Global Privacy Policy
Last Updated: July 23, 2025
Last Reviewed: July 23, 2025
Applies to: All Global Users of Jobbers.io
Entity: Varlorys (French Sole Proprietorship)
Governing Laws: GDPR, UK GDPR, CCPA/CPRA, POPIA, PIPEDA, Privacy Act 1988 (AU), LGPD, APPI, DPDP Act, and other applicable privacy laws
Platforms: Website (jobbers.io) and Mobile Apps (iOS/Android)
1. Introduction
This Privacy Policy explains how Jobbers.io (operated by Varlorys, a French sole proprietorship) collects, uses, discloses, and manages your personal information/personal data when you use our website at https://www.jobbers.io and our mobile applications for iOS and Android (collectively, the “Platform”).
Jobbers.io is an international freelance marketplace operated from France, serving users worldwide. We facilitate connections between freelancers/professionals and clients by providing a platform for them to find each other, communicate, and arrange their own work agreements and payments.
Global Legal Compliance
As a global platform, we comply with applicable privacy laws worldwide, including but not limited to:
- European Union/EEA/Switzerland: General Data Protection Regulation (GDPR)
- United Kingdom: UK GDPR and Data Protection Act 2018
- United States: CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA, COPPA, and other state laws
- South Africa: Protection of Personal Information Act (POPIA)
- Canada: Personal Information Protection and Electronic Documents Act (PIPEDA)
- Australia: Privacy Act 1988 and Australian Privacy Principles (APPs)
- Brazil: Lei Geral de Proteção de Dados (LGPD)
- Japan: Act on Protection of Personal Information (APPI)
- India: Digital Personal Data Protection Act (DPDP Act)
- Other jurisdictions: Applicable local privacy and data protection laws
Global Privacy Compliance Commitment
We are committed to protecting your privacy in accordance with the highest international standards and applicable local laws. Our data processing practices are based on globally recognized privacy principles:
- Lawfulness and Fairness: We process personal information lawfully, fairly, and transparently
- Purpose Limitation: We collect personal information for specified, explicit, and legitimate purposes
- Data Minimization: We process only personal information that is adequate, relevant, and necessary
- Accuracy: We maintain accurate and up-to-date personal information
- Storage Limitation: We retain personal information only as long as necessary
- Security: We implement appropriate technical and organizational security measures
- Accountability: We demonstrate compliance with applicable privacy laws
- Individual Rights: We respect and facilitate the exercise of your privacy rights
Key Information for Global Users:
- French Data Controller/Responsible Party: We are based in France and process data internationally
- Global Platform: Your data enables connections with freelancers and clients worldwide
- International Transfers: Data may be transferred globally with appropriate safeguards
- Your Rights: You have privacy rights under applicable laws as outlined in section 12
- Marketplace Role: We facilitate connections but users arrange their own payments and contracts
2. Data Controller/Responsible Party Information
Entity: Varlorys
Business Type: French Sole Proprietorship (Entreprise Individuelle)
Registration Number: 894 375 625 R.C.S. Pontoise
Business Address: 145 Rue du général Leclerc, 95130 Franconville, France
Service: International Freelance Marketplace
Contact Person: Driss LJAM BENNIS
Data Protection Officer/Information Officer: [email protected]
Privacy Contact: [email protected]
3. Personal Information We Collect
We collect personal information necessary to operate our freelance marketplace and provide our services. We limit our collection to information that is adequate, relevant, and necessary for our stated purposes.
3.1 Account and Profile Information
- Registration Details: Name, email address, password, username
- Age Verification: Confirmation that user meets minimum age requirements
- Identity Verification: Email verification, phone number verification, identity documents (where required)
- Profile Information: Professional skills, work experience, education, service descriptions
- Contact Information: Phone number, address, preferred communication methods
- Profile Media: Profile pictures, portfolio images, work samples, certifications
- Professional Documentation: Certificates, qualifications, professional credentials
- Contact Visibility Preferences: Settings for displaying contact details through premium features
- Content Moderation Data: Information reviewed and modified by our administrators for compliance
3.2 Premium Services and Financial Information
- Premium Package Purchases: Connection Packs, Professional Packs, Service Packs, Contact Packs, Project Packs
- Payment Details: Payment card information for platform services (processed by payment providers)
- Billing Information: Billing addresses, payment preferences, tax information where required
- Package Usage: Visibility boost usage, contact detail displays, search ranking improvements
- Financial Records: Transaction history, invoices, payment records (for tax and compliance purposes)
3.3 Platform Activity Data
- Job and Project Data: Job postings, project descriptions, service offerings, proposals
- Proposal Management: Proposal statuses (accepted, pending, rejected), proposal content
- Communication Records: Chat messages, file sharing through our messaging system
- Ratings and Reviews: Reviews and ratings between freelancers and clients
- Portfolio Content: Work samples, portfolios, certifications, professional qualifications
- Search and Browse History: Jobs viewed, searches performed, saved profiles
- Contact Interactions: When contact details are displayed or accessed through premium features
- AI Translation Data: Content submitted for automatic translation services
3.4 Technical Information
- Device Information: Device type, operating system, browser type, unique device identifiers
- Usage Data: Pages visited, time spent, click patterns, feature usage, session information
- Network Information: IP address, internet service provider, connection type, geolocation data
- Cookies and Tracking: As described in our Cookie Policy
- Log Data: Server logs, access logs, error logs, security logs
3.5 Mobile App Permissions and Data
Our mobile apps may request the following permissions to provide enhanced functionality:
- Camera: To take profile photos and capture documents for verification
- Photo Library: To upload images for profiles and portfolios
- Contacts: To help you connect with existing contacts on the platform (with your consent)
- Location Services: To show location-based job opportunities and verify your location
- Push Notifications: To send important updates about jobs, messages, and platform activities
- Microphone: For voice messages and video calls (if available)
- Storage Access: To store app data and enable offline functionality
- Network Access: To connect to our services and sync data
Note: You can manage these permissions through your device settings at any time.
3.6 Sensitive Personal Information
In some jurisdictions, certain categories of personal information are considered sensitive and receive additional protection:
- Biometric Data: Voice recordings, facial recognition data (if used for verification)
- Precise Geolocation: GPS coordinates (only with explicit consent)
- Health Information: Disability accommodations, health-related service offerings
- Background Checks: Criminal background check results (in jurisdictions where permitted)
4. How We Collect Personal Information
We are transparent about how we collect your personal information:
4.1 Direct Collection
- Account Registration: When you create an account (subject to minimum age requirements)
- Profile Creation: When you set up your freelancer or client profile
- Verification Processes: Email, phone, and identity verification procedures
- Form Submissions: Contact forms, job applications, project postings, surveys
- Communications: When you contact us or communicate with other users
- Administrative Review: During our validation process for profiles, services, and projects
- Customer Support: When you contact our support team
- Rating and Review System: When you provide or receive evaluations
4.2 Automated Collection
- Website and App Usage: Through cookies, analytics, and tracking technologies
- Device Information: Automatically collected when you access our platform
- Location Data: Through IP address or GPS (with permission on mobile)
- Performance Monitoring: App crashes, error reports, usage statistics
- Security Monitoring: Fraud detection, security threat analysis
4.3 Third-Party Sources
- Social Media: When you connect social media accounts (with your consent)
- Payment Providers: Transaction and verification data from PayPal, Stripe, and other processors
- Verification Services: From email, SMS, and identity verification providers
- Public Sources: Publicly available professional information, business directories
- Marketing Partners: Contact information from legitimate marketing partners (with consent)
- Background Check Providers: Where legally permitted and with appropriate consent
5. Legal Bases and Purposes for Processing
We process your personal information based on various legal bases depending on your jurisdiction and the specific processing activity:
| Purpose | Information Used | Legal Bases | Retention Period |
|---|---|---|---|
| Core Platform Services | |||
| Account Management | Registration data, profile information | Contract, Legitimate interests, Consent | Account lifetime + 7 years |
| User Connections | Profile data, skills, location, preferences | Contract, Legitimate interests | Account lifetime + 3 years |
| Premium Services | Package purchases, visibility settings | Contract, Legitimate interests | 7 years after purchase |
| Communication Tools | Messages, file sharing, contact exchanges | Contract, Legitimate interests | 3 years after last communication |
| AI Translation | User content for translation | Contract, Legitimate interests | Processing duration only |
| Safety and Security | |||
| Identity Verification | Email, phone, ID documents | Legal obligation, Legitimate interests | 3 years after verification |
| Content Moderation | Profile content, posts, communications | Legal obligation, Legitimate interests | 3 years after moderation |
| Age Verification | Age confirmation during registration | Legal obligation | Account lifetime |
| Fraud Prevention | Usage patterns, device info, payments | Legal obligation, Legitimate interests | 5 years after detection |
| Platform Security | Access logs, security events | Legal obligation, Legitimate interests | 1 year |
| Legal and Compliance | |||
| Legal Compliance | All relevant personal information | Legal obligation | As required by law |
| Dispute Resolution | Communications, interactions, ratings | Legal obligation, Legitimate interests | 7 years after resolution |
| Regulatory Reporting | User statistics, compliance data | Legal obligation | As required by law |
| Analytics and Improvement | |||
| Platform Analytics | Usage data, performance metrics | Consent, Legitimate interests | 2 years |
| Product Development | Feature usage, feedback, performance | Consent, Legitimate interests | 2 years |
| Personalization | Preferences, search history, matches | Consent | Until consent withdrawal |
| Marketing and Communications | |||
| Platform Notifications | Contact information, activity data | Contract, Legitimate interests | Account lifetime |
| Marketing Communications | Contact details, preferences | Consent | Until consent withdrawal |
| Customer Support | Account data, support history | Contract, Legitimate interests | 3 years after last contact |
6. Sharing and Disclosure of Personal Information
We may share your personal information in the following circumstances, subject to applicable legal requirements:
6.1 With Other Platform Users
- Public Profile Information: Name, profile picture, skills, services, reviews, portfolio (as configured by privacy settings)
- Contact Details: Phone number and email (through premium Contact features, when authorized)
- Communication: Direct messaging through our chat system for project discussions
- Project Information: Project details, proposals, and related communications
- Reviews and Ratings: Feedback provided by clients and freelancers
- Portfolio Content: Work samples, certifications, and professional credentials
6.2 With Service Providers and Processors
- Payment Processors: PayPal, Stripe, and other payment service providers
- Cloud Hosting: AWS, Google Cloud, Microsoft Azure for data storage and processing
- Analytics Services: Google Analytics, Adobe Analytics (with appropriate data processing agreements)
- Communication Tools: Email service providers, messaging platforms, SMS providers
- AI Translation Services: Third-party providers for automatic content translation
- Verification Services: Identity verification, email verification, and phone verification providers
- Customer Support: Help desk platforms and customer service tools
- Security Services: Fraud detection, security monitoring, and threat analysis providers
6.3 Legal and Compliance Sharing
- Law Enforcement: When required by law, court order, subpoena, or legal process
- Regulatory Authorities: For compliance with applicable laws and regulations
- Legal Proceedings: In connection with legal disputes, investigations, or regulatory inquiries
- Safety Protection: To protect the safety of users, the public, or our platform
- Government Agencies: For tax compliance, regulatory reporting, or other legal obligations
6.4 Business Transfers
If our business is sold, merged, acquired, or undergoes bankruptcy proceedings, your personal information may be transferred as part of the business assets, subject to continuation of the same privacy protections, notification to affected users, compliance with applicable transfer laws, and your right to object in applicable jurisdictions.
6.5 With Your Consent
We may share personal information with third parties when you provide explicit consent for specific purposes, including integration with third-party services, participation in joint marketing campaigns, sharing with business partners for specific projects, and other purposes you specifically authorize.
7. International Data Transfers
As a global platform, we transfer personal information internationally to provide our services:
7.1 Transfer Destinations
- Germany: Our primary operations and main servers
- European Union/EEA: Additional hosting and service providers
- United States: Cloud services, payment processors, analytics providers
- Other Countries: Where freelancers, clients, and service providers are located
7.2 Transfer Safeguards
We implement appropriate safeguards for international transfers:
For EU/EEA/UK Users:
- EU Commission Adequacy Decisions
- Standard Contractual Clauses (SCCs)
- UK International Data Transfer Agreements (IDTAs)
- Binding Corporate Rules
- Certification schemes and codes of conduct
For Other Jurisdictions:
- Contractual protections and data processing agreements
- Industry-recognized privacy certifications
- Technical safeguards including encryption
- Compliance with applicable cross-border transfer requirements
- Your explicit consent where required
7.3 Country-Specific Transfer Requirements
- Brazil (LGPD): Transfers comply with LGPD requirements including adequacy decisions or appropriate safeguards
- Canada (PIPEDA): Transfers include contractual provisions requiring equivalent protection
- Australia (Privacy Act): Overseas disclosure provisions ensure reasonable steps for protection
- Japan (APPI): Transfers comply with cross-border transfer rules and consent requirements
- India (DPDP Act): Transfers to approved countries or with appropriate safeguards
8. Data Retention and Deletion
We retain personal information only for as long as necessary to fulfill stated purposes:
| Information Type | Retention Period | Deletion Process |
|---|---|---|
| Account Information | Until deletion + 7 years | Secure deletion after retention |
| Premium Package Data | 7 years after purchase | Automated deletion process |
| Communication Records | 3 years after last activity | Secure archival then deletion |
| Verification Records | 3 years after verification | Encrypted storage then deletion |
| Marketing Preferences | Until consent withdrawn | Immediate removal from lists |
| Usage Analytics | 2 years | Anonymization then deletion |
| Security Logs | 1 year | Secure deletion |
| Financial Records | 7-10 years (tax compliance) | Secure deletion after compliance period |
9. Security Safeguards
We implement comprehensive security measures to protect personal information:
9.1 Technical Safeguards
- Encryption: End-to-end encryption for data in transit and at rest using industry standards (AES-256)
- Access Controls: Multi-factor authentication, role-based access, principle of least privilege
- Network Security: Firewalls, intrusion detection systems, DDoS protection
- Regular Updates: Security patches, vulnerability assessments, penetration testing
- Data Loss Prevention: Backup systems, disaster recovery, business continuity planning
- Anonymization: De-identification and pseudonymization where technically feasible
9.2 Organizational Safeguards
- Staff Training: Regular privacy and security training for all personnel
- Background Checks: Screening of employees with access to personal information
- Incident Response: Comprehensive breach response procedures and incident management
- Vendor Management: Due diligence and contractual requirements for all processors
- Privacy by Design: Privacy considerations integrated into all system development
- Regular Audits: Internal and external security assessments, compliance audits
9.3 Data Breach Response
In the event of a security incident:
- Immediate Response (0-24 hours): Incident containment and assessment, evidence preservation and forensic analysis, internal notification and response team activation
- Regulatory Notification (24-72 hours): Notification to relevant data protection authorities, compliance with jurisdiction-specific timeframes, coordination with law enforcement if required
- User Notification: Direct notification to affected individuals where required, clear information about the incident and recommended actions, ongoing updates as investigation progresses
- Post-Incident: Root cause analysis and remediation, implementation of additional safeguards, documentation and reporting for compliance
10. Cookies and Tracking Technologies
We use cookies and similar technologies as described in our Global Cookie Policy:
10.1 Types of Cookies
- Essential Cookies: Required for platform functionality (no consent required)
- Performance Cookies: Analytics and performance monitoring (consent required in most jurisdictions)
- Functional Cookies: Enhanced features and personalization (consent required)
- Marketing Cookies: Advertising and behavioral targeting (explicit consent required)
10.2 Third-Party Tracking
- Google Analytics: Platform usage analytics with IP anonymization
- Social Media Pixels: Integration with social platforms (with consent)
- Advertising Networks: Targeted advertising (with explicit consent)
- Customer Support Tools: Chat widgets and support platforms
10.3 Cookie Management
Users can manage cookie preferences through our consent management platform, browser settings and preferences, opt-out tools provided by advertising networks, and platform-specific privacy controls.
11. Marketing and Communications
11.1 Essential Communications
We send essential platform communications based on our legitimate interests and contractual obligations:
- Account security notifications and alerts
- Transaction confirmations and receipts
- Important platform updates and service changes
- Legal notices and policy updates
- Customer support communications
11.2 Marketing Communications
With your explicit consent, we may send:
- Newsletter and platform updates
- Job recommendations and opportunities
- Feature announcements and product updates
- Educational content and industry insights
- Promotional offers and discounts
11.3 Opt-Out Rights and Jurisdiction-Specific Requirements
- Unsubscribe links in all marketing communications
- Account settings for communication preferences
- Direct contact for opt-out requests
- Suppression list maintenance for opt-out compliance
- EU/UK: Explicit opt-in consent required
- Canada: Implied or express consent with clear opt-out
- Australia: Consent or existing customer relationship
- Brazil: Explicit consent for all marketing communications
- US States: Opt-out rights and do-not-sell lists
12. Your Privacy Rights
Your privacy rights vary by jurisdiction. We provide the highest level of protection available:
12.1 Universal Rights (Available to All Users)
- Right to Access: Request information about personal information we process
- Right to Rectification/Correction: Correct inaccurate or incomplete information
- Right to Deletion/Erasure: Request deletion of personal information (subject to legal exceptions)
- Right to Restrict Processing: Limit how we process your personal information
- Right to Object: Object to processing based on legitimate interests or for marketing
- Right to Data Portability: Receive personal information in a structured, machine-readable format
- Right to Withdraw Consent: Withdraw consent for consent-based processing
12.2 Jurisdiction-Specific Rights
EU/EEA/UK (GDPR/UK GDPR):
- Right not to be subject to automated decision-making
- Right to lodge complaints with supervisory authorities
- Right to compensation for material or non-material damage
US State Laws (CCPA/CPRA, VCDPA, etc.):
- Right to know categories and specific pieces of personal information
- Right to opt-out of sale or sharing of personal information
- Right to limit use of sensitive personal information
- Right to non-discrimination for exercising privacy rights
Other Jurisdictions: Rights as provided under applicable local privacy laws
12.3 How to Exercise Your Rights
To exercise your rights:
- Email: [email protected]
- Subject Line: “Privacy Rights Request – [Your Jurisdiction] – [Type of Request]”
- Required Information: Full name and account email, jurisdiction/country of residence, specific request details, identity verification information
- Response Timeframes: EU/UK: 1 month (extendable to 3 months), US States: 45 days (extendable to 90 days), Canada: 30 days, Australia: 30 days, Brazil: 15 days, Other jurisdictions: As required by applicable law
12.4 Verification Process
We may require additional information to verify your identity before processing requests, including government-issued identification, account verification questions, signed declarations, and other reasonable verification methods.
12.5 Quick Privacy Request Form
For common requests, you can use our simplified process:
Name: [Your Full Name]
Email: [Your Account Email]
Country/Jurisdiction: [Your Location]
Request Type:
- Access my personal information
- Correct inaccurate information
- Delete my personal information
- Portable copy of my data
- Restrict processing
- Object to processing
- Withdraw consent
- Opt out of marketing
- Opt out of sales/sharing (US residents)
- Limit use of sensitive information (US residents)
Send your completed request to: [email protected]
13. Children’s Privacy
We take children’s privacy seriously and comply with applicable laws globally:
13.1 Age Requirements
Minimum Age by Jurisdiction:
- United States: 13 years (COPPA compliance)
- EU/EEA: 16 years (or lower age set by member states)
- UK: 13 years
- Most Other Jurisdictions: 13-16 years depending on local law
- Platform Requirement: 18 years (for work capacity and terms compliance)
13.2 Age Verification
All users must confirm they meet our 18+ age requirement for legal capacity to enter work agreements, compliance with terms of service, protection from inappropriate content, and meeting freelance marketplace legal requirements.
13.3 Parental Rights and Reporting
Where we inadvertently collect information from children, parents can request access, deletion, or refuse further collection. We will delete such information upon discovery. If you believe we have collected information from a child in violation of applicable law, contact us immediately at [email protected].
14. Automated Processing and Decision-Making
We use automated systems for legitimate business purposes:
14.1 Automated Processes
- Content Moderation: AI systems review user content for policy compliance
- Fraud Detection: Automated systems identify potentially fraudulent activities
- AI Translation: Machine translation for multilingual platform accessibility
- Search and Matching: Algorithms match freelancers with relevant opportunities
- Pricing Optimization: Dynamic pricing for premium features
- Risk Assessment: Automated evaluation of user accounts for security
14.2 Significant Automated Decisions
Decisions that significantly affect users include account suspension or termination for policy violations, premium feature pricing and availability, content removal or restriction, and user verification status.
14.3 Your Rights Regarding Automated Processing
- Right to human review of automated decisions
- Right to express your point of view and contest decisions
- Right to receive information about decision-making logic
- Right to request manual decision-making where legally required
15. Platform-Specific Provisions
15.1 Content Moderation
To maintain platform quality and safety, we conduct profile review and approval, service listing validation, project posting review, and content editing for compliance. We review professional qualifications, compliance with guidelines, personal information removal, and age verification. We prohibit abusive, misleading, inappropriate, or illegal content.
15.2 Marketplace Facilitation
Jobbers.io acts as a platform facilitator connecting freelancers and clients. We provide tools and infrastructure but do not process payments between users, mediate disputes, guarantee work quality, or act as an employer. We provide platform hosting, communication tools, premium features, AI translation, user verification, and rating systems.
16. Third-Party Services and Integrations
Our platform may contain links to external websites and services with independent privacy policies. When connecting social media accounts, we access only authorized information according to your privacy settings. Payment processing is handled by third-party providers with independent privacy policies. We maintain oversight of service providers through due diligence, contractual requirements, monitoring, and incident response procedures.
17. Policy Updates and Changes
We may update this privacy policy to reflect changes in business practices, legal updates, new technologies, or user feedback. For material changes, we post updated policy with “Last Updated” date, send email notifications, provide prominent notice for 30 days, obtain fresh consent where required, and provide reasonable advance notice.
18. Contact Information and Data Protection Officers
Primary Contact
Varlorys (French Sole Proprietorship)
Registration: 894 375 625 R.C.S. Pontoise
Business: International Freelance Platform (Jobbers.io)
Address: 145 Rue du général Leclerc, 95130 Franconville, France
Website: https://www.jobbers.io
Email: [email protected]
Phone: +33 6 88 95 37 10 (French timezone: CET/CEST)
Data Protection Contacts
Data Protection Officer/Information Officer:
Name: Driss LJAM BENNIS
Title: Privacy Contact / Data Protection Officer
Email: [email protected]
Address: 145 Rue du général Leclerc, 95130 Franconville, France
Global Supervisory Authorities
You have the right to lodge complaints with relevant authorities in your jurisdiction:
Europe:
European Data Protection Board: edpb.europa.eu
France (CNIL): +33 1 53 73 22 22, www.cnil.fr
Germany (BfDI): +49 228 997799-0, www.bfdi.bund.de
UK (ICO): 0303 123 1113, ico.org.uk
Americas:
US Federal Trade Commission: 1-877-FTC-HELP, consumer.ftc.gov
Canada Privacy Commissioner: 1-800-282-1376, priv.gc.ca
Brazil (ANPD): www.gov.br/anpd
Asia-Pacific:
Australia (OAIC): 1300 363 992, oaic.gov.au
Japan (PPC): www.ppc.go.jp
Singapore (PDPC): www.pdpc.gov.sg
Africa:
South Africa Information Regulator: +27 10 023 5200, inforegulator.org.za
Response Times
General Inquiries: 24-48 hours
Privacy Rights Requests: 1-3 months (varies by jurisdiction)
Urgent Privacy Matters: 72 hours
Data Breach Notifications: As required by applicable law (typically 72 hours to authorities)
Effective Date: July 23, 2025 | Document Version: 1.0 | Last Reviewed: July 23, 2025
This privacy policy is available in multiple languages. In case of conflicts between translations, the English version shall prevail.
