Privacy Policy
How we handle your personal data and privacy.
1. Controller and Place of Data Processing
Proffyhub OÜ, registry code 16765578, located at Tähesaju tee 14, 13917 Tallinn, Estonia, acts as the data controller for personal data processed via the Proffy Platform (www.proffy.ee).
If you have additional questions or require more information about our Privacy Policy, you may contact us at info@proffy.ee.
All personal data is processed in accordance with applicable data protection legislation, including the General Data Protection Regulation (EU) 2016/679 ("GDPR"). The data is primarily processed within the European Economic Area (EEA).
If you have additional questions or require more information about our Privacy Policy, you may contact us at info@proffy.ee.
All personal data is processed in accordance with applicable data protection legislation, including the General Data Protection Regulation (EU) 2016/679 ("GDPR"). The data is primarily processed within the European Economic Area (EEA).
2. Consent
By accessing or using the Proffy Platform, Contractors and Companies confirm that they have read, understood, and agreed to the terms of this Privacy Policy.
3. What Personal Data We Collect and Why
For Contractors:
• Identification and contact details: full name, email address, phone number;
• Profile and work-related data: profile picture (optional), language skills, work preferences, gender, age;
• Banking and payment information: bank account details for payment processing;
• National ID data: personal identification code, and data regarding primary employment (if required by law);
• Activity data: login timestamps, job history, platform actions, earnings, and tax records;
• Device and system data: technical data collected from the Contractor's device (e.g., browser type, operating system, session logs), used to ensure platform performance, system diagnostics, and security;
• Location data: geographic information used to enable location-based job listings and to improve task-matching capabilities.
In some cases, Proffy may retrieve or verify certain categories of personal data using official sources such as public registers, private databases, and government systems, including but not limited to the Estonian Tax and Customs Board (EMTA) and Creditinfo, for the purpose of confirming identity and employment eligibility, fulfilling statutory obligations under labor, tax, and social insurance legislation, ensuring compliance with payroll and reporting requirements, and detecting or preventing fraudulent activity.
For Companies:
• Company identification data: name, business registry number, VAT number;
• Contact person information: full name, position, work email address, and telephone number;
• Financial and billing details: invoicing address, account type, transaction history, and payment records;
• Platform usage data: activity logs, job postings, messages sent, and user feedback submitted via the Platform.
Proffy may consult publicly accessible commercial or credit registers to verify the legal existence and compliance status of a Company, confirm the authority of the individual managing the Company account, prevent fraudulent creation or misuse of business accounts, and comply with obligations arising from employment, accounting, or anti-money laundering regulations.
• Identification and contact details: full name, email address, phone number;
• Profile and work-related data: profile picture (optional), language skills, work preferences, gender, age;
• Banking and payment information: bank account details for payment processing;
• National ID data: personal identification code, and data regarding primary employment (if required by law);
• Activity data: login timestamps, job history, platform actions, earnings, and tax records;
• Device and system data: technical data collected from the Contractor's device (e.g., browser type, operating system, session logs), used to ensure platform performance, system diagnostics, and security;
• Location data: geographic information used to enable location-based job listings and to improve task-matching capabilities.
In some cases, Proffy may retrieve or verify certain categories of personal data using official sources such as public registers, private databases, and government systems, including but not limited to the Estonian Tax and Customs Board (EMTA) and Creditinfo, for the purpose of confirming identity and employment eligibility, fulfilling statutory obligations under labor, tax, and social insurance legislation, ensuring compliance with payroll and reporting requirements, and detecting or preventing fraudulent activity.
For Companies:
• Company identification data: name, business registry number, VAT number;
• Contact person information: full name, position, work email address, and telephone number;
• Financial and billing details: invoicing address, account type, transaction history, and payment records;
• Platform usage data: activity logs, job postings, messages sent, and user feedback submitted via the Platform.
Proffy may consult publicly accessible commercial or credit registers to verify the legal existence and compliance status of a Company, confirm the authority of the individual managing the Company account, prevent fraudulent creation or misuse of business accounts, and comply with obligations arising from employment, accounting, or anti-money laundering regulations.
4. Legal Bases for Processing
Proffy processes personal data only where there is a lawful basis under the GDPR, including:
• Consent – when the User has voluntarily provided clear and specific permission for data processing activities (e.g., uploading a profile photo);
• Performance of a contract – where processing is necessary to facilitate or manage the contractual relationship between Contractors, Companies, and Proffy (e.g., registering shifts, administering payments);
• Compliance with legal obligations – where processing is required under applicable employment, labor, tax, or reporting regulations;
• Legitimate interests – where processing supports fraud prevention, service improvement, user support, or platform security, and such interests are not overridden by the fundamental rights and freedoms of Users.
• Consent – when the User has voluntarily provided clear and specific permission for data processing activities (e.g., uploading a profile photo);
• Performance of a contract – where processing is necessary to facilitate or manage the contractual relationship between Contractors, Companies, and Proffy (e.g., registering shifts, administering payments);
• Compliance with legal obligations – where processing is required under applicable employment, labor, tax, or reporting regulations;
• Legitimate interests – where processing supports fraud prevention, service improvement, user support, or platform security, and such interests are not overridden by the fundamental rights and freedoms of Users.
5. Disclosure and Transmission of Personal Data
Proffy does not disclose personal data to third parties unless such disclosure is:
• Necessary for the delivery of Platform services (e.g., sharing Contractor information with the Company upon confirmation of a Task);
• Mandated by law (e.g., disclosure to tax authorities or labor inspectors);
• Conducted via trusted third-party processors (e.g., hosting providers, payroll systems, or accounting services) under data processing agreements that ensure data confidentiality and compliance;
• Based on the User's explicit consent.
All processors and service providers engaged by Proffy are contractually required to comply with applicable data protection laws, including GDPR, and to maintain confidentiality, security, and purpose limitations.
• Necessary for the delivery of Platform services (e.g., sharing Contractor information with the Company upon confirmation of a Task);
• Mandated by law (e.g., disclosure to tax authorities or labor inspectors);
• Conducted via trusted third-party processors (e.g., hosting providers, payroll systems, or accounting services) under data processing agreements that ensure data confidentiality and compliance;
• Based on the User's explicit consent.
All processors and service providers engaged by Proffy are contractually required to comply with applicable data protection laws, including GDPR, and to maintain confidentiality, security, and purpose limitations.
6. How and Where We Share Data
Personal data may be shared with:
• Companies (if a Contractor applies for or is confirmed for a Task);
• Supervisory authorities or other public bodies where disclosure is required by applicable law;
• Authorized accounting, payroll, legal, or IT service providers;
• Other third parties where disclosure is necessary to comply with legal obligations or enforceable governmental or judicial requests.
Proffy only engages third-party service providers that are subject to written agreements containing robust confidentiality and data protection terms compliant with applicable laws and regulations.
• Companies (if a Contractor applies for or is confirmed for a Task);
• Supervisory authorities or other public bodies where disclosure is required by applicable law;
• Authorized accounting, payroll, legal, or IT service providers;
• Other third parties where disclosure is necessary to comply with legal obligations or enforceable governmental or judicial requests.
Proffy only engages third-party service providers that are subject to written agreements containing robust confidentiality and data protection terms compliant with applicable laws and regulations.
7. Data Security
Proffyhub OÜ implements appropriate technical and organizational measures to safeguard personal data against unauthorized access, alteration, disclosure, or destruction. Personal data processing activities are logged and monitored where necessary to ensure compliance and security. In selecting its partners and vendors, Proffy evaluates their data protection standards and requires contractual commitments ensuring full compliance with privacy and security obligations under GDPR.
8. Data Retention
Personal data is stored only for as long as necessary to fulfill the purposes for which it was collected, or as required under applicable law.
In accordance with Estonian accounting and tax legislation, Proffy retains invoicing and payroll-related records for a period of seven (7) years from the date of submission. Records related to legal transactions between Proffy and Contractors or Companies may be retained for up to ten (10) years, in accordance with the general statute of limitations for civil claims under the Estonian General Part of the Civil Code Act.
In accordance with Estonian accounting and tax legislation, Proffy retains invoicing and payroll-related records for a period of seven (7) years from the date of submission. Records related to legal transactions between Proffy and Contractors or Companies may be retained for up to ten (10) years, in accordance with the general statute of limitations for civil claims under the Estonian General Part of the Civil Code Act.
9. Your Rights Under GDPR
In accordance with GDPR and applicable data protection laws, all Users of the Platform (including Contractors and Companies) have the following rights with respect to their personal data:
• Right of access – to request and obtain confirmation about whether personal data is being processed and to receive a copy of such data;
• Right to rectification – to request correction of inaccurate or incomplete data;
• Right to erasure ("right to be forgotten") – to request deletion of personal data where no overriding legal basis exists for continued processing;
• Right to restriction of processing – to request temporary suspension of processing under certain conditions;
• Right to data portability – to request personal data in a structured, machine-readable format for transfer to another data controller;
• Right to withdraw consent – to revoke consent where consent was the legal basis for processing;
• Right to object – to object to certain types of processing, including automated decision-making and profiling, where applicable;
• Right to lodge a complaint – to file a complaint with a supervisory authority if you believe your rights have been violated.
To exercise any of these rights, Users may contact Proffyhub OÜ by email at info@proffy.ee or by postal mail at: Tähesaju tee 14, 13917 Tallinn, Estonia
• Right of access – to request and obtain confirmation about whether personal data is being processed and to receive a copy of such data;
• Right to rectification – to request correction of inaccurate or incomplete data;
• Right to erasure ("right to be forgotten") – to request deletion of personal data where no overriding legal basis exists for continued processing;
• Right to restriction of processing – to request temporary suspension of processing under certain conditions;
• Right to data portability – to request personal data in a structured, machine-readable format for transfer to another data controller;
• Right to withdraw consent – to revoke consent where consent was the legal basis for processing;
• Right to object – to object to certain types of processing, including automated decision-making and profiling, where applicable;
• Right to lodge a complaint – to file a complaint with a supervisory authority if you believe your rights have been violated.
To exercise any of these rights, Users may contact Proffyhub OÜ by email at info@proffy.ee or by postal mail at: Tähesaju tee 14, 13917 Tallinn, Estonia
10. Cookies and Tracking
Cookies are small text files stored on a User's device when visiting the Platform. Proffy uses cookies to ensure proper functionality, improve platform performance, and support analytics. Types of cookies used include:
• Session cookies – to maintain session state and support user navigation;
• Preference cookies – to remember login credentials and language preferences;
• Analytical cookies – to measure usage statistics and identify performance bottlenecks.
Proffy may also use third-party analytics tools, such as Google Analytics or similar services, which rely on cookies to analyze platform usage. By continuing to use the Platform, you consent to the use of cookies as described in this Privacy Policy. You may withdraw your consent at any time by changing your browser settings, although this may affect the usability of some features.
• Session cookies – to maintain session state and support user navigation;
• Preference cookies – to remember login credentials and language preferences;
• Analytical cookies – to measure usage statistics and identify performance bottlenecks.
Proffy may also use third-party analytics tools, such as Google Analytics or similar services, which rely on cookies to analyze platform usage. By continuing to use the Platform, you consent to the use of cookies as described in this Privacy Policy. You may withdraw your consent at any time by changing your browser settings, although this may affect the usability of some features.
11. Governing Law and Dispute Resolution
This Privacy Policy, along with all matters arising from or related to the use of the Proffy Platform, shall be governed by the laws of the Republic of Estonia. In the event of a dispute, the parties shall first attempt to resolve the matter amicably through good-faith negotiations. If no resolution is reached, the dispute shall be submitted to the exclusive jurisdiction of Harju County Court.
Supervisory Authority:
Estonian Data Protection Inspectorate
Address: Veerenni 39, 10138 Tallinn, Estonia
Website: https://www.aki.ee
Supervisory Authority:
Estonian Data Protection Inspectorate
Address: Veerenni 39, 10138 Tallinn, Estonia
Website: https://www.aki.ee