WORKYNET.COM PRIVACY POLICY

Last updated: October 2, 2024

1. SCOPE AND APPLICABILITY

This policy applies to all users of Workynet.com, including residents of the European Economic Area (EEA), Switzerland, Canada, the United States, and New Mexico. We comply with data protection laws of all these jurisdictions, including GDPR, Swiss FADP, Canadian PIPEDA, and applicable US laws.

2. DATA CONTROLLER

Workynet LLC is the controller of your personal data.

• Data Protection Officer: legal@workynet.com

• Main Contact: info@workynet.com

• Legal Address: Workynet LLC | 8206 Louisiana Blvd NE, Ste B #10615 Albuquerque, NM 87113

3. IT SUBCONTRACTING WITH TRUSTIATIS LLC

Workynet LLC subcontracts its IT services to Trustiatis LLC, which acts as a data processor. This relationship is governed by contracts compliant with GDPR for European and Swiss data, PIPEDA for Canadian data, and applicable US laws.

Trustiatis LLC only accesses data for hosting, maintenance, and system security, under strict contractual confidentiality and security obligations.

4. PAYMENT PROVIDERS AND FINANCIAL DATA PROCESSING

4.1 Third-Party Payment Processors
Workynet LLC uses the following payment providers who act as independent controllers for financial transactions:

• Stripe, Inc.: Credit/debit card processing

• PayPal Holdings, Inc.: Electronic wallet services

• Wise Payments Limited: International transfers

• Mercury Financial, LLC: Banking and treasury services

4.2 Data Collected by Payment Processors
These entities independently collect and process:

• Credit/debit card information (number, expiration date, CVV)

• Financial transaction history

• Identity verification data for compliance

• Billing and shipping addresses

• Financial KYC documents

4.3 Legal Basis and Purpose
Financial data processing is necessary for:

• Payment contract execution

• Compliance with financial regulations (PSD2, AML/KYC)

• Fraud prevention and transaction security

4.4 Liability Disclaimer
Workynet LLC is not responsible for data processing by payment providers. Each entity acts as an independent controller according to its own terms and conditions and privacy policy.

5. INFORMATION COLLECTED AND PURPOSES

A. Automatic Technical Data
Browser, IP address, time zone, cookies - exclusively for website security, abuse prevention, and establishment of anonymous usage statistics.

B. Personal Data - Individual KYC

• Civil identity: Name, surname, date and place of birth

• Contact details: Postal address, email, phone number

• Payment information: Bank data necessary for transactions

• Identity proofs: Copy of ID document and selfies (upon justified request)

• Biometric data: Selfies for identity verification within KYC framework

Purposes: Execution of subscribed services, customer relationship management, transaction security, regulatory compliance.

C. Business Data - KYC Compliance

• Representative identification: ID documents of directors and agents and selfies

• Legal documents: Articles of association, official registry extracts, meeting minutes

• Shareholding structure: List of beneficial owners (holding >25%)

• Activity justifications: Commercial, fiscal, and financial documents

• Biometric data: Selfies of legal representatives for verification

Purposes: Compliance with legal customer knowledge obligations (KYC), anti-money laundering and counter-terrorist financing (AML/CTF), eligibility validation for services.

6. COMMUNICATION TO AUTHORITIES

According to our legal obligations, we may be required to communicate your personal data to competent authorities upon legal request, particularly within the framework of:

• Formal requests from judicial authorities

• Financial regulator investigations

• Anti-money laundering procedures

• Tax authority requests

• Financial intelligence service investigations

These communications are carried out in strict respect of applicable legal bases in each jurisdiction.

7. LEGAL BASES FOR PROCESSING

• Contract execution: Orders and services

• Explicit consent: Newsletters, marketing

• Legitimate interest: Security, internal analyses

• Legal obligations: Fiscal, regulatory, KYC/AML/CTF compliance and communication to authorities

8. YOUR RIGHTS BY JURISDICTION

EEA and Switzerland Residents

• Right of access, rectification, erasure

• Right to restriction and objection

• Right to data portability

• Right to withdraw consent

• Right to set guidelines regarding conservation, erasure, and communication of your data after your death

Canada Residents

• Access to personal information

• Correction of inaccuracies

• Withdrawal of consent

• Filing complaints with the Privacy Commissioner

United States Residents
California:

• Right to know and access

• Right to opt-out of data sale

• Right to deletion

• Non-discrimination

• Right to limit use of sensitive data

New Mexico:

• Notification in case of breach

• Right of access and rectification

9. MINOR PROTECTION

Our website is not intended for children:

• Under 13 years: United States (COPPA) and Canada

• Under 14 years: Switzerland

• Under 16 years: EEA (or local age of consent)

No voluntary data collection below these ages. If we discover we have collected personal data from a minor without parental consent, we will delete it immediately.

10. DATA RETENTION

• Account data: Account duration + 3 years after last activity

• Transactions: 10 years (legal tax obligations)

• Prospects: 3 years after last active contact

• Analytical cookies: 13 months (CNIL compliance)

• KYC documents: 5 years after end of business relationship (according to AML/CTF obligations)

• Biometric data: 90 days after successful identity verification, unless contrary legal obligation

• Payment data: According to payment processor retention policies (generally 7 years for compliance)

11. INTERNATIONAL TRANSFERS

From EEA/Switzerland:

• Canada: EU adequacy decision

• United States: EU-US Data Privacy Framework or Standard Contractual Clauses

• Payment providers: Transfers based on PCI DSS certifications and contractual clauses

From Canada:

• Transfers compliant with PIPEDA equivalent protection principles

From United States:

• Internal transfers compliant with federal and state laws

12. SECURITY AND DATA BREACH

We implement appropriate technical and organizational measures including:

• Sensitive data encryption

• Role-based access control

• Continuous system monitoring

• Regular backups

• Recommended multi-factor authentication

• PCI DSS compliance for payment data

In case of breach:

• EEA/Switzerland: Notification within 72h to competent authorities

• Canada: Notification according to PIPEDA timelines to authorities and concerned persons

• New Mexico: Compliance with Data Breach Notification Act

• Information of concerned persons if high risk to their rights and freedoms

• Coordination with payment providers in case of incident affecting financial data

13. COOKIE MANAGEMENT

Essential cookies: Website functioning (exempt from consent)
Analytical cookies: Audience measurement (consent required EEA/Switzerland)
Personalization cookies: Preferences (consent required)

Consent modalities:

• EEA/Switzerland: Explicit prior consent via cookie banner

• Canada: Consent according to data sensitivity

• United States: Generally implicit consent, with opt-out possibility

14. FRAUD PROTECTION

Workynet LLC implements appropriate security measures but declines all responsibility for:

• Fraudulent emails, phishing attempts, or identity theft

• Financial losses resulting from hacking or fraudulent maneuvers by third parties

• Unauthorized use of your identifiers due to your negligence

• Security incidents occurring at payment providers

Security recommendations:

• Verify email authenticity (sender, spelling, links)

• Use two-factor authentication

• Never communicate your passwords

• Immediately report any fraud attempt

• Regularly monitor your bank statements

15. CONTACT INFORMATION AND RIGHTS EXERCISE

To exercise your rights or any questions:

• Email: info@workynet.com

• Data Protection Officer: legal@workynet.com

• Response time: 1 month maximum, extendable by 2 months for complexity

• Free exercise of rights, except manifestly unfounded or excessive requests

For payment data: Contact the concerned provider directly (Stripe, PayPal, Wise, Mercury) who acts as an independent controller.

16. MODIFICATIONS AND COMPLAINTS

This policy is regularly updated to respect legislative evolutions. Substantial modifications are notified by email 30 days before their entry into effect.

Filing complaints:

• EEA: Data protection authority of your country

• Switzerland: Federal Data Protection and Information Commissioner

• Canada: Privacy Commissioner

• United States: State consumer protection authorities (FTC, etc.)

• Payments: Competent financial regulatory authorities according to provider

By using Workynet.com, you acknowledge having read, understood, and accepted the entirety of this privacy policy, including provisions related to third-party payment providers.