data to third parties except as necessary to provide the Services, as required by law, or in connection with a merger, acquisition, or sale of assets where we provide notice to users; iii) do not use Calendar Data for serving advertisements; and iv) do not permit humans to read Calendar Data, except (a) if we obtain your affirmative consent, (b) as necessary for security purposes or to comply with applicable law or (c) our use is limited to internal operations, such as resolving support issues or analysing data to improve the Service. Calendar data is encrypted-in-transit and encrypted-at-rest and never available to sub-processors.

The security of your Google Calendar & Google Contacts’ Personal Data is important to us. We take commercially reasonable measures and follow generally accepted standards to protect the information you provide us, both during transmission and once we receive it. For example, the information you provide is transmitted via encryption using technologies such as secure socket layer technology (SSL). However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee the absolute security of your information.

Google API Services Disclosure: Our use and transfer of information received from Google APIs to any other app will adhere to Google API Service User Data Policy, including its Limited Use requirements. Our web app strictly complies with all conditions specified in the Limited Use policy from Google.


Generative AI Technologies Disclosure: Certain features and functionalities of our Service may be facilitated or powered by Generative AI technologies. We will not use and will not authorise any of our third-party service providers to use your Personal Data (including your Calendar Data or App Data) to train any large language or other AI models unless we have separately and explicitly obtained your prior consent or you have expressly opted into our use of your Personal Data for such purposes through the Services.

We will retain the synced/imported information for as long as your gigged.ai account is active or as needed to provide you with our Services.

The legal basis for the processing of your Calendar Data is your consent. If you wish to close your gigged.ai account or request that we no longer use your Google Calendar & Google Contacts information, please do so within the settings of your gigged.ai account or email us using [email protected].

Support ticket

If you create a support ticket, we will request Personal Data and, where applicable, non-Personal Data in accordance with your request, this may include your name, email address and other order related data you voluntarily provide. The data provided is not shared with third parties and cannot read your data when it is entered. If you submit a support ticket, we process the data for the purpose of processing and handling your ticket. 

Our employees will also have access to data that you knowingly share with us for technical support or to import data into our services. We communicate our privacy and security guidelines to our employees and enforce privacy safeguards strictly. The legal basis of the data processing is our obligation to fulfil the contract and/or our legitimate interest in processing your support ticket. 

Data Sharing

In certain cases, it is necessary to transmit the processed Personal Data in the course of data processing. In this respect, there are different recipient bodies and categories of recipients.

Internal

If necessary, we transfer your Personal Data within Gigged Ltd. Of course, we comply with the associated legal framework and ensure that your data is processed properly. Access to your Personal Data is only granted to authorised employees who need access to the data due to their job, e.g., to provide our services or to contact you in case of queries.

We may also share your Personal Data with our Business Partners for the purposes described in this Privacy Policy, including (but not limited to) conducting the services you request, or customising our business to better meet your needs. 

External bodies

Personal Data is transferred to our service providers in the following instances:

  • in the context of fulfilling our contract with you,
  • to use marketing services and to advertise our services online,
  • to communicate with you,
  • to provide our web app, and 
  • to state authorities and institutions as far as this is required or necessary.

International transfers 

We may transfer your Personal Data to other companies as necessary for the purposes described in this Privacy Policy. In order to provide adequate protection for your Personal Data when it is transferred, we have contractual arrangements regarding such transfers. We take all reasonable technical and organisational measures to protect the Personal Data we transfer.

Security of your data

In order to protect the data stored with us in the best possible way against accidental or intentional manipulation, loss, destruction or access by unauthorised persons, we use appropriate technical and organisational security measures. The security levels are continuously reviewed in cooperation with security experts and adapted to new security standards.

Nevertheless, internet-based data transmissions can always have security gaps, so that absolute protection cannot be guaranteed. And databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised as expeditiously as possible after which the breach was discovered.

Your Rights and Privileges 

Privacy rights 

Under the DPA and the GDPR, you can exercise the following rights:

  • The right to access;
  • The right to rectification;
  • The right to erasure;
  • The right to restrict processing;
  • The right to object to processing;
  • The right to data portability;
  • The right to complaint to a supervisory authority

Updating your information

If you believe that the information we hold about you is inaccurate or request its rectification, deletion, or object to its processing, please do so by contacting us.

Withdrawing your consent 

You can withdraw consents you have given at any time by contacting us. 

Access Request 

In the event you want to make a Data Subject Access Request, please contact us. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.

 What we do not do

  • We do not request Personal Data from minors and children;
  • We do not use Automated decision-making including profiling; and
  • We do not sell your Personal Data.

Validity and Questions

This Privacy Policy was last updated on Tuesday, 11th of June, 2024, and is the current and valid version. However, we may update this policy for a number of reasons, such as to reflect a change in the law or to accommodate a change in our business practices and the way we use cookies. We recommend that you check here periodically for any changes. If you have any questions or comments about our Privacy Policy or wish to exercise your rights under applicable laws, please contact us.