Thank you for visiting! Please bear with us as we continue to update and improve our platform! Dismiss

Privacy Policy

Welcome to Needzy and our contractor directory at www.hireneedzy.com (our “website”). At Needzy, we respect your privacy and are committed to being transparent about what data we collect when you visit and use our website and/or our services and how it is used.

GENERAL INFORMATION

a) What is Personal Data?

Personal Data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number, as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not Personal Data. This includes, for example, the number of users of a website.

b) What is processing?

“Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means. The term is broad and covers virtually any handling of data.

c) What law applies?

In principle, we will only use your Personal Data in accordance with the applicable data protection laws, in particular New York’s common law and privacy requirements and the EU’s General Data Protection Regulation (“GDPR”).

d) Who is responsible for data processing?

The responsible party for data processing is Needzy LLC of New York, USA (“Needzy”, “we”, “us”, “our”). If you have any questions about this policy or our data protection practices, you can reach us using [email protected] with “Data Protection” in the subject line.

e) What are the legal bases of processing?

We only process your Personal Data if at least one of the following applies:

● you have given your consent,

● the data is necessary for the fulfillment of a contract / pre-contractual measures,

● the data is necessary for the fulfillment of a legal obligation, or

● the data is necessary to protect our legitimate interests, provided that your interests are not overridden.

DATA WE COLLECT AUTOMATICALLY

a) Log data

Each time you visit our website, our system automatically records the following data from the visiting device and stores it in a so-called log file: i) Name of the retrieved file, ii) date and time of the visit, iii) amount of data transferred, iv) message about successful retrieval, type of browser and version used, v) IP address (identification of the user’s device), vi) operating system of the visiting device, vii) Internet service provider of the visiting device, viii) website from which you access our platform, and ix) which of our platform pages you are accessing. The legal basis for processing is our legitimate interest.

b) Hosting

To provide our website, we use the services of GoDaddy, who process all data to be processed in connection with the operation of our website on our behalf. The legal basis for the data processing is our legitimate interest in providing our website.

c) CMS and eCommerce System

We use the open source Content Management System (CMS) of WordPress.Org and the eCommerce system of WooCommerce by Automattic to publish and maintain the created and edited content and texts on our website. This means that all content and texts submitted to us are transferred to GoDaddy, Privacy Policy and that your contact and contract data and your usage data are stored on WooCommerce’s servers. The legal basis for this processing is our legitimate interest.

d) Fonts

We use Google Fonts by Google on our website to display external fonts. To enable the display of certain fonts, a connection to a Google server is established when our website is accessed. The connection to Google is established when you visit our website, which enables Google to determine which website sent the request to display fonts and to which IP address the display of the font is to be transmitted. This represents a legitimate interest.

e) Economic analyses and market research

For business reasons, we analyze the data we have on web and server traffic patterns, website interactions, browsing behavior, etc. The analyses serve us alone and are not disclosed externally and processed using anonymous analyses with summarized and/or anonymized values (“Aggregated Data”). Aggregated Data could be derived from your Personal Data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy.For this purpose we use Google Analytics from Google, Godaddy Analytics from GoDaddy. And SourceBuster JS. The legal basis is our legitimate interest and your consent. For further information on our use of Google Analytics, please refer to our Cookie Policy.

f) Cookies

For the processing of Personal Data using cookies and similar technologies on our website, please refer to our Cookie Policy. The legal basis for the use of cookies is our legitimate interest or your consent when you agree to the use of technically non-essential cookies as further explained in our cookie policy.

g) Cookie consent

As set out in New York’s common law and privacy requirements and the EU`s Privacy and Electronic Communications Directive (“PECD”), we need to obtain consent for the use of technically non-essential cookies. For this purpose, we use a cookie consent tool to obtain your consent to the storage of cookies and to document this consent. When you enter our website, the following Personal Data is transferred to us via our cookie consent tool: i) Your consent(s) or revocation of your consent(s); ii) Your IP address; iii) Information about your browser; iv) Information about your device; v) Time of your visit to our website. The basis for processing is our legitimate interest and your consent.

DATA WE COLLECT DIRECTLY

a) General

We may ask you for Personal Data when you:

● use our website and directory services,

● request services, support, or information,

● participate online or otherwise in marketing and advertising activities,

● subscribe to our marketing and promotional emails or other materials,

● interact with us on third-party social networking sites (subject to the terms of use and privacy policies of said third parties), or

● contact us.

In order to provide you with a more consistent and personalized user experience in your interactions with Needzy, data collected through one source may also be linked to other data collected by Needzy through other sources. This may include data that helps us identify you when you access our website through several different devices.

b) Contacting us

In addition to your name, email address, IP address, or telephone number, if provided, we usually collect the context of your message, which may also include certain Personal Data. The Personal Data collected when contacting us is to handle your request, and the legal basis is both your consent and Contract.

c) Registration of a user account

On our website, we offer users (Home Owner or Construction Professional) the opportunity to register an account. The data is entered into our registration form, transmitted to us, and stored. The data is not passed on to third parties. The following data may be collected as part of the registration process: i) Company Name/Username, ii) Email address, iii) Password, iv) the IP address of the user and vi) date and time of registration. The legal basis for processing is consent and the fulfillment of a contract. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. As a user, you have the option at any time to delete your account or change the Personal Data you have stored with us at any time independently and/or delete it or have deleted. If the data is necessary for the fulfillment of a contract or for the execution of pre-contractual measures, an early deletion of the data is only possible, as long as contractual or legal obligations do not oppose a deletion. Alternatively, you are able to sign up using the convenience login and sign up from Google. For convenience log in and sign up, you will be asked to provide your basic information (i.e., name, email address, and display picture) linked to your account. When registering via convenience functions, you agree to the relevant terms and conditions and consent to certain data from your respective profile being transferred to us.

d) Use of our listing services

If you wish to use our listing services and its features, we process the Personal Data you voluntarily provide for the purpose of providing our listing services. Depending on how you use our listing services, you may provide images, contact information, company information, location data etc. and upload content such as text, photographs, etc. This content will be made public and may be viewed and otherwise accessed by others.

Some of the Personal Data you provide may be considered “special” or “sensitive”. By choosing to provide this data, you consent to our processing of that data. You have choices about the data you provide and how you share it. You don’t have to provide Personal Data; however, information about you helps you to get more from our services. It’s your choice whether to include Personal Data and to make that information available to us. Please do not share information that you would not want to be available. The legal basis for processing your Personal Data is the establishment and implementation of the user contract for the use of the service as well as your consent.

e) Information that we share with others

You share information with other users when you voluntarily disclose information on the service (including your profile). Please be careful with your information and make sure that the content you share is stuff that you’re comfortable being visible. The legal basis for the data processing is the fulfillment of our contractual obligations and, in individual cases, the fulfillment of our legal obligations as well as your consent.

f) Information that we receive from others

In addition to the information you provide to us directly, we receive information about you from others, including other users who provide us with information about you. For example, when they leave a review about your services. The legal basis is the fulfillment of the user contract for the use of our website as well as your consent.

g) Chats and communications

Of course, we also process your chats and communications with other users, as well as the content you share through messaging. The legal basis for providing the above is the fulfillment of the user contract for the use of our services as well as your consent.

h) Images and facial-related information

In providing our model directory and publishing your content, including your video and images, we may process images and facial-related information from our users. Images and facial-related information are used and processed solely for the purpose explicitly consented to, and we do not collect, use, or store any images and facial-related information for the purpose of recognizing faces outside of this purpose. The legal basis is your consent.

i) Verified User Badge

To verify your profile, we may process information such as your government-issued identification, gender, date of birth, place of birth, addresses, nationality, national insurance number, etc. The legal basis for providing the above is the fulfillment of the user contract for the use of our services as well  as your consent.

j) Administration, financial accounting, office organization, contact management

We process data in the context of administrative tasks as well as organization of our business, and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are our legal obligations and our legitimate interest.

k) Payment Data

If you make payment, your payment data will be processed via our payment service provider through our website. Payment data will solely be processed by our payment service provider, WooPayments by Automattic and we have no access to any Payment Data you may submit. The legal basis for the provision of a payment system is the establishment and implementation of the user contract for the use of the service.

l) Social Media

We have a presence on social media based on our legitimate interests. If you contact or interact with us via social media websites, we and the respective social media website are jointly responsible for the processing of your data and enter into a so-called joint-controller agreement. The legal basis is our legitimate interest, your consent or, in some cases, the initiation of a contractual performance, if any.

MARKETING

Insofar as you have given us your consent to process your Personal Data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.

You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission, or sometimes your consent is implied from your interactions or contractual relationship. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving marketing communication based on your interactions or contractual relationship with us.

Our marketing generally takes the form of email but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent by us or on our behalf will include a means by which you may unsubscribe or opt out.

PRINCIPLES OF PROCESSING PERSONAL DATA

a) Storage and Retention

We will retain your Personal Data as necessary in connection with the purposes described in this Privacy Policy, and in accordance with NY`s retention periods for up to 8 years.

b) Security

Our website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data, or contact requests that you send to us.

We have also implemented numerous security measures (“technical and organizational measures”) for example, encryption or need-to-know access, to ensure the most complete protection of Personal Data processed through this website.

Nevertheless, internet-based data transmissions can always have security gaps, so that absolute protection cannot be guaranteed. And databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will act in accordance with New Yorks’ Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) and among other measures notify all affected individuals whose Personal Data may have been compromised as expeditiously as possible after which the breach was discovered.

c) Sharing and Disclosure

We will not disclose or otherwise distribute your Personal Data to third parties unless this is i) necessary for the performance of our services, ii) you have consented to the disclosure, iii) or if we are legally obliged to do so, e.g., by court order, or if this is necessary to support criminal or legal investigations or other legal investigations or other legal proceedings, or proceedings at home or abroad, or to fulfill our legitimate interests.

d) International Transfer

In the course of our website operation, we process data. We usually do not transfer Personal Data to countries outside the USA. We will ensure that the said Personal Data will be transferred only if there is a sufficient basis for this under the GDPR and other applicable legal acts. Standard contractual clauses for data transfers outside the EU or EEA. Your Personal Data as well as Personal Data of your users might be transferred to processors, sub-processors or other data recipients established in third countries.

For such transfers to be compatible with the requirements of GDPR, we have concluded with the data processors and/or sub-processor relevant agreements on such data transfers outside EU or EEA, which comply with the European Commission approved standard contractual clauses for data transfers from data controllers in the EU to data processors and/or controllers established outside the EU or European Economic Area (EEA).

YOUR RIGHTS AND PRIVILEGES

a) Privacy rights

You can exercise the following rights:

The right to access;

● The right to rectification;

● The right to erasure;

● The right to restrict processing;

● The right to object to processing;

● The right to data portability;

b) Update your information and withdraw your consent If you believe that the information we hold about you is inaccurate or request its rectification, deletion, or object to legitimate interest processing, please do so by contacting us.

c) Access Request

In the event you want to make a Data Subject Access Request, please contact us. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.

d) What we do not do

● We do not request Personal Data from minors and children;

● We do not process special category data without obtaining prior specific consent;

● We do not use automated decision-making, including profiling; and

● We do not sell your Personal Data.

e) Who is the competent data protection authority?

The Office of the Attorney General. If you believe that the processing of your Personal Data is not lawful, you can lodge a complaint with the AG or your local data protection supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach the AG or any other supervisory authority.

USA SPECIFIC PROVISIONS

The following applies to users located elsewhere in the United States. While we understand and appreciate that privacy and consumer data protection laws differ as they are subject to each state’s legislature and that no data protection framework similar to the EU’s GDPR exists on a federal level, we are committed to follow and apply the for your state relevant privacy rules and regulations.

As of the day of drafting, the following states had enacted privacy and consumer data protection laws: California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Texas, Utah, and Virginia. Under consideration of the similarities of the above provisions, no conflict should arise pursuing a uniform approach in granting all users in the USA the same rights and privileges as set out above. However, should ambiguity occur the most stringent provision is chosen to ensure the most comprehensive approach when it comes to protecting your Personal Data.

Further, the following also apply

i) “Shine the Light”

“Shine the Light” law (Civil Code Section 1798.83) requires us to respond to requests from California asking about the business’s practices related to disclosing Personal Data to third parties for the third parties’ direct marketing purposes. You may make a request about our collection and disclosure of your Personal Data using the contact details provided.

ii) COPPA (Children Online Privacy Protection Act)

When it comes to the collection of Personal Data from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under the age of 13 years old.

iii) CAN SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations. To be in accordance with CAN SPAM, we agree to the following: If at any time you would like to unsubscribe from receiving future emails, you can email us, and we will promptly remove you from ALL correspondence.

iv) Telephone Consumer Protection Act (TCPA)

If we process your Personal Data for the purpose of sending you SMS marketing communications, you may manage your receipt of marketing and non-transactional communications from us by replying or texting ‘STOP’ if you receive our SMS communications. In this respect, the data processing is carried out solely on the basis of our consent in personalized direct advertising per SMS.

v) Controls For Do-Not-Track Features

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (‘DNT’) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, our website does not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this policy.

vi) Right to complain

Finally, and in regard to the right to complain to a supervisory authority. You have the right to lodge a complaint about our processing of Personal Data with a supervisory authority responsible for data protection. Users based in the above-mentioned States may lodge a complaint with the relevant district attorney or attorney general office. However, we would appreciate the opportunity to address your concerns before you contact any supervisory authority.

CANADA AND MEXICO SPECIFIC PROVISIONS

Both Canada and Mexico have introduced data protection laws that are similar to the GDPR, namely Federal Law for the Protection of Personal Data in the Possession of Private Parties (“LFPDPPP”) supplemented by the Rules of the Federal Law for the Protection of Personal Data in the Possession of Private Parties in Mexico and the Personal Information Protection and Electronic Documents Act (“PIPEDA”) in Canada. Under consideration that the GDPR has played a pivotal role, no conflict should arise pursuing a uniform approach in granting all users in Mexico or Canada the same rights and privileges as set out above. However, should ambiguity occur, the most stringent provision is chosen to ensure the most comprehensive approach when it comes to protecting your Personal Data.

In terms of your right to complain, Canada’s national supervisory authority is the Office of the Privacy Commissioner (www.priv.gc.ca) and the National Institute of Transparency, Access to Information and Personal Data Protection (Instituto Nacional de Transparencia, Acceso a la Informaci.n y Protecci.n de Datos Personales) (“INAI”) is the national supervisory authority in Mexico (www.ifai.org.mx).

HELP AND COMPLAINTS

If you have any questions about this policy or the information we hold about you, please contact us using [email protected] with “Data Protection” in the subject line.

CHANGES

The first version of this policy was issued on Monday, November 4th, 2024, and is the current version.

Any prior versions are invalid, and if we make changes to this policy, we will revise the effective date.