MultiWork | Collaborative Tech Projects & Career Development

Data Processing Policy

Last updated: January 25, 2025

This Data Processing Policy explains how MultiWork (“we,” “us,” or “our”) processes personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.


1. Scope of the Policy

This policy applies to all personal data processed by MultiWork in connection with the services we provide, including data of customers, users, employees, contractors, and business partners. It outlines our principles and practices to ensure compliance with GDPR requirements.


2. Data Protection Principles

We adhere to the following principles when processing personal data:

  1. Lawfulness, fairness, and transparency: Personal data is processed lawfully, fairly, and transparently.
  2. Purpose limitation: Personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  3. Data minimization: Personal data is adequate, relevant, and limited to what is necessary for processing.
  4. Accuracy: Personal data is accurate and, where necessary, kept up-to-date.
  5. Storage limitation: Personal data is retained only for as long as necessary to fulfill the purposes of processing.
  6. Integrity and confidentiality: Personal data is processed securely to protect against unauthorized or unlawful processing and accidental loss, destruction, or damage.

We process personal data only when there is a lawful basis, as defined under GDPR. These bases include:

  • Consent: The data subject has given clear consent for their personal data to be processed for a specific purpose.
  • Contractual necessity: Processing is necessary to fulfill a contract or take steps to enter into a contract with the data subject.
  • Legal obligation: Processing is necessary to comply with a legal obligation.
  • Legitimate interests: Processing is necessary for the purposes of our legitimate interests, provided these do not override the rights and freedoms of data subjects.
  • Vital interests: Processing is necessary to protect someone’s life.
  • Public task: Processing is necessary to perform a task in the public interest or exercise official authority.

4. Data Subject Rights

Under GDPR, data subjects have the following rights regarding their personal data:

  1. Right to access: Individuals can request access to their personal data and information about how it is processed.
  2. Right to rectification: Individuals can request correction of inaccurate or incomplete data.
  3. Right to erasure (“right to be forgotten”): Individuals can request the deletion of their personal data in specific circumstances.
  4. Right to restrict processing: Individuals can request the restriction of processing under certain conditions.
  5. Right to data portability: Individuals can request their personal data in a structured, commonly used, and machine-readable format and have the right to transmit it to another controller.
  6. Right to object: Individuals can object to the processing of their personal data in certain circumstances.
  7. Rights related to automated decision-making: Individuals have the right not to be subject to decisions based solely on automated processing, including profiling, that significantly affects them.

To exercise any of these rights, please contact us at [email protected].


5. Data Security

We implement appropriate technical and organizational measures to ensure the security of personal data, including:

  • Encryption of personal data during transmission and storage.
  • Regular security audits and vulnerability assessments.
  • Access controls to limit access to personal data to authorized personnel only.
  • Incident response plans to manage data breaches effectively.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements. Once the retention period expires, personal data is securely deleted or anonymized.


7. Data Transfers

Where we transfer personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as:

  • Transfers to countries that the European Commission has deemed to provide adequate protection.
  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Binding Corporate Rules (BCRs) or other lawful transfer mechanisms.

8. Third-Party Processors

We may share personal data with third-party processors who perform services on our behalf. All third-party processors are required to:

  • Process personal data only on our instructions.
  • Implement appropriate data protection measures.
  • Comply with applicable data protection laws.

9. Data Breach Notification

In the event of a data breach that is likely to result in a risk to the rights and freedoms of individuals, we will:

  1. Notify the relevant supervisory authority within 72 hours of becoming aware of the breach.
  2. Inform affected data subjects without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
  3. Document all data breaches, regardless of their impact, for accountability purposes.

10. Contact Information

If you have any questions or concerns about this Data Processing Policy or how we process personal data, please contact us:


11. Changes to This Policy

We may update this policy as necessary to stay compliant with applicable laws and reflect any changes in our data processing practices. The updated policy will be posted on our website with an updated “Last updated” date. We encourage you to review this policy regularly.