Privacy Notice
Date of effect: March 22, 2024
Last updated: March 20, 2024
We've developed this Privacy Notice ("Privacy Notice") to explain to you how we collect, use, disclose, and store personal data.
Introduction
This Privacy Notice applies to Toloka AI AG and its relevant affiliates listed in section 16 ("Toloka", "we", "us", "our")("Toloka affiliates").
When Does This Privacy Notice Apply?
This Privacy Notice applies to personal data that Toloka handles as a Controller. This includes when you:
Visit or interact with the toloka.ai and/or mindrift.ai websites (the “Website(s)”), the Toloka mobile applications, the Toloka Platform, other resources associated with Toloka and the branded social media pages which we operate;
Register for or participate in our webinars, events, programs, marketing, and promotional activities;
Interact with us in person, such as when you visit our offices; and
Inquire about or engage in commercial transactions with us.
After you carefully review this Privacy Notice, please make sure to check the country-specific provisions at the end of the Privacy Notice, which may be applicable to the processing of Your data in the country of Your residence. Such country-specific provisions supplement this Privacy Notice or, if the law requires, may prevail over contradicting parts of the Privacy Notice.
This Privacy Notice refers to provisions of the General Data Protection Regulation (GDPR), Federal Act on Data Protection 2020 (FADP), the US privacy legislation (including but not limited to California Consumer Privacy Act (CCPA), California Privacy Rights Act of 2020, California Online Privacy Protection Act (COPPA), Health Insurance Portability and Accountability Act (HIPAA), Virginia Consumer Data Protection Act (CDPA), Colorado Privacy Act (CPA), Connecticut Act Concerning Personal Data Privacy and Online Monitoring (CTDPA), Utah Consumer Privacy Act (UCPA)) and other laws as in force on the date of the last update of this Privacy Notice.
1. Controller
Toloka is a controller of personal data processed under this Privacy Notice. It means that Toloka determines the purposes and means of the processing of these personal data.
You can contact Toloka on any questions relating to the processing of Your personal data by either of the following methods:
Email: privacy@toloka.ai
Postal address: Werftestrasse 4, 6005 Luzern, Switzerland
2. Legal bases
Depending on which features of Toloka you use, Toloka will process your personal data based on one or more of the following legal bases:
Contract. To fulfill our contractual obligations to you in order to provide access to Toloka Platform: Toloka may process Your personal data to fulfill our contractual obligation to You such as account registration, money withdrawal, sending an invoice.
Legitimate interest. When Toloka has an interest in using Your personal data in a certain way, which is necessary and justified considering any possible risks to You. We conduct a Legitimate Interest Assessment (LIA) to protect your personal data. LIA is a type of light-touch risk assessment based on the specific context and circumstances of the processing. Conducting a LIA helps us ensure that processing is lawful. It helps us to think clearly and sensibly about us processing and the impact it could have on the individual.
Consent. When Toloka has requested You to actively indicate Your consent to Toloka's processing of Your personal data for certain purposes. The presence of the consent does not affect the right to use Toloka services or to provide services to Toloka.
Where processing is based on consent (or explicit consent), You have the right to withdraw consent at any time. The withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal. To withdraw consent, You can contact Toloka by using the contact details specified in section 1 of this Privacy Notice or by using the toggle button in Your Profile (available to tolokers) and/or by using the unsubscribe link provided at the bottom of each email in direct marketing communications.
If you reside in a territory governed by privacy laws under which “consent” is the only or most appropriate legal basis for the processing of personal data as described herein, your acceptance of this Privacy Notice will be deemed as your consent to the processing of your personal data for all purposes detailed herein. If you wish to revoke such consent, you may do so at any time by contacting us at privacy@toloka.ai.
Legal obligation. Toloka may also be required to share Your personal data with competent authorities in accordance with the applicable legislation.
3. Categories of personal data processed by Toloka
The table below sets out the categories of personal data Toloka collects and processes. Toloka collects personal data primarily from the data subjects themselves (e.g., Your contact requests through the Toloka Platform). In addition, personal data may also be obtained from third parties as listed in the table below. Please use a horizontal scroll to navigate across the table.
Purpose of Processing
Data Subjects/ Categories of Data
Storage Period
Legal Bases
Third parties*
The role of the Third parties
Third party's privacy notice
Sending newsletters for marketing purposes via Email
Marketing e-newsletter Subscribers:
User ID;
Email
Until consent is withdrawn (by unsubscribing) or until the purpose of processing is fulfilled (the relevance of the purpose is assessed every 3 years)
Consent
Hubspot
Processor
Analysis of website users' behavior
Our website users:
IP address; Browser type and language used; The Internet service provider information; sending and exiting web pages that were sent and exited; Operating system information; date and time checks; website visits information
Limited by the validity period of cookies (specified in the Toloka Cookie List and Mindrift Cookie List)
Consent
Google Analytics;
Facebook Analytics;
Microsoft Clarity;
Bing;
Hubspot;
LinkedIn
Processor(s)
Users*
Registration
Our Users:
Full name;
Email;
Native language;
Date of birth;
Username;
Phone number
Within the term of the contract
Contract (with Users)
Toloka affiliates
Joint controllers
N/A
Tracking fraudulent activities
Our Users:
User ID;
Full name;
Residential address;
ID photo;
User's device ID;
Location (IP address, phone number);
Mouse cursor movement and scrolls tracking; Screen recording; Photo or video of the User holding the ID data page next to their face; Phone number
5 years from the date of receipt of personal data
Legitimate interest to prevent fraudulent activity
Toloka Affiliates
Joint controllers
N/A
Customer Registration
Our Customers:
Full name;
Email;
Phone number;
Role;
Company information (company name, industry, country, city, postal address, postal code; TIN)
Within the term of the contract
Contract (with Customers)
Toloka affiliates
Joint controllers
N/A
Remuneration to Users by Toloka
Our Users:
User ID
Within the term of the contract
Contract (with Users)
Toloka affiliates
Joint controllers
N/A
Withdrawal from the wallet by Users
Our Users:
Email;
Phone number;
User ID;
Wallet number;
Information of performed tasks;
Payment system;
Currency;
Transaction ID;
Account type;
Amount of earned money
Within the term of the contract
Contract (with Users)
Toloka affiliates;
PayPal;
Payoneer;
Papara;
Flatterwave
Processors
Authorization on Toloka
Our Users and our Customers:
Username;
Email;
Phone number;
Authorization ID
Within the term of the contract
Contract (with Users and Customers)
Toloka affiliates; Authorization service providers that enable Tolokers, AI Tutors and Customers to register or get access to the Toloka Platform using their own tools or widgets: Apple, Google, Yandex, Facebook, GitHub, Microsoft
Joint controllers
Provision of support
Our Users and our Customers:
Email;
Full name;
Username;
User's device ID;
Phone number
Within the term of the contract
Contract (with Users and Customers)
Toloka affiliates;
ZenDesk
Toloka affiliates - joint controllers;
ZenDesk - processor
Notification of Users of their actions on the Toloka
Our Users:
User ID
Within the term of the contract
Contract (with Users)
Toloka affiliates
Joint controllers
N/A
Notification of Users of their actions on the Toloka via SMS
Our Users:
Phone number
Within the term of the contract
Contract (with Users)
Mitto AG
Processor
Verification of the conscientious completion of tasks by Users
Our Users:
User ID;
Assessment of the task completion
Within the term of the contract
Legitimate interest to improve the quality of provided services to Customers
Toloka affiliates
Joint controllers
N/A
Assessing skills based on test results, and determining location for language proficiency tests
Our Users:
Actions in the system (logs);
User ID;
Device ID;
Location (IP address, phone number)
Within the term of the contract
Contract (with Users)
Toloka affiliates
Joint controllers
N/A
Registration for Toloka Crash Course
Our Crash Course Students:
Name;
Company;
Company team;
Sandbox login;
Business email address;
Knowledge and experience level
Within the term of the contract (1 year from the date of course completion)
Contract (with Crash Course Students)
Toloka affiliates
Joint controllers
N/A
Registration for webinars, events, programs, and marketing or promotional activities of Toloka
Webinar participants:
Email;
Full name;
Company information;
Job title
1 year after the date of registration or in case of consent withdrawal
Consent
Toloka affiliates; Hubspot
Toloka affiliates - joint controllers; Hubspot - processor
Recording the meeting(s) on video or audio to enhance follow-up and coaching
Our Customers:
Email;
Full name;
Display name;
Picture (optional);
Company information;
Job title;
Speaker's data that was disclosed during the course of the meeting
6 months after the meeting or in case of consent withdrawal
Legitimate interest to communicate with Customers; Consent (for enhancing follow-up and coaching)
Zoom; Microsoft Teams; Gong; Amazon Chime
Processors
Fixing bugs and implementing software improvements
Our Users and our Customers:
External user ID
Until the purpose of processing is fulfilled (the bugs are fixed)
Legitimate interest to improve Toloka services
Sentry
Processor
Dispatching transaction documents to Customers
Our Customers:
Email;
Phone number;
Country;
City;
Full name;
Company information (name, post address, post code, state (if applicable))
Within the term of the contract
Contract (with Customers)
Stripe; Toloka affiliates
Stripe - processor, Toloka affiliates - joint controllers
Conducting surveys
Our Users who have decided to participate in Toloka's survey(s):
Name;
Country;
Photo
After 2 years from the date of participation in the survey or in case of consent withdrawal
Consent
Toloka affiliates
Joint controllers
N/A
Providing feedbacks for posting them on mindrift.ai
Our Users:
Name (Full name - oprional);
Country;
Feedback;
Photo;
Freelance role
2 years or earlier in case of consent withdrawal
Consent
Toloka affiliates; Google (Google Forms located on EU servers)
Toloka affiliates - joint controllers; Google - processor
Informing Customers about changes in the list of sub-processors*
*Available only for Customers of Toloka AI AG
Our Customers who have subscribed to such updates:
Email
Within the term of the contract
Contract (with Customers)
HubSpot
Processor
Customer relations management
Our Customers:
Full name;
Job title;
Email;
Company information
Within the term of the contract
Contract (with Customers)
HubSpot; DocUsign
Processors
Customer relations management for Prospect Clients
Our Prospect Customers:
Full name;
Job title;
Email;
Company information
LinkedIN Profile (for LinkedIN Navigator)
Within the term of the contract or until the moment when it becomes clear that the contract will not be concluded
In order to take steps at the request of the data subject prior to entering into the contract (with Customers)
Hubspot; LinkedIN Navigator; DocUsign
Processors
Invitation Users to apply for a freelance position, pass qualification tests (if required) and further follow-up with results of tests and selecting process
Our Users or prospect Users:
Full name, telephone number, email address, country, language, resume, LinkedIN profile (optional), personal website (optional)
1 year after the meeting or in case of consent withdrawal
Consent
Toloka affiliates; Google; Comeet; Workable
Toloka affiliates - joint controller; Google, Comeet, Workable - processors
Concluding a contract with User(s) that've passed the test and/or perform test task
Our Users:
Full name, telephone number and email address
Within the term of the contract or until the moment when it becomes clear that the contract will not be concluded
In order to take steps at the request of the data subject prior to entering into the contract (with Users)
Toloka affiliates; Solar Staff
Toloka affiliates - joint controllers; Solar Staff - controllers
AI Tutors management
Our AI Tutors:
Full name, email address, country, User ID, amount of earned money; User ID; freelance role
Within the term of the contract
Contract (with AI Tutors)
Toloka affiliates
Joint controllers
N/A
Background checks
Our AI Tutors:
Full name, email address, date of birth
4 weeks
In order to take steps at the request of the data subject prior to entering into the contract (with AI Tutors)
Toloka affiliates
Joint controllers
N/A
Product data analytics
Our Users:
Encrypted User ID; encrypted full name; information about completed tasks; wallet number
Within the term of the contract
Legitimate interest to improve Toloka platform
Databricks; Tableau Cloud
Processors
Pre-filling address for billing purposes
Our Customers:
Randomly generated billing ID, session ID, IP address
30 days
Legitimate interest to improve UX/UI experience
Mapbox
Processor
Demonstrating a status of the project to Customer(s)
All Customers who have a dedicated account manager:
Full name; Job title or Role (optional); Location (optional); Email; Company information
Within the term of a contract
Legitimate interest to improve quality of provided services
Monday
Processor
* User means Toloker(s) and/or AI Tutor(s)
4. Transfers to third countries
Toloka transfers personal data to countries which are considered as countries that do not provide for sufficient level of protection of data subjects’ rights under the GDPR or the Swiss law ("Third countries").
For the transfer of Your personal data to Third countries Toloka uses different tools to:
make sure the personal data transfer complies with applicable law;
help to give Your personal data the same level of protection as it has in the European Union, Switzerland or USA;
whether the transfer is based on an adequacy decision;
whether the transfer is subject to appropriate safeguards (GDPR Article 46 tools) such as binding corporate rules or standard contractual clauses (SCCs);
whether public authorities of the third country may seek access to the data with or without the data importer's knowledge either via legislation, practice, or reported precedent;
whether public authorities of the third country may be able to access the data through the telecommunication providers or communication channels in light of legislation, legal powers, technical, financial, and human resources at their disposal and of reported precedent.
Toloka uses a variety of protections which are appropriate for each data transfer to Third countries, namely:
Standard Contractual Clauses adopted by the European Commission (available here https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en); and
technical protections, such as access control, cryptography, controls against malware, security events monitoring, management of technical vulnerabilities, network security controls, incident management, technical compliance review.
5. Storage periods and deletion of personal data
Toloka processes Your personal data only as long as necessary to perform obligations under the Agreement and for Toloka's legitimate interests, such as:
maintaining the performance of the Toloka Platform;
making data-driven business decisions about new features;
complying with our legal obligations;
resolving disputes.
Upon achieving data processing purposes, upon the termination of the Agreement, or upon Your request, Toloka will delete or anonymise Your personal data so it no longer identifies You, unless Toloka is required to keep some data or Toloka needs to use it for a legally justifiable reason, such as:
if there's an unresolved issue relating to Your account, such as an outstanding credit earned for performing tasks or unresolved claim or dispute;
for Toloka's tax, audit and accounting obligations;
where necessary and to the extent permitted by applicable law, for our legitimate interests such as fraud prevention or to maintain information security.
6. Your basic personal data rights
Please see Your rights and their descriptions in this table.
To exercise Your rights, You can contact Toloka by using the contact details specified in section 1 of this Privacy Notice. Toloka may ask You to specify Your request in writing and to verify Your identity before processing the request. Toloka may also refuse to fulfil Your request on grounds set out in applicable data protection legislation.
Right
Description
Access
You can ask Toloka to confirm whether or not Toloka processes Your personal data. If so, You can access these personal data and can ask Toloka to explain certain details of the processing.
Rectification
You can ask Toloka to correct inaccurate personal data concerning You. You can ask Toloka to rectify incomplete or inaccurate personal data.
Erasure ('right to be forgotten')
You can ask Toloka to erase personal data concerning You. For example, this applies if (1) the personal data are no longer necessary in relation to the purposes for which they were processed; (2) You withdraw consent to the processing and there is no other legal ground for the processing; (3) the personal data have been unlawfully processed.
Restriction on processing
You can ask Toloka to mark the stored personal data with the aim to limit their processing in the future under applicable law. This applies if (1) You contest the accuracy of the personal data; (2) You ask to restrict the use of the personal data when their processing is unlawful; (3) You need personal data to protect Your rights when Toloka no longer needs the personal data; (4) You have objected the processing based on the legitimate interests pursued by Toloka.
Objection to processing
You can object, on grounds relating to Your particular situation, at any time to processing of Your personal data which is based on the legitimate interests pursued by Toloka or when personal data is processed for direct marketing purposes. Toloka shall no longer process the personal data unless Toloka demonstrates compelling legitimate grounds for the processing which override Your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
Portability
When the processing is based on Your consent or on the contract with You, You can receive Your personal data, which You have provided to Toloka, in a structured, commonly used and machine-readable format and can freely transmit those data to another controller. Where technically feasible, You can also ask Toloka to transmit the personal data directly to another controller.
7. Children's Privacy
We do not knowingly or intentionally collect personal data through Toloka from children under eighteen (18) years of age. If You are under eighteen (18) years of age, do not attempt to register on Toloka Platform and do not provide us any personal data about Yourself unless You have the requisite parental consent. If You are a parent or guardian and You are aware that Your child has violated this Privacy Notice and provided us personal data, please contact with the use of contact details specified in the section 1 of this Privacy Notice.
Pursuant to 47 U.S.C. Section 230(d), Toloka notifies You that parental control protections (such as computer hardware, software, or filtering services) are commercially available that may assist You in limiting access to minors. Information regarding providers of such protections may be found on the Internet by searching “parental control protection” or similar terms.
8. Profiling and automated decision-making
Toloka may, as a part of the personal data processing activities, perform automated profiling of data subjects and automated decision-making to monitor users' behavior on the Toloka platform to prevent and detect fraud.
Profiling and automated decision-making takes place by Toloka's anti-fraud system, and it is based on the information collected via user's activities on the Toloka platform, such as features, factors and statistics calculated from the user activity. If fraudulent activity is detected, the anti-fraud system may immediately restrict the user's access to task submission and agreements related to tasks may be terminated, or in case the fraudulent activity is detected from the task requester's account, access to Toloka may be restricted. In anti-fraud analysis such factors are used including but not limiting to user task submission logs, user actions in Toloka interface, cookies, CAPTCHA inputs, mobile device hardware and software info such as camera type.
You have, at all times, the right to object to profiling and automated decision-making and ask further information about the logic involved and the envisaged consequences of the profiling and automated decision-making by contacting Toloka by sending a request at tolokercare@toloka.ai. Toloka may ask You to specify Your request in writing and to verify Your identity before processing the request.
You may, at all times, demand human intervention in the processing, obtain an explanation of the decision made, express Your own view and challenge the decision offered to You by contacting Toloka by sending a request at tolokercare@toloka.ai. Toloka may ask You to specify Your request in writing and to verify Your identity. If the detected fraudulent activity is not severe and Your identity has been successfully verified, access to Toloka may be regranted to You. In case severe fraudulent activity is detected or You are unable to verify Your identity, Your access to Toloka may remain restricted.
Toloka reviews the algorithms and processed personal data irregularly based on anomalies detection in anti-fraud metrics in order to ensure that the decision-making process is functioning as intended and to ensure that the method of processing is fair, efficient and equal.
9. Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with the supervisory authority, in particular in the member state of the European Union of Your habitual residence or, respectively, Switzerland, place of work or place of an alleged infringement of applicable law.
If You reside in a different location, you have the right to lodge a complaint with a supervisory authority in the area of data protection in the country of your residence.
10. Principles of data security
We have implemented Information Security Management System (ISMS) compliant with international standard “ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements” and Privacy Information Management System (PIMS) compliant with the requirements of the international standard «ISO/IEC 27701:2019 Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management — Requirements and guidelines». Toloka annually passes an audit performed by the independent external auditor to support continuous improvement of approaches and measures used to keep Your data secured.
Technical and organizational measures
We employ various technical and organizational safeguards to safeguard personal data against loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. These measures include:
encrypting personal data in transit and in rest;
conducting regular vulnerability scans;
implementing organizational and legal measures, such as granting employees restricted access to personal data, annual awareness events and holding them accountable for any unauthorized disclosure or misuse;
committing to privacy user journeys;
conducting data protection impact assessments to ensure compliance with privacy principles.
While we strive to maintain the security of interaction with Toloka, we cannot guarantee absolute security or prevent interception of information during transmission.
Security breaches
If we become aware of a breach in our security systems, we may either issue a public notice and/or attempt to inform you via email. We will then take reasonable measures to address the breach in accordance with applicable laws. In the event of a potential breach involving personal data, we will take appropriate actions based on the situation, which may include logging you out from all devices, resetting passwords (sending temporary passwords for you to use), and other necessary measures.
To report a security incident related to our services, please contact us via email security@toloka.ai.
11. Cookies
We use cookies and similar tracking technologies to track the activity on the Websites and store certain information.
You can turn cookies off in the settings of their web browser or mobile device.
For more information about the cookies we use and your choices regarding cookies, please visit our Toloka Cookie Notice (applicable for the website toloka.ai) and Mindrift Cookie Notice (applicable for the website mindrift.ai).
12. Changes to this Privacy Notice
Toloka may change this Privacy Notice from time to time at its sole discretion but not less than 1 time per 12 months. If so, Toloka endeavors to carry out reasonable means to notify You about these changes and their effects by an appropriate method and in due time beforehand.
Toloka advises You to review this Privacy Notice located at footers of toloka.ai and mindrift.ai and periodically and always after becoming aware of changes regarding the Privacy Notice. Any changes we make will be reflected in an update to the Privacy Notice and by revising the “last updated” date at the top of this Privacy Notice. Changes to this Privacy Notice are effective on the “Date of Effect”, which is not sooner than the date the changes were posted on this page.
In case of discrepancies between the English text of this Privacy Notice and its translations into other languages, the English text shall prevail.
13. This Privacy Notice and Links to Other Sites
Our Privacy Notice is designed to advise You about how Toloka collects, uses, protects, and discloses the personal data. However, Toloka may contain links to other sites that are not operated by us. Please note that this Privacy Notice does not govern the practices by any third parties. Information collected from You by others, such as third-party websites that You access through links on Toloka Platform, are governed by those entities' privacy policies. If you click a third-party link, you will be directed to that third party's site. We strongly advise You to review privacy policies of every site You visit.
WE HAVE NO CONTROL OVER AND ASSUME NO RESPONSIBILITY FOR THE CONTENT, PRIVACY POLICIES OR PRACTICES OF ANY THIRD-PARTY SITES AND SERVICES.
14. Difficulty accessing this Privacy Notice
Individuals with disabilities who are unable to usefully access our Privacy Notice online may contact us at the above-listed contact information to inquire how they can obtain a copy of our notice in another, more easily readable format. Under no circumstances, we will collect or otherwise process information about your health or other sensitive data about You in connection with such request.
15. STATE/COUNTRY SPECIFIC PRIVACY POLICIES AND NOTIFICATIONS
United States of America
A. Privacy Information for California Residents
This section of the Privacy Notice applies only with regard to California residents. If You are California resident, this section shall prevail over all other parts of the Privacy Notice in case of discrepancies.
Personal Information Collected over the Last 12 Months
Personal information we collected directly from you:
Categories of Data Collected
Data collected from you and why it was collected
Characteristic of protected classifications under California or Federal law.
Toloka does not intentionally collect any information on Your protected classifications, but Toloka may learn your protected classifications inadvertently (e.g. Your age)
Commercial information
Record of services with Toloka
Geolocation Data
Only in case of performing "field tasks" (at your choice)
Financial Information
E-Wallet number. Note that Toloka uses third party payment processors as set forth in Section 3 to facilitate Your payments and Toloka does not store Your payment information.
Biometric Data
None
Audio, electronic, visual, thermal, olfactory, or similar information
None
Internet/Network Activity
Internet Protocol address (IP address), browser type and language, information about the Internet service provider, sending and exiting pages, information about the operating system, date and time stamps, information about visits; information about mouse movement, scrolls; screen recording; actions in the system (logs).
Professional or Employment-related Information
Area of activities or occupation
Education Information
Highest degree or level of education (it is required for specific cases, such as prior to concluding a freelance agreement with AI Tutor)
Device Information
User's device ID
Categories of Personal Information Sold in the last 12 months
We do not sell Your personal information to third parties.
Categories of Personal Information Disclosed over the last 12 months
Categories of Data Disclosed
Types of Entities to which Data was Disclosed
Reason for Disclosure of Data
Categories of Recipients
Identifiers, Commercial information, Financial information, Internet/Network Activity Professional or Employment-related Information, Education information, Device Information.
Please see section 3 with the detailed description.
Please see section 3 with the detailed description.
Please see section 3 with the detailed description.
Information we sell
We do not sell Your personal information to third parties. Please note that “sale” of personal information does not include those instances when such information is part of a merger, acquisition, or other transaction involving all or part of Toloka business. If we sell all or part of Toloka business, make a sale or transfer of assets, or are otherwise involved in a merger or other business transaction, we may transfer Your personal information to a third party as part of that transaction. If such transaction materially affects the manner in which Your personal information is processed, we will notify you of such change prior to its implementation.
Your California Privacy Rights
We have in place policies and procedures to facilitate the exercise of privacy rights available to California residents under applicable law. If you are a California resident, You are entitled to the rights as described in the Section 6 of this Privacy Notice. In addition, You may be entitled to the following:
Disclosure of Direct Marketers:
to have access upon simple request, and free of charge, the categories and names/addresses of third parties that have received personal information for direct marketing purposes. Toloka does not share your personal information with third parties for their direct marketing purposes.
Right to Information About Collecting, Selling, Sharing, or Disclosing Personal Information:
upon receipt of a verifiable request, you may obtain a list of:
The specific pieces of your personal information Toloka holds;
The categories of personal information collected about You, sold to third parties, or disclosed to third parties for business purposes;
The categories of personal information sold within the last 12 months;
The categories of sources from which personal information is collected;
The business or commercial purpose for collecting or selling personal information; and
The categories of third parties with whom personal information is shared, sold, or disclosed for a business purpose.
Right to Opt-Out of the Sale of Personal Information:
California residents have the right to opt-out of the sale of their personal information under certain circumstances.
Right to Non-Discrimination
As defined under relevant law, You have a right to non-discrimination in Toloka services or quality of services You receive from us for exercising your rights.
Please contact us with the use of contact details specified in section 1 of this Privacy Notice in relation to exercising these rights. Note that we may ask you to verify your identity - such as by requiring you to provide information about yourself - before responding to such requests.
Submitting a Verifiable Request under the CCPA
California residents have certain rights regarding their personal information under the California Consumer Privacy Act of 2018 ("CCPA"). Toloka will respond to an individual's "verifiable request" to exercise his or her rights under the CCPA - that is, where Toloka has received a request purporting to be from a particular individual, and Toloka has been able to verify the individual's identity. The need to verify an individual's identity is critical to protecting your information, and to ensuring that your information is not shared with anyone pretending to be you or someone who is not authorized to act on your behalf.
You may submit a verifiable request with the use of contact details specified in section 1 of this Privacy Notice. We will ask you to provide information about yourself so that we can verify your identity as part of this process. This information may include your name, address, whether you have an account with Toloka, and other information deemed necessary by us to reasonably verify your identity. Once we have your submission, we will compare the information you provided to the information we have about you to verify your identity. If necessary, we may ask for additional information if we have difficulty confirming your identity. We will not share your information or honor other requests in those situations where we are unable to confirm that a request for your information is a "verifiable request". We will not be able process your request if we cannot verify your identity.
Submitting a request through an authorized agent.
Under California law a California resident can appoint an “authorized agent” to make certain verifiable requests upon their behalf, such as the right to know what information we collect about the consumer or to request deletion of the consumer's information. An authorized agent may submit a request by following the steps outlined above. An authorized agent must identify the consumer he or she is submitting a request on behalf of, and provide the information requested by Toloka to verify the consumer's identity. We will also require the purported authorized agent to submit proof that he or she has been authorized by the consumer to act on the consumer's behalf.
Because the security and privacy of your information is paramount, we will ask that you identify and provide permission in writing for such persons to act as your authorized agent and exercise your applicable rights under California law in such situations. This may require us to contact you directly and alert you that an individual has claimed to be your agent and is attempting to access or delete your information. We will also independently verify your identity to ensure that an unauthorized person is not attempting to impersonate you and exercise your rights without authorization. We will not share your information or honor any other requests in those situations where you cannot or do not grant permission in writing for an identified authorized agent to act on your behalf, or where we cannot independently verify your identity.
Submitting a Request for Removal of Minor Information.
To request the removal of information about a minor by Toloka, parents or guardians may submit a request with the subject line "Removal of Minor Information". Such requests must come from the minor's parents or guardian; minors may not submit information to us via email. Your submission should include the following information:
the nature of your request;
the identity of the content or information to be removed;
whether such content or information is found on Toloka Platform;
the location on content or information on Toloka Platform (e.g., providing the URL for the specific web page the content or information is found on);
that the request is related to the “Removal of Minor Information”; and
your name, street address, city, state, zip code, and e-mail address.
If we become aware that a minor has provided us personal data or otherwise used Toloka Platform in violation of the Privacy Notice, we will take steps to remove that information.
Our Policy on "Do Not Track" Signals under the California Online Protection Act
We do not support Do Not Track. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable "Do Not Track" by visiting the "Preferences" or "Settings" page of your web browser.
Third parties may collect data that relates to you. We cannot control third parties' responses to do-not-track signals or other such mechanisms. Third parties' use of data relating to you and responsiveness to do-not-track signals is governed by their respective privacy policies.
B. Privacy Information for Residents of Colorado, Utah, Virginia, and Nevada:
Unless that contradicts to the law of the state of your residence, provisions of the Chapter A "Privacy Information for California Residents" will apply to the processing of your data. Please contact us whenever you have questions related to your rights or any other questions under this Privacy Notice by either of the methods set forth in the Section 1.
16. Toloka Affiliates
TOLOKA AI AG (SWITZERLAND), registration number: CHE - 132.532.069, registered address: Werftestrasse 4, 6005 Luzern, Switzerland
TOLOKA AI INC. (USA), identification number: 5938185, registered address: 10 State street, Newburyport, MA 01950, United States
TOLOKA D.O.O. BEOGRAD (SRB), registration number: 21804126, registered address: Starine Novaka 23, Sprat 4, Belgrade (Palilula). 11000, Belgrade, Serbia
Previous versions of the document: https://toloka.ai/privacy-notice/28082023