Privacy Policy

This Privacy Policy sets out the basis on which HIFORCE DIGITAL - FZCO, a company duly incorporated under the laws of the United Arab Emirates ("Company", "we", "us", or "our"), collects, uses, stores, shares, and otherwise processes personal data ("Personal Data") of users ("User", "you", or "your") in connection with the Website located at HiForce.io ("Website") and services made available through it ("Services").

This Privacy Policy forms part of and is governed by our Terms of Service available at https://hiforce.io/terms-of-service ("Terms"). Capitalized terms not otherwise defined herein shall have the meanings given to them in the Terms.

For the purposes of this Privacy Policy, Personal Data shall mean any information relating to an identified or identifiable natural person, including but not limited to data classified as "personal data" under the UAE Personal Data Protection Law (PDPL), "personal information" under the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA), as amended, or equivalent terms under other applicable data protection laws and regulations.

For the purposes of this Privacy Policy, "you" refers to any individual interacting with the Website or our Services, including but not limited to (i) representatives of prospective or existing clients ("Clients") and (ii) independent professionals or applicants expressing interest in being matched with Clients projects ("Talents"). Specific provisions may apply only to one of these categories and will be indicated accordingly where relevant.

1. PERSONAL DATA COLLECTED AND PROCESSED

We collect and process Personal Data that you voluntarily provide, that we collect automatically through your interaction with the Website, or that we obtain from third-party sources in connection with the provision of the Services.

1.1. Personal Data Provided by You:

1.2. Personal Data Collected Automatically:

1.3. Personal Data Received from Third Parties:

We may receive and process Personal Data from third-party sources, including:

1.4. Minors

The Website is not intended for individuals under the age of 18. We do not knowingly collect or process Personal Data from minors without explicit parental or guardian consent. If we become aware that a minor's Personal Data has been collected without proper consent, we will promptly delete such data.

2. LEGAL BASIS AND USE OF PERSONAL DATA

2.1. Legal Grounds for Processing

We process Personal Data under one or more of the following legal grounds:

2.2. Purposes of Processing

We process Personal Data for the following purposes:

• To process and respond to Client Inquiries, including contacting you to discuss your business needs, scheduling calls, and facilitating potential client engagements.
• To evaluate and process Talent Applications, including reviewing resumes, verifying qualifications, contacting applicants, and scheduling calls to discuss opportunities.
• To represent talent to potential or existing clients by sharing Talent Application Data (e.g., resume, contact details, professional experience), subject to your consent.
• To operate, maintain, and enhance the Website and Services, including ensuring technical functionality, optimizing content presentation for your device, and analyzing usage patterns.
• To communicate with you, including sending confirmations, technical notices, updates, security alerts, administrative messages, and responses to your inquiries.
• To notify you of material changes to the Website, Terms, or this Privacy Policy.
• To protect against, investigate, and prevent fraudulent, unauthorized, or illegal activities, including cybersecurity threats and misuse of the Website.
• To comply with applicable laws, regulations, court orders, or lawful requests from governmental or regulatory authorities.
• To conduct statistical analysis, research, and development to improve the Services, enhance user experience, and inform business decisions.
• To administer internal record-keeping, compliance processes, and audits, including maintaining consent records and tracking data processing activities.
• To send direct marketing communications, such as newsletters or service updates, where permitted by law and subject to your opt-out rights (see Section 9).
• To process special categories of data, such as background checks or visa status, where necessary for talent placement, with your explicit consent and in compliance with applicable laws.

2.3. Extended Assessment

We may assess a Talent's suitability not only for the specific project or service-based engagement referenced in the initial submission, but also for other contractor opportunities that align with their professional background, skills, and qualifications, unless an objection is raised.

3. AUTOMATED DECISION-MAKING

We do not engage in automated decision-making, including profiling, that produces legal or similarly significant effects concerning you. Any processing for fraud prevention or risk assessment is conducted manually. Third-party service providers may, however, conduct automated processing under their own policies.

4. SHARING OF PERSONAL DATA

4.1. Categories of Recipients

We may share Personal Data with the following categories of recipients, subject to applicable data protection laws:

4.2. User Consent

By interacting with us through the Website, by email, via social media, or through other communication channels, you provide explicit, freely given, specific, informed, and unambiguous consent for the following:

4.3. International Transfers

We may transfer Personal Data to recipients located outside your country of residence. Such jurisdictions may have data protection laws that differ from, or offer less protection than, those in your home country, including countries not recognized by the European Commission as providing an adequate level of data protection. By accessing the Website or submitting Personal Data, you expressly consent to such cross-border transfers. We implement appropriate safeguards, including but not limited to Standard Contractual Clauses (SCCs) approved by the European Commission, binding corporate rules, or other legally recognized mechanisms, to ensure that such transfers comply with applicable data protection laws.

5. THIRD-PARTY SERVICES

The Website integrates third-party services, such as the Calendar Tool, and may contain hyperlinks to external websites not owned, operated, or controlled by us. These third-party services and websites are governed by their own terms of service and privacy policies, which you are advised to review prior to providing any Personal Data. We are not responsible for the privacy practices, security measures, or content of such third-party services or websites, and your use of them is at your sole risk.

6. SECURITY MEASURES

We implement robust technical, organizational, and legal measures, proportionate to the risks, to protect Personal Data against unauthorized access, disclosure, alteration, loss, or destruction. These measures include, but are not limited to:

• Encryption of data in transit (e.g., via HTTPS) and at rest.
• Strict access control policies, limiting data access to authorized personnel only.
• Secure storage environments with regular backups and redundancy.
• Periodic security assessments, vulnerability scans, and penetration testing.
• Employee training on data protection and cybersecurity best practices.

Notwithstanding these safeguards, no online system or data transmission over the internet can be guaranteed to be entirely secure. You acknowledge this inherent risk and agree to take reasonable precautions, such as maintaining the confidentiality of any credentials used to access the Website and ensuring that uploaded files (e.g., resumes) are free of viruses, malware, or other harmful components.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authorities without undue delay, in accordance with applicable laws.

7. USER RIGHTS

7.1. Available Rights

Depending on your jurisdiction and the applicable data protection laws, you may have the following rights with respect to your Personal Data:

7.2. Exercising Your Rights

To exercise any of these rights, please contact us at info@hiforce.io. We may request additional information to verify your identity to ensure the security of your Personal Data. We will respond to your request within one (1) month of receipt, extendable by an additional two (2) months for complex requests, and will provide our response free of charge unless your request is manifestly unfounded, repetitive, or excessive, in which case we may charge a reasonable fee or refuse to comply, as permitted by law.

8. DATA RETENTION

We retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Privacy Policy, or to comply with legal, regulatory, or contractual obligations, or to resolve disputes. Specific retention periods include:

• Client Inquiry Data: Retained for twelve (12) months from the date of submission or until the inquiry is fully resolved, whichever is longer, unless a subsequent engagement extends this period.
• Talent Application Data: Retained for twelve (12) months from the date of submission or until you withdraw your consent to representation, whichever occurs first, unless a separate agreement with you or a client extends this period.
• Communication Data: Retained for as long as necessary to address the communication or comply with legal requirements, typically up to twelve (12) months from the last interaction.
• Automatically Collected Data: Usage data, log data, device data, and cookie-related data are retained for up to twenty-four (24) months for analytics, security, and performance optimization purposes, unless anonymized earlier.
• Sensitive Data: Data such as background checks or visa status is retained only for the duration necessary for the specific placement or compliance purpose, typically not exceeding twelve (12) months, unless required by law.
• Legal or Regulatory Data: Personal Data required for legal or regulatory purposes (e.g., tax records, anti-money laundering compliance) is retained for the period mandated by applicable laws, which may extend beyond the above periods.

Upon expiration of the applicable retention period, Personal Data is securely deleted or anonymized so that it can no longer be associated with you. Anonymized data may be retained indefinitely for statistical, research, or business purposes.

Personal Data may be retained within secure cloud-based CRM systems, which support the Company’s ongoing business operations. Such storage does not affect the applicable retention periods or our obligations under relevant data protection laws.

9. DIRECT MARKETING AND OPT-OUT OPTIONS

We may send you direct marketing communications, such as newsletters, promotional offers, or updates about our Services, based on your explicit consent or our legitimate interests, where permitted by applicable law. You may opt out of receiving marketing communications at any time by:

• Clicking the "unsubscribe" link provided in any marketing email.
• Contacting us at info@hiforce.io with a request to opt out of marketing communications.

Opting out of marketing communications does not affect our ability to send non-marketing communications, such as service-related notices, responses to inquiries, or updates required by law.

10. JURISDICTION-SPECIFIC DISCLOSURES

10.1. EU and UK Residents

For Users in the European Economic Area (EEA) or the United Kingdom, we comply with the EU GDPR and UK GDPR respectively. Your rights under these regulations are detailed in Section 7. We have implemented measures to ensure lawful cross-border data transfers (e.g., Standard Contractual Clauses) and maintain a record of processing activities as required.

10.2. California Residents

Under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), California residents have the following rights:

• Right to Know: Request disclosure of the categories and specific pieces of Personal Data we have collected, used, disclosed, or shared in the preceding twelve (12) months, including the purposes of processing and recipients.
• Right to Delete: Request deletion of your Personal Data, subject to exceptions such as legal obligations, contractual necessity, or data required to complete a transaction.
• Right to Opt-Out of Sale or Sharing: Opt out of the sale or sharing of your Personal Data for cross-context behavioral advertising. We do not "sell" Personal Data as defined under the CCPA; however, sharing Talent Application Data with clients for representation purposes is conducted with your explicit consent and is not considered a sale.
• Right to Correct: Request correction of inaccurate Personal Data.
• Right to Limit Use of Sensitive Personal Information: Limit the use or disclosure of sensitive Personal Data (e.g., background checks) to purposes necessary for providing the Services or as permitted by law.
• Right to Non-Discrimination: Receive equal service and pricing without discrimination for exercising your privacy rights, including not being denied Services, charged different prices, or provided a different level of service.

To exercise these rights, contact us as specified in Section 12. We will respond within forty-five (45) days, extendable by an additional forty-five (45) days with notice, and will not require payment unless permitted by law.

10.3. Nevada Residents

Under Nevada Revised Statutes Chapter 603A, Nevada residents may opt out of the sale of certain "covered information" (e.g., name, address, email, phone number) to third parties for monetary consideration. We do not engage in such sales of Personal Data. For inquiries regarding Nevada privacy rights or our data practices, contact us as specified in Section 12.

10.4. Australia

Under the Privacy Act 1988 and the Australian Privacy Principles (APPs), Australian residents have additional rights:

• Right to Anonymity/Pseudonymity: Request to interact with us anonymously or pseudonymously, where practicable.
• Right to Complain: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe our processing violates the Privacy Act.

To exercise these rights, contact us as specified in Section 12. We will respond within a reasonable period, typically thirty (30) days, and will not charge for access unless permitted by law.

11. MISCELLANEOUS PROVISIONS

11.1. Amendments

We reserve the right to amend this Privacy Policy at any time to reflect changes in applicable laws, regulations, or our business practices. Material amendments will be communicated via email. Where necessary, we will also obtain your renewed consent. Minor amendments will take effect immediately upon posting of the updated Privacy Policy with a revised Effective Date. You agree to review this Privacy Policy periodically and to monitor your email for any relevant updates.

11.2. No Waiver of Legal Rights

Nothing in this Privacy Policy shall be construed as excluding, restricting, or modifying any rights or protections afforded to you under applicable data protection laws that cannot be waived, restricted, or modified by agreement.

11.3. Severability

If any provision of this Privacy Policy is found to be invalid, illegal, or unenforceable by a court or authority of competent jurisdiction, such provision shall be severed, and the remaining provisions shall continue in full force and effect.

11.4. Language

This Privacy Policy is drafted and published in the English language. Any translations provided are for convenience only, and in the event of any conflict or inconsistency, the English version shall prevail.

11.5. Governing Law

This Privacy Policy is governed by and constructed in accordance with the laws of the United Arab Emirates, without regard to its conflict of law principles, to the extent permitted by applicable data protection laws.