Privacy Policy

Effective Date: REV. Jan 1st, 2025
Outsource This Work OÜ (hereinafter referred to as "the Company," "we," "us," or "our"), a limited liability company established and operating under the laws of the Republic of Estonia with its registered office at Harju maakond, Tallinn, Lasnamäe linnaosa, Pae tn 25-47, 11414, is committed to protecting the privacy and security of personal data.

This Privacy Policy explains how we collect, use, disclose, and safeguard personal information in connection with our outsourcing services, which involve sourcing resources and assembling teams in the areas of financial, administrative, marketing, and sales operations for corporate clients primarily based in the United States.

We process personal data in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679, as we are established in the European Union (EU), and other applicable data protection laws. Where we process personal data on behalf of our clients (e.g., as a data processor), we adhere to the terms of our data processing agreements. This Privacy Policy applies to personal data collected through our website, services, communications, and interactions with clients, candidates, employees, and other individuals.

By using our services or providing us with personal data, you consent to the practices described in this Privacy Policy. If you do not agree with this Policy, please do not provide us with your personal data or use our services.

This Privacy Policy is provided as a general template and for informational purposes only. It is not intended to constitute legal advice. We strongly recommend consulting with a qualified legal professional specializing in data protection laws (including GDPR and any relevant US state laws such as the California Consumer Privacy Act) to customize this policy to your specific business operations and ensure full compliance.

1. Types of Personal Data the Company Collect
We may collect the following categories of personal data, depending on your relationship with us (e.g., as a client, candidate, employee, or website visitor):
  • Identification and Contact Information: Name, email address, phone number, postal address, job title, and company affiliation.
  • Professional and Employment Data: Resumes/CVs, work history, qualifications, skills, references, salary expectations, and performance evaluations (for candidates and team members).
  • Financial Data: Bank account details, payment information, or invoicing records (where necessary for financial outsourcing services or payments).
  • Administrative Data: Contracts, agreements, and correspondence related to outsourcing services.
  • Marketing and Sales Data: Preferences, interests, and interaction history for targeted communications.
  • Technical Data: IP address, browser type, device information, and usage data when you visit our website (collected via cookies and similar technologies; see Section 9).
  • Sensitive Personal Data: In limited cases, such as for compliance or diversity purposes, we may collect data revealing racial or ethnic origin, health information, or criminal records, but only with explicit consent or as required by law.
We do not intentionally collect personal data from individuals under the age of 16. If we become aware of such collection, we will take steps to delete it.

2. How We Collect Personal Data
We collect personal data through various methods, including:
  • Directly from You: When you submit inquiries, applications, contracts, or communications via our website, email, phone, or in-person meetings.
  • From Third Parties: From clients (e.g., employee or candidate data provided for outsourcing), recruitment platforms, references, or public sources (e.g., LinkedIn profiles).
  • Automatically: Through website analytics tools, cookies, and tracking technologies that log your interactions.
  • During Service Provision: As part of assembling teams or providing outsourcing services, such as background checks or performance monitoring.
3. Legal Bases for Processing Personal Data
Under GDPR, we process personal data based on one or more of the following legal grounds:
  • Contractual Necessity: To perform our outsourcing services, such as sourcing candidates or managing teams.
  • Consent: Where you have explicitly agreed (e.g., for marketing communications or sensitive data processing).
  • Legitimate Interests: For business operations like improving services, fraud prevention, or internal analytics, provided these interests do not override your rights.
  • Legal Obligation: To comply with laws, such as tax reporting or anti-money laundering requirements.
  • Vital Interests: In rare cases, to protect someone's life or safety.
4. How We Use Personal Data
We use personal data for the following purposes:
  • To provide and manage outsourcing services, including resource sourcing, team assembly and their operations.
  • To communicate with clients, candidates, and team members (e.g., sending updates, invoices, or job/contract offers).
  • To process payments and handle financial transactions.
  • To conduct background checks, assessments, and compliance verifications.
  • To improve our services through analysis and feedback.
  • To send marketing materials (with your consent) about our services or industry insights.
  • To comply with legal and regulatory requirements.
  • To protect our rights, property, or safety, and that of our clients and users.
5. Sharing and Disclosure of Personal Data
We may share personal data with:
  • Service Providers: Third-party vendors (e.g., cloud storage providers, recruitment agencies, or payment processors) who assist us, bound by data protection agreements.
  • Clients: Personal data of candidates or team members as necessary for outsourcing services (we act as a processor in such cases).
  • Affiliates and Partners: Within our corporate group or with trusted partners for joint services.
  • Legal Authorities: If required by law, court order, or government request.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets.
We do not sell personal data to third parties.

6. International Data Transfers
As an Estonian company serving clients outside of the EU, we may transfer personal data outside the EU/EEA, including to the United States. We ensure such transfers comply with GDPR through mechanisms like Standard Contractual Clauses (SCCs), adequacy decisions, or binding corporate rules. For US transfers, we assess risks and implement safeguards to protect data.

7. Data Security
We implement appropriate technical and organizational measures to protect personal data from unauthorized access, loss, or breach. These include encryption, access controls, firewalls, and regular security audits. However, no system is entirely secure, and we cannot guarantee absolute security.
In the event of a data breach, we will notify affected individuals and authorities as required by GDPR (within 72 hours where feasible).

8. Data Retention
We retain personal data only as long as necessary for the purposes outlined above, or as required by law. For example:
  • Client and contract data: Up to 7 years for tax and accounting purposes.
  • Candidate data: 2 years after application, unless contractually obliged.
  • Marketing data: Until consent is withdrawn.
  • After retention periods, data is securely deleted or anonymized.

9. Cookies and Tracking Technologies
Our website uses cookies, web beacons, and similar technologies to enhance user experience, analyze traffic, and personalize content. Categories include:
  • Essential Cookies: Necessary for site functionality.
  • Analytics Cookies: To measure usage (e.g., Google Analytics).
  • Marketing Cookies: For targeted ads.
You can manage cookies via your browser settings. For more details, see our Cookie Policy.

10. Your Rights Under GDPR
As a data subject, you have the following rights:
  • Access: Request a copy of your personal data.
  • Rectification: Correct inaccurate data.
  • Erasure ("Right to be Forgotten"): Request deletion in certain cases.
  • Restriction: Limit processing under specific conditions.
  • Objection: Oppose processing based on legitimate interests or for marketing.
  • Data Portability: Receive your data in a structured format.
  • Withdraw Consent: At any time, without affecting prior processing.
  • Complaint: Lodge a complaint with the Estonian Data Protection Inspectorate (www.aki.ee) or your local supervisory authority.
To exercise these rights, contact us at info@outsourcethis.work. We will respond within one month, extendable if complex.

11. Children's Privacy
Our services are not directed to children under 16, and we do not knowingly collect their data. If we discover such data, we will delete it promptly.

12. Changes to This Privacy Policy
We may update this Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or our website. Continued use of our services after changes constitutes acceptance.

13. Contact Us
For questions, requests, or concerns about this Privacy Policy or our data practices, please contact our Data Protection Officer at:

Outsource This Work OÜ
Email: info@outsourcethis.work
Last Updated: Jan 1st, 2025
© All Rights Reserved. OutsourceThisWork LLC, 2025