OVERTIMESTAFF - Hospitality Staffing Platform

1. Information We Collect

1.1 Information You Provide

We collect information you directly provide when using our Services:

Account Information: Name, email address, phone number, password, profile photo
Identity Verification: Government ID, right to work documentation, certifications
Professional Information: Work history, skills, qualifications, availability
Financial Information: Bank account details, tax information, payment card details
Business Information: Company name, registration number, VAT/tax ID, business address
Communications: Messages, support tickets, feedback, survey responses

1.2 Information Collected Automatically

When you use our Services, we automatically collect:

Device Information: IP address, device type, operating system, browser type, unique device identifiers
Usage Data: Pages viewed, features used, interaction patterns, search queries, click data
Location Data: GPS location (with permission), IP-based location, shift check-in locations
Performance Data: App crashes, system performance, error logs, debugging information
Cookies and Tracking: Session cookies, preference cookies, analytics cookies, marketing cookies

1.3 Information from Third Parties

We may receive information about you from:

Identity Verification Services: Background check results, identity confirmation
Payment Processors: Transaction confirmations, payment status
Social Networks: If you connect social accounts (LinkedIn, Facebook)
Business Partners: Agencies or companies you work with through the platform
Public Sources: Business registries, professional licenses databases

2. How We Use Your Information

2.1 Service Provision

Create and manage your account
Match staff with suitable shift opportunities
Process payments and financial transactions
Facilitate communication between users
Verify identity and work eligibility
Manage shift scheduling and time tracking

2.2 Platform Improvement

Analyze usage patterns to improve features
Develop new services and functionality
Conduct research and analytics
Personalize user experience
A/B testing and feature optimization

2.3 Safety and Security

Detect and prevent fraud
Monitor for security incidents
Enforce Terms of Service
Protect users and the platform
Comply with legal obligations

2.4 Marketing and Communications

Send service-related notifications
Provide customer support
Send promotional communications (with consent)
Conduct surveys and collect feedback
Newsletter and platform updates

3. Information Sharing and Disclosure

3.1 With Other Users

We share limited information to facilitate platform operations:

Public Profiles: Name, photo, ratings, work history (controllable in settings)
During Shifts: Contact information shared with relevant parties
Reviews and Ratings: Displayed publicly but can be anonymous

3.2 With Service Providers

We share data with trusted third-party service providers:

Payment Processors: Stripe, PayPal for transaction processing
Cloud Services: AWS, Google Cloud for data storage
Analytics: Google Analytics, Mixpanel for usage analysis
Communication: SendGrid, Twilio for emails and SMS
Identity Verification: Onfido, Jumio for ID checks

3.3 Legal Disclosures

We may disclose information when required by law:

To comply with legal obligations
To respond to lawful requests from authorities
To protect rights, property, or safety
To enforce our Terms of Service
In connection with legal proceedings

3.4 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of the business assets. We will notify you of any such change and any choices you may have.

4. Data Security

4.1 Security Measures

We implement comprehensive security measures including:

Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
Access Controls: Role-based access, multi-factor authentication, principle of least privilege
Infrastructure: SOC 2 certified data centers, regular security audits, DDoS protection
Monitoring: 24/7 security monitoring, intrusion detection, anomaly detection
Incident Response: Dedicated security team, incident response plan, breach notification procedures

4.2 Data Breach Protocol

In the unlikely event of a data breach, we will:

Notify affected users within 72 hours
Provide details of compromised data
Offer guidance on protective measures
Cooperate with regulatory authorities
Implement measures to prevent recurrence

5. Your Rights and Choices

5.1 Your Privacy Rights

Depending on your location, you may have the following rights:

Access: Request a copy of your personal data
Rectification: Correct inaccurate or incomplete data
Erasure: Request deletion of your data ("right to be forgotten")
Portability: Receive your data in a portable format
Restriction: Limit processing of your data
Objection: Object to certain processing activities
Automated Decisions: Opt-out of automated decision-making
Consent Withdrawal: Withdraw consent at any time

5.2 Exercising Your Rights

To exercise your privacy rights:

Access privacy settings in your account dashboard
Email us at privacy@overtimestaff.com
Call our privacy hotline: +44 20 7123 4568
Submit a request through our Privacy Portal

We will respond to requests within 30 days.

5.3 Communication Preferences

You can control communications by:

Adjusting notification settings in your account
Clicking unsubscribe links in emails
Replying STOP to SMS messages
Contacting support to update preferences

6. Data Retention

6.1 Retention Periods. We retain personal data for as long as necessary to provide our services and comply with legal obligations:

Active Accounts: Data retained while account is active
Inactive Accounts: Deleted after 3 years of inactivity
Financial Records: 7 years per legal requirements
Marketing Data: Until consent withdrawn
Legal Holds: As required by law or litigation

6.2 Deletion Process. When data is deleted, it is removed from active systems within 30 days and from backups within 90 days.

7. International Data Transfers

7.1 Cross-Border Transfers. Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place:

EU Standard Contractual Clauses (SCCs)
UK International Data Transfer Agreement (IDTA)
Adequacy decisions where applicable
Binding Corporate Rules (BCRs)

7.2 Data Localization. Where required by law, we store data within specific geographic regions and comply with local data residency requirements.

8. Children\'s Privacy

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@overtimestaff.com.

9. Cookies and Tracking Technologies

9.1 Types of Cookies We Use

Essential Cookies: Required for platform functionality
Performance Cookies: Help us understand usage patterns
Functionality Cookies: Remember your preferences
Marketing Cookies: Used for targeted advertising (with consent)

9.2 Managing Cookies

You can manage cookie preferences through:

Our cookie consent banner
Browser settings
Privacy settings in your account
Third-party opt-out tools

9.3 Do Not Track

We honor Do Not Track (DNT) browser signals. When DNT is enabled, we do not track your browsing activity across third-party websites or serve targeted advertisements.

10. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

Third-party integrations include:

Payment processors (Stripe, PayPal)
Social media platforms (LinkedIn, Facebook)
Analytics services (Google Analytics)
Communication tools (Slack, Microsoft Teams)

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: Request disclosure of personal information collected
Right to Delete: Request deletion of personal information
Right to Opt-Out: Opt-out of the sale of personal information
Right to Non-Discrimination: Not be discriminated against for exercising privacy rights

Note: We do not sell personal information to third parties.

To exercise your CCPA rights, call our toll-free number: 1-800-XXX-XXXX or visit our CCPA portal.

12. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

Legal Basis: We process data based on consent, contract, legal obligation, or legitimate interests
Data Protection Officer: Contact our DPO at dpo@overtimestaff.com
Supervisory Authority: You may lodge a complaint with your local data protection authority
Representative: Our EU representative can be contacted at eu-rep@overtimestaff.com

13. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes:

We will notify you via email or platform notification
We will update the "Last Updated" date
We will provide a summary of changes
We may request renewed consent where required

Continued use of our Services after changes indicates acceptance of the updated Privacy Policy.

14. Contact Us

For privacy-related questions, concerns, or requests:

OvertimeStaff Platform Limited

Privacy Department

123 Tech Hub, Innovation District

London, EC2A 4XX

United Kingdom

Email: privacy@overtimestaff.com

DPO: dpo@overtimestaff.com

Phone: +44 20 7123 4568

Privacy Portal: privacy.overtimestaff.com

Data Protection Registration:

ICO Registration Number: ZA123456

EU Representative: DataRep EU Ltd, Dublin, Ireland

Privacy Certifications and Compliance

ISO 27001

SOC 2

PCI DSS

GDPR

Document Version: 2.0.0 | Classification: Public | Next Review: July 2025