Version 1.00, 15th May 2023

We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of Jobgrader Innovations GmbH.

1. Our Privacy Policy

Our privacy policy in nutshell
Your personal data (“User Data”) is processed in the context of the agreement entered into between you and us through our Jobgrader Terms of Use. The following provides you with information on the processing of your User Data with the Jobgrader App (“App”).

2. Definitions

Here you can find the meaning of the most important terms in this Privacy Policy

“GDPR”  means General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data

“User Data” includes, for example, your name, your address, your email address and further information about you. 

‘Processing‘ means any operation or set of operations which is performed on User Data or on sets of User Data, whether or not by automated means, and in accordance with the  Article 4 (2) GDPR definition.

3. Purposes and legal basis for our processing of User Data

Here is defined the how we process User Data and on which grounds

3.1 In order to use the App and its Functionalities, you must complete the registration process. This process involves providing consent to transfer your User Data to our Trusted Partners involved in the verification of your User Data. You may not use the full capabilities of the App without submitting the  mandatory User Data. The legal basis for the processing of this User Data is Art. 6 (1) sentence 1 point (b) GDPR, since such processing is necessary for the performance of the agreement entered into between You and Us.

3.2 Similar to the registration process, you may provide User Data to further verify your identity and may use this User Data in relation to Offerings connected to Trusted Partners. This process involves providing your consent to transfer your User Data to our Trusted Partners involved in the verification of provided User Data. The legal basis for the processing of such Data is your consent pursuant to Art. 6 (1) sentence 1 point (a) GDPR.

3.3 You may individually consent to the transfer of your User Data to and from Third Parties in the context of using our Services and Functionalities. Firstly, this includes transferring your User Data from another Third Party to be verified and stored on Jobgrader. Secondly, this includes using User Data on Jobgrader for the purpose of registering or verifying your identity with a Third Party. This process involves providing your consent to transfer your User Data to and from any Third Parties involved in the transfer and verification of provided User Data. The legal basis for the processing of such User Data is your consent pursuant to Art. 6 (1) sentence 1 point (a) GDPR.

3.4 In the context of our agreement with you, we also process User Data in order to show your transactions that have recently taken place and to make corresponding suggestions for further usage, including the Offerings of Trusted Partners. The legal basis for the processing of such User Data is Art. 6 (1) sentence 1 point (b) GDPR, since such processing is necessary for the performance of the agreement entered into between you and us.

3.5 We also process User Data in Your and Our interest in order to ensure the integrity, trustworthiness and availability of the data processing systems, i.e. in particular the security and availability of your User Data with Jobgrader. It is not possible to make use of Jobgrader without the processing of User Data for this purpose. The legal basis for the processing of such User Data is Art. 6 paragraph 1 no. 1 point (f) GDPR; our legitimate interest is the maintenance and secure provision of our App and Functionalities.

4. Types of Data Collected

Here is the detailed explanation of the data that is being collected by us

4.1 User Data that we process. We provide a number of Functionalities through our App including the Chat Functionality, Vault, Wallet and Marketplace. We only provide the services that You, as a User, have consented to in accordance with the Jobgrader Privacy Policy and the Trusted Partner’s Privacy. Following, we must process the following User Data in order to deliver identity verification services and our Jobgrader Functionalities:  

1. (personal information of User, such as name, sex, personal identification code, BSN number, date of birth, legal capacity, nationality and citizenship, as well as the historic data of that User that may have been stored with us during previous interactions within the retention periods;
2. document details, such as the name of the document, issuing country, number, expiry date, information embedded to document barcodes (may vary depending on the document) and security features;
3. facial recognition data, such as photos, videos and sound recording, photographs taken from you and your document and video and sound recording of the verification process;
4. contact details, such as address, e-mail address, telephone numbers, IP address;
5. technical data (Device Signature), including but not limited to information about the date, time and your activity in the Services, your IP address and domain name, your software and hardware attributes as well as your general geographic location (g.city, country);
6. biometrical data, such as facial identifiers;
7. publicly available relevant data, e.g. information about being a politically exposed person (PEP) and checks in public sanction lists.
8. order transaction details when purchasing Offeringson the Marketplace

4.2 How we obtain User’s personal data. We may obtain User Data directly from you as well as from the Trusted Partner. We also collect your User Data independently from Data Providers, e.g. to offer our Services within a trust-based relationship and to prevent fraud. For example, if we need to verify the validity of your identification document, we may inquire for additional information from an appropriate registrar.

4.3 Push Notifications We may send you updates about the App by sending you push notifications through the App if you have given us your prior approval to do so.

4.3.1. You may opt-out of receiving these notifications at any time by changing the appropriate settings within your device. To send you push notifications, we store and use a serial number which was generated by Apple or Google, depending on the version of the App you are using, best known as a “token”, which is unique to your use of the App in your phone.

4.3.2. To send you such push notifications, we use Firebase as a service provider. For more information about MongoDB, please see here.

4.3.3. Your token is stored by Firebase, and in the AWS Cloud. Your token is stored until you change your settings or request us to delete it.

4.3.4 We cannot identify you nor localize you through this token but we can know your time zone, the language chosen on your phone and send you messages. This is why we have a strict security policy when collecting, storing and using your token.

4.4 Trusted Partners may have access to your User Data. We may share your User Data, more specifically the biometric data and facial recognition data, with a Trusted Partner through which you used our identity verification service. 

4.4.1 Please note that providing your User Data is voluntary. However, the decision not to do so may mean that we are unable to verify your identity.

4.5 User Data we Process about the representative of the Trusted Partner. To enter into the Agreement, to provide our Service, to communicate with the representative of our Trusted Partner and for other lawful reasons we need to process the User Data of Trusted Partner’s representative. This means we may Process, among other information, the following User Data of the representative of the Trusted Partner:

1. personal information of the representative of the Trusted Partner, such as name, job title, position, and contact information;
2. personal information in connection of provision of the Service, such as data from communication with us;
3. technical data (Device Signature), including but not limited to information about, the date, time and your activity in the Services, your IP address and domain name, and your software and hardware attributes as well as your general geographic location (g.city, country);
4. publicly available relevant data.5 How we obtain Trusted Partner’s representative’s User Data. We collect this data either from you directly when you communicate with us directly, e.g. by sending us an email, providing us with your User Data on the phone or through our customer support tools. We may also collect some of your User Data in the course of provision of Service to your employer. We also check information about the Trusted Partner (incl. about relevant representatives of the Trusted Partner) from publicly available sources. We only gather relevant and necessary User Data in order to validate the right of representation e.g. this may include verification of your identity, Processing of your User Data for introducing the Service (demo) etc.

4.5.1. Please note, the provision of User Data is voluntary. However, if you do not provide your User Data, the Trusted Partner may not be able to make use of the full range of our Services.

5. Duration of Data storage

Here is explained how long do we store certain User Data

5.1 We store your User Data for the duration of the existence of your Jobgrader account. However, you may cancel or also lock your Jobgrader account at any time. We will then delete your User Data unless we are obliged at law to continue to store or maintain these (this will typically be stored for two years). Where User Data is still required for the settlement of outstanding transactions, deletion will take place at the earliest once these transactions have been settled.

5.2 The User Data collected by us will be stored exclusively on servers located in the European Union. No transfer of User Data to Trusted Partners outside of the European Union will take place without your express consent. This also applies to any Service Providers used by us for data processing.

6. Sharing Data with third parties

Here you can find our third party sharing policy

6.1 We may share your User Data with Trusted Partners who provide Functionalities through and on behalf of our Platform. These are all necessary for the functioning of Jobgrader.

6.2 We may also share your User Data with third parties if we are under a duty to disclose or share your User Data in order to comply with any legal obligation, or to protect the rights, property or safety of our site, our Users, and others.

6.3 Where your User Data is shared with third parties, we will seek to share the minimum amount necessary. We only share User Data that you have agreed to and anonymise all User Data where possible.

6.4 We ensure that all our Service Providers have taken appropriate security and privacy measures to protect your User Data in line with our policies and the GDPR. We do not allow them to use your User Data for their own purposes. We permit them to process your User Data only for specified purposes and in accordance with our instructions. 

6.5 We may be obligated to disclose your User Data if we determine that such disclosure is reasonably necessary and required:

(a) to comply with applicable laws or judicial orders;

(b) to protect the rights or property of Jobgrader Innovations or other users of our services, including in investigating any violation or potential violation of the law, this Privacy Policy, or our Terms and Conditions.

6.6 We will always keep in mind that your User Data should be protected therefore we will always fight unjustified requests and be transparent about them.

6.7 If Jobgrader Innovations or its business or assets are acquired by, or merged into, another company, that company will possess any User Data in our possession at such time and will assume our rights and obligations under this Policy.

7. Tracking for Analysis Purposes

Here you can find the explanation of the use of cookies and similar analysis technologies

Our website/application uses cookies and similar technologies for pseudonymized reach measurement, which are transmitted to the user’s browser either by our server or the server of a third party. The use of cookies and analytics services increases the user-friendliness and security of our app. 

The collection is based on the consent of the user, pursuant to Article 6 (1) (a) GDPR.

In the following list you will find information about the technologies used and revocation options regarding the analysis measures by using so-called opt-out cookies or similar objection options. 

We are using the app analytics service “Matamo” of Matamo.org,. The service collects and uses the IP address and – if not deactivated by the user in the system settings of his device – temporary device identification numbers on our behalf. The data is pseudonymized immediately after collection and before further processing. The information collected is used solely for app analysis purposes, such as aggregate analysis and graphs on the number of visits and number of pages viewed per user, and does not identify you as a person. 

8. Data Security

Here is the explanation on how we secure User Data

8.1 We take security very seriously and all User Data stored with us or our processors are protected using current security standards against unauthorized access, loss and modification. 

8.2 Rudimentary technical and organizational security precautions are taken for this with standards that at minimum meet legal requirements. 

8.3. To implement such measures, we have taken into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for your rights and freedoms as natural persons.

9. Marketplace Functionality

Here you can find detail about our Marketplace Functionality

9.1 We provide Marketplace Functionality to our Users, where we connect verified Merchants and Customers. 

9.2 Our Marketplace Functionality provides You with different Offerings. You can select an Offering by clicking on it. You can also be referred to the App by a Trusted Partner in order to access the Offering.

9.3 In order to access an Offering, Trusted Partners will request specific User Data. You will be informed about necessary User Data to access the Offering, and with additional information on why and how long the User Data will be used. 

9.4 After you have consented to Us sending the User Data to the Trusted Partner You will be forwarded to their Online Shop and the chosen Offering.

10. Chat Functionality

Here you can find details about our Chat Functionality:

10.1 We provide possibilities for our Users to communicate between themselves through the Chat Functionality. 

10.2 The Chat is used to send and receive end-to-end encrypted text messages through the App.

10.3 After You and another User agreed to connect, both of Your and User Data is processed and shared between each other. 

10.4 If You decide to use the Jobgrader Chat Functionality, the following User Data will be shared: 

1. Username chosen by the User during the registration process; 
2. Display picture if available; 
3. DID- clearname generated during the registration; 
4. The Chat public key generated during registration.
5. Sharing User Data with Service Providers 
   
   

We have Service Providers that complete processing on our behalf in order to successfully verify and process your User Data. These are all necessary for the functioning of Jobgrader. We do not allow them to use your User Data for their own purposes. We permit them to process your User Data only for specified purposes and in accordance with our instructions. We have taken appropriate security and privacy measures to protect your User Data in line with our policies and the GDPR. 

We may share your User Data with Third Parties if we are under a duty to disclose or share your User Data in order to comply with any legal obligation, or to protect the rights, property or safety of our site, our Users, and others. Where your User Data is shared with Third Parties, we will seek to share the minimum amount necessary. We only share User Data that you have agreed to and anonymize all User Data where necessary.

Our Service Providers 

Our Service Providers are joint controllers of this User Data, and their User Data collection, use and sharing practices are also governed by their privacy policies. Please take time to review their policies; linked below. 

Authada
AUTHADA offers pioneering digital solutions for legally secure identification in real time. Authada is currently not processing any User Data at this point in time.  They have their Data stored in a Data Center in Germany. This Data is only retained according to applicable legally-binding retention periods.

Please find the Authada Privacy Policy here: https://authada.de/app-privacy

City Network
City Network is a leading global public cloud provider. They store our company’s Data according to the GDPR through delivering public, compliant and private clouds based on OpenStack.  

City Network only processes data in regards to resource allocation and consumption as well as operational data for cloud operations in their service layers. They do not process data in relation to the platform and there is no personal data in their service layers. The data that is processed on behalf of Jobgrader Innovations is completed in the region where the virtual machines are deployed. This data is typically retained for 14 days, but no longer than 90 days. No encryption is used for the operational data.

Please find the City Network Privacy Policy here: https://www.citynetwork.eu/privacy-policy/

Amazon Web Services (Cloud Provider)
Our web services, blockchain nodes and IPFS systems as well as distributed databases are hosted by AWS (Amazon Web Services), an external service provider (cloud provider). The personal data collected with the Jobgrader app is stored encrypted on the hoster’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contract data, contact data, names, website hits, and other data generated through the Jobgrader app.

AWS does not process any data related to the platform and there is no personal data in its service tiers. 

The hoster is used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6,  1 b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 1 GDPR).

Our Host will process your data only to the extent necessary to fulfill its performance obligations and will follow our instructions with respect to such data.

AWS stores our data exclusively on European servers.
The controller of personal data is Amazon Web Services EMEA SARL, 38 Avenue John F. Kenedy, L-1855 Luxembourg.

You can find the AWS privacy policy here: https://aws.amazon.com/de/privacy

European Public Network
European Public Network provides the ability to time-stamp and secure the verification of an identity on Jobgrader. It is generally possible to store all kinds of Data on European Public Network, including User Data. Once the verification of a User’s identity has taken place, this transaction is then transmitted to a public permissed blockchain that time stamps and records this. This increases the trust of the verification and allows the companies involved in the platform to audit.  It is ensured through legal agreements that all Data on evan.network are processed in the European Union or under European law, respectively.

Transaction Data is stored directly in the blockchain. Therefore, they will not be deleted until deletion of the entire blockchain. Additionally, it is possible to store payload data on the IPFS, a distributed file storage system. User Data stored in the IPFS can be deleted at any time, similar to a “normal” database. In general, evan will and can never delete Data from European Public Network by itself – users of evan.network are responsible themselves for the handling of their or their Users’ Data. 

Please find the European Public Network Privacy Policy here: https://evan.network/de/datenschutz/

Seal One
Seal One provides encryption services for Jobgrader (including signature services). This is completed by the Third Party encrypting the transactions made by the User with their public key. This makes sure that when this encryption is sent to the User through the SealOne gateway, the User can then decrypt this message with the private key, check the order (what the transaction says), and then if User agrees with the order, they can use their private key to sign the hash and then use the SealOne gateway to send the message back to the Third Party. This means that the Third Party can then create a hash of the final transaction to have a verified, secure audit trail. 

Every transaction will be recorded by SealOne for security purposes. Additionally, there is only one account per device which makes it difficult to track the different users who are accessing the account when there is more than one account. In order to circumvent this, instead of the Jobgrader accounts being limited to one SealOne account, Users would be able to access different SealOne accounts with the different devices to use Jobgrader. As they act as a gateway they do not hold or process any User Data or use encryption. 

Please find the Seal.One Privacy Policy here: https://www.seal-one.com/dpp.en

Veriff
Veriff is a verification service provider. Our User Data is protected by applying a deterministic lifecycle to it. In the course of lifecycle, Data will be moved from one tier to others to allow protecting it in the most optimal ways while keeping in mind the access requirements and risks in each tier. Security best practices (encryption, vulnerability management, patching, threat monitoring, security information and event management) and access on a need-to-know basis are supporting each tier. Please find the Veriff Privacy Policy here: https://www.veriff.com/privacy-policy

Apple
Apple hosts our Jumbo iOS app. This section applies to you if you use our iOS version of the Jumbo App.

Apple collects your account information and stores your User Data until you delete it.

For more information, please visit https://support.apple.com/en-us/HT207233

You can use Face ID or Touch ID to unlock the App if you use such a correct version. Jobgrader Innovations does not have access to this information, which is only managed by Apple.

To learn more about this technology, please visit https://support.apple.com/en-us/HT208108 and https://support.apple.com/en-us/HT204587.

You can disable this feature directly in the App.

Apple provides Jobgrader Innovations with analytics: this feature is called Apple App Analytics. Apple does not provide Jobgrader Innovations with information that would personally identify you. You can turn off this feature completely within your iPhone settings, also. 

For more information about how Apple processes your data, please visit https://www.apple.com/legal/privacy/

Google Play Console
Android hosts our Android app. This section applies to you if you use our Android version of the Jumbo App.

Google collects your account information and stores your User Data until you delete it. Jobgrader Innovations does not have access to this information, which is only managed by Google. Your User Data is stored by Google until you delete it.

Google provides Jobgrader Innovations with anonymous analytics with regards to your use on our app (Country, Device): this feature is called Google Play Console. Google does not provide Jobgrader Innovations with information that would personally identify you. You can turn off this feature completely, also. For more information about how Google processes your data, please visit https://policies.google.com/privacy

12. Rights and opportunities to lodge complaints

Here are defined Users right and compliant possibility.

12.1 Under certain circumstances, you have the following rights that you may assert against us with respect to the User Data relating to you:

• Request access to your User Data. This enables you to receive a copy of the personal information we hold about you and to check that we are collecting and using it lawfully.
• Request correction of the User Datathat we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your User Data. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to use it. You also have the right to ask us to delete or remove your User Data where you have exercised your right to object to processing (see below).
• Object to processing of yourUser Data where we are relying on a legitimate interest (or those of a Third Party) and there is something about your particular situation which makes you want to object to processing on this ground.
• Request the restriction of collecting and using your User Data. This enables you to ask us to suspend the usage of User Data about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the data portability of your User Data to another party.
• Right to withdraw the consent. In circumstances where you have provided your consent to the collection, processing and transfer of your User Datafor a specific purpose, you have the right to withdraw your consent for that specific processing at any time.

12.2 You can exercise your above rights by sending an e-mail to our data protection officer: dpo@jobgrader.app

12.3 You are also free to lodge a complaint with the supervisory authority.

12.4 To lodge a complaint with the supervisory authorities, please contact the data protection authority of your country of location or the German data protection authority (Federal Commissioner for Data Protection and Freedom of Information, https://www.bfdi.bund.de/).

13. Controller

Here are the details of our Controller:

11.1 The person responsible for the processing of User Data in terms of data protection law is:

Jobgrader Innovations GmbH, Münchener Strasse 45 HH, 60329 Frankfurt am Main

Email: office@jobgrader.app

Please feel free to also contact our customer service with any general questions on Jobgrader at:

Email: support@jobgrader.app 

14. Data Protection Officer

Here are the details of our Data Protection Officer:

12.1 Please also feel free to contact our Data protection officer with any questions concerning Data protection at:

DPO
Jobgrader Innovations GmbH,
Münchener Strasse 45 HH,
60329 Frankfurt am Main
Email: dpo@jobgrader.app