EEA Privacy Policy

Effective Date: May 5, 2020

Special Note for Users who are not in the EEA:
If you are in the US, or any country outside the European Economic Area (EEA), this EEA Privacy Policy does not apply to you. Instead please review our General Privacy Policy, which applies to you.  When we use the term “data”, “user” and “data subject”, we refer to data, users and data subjects from the EEA.

Flux Work, Inc. (“Flux” “we” “our” “us”) respects your privacy. We have prepared this EEA Privacy Policy to explain how we collect, use, protect, and disclose your information and data if you are in the EEA (an “EEA data subject”), including when EEA users use the www.fluxwork.co website (the “Site”), and the Flux mobility platform, mobile application, application programming interfaces, and other services offered by Flux (collectively the “Services”). This EEA Privacy Policy also explains your choices for managing your information preferences, including opting out of certain uses of your Personal Data (defined below). This EEA Privacy Policy applies to all EEA users of the Site and Services. The Site and Services are provided by Flux.  Services may be provided and paid for by your Employer (“Employer”).


1.  Who We Are and the Services We Provide
Flux is a technology company that provides a resourcing platform in order to connect employees to the company’s evolving work needs, and to grow your skills and/or career through information and experiences.  Whether it’s a full time role, rotation, flex time project, or other opportunity, the Services provide you with details of the opportunity and represent you and other candidates to your Employer.

2. Information We Collect and Our Role under GDPR
Flux as Data Controller
Flux may collect Personal Data about you as explained in this section. “Personal Data” is information relating to you as an identified or identifiable person. Under GDPR framework, Flux is the data controller as to the Personal Data we collect about you.

Personal Data Collected through Our Site or Services
(i) Registration & Profile Data
We may collect Personal Data when you use our Site or Services. In order to register your Flux account and create your profile, you provide information that personally identifies you, such as your name and e-mail address.  You may provide your company name, job history and other personally identifiable information that you choose to provide us with or that you choose to include in your profile.  If you want to fast-track the creation of your profile, we can pre-populate your profile with publicly available information about you from third party platforms, such as LinkedIn, when prompted during registration onboarding.  If you do not wish for us to do this, you may choose to proceed without this option.   This publicly available information is considered part of the Public Data Set.  You may be asked to provide us with Personal Data when you use any of our Services, when you communicate with us, and at other times.

(ii) Usage Data and Site Activity
We and our Service Providers (defined below) may automatically collect the following information about your device and your use of our Site or Services through cookies, web beacons, and other technologies: the functions you use and searches you perform using the Services; browser agent name and version; web pages you view; links you click; your IP address; the length of time you visit our Site and or use our Services; and the referring URL, or the webpage that led you to our Site (“Usage Data”). We use this information to monitor and improve the Site and Services, enhance your online experience and to enable us to provide you with an easier and more personalized experience and level of service. We may combine Usage Data with Personal Data that you have provided to us.

(iii) Cookies and Anonymous Identifiers
We may use cookies (a small text file placed on your computer to identify your computer and web browser) and may use anonymous identifiers (a random string of characters or a JSON web token). We use cookies and other anonymous identifiers for authentication purposes (to keep track of the fact that you have logged in) and to analyze use of and improve the Site and Services. Most web browsers are initially set up to accept cookies. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. The “help” feature of the menu bar on most browsers will tell you how to stop accepting new cookies, how to receive notification of new cookies and how to disable existing cookies. However, certain features of the Site or Services may not work if you delete or disable cookies. We may combine information from cookies or other identifiers with Personal Data that you have provided to us. Our Service Providers (defined below) may use cookies and other anonymous identifiers to help us provide the Services and improve our Services.  For example, we use Google Analytics for our analytics services.   Please see our cookie policy for further information about the cookies we use, and your choices regarding cookies.

(iv) Information You Input or Upload while Utilizing Our Services
As part of utilizing our Services you may input or upload information about talents, skills, previous work history and employers, educational background, job interests, personal qualities, and other similar information; you may also provide us with your credentials to third-party sites or services, such as LinkedIn, in order to synchronize certain emails, employment history, skills or other information with our Services; and you may provide us with other information (collectively “Customer Data”).  We use this data to provide the Services to you and your Employer, including our Work Genome technology.

• Flux Work Genome
Our goal is to help make great matches between your Employer and employees like yourself to illuminate pools of talent previously unknown to your Employer. To do that, we have developed our Work Genome: a learning data set based on the data provided by you or your Employer.  Our Work Genome allows your Employer to better understand skills, qualities, experiences and talents you may have to better assess whether you could be a match for any work or employment needs, as well as assisting you in being surfaced by our Service to your Employer based on additional job and skills related data in order for you to find new and exciting work opportunities or projects with your Employer.  If you wish to limit the visibility of your information you may do so via the user settings within the Services.

(v)  Public Data Set
As discussed above, our goal is to help make great matches between your Employer and employees like yourself to illuminate pools of talent previously unknown to your Employer. In furtherance of this goal, we have developed a public data set (“Public Data Set”) that bolsters the data provided by you or your Employer.  Our technology may continuously collect public personal information such as names, email addresses, approximate locations, educational background, employment history and job-skills related information, and other recruiting-related information from third party platforms, such as LinkedIn, to integrate into our Work Genome, to use as aggregated statistics in reports, or otherwise improve the Service.

If you do not wish to have your information included in our Public Data Set, we will honor your request to opt-out. To opt-out please provide your request with name and email address to support@fluxwork.co and we will remove your information from our system, or follow-up with you if we need further information in order to honor your request.

Please note, we may need to retain certain data about you in order to ensure that we can continue to honor your request to opt out. We will maintain the minimum amount of information necessary for this purpose, and will not share this information with your Employer.

Flux as Data Processor

Employer Provided Data
As part of utilizing our Services, your Employer may provide us with Personal Data such as your name, email address, job title, job location, job tenure dates, and other job related information (“Employer Data”).  Your Employer may provide us with this data so that you can create an account and utilize the Services.   Flux is a data processor as to Employer Data. Flux will only process Employer Data according to your Employer’s instructions and to deliver the Services to you.

3.  How We Use Information and When We May Share and Disclose Information
We use the information, including Personal Data, alone or in combination with other information that we may collect about you, including information from third parties, for the following purposes:

• to provide you with the Site and Services, including provide you with job and project opportunities by your Employer and skills assessments;
• to allow your Employer to assess and understand your skill set, employment background, eligibility and fit for job or project opportunities, including via operation of our Work Genome;
• to allow your Employer to contact you if your information matches a job or project opportunity;
• to provide information on where individuals in your organization have worked before, their skill sets, how you compare to their profile, and work or projects they have previously or are currently working on;
• to provide you with information on jobs or projects that  you may be interested in or qualified for;
• to allow other users to, if you allow, contact you and create new relationships and connections;
• to establish and maintain our account, to send you alerts about your account and provide you with customer support;
• to better understand how users access and use our Site and Services, both on an aggregated and individualized basis, to maintain, support, and improve our Site and Services, to respond to user preferences, and for research and analytical purposes, including publishing industry reports;
• to keep you informed of Flux programs, products and other service we think may be of interest to you; and
• to otherwise communicate with you about Flux, your Employer or work opportunities.

We may share and disclose information from you, including Personal Data, for the following purposes:
Service Providers:  From time to time, we may utilize other businesses whom we believe trustworthy and who have confirmed that their privacy practices are consistent with ours (“Service Providers”). For example, we use Amazon Web Services (AWS) as a Service Provider to host the Site and Services and store Personal Data. Your information is not disclosed to AWS, but is transferred through, and resides on, computers owned by AWS. AWS is ISO/IEC 27018 certified and has a system of controls in place that specifically address the privacy protection of Flux’s content. We may contract with other Service Providers to provide certain services, such as hosting and maintenance, data storage and management, authentication, analytics, and marketing and promotions. We only provide our Service Providers with the information necessary for them to perform these services on our behalf. Each Service Provider must agree to use reasonable security procedures and practices, appropriate to the nature of the information involved, in order to protect your Personal Data from unauthorized access, use, or disclosure. Service Providers are prohibited from using Personal Data other than as specified by us.
Compliance with Laws and Law Enforcement:   We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We may disclose Personal Data (including Customer Data and Usage Data) and any other information about you to government or law enforcement officials or private parties if, in our discretion, we believe it is necessary or appropriate in order to respond to legal requests (including court orders and subpoenas), to protect the safety, property, or rights of our organization or of any third party, to prevent or stop any illegal, unethical, or legally actionable activity, or to comply with the law.
Business Transfers:  We may share Personal Data (including Customer Data and Usage Data) with businesses controlling, controlled by, or under common control with our Company. If our Company is merged, acquired, or sold, or in the event of a transfer of some or all of our assets, we may disclose or transfer Personal Data, Customer Data and Usage Data in connection with such transaction. You will have the opportunity to opt out of any such transfer if it will result in the handling of your Personal Data in a way that differs materially from this Privacy Policy.
Aggregated Usage Data:  We will not disclose Personal Data to third parties, including for their direct marketing purposes, without your consent. We may disclose to third parties, certain Customer Data and/or Usage Data regarding the Site and Services, however, such uses shall be on an aggregated basis so as not to identify you individually.

4.  Our Purposes and Legal Basis for Processing
Our legal basis for collecting and processing your Personal Data (including any Customer Data, Usage Data, or Public Data considered Personal Data) as described above will depend on the Personal Data concerned and the specific context in which we collect it.  However, generally we rely on your consent to this Privacy Policy for the purposes of providing the Services as specifically set forth in the Section above.  Otherwise we rely on our legitimate interest where such processing is necessary to deliver the Services, or where it is necessary for our legitimate interests, or the legitimate interests of a third party, and those legitimate interests are not overridden by your rights and freedoms. Our legitimate interests, and the legitimate interests of others, include: (i) the interests of your Employer to be able to match you as a candidate for job or project opportunities; (ii) our interests helping make great matches between you and your Employer; (iii) helping you and others understand potential development and career opportunities; (iv) helping you and others understand potential development paths.  In some cases, we may have a legal obligation to collect or disclose Personal Data from you, or may otherwise process the Personal Data to protect your vital interests or those of another person.

5. Cross-Border Transfers and Safeguards
Flux stores and processes Personal Data in the United States. In the event Flux transfers Personal Data from the EEA to the United States, such transfer will be pursuant to the Standard Contractual Clauses approved by the European Commission, which require Flux to protect Personal Data it processes from the EEA in accordance with GDPR and applicable data protection laws.  Our Standard Contractual Clauses can be provided upon request.

6. How Long We Process and Store Information
We will store your information until you request that we delete your account, unless we have an ongoing legitimate business interest.  We retain Personal Data we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal requirements, to enforce our agreements or comply with our legal obligations).  When we have no ongoing legitimate business need to process your personal information, we will delete your data.  At any time, you can also limit the visibility of your information via the user settings within the Services, and opt out from our Public Data Sets.

7. Managing Your Personal Account Data
You can review, correct, update, delete, or change most of your Personal Data used to establish your account and limit the visibility of your Personal Data by using your account settings within the Services.  You are able to opt out of receiving certain e-mails and other communications from us within the Services or by e-mailing us at support@fluxwork.co. You are able to opt out of receiving marketing e-mails from us, however, you cannot opt out of receiving all e-mails from us, such as e-mails about the status of your account with us because those emails are necessary to deliver the Services you have requested.

8. Your Rights Regarding Your Personal Data under the GDPR
You have the following rights with respect to your Personal Data. When exercising any of the rights listed below, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights.

• The right to access, correct, update, and/or erase personal information
o At any point you can contact us at support@fluxwork.co to request access to or that we change, update or delete your personal information. Please note that we may impose a small fee for access and disclosure of your personal information where permitted under applicable law, which will be communicated to you. Certain information may be exempt from such requests under applicable law. For example, we may retain certain information for legal compliance and to secure our Services.
• The right to object to processing of your data
o You have the right to request that we stop processing your data for direct marketing or for processing based on our legitimate interests.  To exercise this right email us at privacy@fluxwork.co.
• The right to data portability
o To the extent that the legal basis for our processing of your personal data is: (i) consent; or (ii) that the processing is necessary for the provision of services to you or to take steps at your request to provide you services, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format, or to have us transfer your data to another controller.  To exercise this right email us at support@fluxwork.co.
• The right to withdraw your consent
o You have the right to withdraw your consent to the processing of your personal information at any time where the legal basis for our processing is your consent.  To exercise this right email us at privacy@fluxwork.co.
• The right to restrict processing of your data
o You have the right to restrict the processing of your data in certain circumstances including: (i) if you contest its accuracy; (ii) if the processing is unlawful and you oppose the erasure; (iii) if it is no longer needed for the purposes for which it was collected, but you require it for the defense of a legal claim.
• The right to lodge a complaint with a data protection authority
o You have the right to lodge a complaint with the supervisory authority, in the Member State where you have your habitual residence, place of work, or where an alleged infringement of the GDPR has taken place. For more information, please contact your local data protection authority.  Contact details for data protection authorities in the EEA are available at: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm

9. Be Careful When You Share Information with Others
Please be aware that whenever you share information on any public area of the Site or Services, that information may be accessed by others. In addition, please remember that when you share information in any other communications with third parties, that information may be passed along or made public by others. This means that anyone with access to such information can potentially use it for any purpose, including sending unsolicited communications.

10. Security
We maintain physical, electronic, and procedural safeguards to protect the confidentiality and security of information transmitted to us. However, no data transmission over the Internet or other network can be guaranteed to be 100% secure. As a result, while we strive to protect information transmitted on or through the Site or Services, we cannot and do not guarantee the security of any information you transmit on or through the Site or Services, and you do so at your own risk.

11. Links
Our Site and Services may contain links to other websites, platforms, hosted services or allow others to send you such links, including your Employer. A link to a third party’s website, platforms, hosted services does not mean that we endorse it or that we are affiliated with it. We do not exercise control over third-party websites, platforms, hosted services. You access such third-party websites platforms, hosted services or content at your own risk. You should always read the privacy policy of a third-party website, platforms, hosted services before providing any information to the website.

12. Children’s Privacy
The Site and Services are intended for EEA users who are the age of majority in their country. We do not knowingly collect Personal Data from users under the age of 16. If we become aware that we have inadvertently received Personal Data from a user under the age of 16, we will delete such information from our records.

13. Updates or Changes in Processing
If we wish to use your Personal Data for a new purpose, not covered by this Privacy Policy, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

In other circumstances, if we decide to change this Privacy Policy, we will inform you by posting the revised Privacy Policy on the Site. Those changes will go into effect on the “Revised” date shown in the revised Privacy Policy. By continuing to use the Site or Services, you are consenting to the revised Privacy Policy.

14. Contact Information
If you have any questions, feedback or to report a violation regarding the EEA Privacy Policy, you may email us at privacy@fluxwork.co or contact us by mail addressed to:

Flux Work, Inc.
44 Montgomery St., 3rd Floor
San Francisco, CA 94104
Attn: Data Protection Officer

PLEASE PRINT A COPY OF THIS PRIVACY POLICY FOR YOUR RECORDS.