Products

LLMs

Solutions

Resources

Impact on AI

Company

Privacy Notice

Date of effect: Septemeber 16, 2024
Last updated: September 13, 2024

We've developed this Privacy Notice ("Privacy Notice") to explain to you how we collect, use, disclose, and store personal data.

Introduction

This Privacy Notice applies to Toloka AI AG and its relevant affiliates listed in section 16 ("Toloka""we""us""our")("Toloka affiliates").

When Does This Privacy Notice Apply?
This Privacy Notice applies to personal data that Toloka handles as a Controller. This includes when you:

  • Visit or interact with the toloka.ai, we.toloka.ai and/or mindrift.ai websites (the “Website(s)”), the Toloka mobile applications, the Toloka Platform, other resources associated with Toloka and the branded social media pages which we operate;

  • Register for or participate in our webinars, events, programs, marketing, and promotional activities;

  • Interact with us in person, such as when you visit our offices; and

  • Inquire about or engage in commercial transactions with us.

After you carefully review this Privacy Notice, please make sure to check the country-specific provisions at the end of the Privacy Notice, which may be applicable to the processing of Your data in the country of Your residence. Such country-specific provisions supplement this Privacy Notice or, if the law requires, may prevail over contradicting parts of the Privacy Notice.

This Privacy Notice refers to provisions of the General Data Protection Regulation (GDPR)Federal Act on Data Protection 2020 (FADP), Serbian Law on Protection of Personal Data 2018, the US privacy legislation (including but not limited to California Consumer Privacy Act (CCPA)California Privacy Rights Act of 2020, California Online Privacy Protection Act (COPPA), Health Insurance Portability and Accountability Act (HIPAA), Virginia Consumer Data Protection Act (CDPA)Colorado Privacy Act (CPA)Connecticut Act Concerning Personal Data Privacy and Online Monitoring (CTDPA)Utah Consumer Privacy Act (UCPA)) and other laws as in force on the date of the last update of this Privacy Notice.

1. Controller

Toloka is a controller of personal data processed under this Privacy Notice. It means that Toloka determines the purposes and means of the processing of these personal data.

You can contact Toloka on any questions relating to the processing of Your personal data by either of the following methods:

Email: privacy@toloka.ai
Postal address: Werftestrasse 4, 6005 Luzern, Switzerland

2. Legal bases

Depending on which features of Toloka you use, Toloka will process your personal data based on one or more of the following legal bases:

Contract. To fulfill our contractual obligations to you in order to provide access to Toloka Platform: Toloka may process Your personal data to fulfill our contractual obligation to You such as account registration, money withdrawal, sending an invoice.

Legitimate interest. When Toloka has an interest in using Your personal data in a certain way, which is necessary and justified considering any possible risks to You. We conduct a Legitimate Interest Assessment (LIA) to protect your personal data. LIA is a type of light-touch risk assessment based on the specific context and circumstances of the processing. Conducting a LIA helps us ensure that processing is lawful. It helps us to think clearly and sensibly about us processing and the impact it could have on the individual.

Consent. When Toloka has requested You to actively indicate Your consent to Toloka's processing of Your personal data for certain purposes. The presence of the consent does not affect the right to use Toloka services or to provide services to Toloka.

Where processing is based on consent (or explicit consent), You have the right to withdraw consent at any time. The withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal. To withdraw consent, You can contact Toloka by using the contact details specified in section 1 of this Privacy Notice or by using the toggle button in Your Profile (available to tolokers) and/or by using the unsubscribe link provided at the bottom of each email in direct marketing communications.

If you reside in a territory governed by privacy laws under which “consent” is the only or most appropriate legal basis for the processing of personal data as described herein, your acceptance of this Privacy Notice will be deemed as your consent to the processing of your personal data for all purposes detailed herein. If you wish to revoke such consent, you may do so at any time by contacting us at privacy@toloka.ai.

Legal obligation. Toloka may also be required to share Your personal data with competent authorities in accordance with the applicable legislation.

3. Categories of personal data processed by Toloka

The table below sets out the categories of personal data Toloka collects and processes. Toloka collects personal data primarily from the data subjects themselves (e.g., Your contact requests through the Toloka Platform). In addition, personal data may also be obtained from third parties as listed in the table below. Please use a horizontal scroll to navigate across the table.

Purpose of Processing

Data Subjects/ Categories of Data

Storage Period

Legal Bases

Third parties*

The role of the Third parties

Third party's privacy notice

Sending newsletters for marketing purposes via Email

Marketing e-newsletter Subscribers:
User ID;
Email

Until consent is withdrawn (by unsubscribing) or until the purpose of processing is fulfilled (the relevance of the purpose is assessed every 3 years)

Consent

Hubspot

Processor

Analysis of website visitors' behavior

Our website users:
IP address; Browser type and language used; The Internet service provider information; sending and exiting web pages that were sent and exited; Operating system information; date and time checks; website visits information

Limited by the validity period of cookies (specified in the Toloka Cookie List and Mindrift Cookie List)

Consent

Google Analytics (for toloka.ai and mindrift.ai);
Facebook Analytics (for toloka.ai); LinkedIn (for toloka.ai); Microsoft Bing (for toloka.ai), HubSpot (for toloka.ai and mindrift.ai);
X (Twitter)(for toloka.ai)

Processor(s)

User Registration on Toloka 

Our Users:
Full name;
Email;
Native language;
Date of birth;
Username;
Phone number

Within the term of the contract

Contract (with Users)

Toloka affiliates

Joint controllers

N/A

User Registration on Mindrift

Our Users:
Full name;
Email;
Native language;
Date of birth;
Username;
Phone number; Country; Education; Preferred Language; English proficiency level

Within the term of the contract

Contract (with Users)

Toloka affiliates

Joint controllers

N/A

Tracking fraudulent activities

Our Users:
User ID;
Full name;
Residential address;
ID photo;
User's device ID;
Location (IP address, phone number);
Mouse cursor movement and scrolls tracking; Screen recording; Photo or video of the User holding the ID data page next to their face; Phone number

5 years from the date of receipt of personal data

Legitimate interest to prevent fraudulent activity

Toloka affiliates

Joint controllers

N/A

Identity verification

Our Users: Full name; Date of birth; ID data and ID photo (the document type will be specified before uploading); Selfie

5 years from the date of receipt of personal data

Consent

Persona; Databricks

Processors

Customer Registration

Our Customers:
Full name;
Work email; Company;
Phone number (optional);
Job Title (optional)

Within the term of the contract

Contract (with Customers)

Toloka affiliates

Joint controllers

N/A

Remuneration to Users by Toloka

Our Users:
User ID

Within the term of the contract

Contract (with Users)

Toloka affiliates

Joint controllers

N/A

Withdrawal from the wallet by Users

Our Users:
Email;
Phone number;
User ID;
Wallet number;
Information of performed tasks;
Payment system;
Currency;
Transaction ID;
Account type;
Amount of earned money

Within the term of the contract

Contract (with Users)

Toloka affiliates;
Payoneer;
Papara

Processors

Authorization on Toloka

Our Users and our Customers:
Username;
Email;
Phone number;
Authorization ID

Within the term of the contract

Contract (with Users and Customers)

Toloka affiliates; Authorization service providers that enable Tolokers, AI Tutors and Customers to register or get access to the Toloka Platform using their own tools or widgets: Apple, Google, Facebook, GitHub, Microsoft

Joint controllers

Provision of support

Our Users and our Customers:
Email;
Full name;
Username;
User's device ID;
Phone number

Within the term of the contract

Contract (with Users and Customers)

Toloka affiliates;
ZenDesk

Toloka affiliates - joint controllers;
ZenDesk - processor

Notification of Users of their actions on the Toloka

Our Users:
User ID

Within the term of the contract

Contract (with Users)

Toloka affiliates

Joint controllers

N/A

Notification of Users of their actions on the Toloka via SMS

Our Users:
Phone number

Within the term of the contract

Contract (with Users)

Mitto AG

Processor

Verification of the conscientious completion of tasks by Users

Our Users:
User ID;
Assessment of the task completion

Within the term of the contract

Legitimate interest to improve the quality of provided services to Customers

Toloka affiliates

Joint controllers

N/A

Assessing skills based on test results, and determining location for language proficiency tests

Our Users:
Actions in the system (logs);
User ID;
Device ID;
Location (IP address, phone number)

Within the term of the contract

Contract (with Users)

Toloka affiliates

Joint controllers

N/A

Registration for Toloka Crash Course

Our Crash Course Students:
Name;
Company;
Company team;
Sandbox login;
Business email address;
Knowledge and experience level

Within the term of the contract (1 year from the date of course completion)

Contract (with Crash Course Students)

Toloka affiliates

Joint controllers

N/A

Requesting a demo of Toloka services

Our prospect Customers:
Full name; Company; Work email;
Job title (optional);
Phone number (optional)

1 year after the date of request

Consent

Toloka affiliates; Hubspot

Toloka affiliates - joint controllers; Hubspot - processor

Registration for webinars, events, programs, and marketing or promotional activities of Toloka

Webinar participants:
Email;
Full name;
Company information;
Job title

1 year after the date of registration or in case of consent withdrawal

Consent

Toloka affiliates; Hubspot

Toloka affiliates - joint controllers; Hubspot - processor

Recording the meeting(s) on video or audio to enhance follow-up and coaching

Our Customers:
Email;
Full name;
Display name;
Picture (optional);
Company information;
Job title;
Speaker's data that was disclosed during the course of the meeting

6 months after the meeting or in case of consent withdrawal

Legitimate interest to communicate with Customers; Consent (for enhancing follow-up and coaching)

Zoom; Microsoft Teams; Gong; Amazon Chime

Processors

Fixing bugs and implementing software improvements

Our Users and our Customers:
External user ID

Until the purpose of processing is fulfilled (the bugs are fixed)

Legitimate interest to improve Toloka services

Sentry

Processor

Dispatching transaction documents to Customers

Our Customers:
Email;
Phone number;
Country;
City;
Full name;
Company information (name, post address, post code, state (if applicable))

Within the term of the contract

Contract (with Customers)

Stripe; Toloka affiliates

Stripe - processor, Toloka affiliates - joint controllers

Conducting surveys

Our Users who have decided to participate in Toloka's survey(s): 
Name;
Country;
Photo

After 2 years from the date of participation in the survey or in case of consent withdrawal

Consent

Toloka affiliates

Joint controllers

N/A

Providing feedbacks for posting them on toloka.ai

Our Users: Name (Full name - oprional); Country; Feedback; Photo; Freelance role

2 years or earlier in case of consent withdrawal

Consent

Toloka affiliates; Google (Google Forms located on EU servers)

Toloka affiliates - joint controllers; Google - processor

Providing feedbacks for posting them on mindrift.ai

Our Users:
Name (Full name - oprional);
Country;
Feedback;
Photo;
Freelance role

2 years or earlier in case of consent withdrawal

Consent

Toloka affiliates; Google (Google Forms located on EU servers)

Toloka affiliates - joint controllers; Google - processor

Informing Customers about changes in the list of sub-processors*
*Available only for Customers of Toloka AI AG

Our Customers who have subscribed to such updates:
Email

Within the term of the contract

Contract (with Customers)

HubSpot

Processor

Customer relations management

Our Customers:
Full name;
Job title;
Email;
Company information

Within the term of the contract

Contract (with Customers)

HubSpot; DocUsign

Processors

Customer relations management for Prospect Clients

Our Prospect Customers:
Full name;
Job title;
Email;
Company information
LinkedIN Profile (for LinkedIN Navigator)

Within the term of the contract or until the moment when it becomes clear that the contract will not be concluded

In order to take steps at the request of the data subject prior to entering into the contract (with Customers)

Hubspot; LinkedIN Navigator; DocUsign

Processors

Invitation Users to apply for a freelance position, pass qualification tests (if required) and further follow-up with results of tests and selecting process

Our Users or prospect Users:
Full name, telephone number, email address, country, language, resume, LinkedIN profile (optional), personal website (optional)

1 year after the meeting or in case of consent withdrawal

Consent

Toloka affiliates; Google; Comeet; Workable

Toloka affiliates - joint controller; Google, Comeet, Workable - processors

Concluding a contract with User(s) that've passed the test and/or perform test task

Our Users:
Full name, telephone number and email address

Within the term of the contract or until the moment when it becomes clear that the contract will not be concluded

In order to take steps at the request of the data subject prior to entering into the contract (with Users)

Toloka affiliates; Solar Staff

Toloka affiliates - joint controllers; Solar Staff - controllers

AI Tutors management

Our AI Tutors:
Full name, email address, country, User ID, amount of earned money; User ID; freelance role

Within the term of the contract

Contract (with AI Tutors)

Toloka affiliates

Joint controllers

N/A

Background checks

Our AI Tutors:
Full name, email address, date of birth

4 weeks

In order to take steps at the request of the data subject prior to entering into the contract (with AI Tutors)

Toloka affiliates

Joint controllers

N/A

Product data analytics

Our Users:
Encrypted User ID; encrypted full name; information about completed tasks; wallet number

Within the term of the contract

Legitimate interest to improve Toloka platform

Databricks; Tableau Cloud

Processors

Pre-filling address for billing purposes

Our Customers:
Randomly generated billing ID, session ID, IP address

30 days

Legitimate interest to improve UX/UI experience

Mapbox

Processor

Demonstrating a status of the project to Customer(s)

All Customers who have a dedicated account manager:
Full name; Job title or Role (optional); Location (optional); Email; Company information

Within the term of a contract

Legitimate interest to improve quality of provided services

Monday

Processor

Complinace with Toloka legal obligations

All EU Users: Full name; Date of birth; Registered address; Place of birth; TIN; VAT number

Within the term of a contract 

Toloka affiliates; the Dutch tax authorities

Toloka affiliates - joint controllers; tax authorities - controllers

Sanctions Compliance

Our Users: IP address; ID data;, including ID copy and ID photo (the document type will be specified before uploading); Full name; Date of birth; Selfie

Within the term of the contract + 1 year after its termination or earlier in case of withdrawal

Consent

MaxMind; Persona

Processor

Sanctions Compliance

Authorized representatives and shareholders of BPO, Customers, Suppliers: Full name, Position, Email and Phone number, ID / Passport copy

Within the term of the contract + 1 year after its termination

Legal obligation

Refinitiv

Processor

Random Age Verification

Our Users: ID documents (full name, date of birth)

Within the term of the contract

Consent

Persona

Processor

Participation in the referral program

Our Users (Referrers): Name, email

Within the term of Mindrift Referral Program

Referral Factory

Processor

Inviting referrals to register

Our potential candidates (Referees): First name; Last name; Email; Phone; Country; Resume; LinkedIn profile (optional); Personal website (optional)

2 years or earlier in case of consent withdrawal

Consent (obtained by Referrers)

Toloka Affiliates

Joint controllers

N/A

Sending communications to Mindrift Users

Our Users: User ID; Full Name; Country; Email; Phone

Within the term of the contract

Legitimate interest to notify users about available tasks / projects for them and / or about new product features

Iterable

Processor

* User means Toloker(s) and/or AI Tutor(s)

4. Transfers to third countries

Toloka transfers personal data to countries which are considered as countries that do not provide for sufficient level of protection of data subjects’ rights under the GDPR or the Swiss law ("Third countries").

For the transfer of Your personal data to Third countries Toloka uses different tools to:

  • make sure the personal data transfer complies with applicable law;

  • help to give Your personal data the same level of protection as it has in the European Union, Switzerland or USA;

  • whether the transfer is based on an adequacy decision;

  • whether the transfer is subject to appropriate safeguards (GDPR Article 46 tools) such as binding corporate rules or standard contractual clauses (SCCs);

  • whether public authorities of the third country may seek access to the data with or without the data importer's knowledge either via legislation, practice, or reported precedent;

  • whether public authorities of the third country may be able to access the data through the telecommunication providers or communication channels in light of legislation, legal powers, technical, financial, and human resources at their disposal and of reported precedent.

Toloka uses a variety of protections which are appropriate for each data transfer to Third countries, namely:

5. Storage periods and deletion of personal data

Toloka processes Your personal data only as long as necessary to perform obligations under the Agreement and for Toloka's legitimate interests, such as:

  • maintaining the performance of the Toloka Platform;

  • making data-driven business decisions about new features;

  • complying with our legal obligations;

  • resolving disputes.

Upon achieving data processing purposes, upon the termination of the Agreement, or upon Your request, Toloka will delete or anonymise Your personal data so it no longer identifies You, unless Toloka is required to keep some data or Toloka needs to use it for a legally justifiable reason, such as:

  • if there's an unresolved issue relating to Your account, such as an outstanding credit earned for performing tasks or unresolved claim or dispute;

  • for Toloka's tax, audit and accounting obligations;

  • where necessary and to the extent permitted by applicable law, for our legitimate interests such as fraud prevention or to maintain information security.

6. Your basic personal data rights

Please see Your rights and their descriptions in this table.

To exercise Your rights, You can contact Toloka by using the contact details specified in section 1 of this Privacy Notice. Toloka may ask You to specify Your request in writing and to verify Your identity before processing the request. Toloka may also refuse to fulfil Your request on grounds set out in applicable data protection legislation.

Right

Description

Access

You can ask Toloka to confirm whether or not Toloka processes Your personal data. If so, You can access these personal data and can ask Toloka to explain certain details of the processing.

Rectification

You can ask Toloka to correct inaccurate personal data concerning You. You can ask Toloka to rectify incomplete or inaccurate personal data.

Erasure ('right to be forgotten')

You can ask Toloka to erase personal data concerning You. For example, this applies if (1) the personal data are no longer necessary in relation to the purposes for which they were processed; (2) You withdraw consent to the processing and there is no other legal ground for the processing; (3) the personal data have been unlawfully processed.

Restriction on processing

You can ask Toloka to mark the stored personal data with the aim to limit their processing in the future under applicable law. This applies if (1) You contest the accuracy of the personal data; (2) You ask to restrict the use of the personal data when their processing is unlawful; (3) You need personal data to protect Your rights when Toloka no longer needs the personal data; (4) You have objected the processing based on the legitimate interests pursued by Toloka.

Objection to processing

You can object, on grounds relating to Your particular situation, at any time to processing of Your personal data which is based on the legitimate interests pursued by Toloka or when personal data is processed for direct marketing purposes. Toloka shall no longer process the personal data unless Toloka demonstrates compelling legitimate grounds for the processing which override Your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

Portability

When the processing is based on Your consent or on the contract with You, You can receive Your personal data, which You have provided to Toloka, in a structured, commonly used and machine-readable format and can freely transmit those data to another controller. Where technically feasible, You can also ask Toloka to transmit the personal data directly to another controller.

7. Children's Privacy

We do not knowingly or intentionally collect personal data through Toloka from children under eighteen (18) years of age. If You are under eighteen (18) years of age, do not attempt to register on Toloka Platform and do not provide us any personal data about Yourself unless You have the requisite parental consent. If You are a parent or guardian and You are aware that Your child has violated this Privacy Notice and provided us personal data, please contact with the use of contact details specified in the section 1 of this Privacy Notice.

Pursuant to 47 U.S.C. Section 230(d), Toloka notifies You that parental control protections (such as computer hardware, software, or filtering services) are commercially available that may assist You in limiting access to minors. Information regarding providers of such protections may be found on the Internet by searching “parental control protection” or similar terms.

8. Profiling and automated decision-making

Toloka may, as a part of the personal data processing activities, perform automated profiling of data subjects and automated decision-making to monitor users' behavior on the Toloka platform to prevent and detect fraud.

Profiling and automated decision-making takes place by Toloka's anti-fraud system, and it is based on the information collected via user's activities on the Toloka platform, such as features, factors and statistics calculated from the user activity. If fraudulent activity is detected, the anti-fraud system may immediately restrict the user's access to task submission and agreements related to tasks may be terminated, or in case the fraudulent activity is detected from the task requester's account, access to Toloka may be restricted. In anti-fraud analysis such factors are used including but not limiting to user task submission logs, user actions in Toloka interface, cookies, CAPTCHA inputs, mobile device hardware and software info such as camera type.

You have, at all times, the right to object to profiling and automated decision-making and ask further information about the logic involved and the envisaged consequences of the profiling and automated decision-making by contacting Toloka by sending a request at tolokercare@toloka.ai. Toloka may ask You to specify Your request in writing and to verify Your identity before processing the request.

You may, at all times, demand human intervention in the processing, obtain an explanation of the decision made, express Your own view and challenge the decision offered to You by contacting Toloka by sending a request at tolokercare@toloka.ai. Toloka may ask You to specify Your request in writing and to verify Your identity. If the detected fraudulent activity is not severe and Your identity has been successfully verified, access to Toloka may be regranted to You. In case severe fraudulent activity is detected or You are unable to verify Your identity, Your access to Toloka may remain restricted.

Toloka reviews the algorithms and processed personal data irregularly based on anomalies detection in anti-fraud metrics in order to ensure that the decision-making process is functioning as intended and to ensure that the method of processing is fair, efficient and equal.

9. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with the supervisory authority, in particular in the member state of the European Union of Your habitual residence or, respectively, Switzerland, place of work or place of an alleged infringement of applicable law.

If You reside in a different location, you have the right to lodge a complaint with a supervisory authority in the area of data protection in the country of your residence.

10. Principles of data security

We have implemented Information Security Management System (ISMS) compliant with international standard “ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements” and Privacy Information Management System (PIMS) compliant with the requirements of the international standard «ISO/IEC 27701:2019 Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management — Requirements and guidelines». Toloka annually passes an audit performed by the independent external auditor to support continuous improvement of approaches and measures used to keep Your data secured.

Technical and organizational measures
We employ various technical and organizational safeguards to safeguard personal data against loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. These measures include:

  • encrypting personal data in transit and in rest;

  • conducting regular vulnerability scans;

  • implementing organizational and legal measures, such as granting employees restricted access to personal data, annual awareness events and holding them accountable for any unauthorized disclosure or misuse;

  • committing to privacy user journeys;

  • conducting data protection impact assessments to ensure compliance with privacy principles.

While we strive to maintain the security of interaction with Toloka, we cannot guarantee absolute security or prevent interception of information during transmission.

Security breaches
If we become aware of a breach in our security systems, we may either issue a public notice and/or attempt to inform you via email. We will then take reasonable measures to address the breach in accordance with applicable laws. In the event of a potential breach involving personal data, we will take appropriate actions based on the situation, which may include logging you out from all devices, resetting passwords (sending temporary passwords for you to use), and other necessary measures.

To report a security incident related to our services, please contact us via email security@toloka.ai.

11. Cookies

We use cookies and similar tracking technologies to track the activity on the Websites and store certain information.

You can turn cookies off in the settings of their web browser or mobile device.

For more information about the cookies we use and your choices regarding cookies, please visit our Toloka Cookie Notice (applicable for the website toloka.ai) and Mindrift Cookie Notice (applicable for the website mindrift.ai).

12. Changes to this Privacy Notice

Toloka may change this Privacy Notice from time to time at its sole discretion but not less than 1 time per 12 months. If so, Toloka endeavors to carry out reasonable means to notify You about these changes and their effects by an appropriate method and in due time beforehand.

Toloka advises You to review this Privacy Notice located at footers of toloka.ai and mindrift.ai and periodically and always after becoming aware of changes regarding the Privacy Notice. Any changes we make will be reflected in an update to the Privacy Notice and by revising the “last updated” date at the top of this Privacy Notice. Changes to this Privacy Notice are effective on the “Date of Effect”, which is not sooner than the date the changes were posted on this page.

In case of discrepancies between the English text of this Privacy Notice and its translations into other languages, the English text shall prevail.

13. This Privacy Notice and Links to Other Sites

Our Privacy Notice is designed to advise You about how Toloka collects, uses, protects, and discloses the personal data. However, Toloka may contain links to other sites that are not operated by us. Please note that this Privacy Notice does not govern the practices by any third parties. Information collected from You by others, such as third-party websites that You access through links on Toloka Platform, are governed by those entities' privacy policies. If you click a third-party link, you will be directed to that third party's site. We strongly advise You to review privacy policies of every site You visit.

WE HAVE NO CONTROL OVER AND ASSUME NO RESPONSIBILITY FOR THE CONTENT, PRIVACY POLICIES OR PRACTICES OF ANY THIRD-PARTY SITES AND SERVICES.

14. Difficulty accessing this Privacy Notice

Individuals with disabilities who are unable to usefully access our Privacy Notice online may contact us at the above-listed contact information to inquire how they can obtain a copy of our notice in another, more easily readable format. Under no circumstances, we will collect or otherwise process information about your health or other sensitive data about You in connection with such request.

15. STATE/COUNTRY SPECIFIC PRIVACY POLICIES AND NOTIFICATIONS

United States of America
A. Privacy Information for California Residents

This section of the Privacy Notice applies only with regard to California residents. If You are California resident, this section shall prevail over all other parts of the Privacy Notice in case of discrepancies.

Personal Information Collected over the Last 12 Months

Personal information we collected directly from you:

Categories of Data Collected

Data collected from you and why it was collected

Characteristic of protected classifications under California or Federal law.

Toloka does not intentionally collect any information on Your protected classifications, but Toloka may learn your protected classifications inadvertently (e.g. Your age)

Commercial information

Record of services with Toloka

Geolocation Data

Only in case of performing "field tasks" (at your choice)

Financial Information

E-Wallet number. Note that Toloka uses third party payment processors as set forth in Section 3 to facilitate Your payments and Toloka does not store Your payment information.

Biometric Data

Yes

Audio, electronic, visual, thermal, olfactory, or similar information

None

Internet/Network Activity

Internet Protocol address (IP address), browser type and language, information about the Internet service provider, sending and exiting pages, information about the operating system, date and time stamps, information about visits; information about mouse movement, scrolls; screen recording; actions in the system (logs).

Professional or Employment-related Information

Area of activities or occupation

Education Information

Highest degree or level of education (it is required for specific cases, such as prior to concluding a freelance agreement with AI Tutor)

Device Information

User's device ID

Categories of Personal Information Sold in the last 12 months

We do not sell Your personal information to third parties.

Categories of Personal Information Disclosed over the last 12 months

Categories of Data Disclosed

Types of Entities to which Data was Disclosed

Reason for Disclosure of Data

Categories of Recipients

Identifiers, Commercial information, Financial information, Internet/Network Activity Professional or Employment-related Information, Education information, Device Information, Biometric information (ID Photo).

Please see section 3 with the detailed description.

Please see section 3 with the detailed description.

Please see section 3 with the detailed description.

Information we sell

We do not sell Your personal information to third parties. Please note that “sale” of personal information does not include those instances when such information is part of a merger, acquisition, or other transaction involving all or part of Toloka business. If we sell all or part of Toloka business, make a sale or transfer of assets, or are otherwise involved in a merger or other business transaction, we may transfer Your personal information to a third party as part of that transaction. If such transaction materially affects the manner in which Your personal information is processed, we will notify you of such change prior to its implementation.

Your California Privacy Rights

We have in place policies and procedures to facilitate the exercise of privacy rights available to California residents under applicable law. If you are a California resident, You are entitled to the rights as described in the Section 6 of this Privacy Notice. In addition, You may be entitled to the following:

Disclosure of Direct Marketers:
Disclosure of Direct Marketers:
Disclosure of Direct Marketers:

to have access upon simple request, and free of charge, the categories and names/addresses of third parties that have received personal information for direct marketing purposes. Toloka does not share your personal information with third parties for their direct marketing purposes.

Right to Information About Collecting, Selling, Sharing, or Disclosing Personal Information:
Right to Information About Collecting, Selling, Sharing, or Disclosing Personal Information:
Right to Information About Collecting, Selling, Sharing, or Disclosing Personal Information:

upon receipt of a verifiable request, you may obtain a list of:

  • The specific pieces of your personal information Toloka holds;

  • The categories of personal information collected about You, sold to third parties, or disclosed to third parties for business purposes;

  • The categories of personal information sold within the last 12 months; 

  • The categories of sources from which personal information is collected;

  • The business or commercial purpose for collecting or selling personal information; and

  • The categories of third parties with whom personal information is shared, sold, or disclosed for a business purpose.

Right to Opt-Out of the Sale of Personal Information:
Right to Opt-Out of the Sale of Personal Information:
Right to Opt-Out of the Sale of Personal Information:

California residents have the right to opt-out of the sale of their personal information under certain circumstances.

Right to Non-Discrimination
Right to Non-Discrimination
Right to Non-Discrimination

As defined under relevant law, You have a right to non-discrimination in Toloka services or quality of services You receive from us for exercising your rights.

Please contact us with the use of contact details specified in section 1 of this Privacy Notice in relation to exercising these rights. Note that we may ask you to verify your identity - such as by requiring you to provide information about yourself - before responding to such requests.

Submitting a Verifiable Request under the CCPA
Submitting a Verifiable Request under the CCPA
Submitting a Verifiable Request under the CCPA

California residents have certain rights regarding their personal information under the California Consumer Privacy Act of 2018 ("CCPA"). Toloka will respond to an individual's "verifiable request" to exercise his or her rights under the CCPA - that is, where Toloka has received a request purporting to be from a particular individual, and Toloka has been able to verify the individual's identity. The need to verify an individual's identity is critical to protecting your information, and to ensuring that your information is not shared with anyone pretending to be you or someone who is not authorized to act on your behalf.

You may submit a verifiable request with the use of contact details specified in section 1 of this Privacy Notice. We will ask you to provide information about yourself so that we can verify your identity as part of this process. This information may include your name, address, whether you have an account with Toloka, and other information deemed necessary by us to reasonably verify your identity. Once we have your submission, we will compare the information you provided to the information we have about you to verify your identity. If necessary, we may ask for additional information if we have difficulty confirming your identity. We will not share your information or honor other requests in those situations where we are unable to confirm that a request for your information is a "verifiable request". We will not be able process your request if we cannot verify your identity.

Submitting a request through an authorized agent.
Submitting a request through an authorized agent.
Submitting a request through an authorized agent.

Under California law a California resident can appoint an “authorized agent” to make certain verifiable requests upon their behalf, such as the right to know what information we collect about the consumer or to request deletion of the consumer's information. An authorized agent may submit a request by following the steps outlined above. An authorized agent must identify the consumer he or she is submitting a request on behalf of, and provide the information requested by Toloka to verify the consumer's identity. We will also require the purported authorized agent to submit proof that he or she has been authorized by the consumer to act on the consumer's behalf.

Because the security and privacy of your information is paramount, we will ask that you identify and provide permission in writing for such persons to act as your authorized agent and exercise your applicable rights under California law in such situations. This may require us to contact you directly and alert you that an individual has claimed to be your agent and is attempting to access or delete your information. We will also independently verify your identity to ensure that an unauthorized person is not attempting to impersonate you and exercise your rights without authorization. We will not share your information or honor any other requests in those situations where you cannot or do not grant permission in writing for an identified authorized agent to act on your behalf, or where we cannot independently verify your identity.

Submitting a Request for Removal of Minor Information.
Submitting a Request for Removal of Minor Information.
Submitting a Request for Removal of Minor Information.

To request the removal of information about a minor by Toloka, parents or guardians may submit a request with the subject line "Removal of Minor Information". Such requests must come from the minor's parents or guardian; minors may not submit information to us via email. Your submission should include the following information:

  • the nature of your request;

  • the identity of the content or information to be removed;

  • whether such content or information is found on Toloka Platform;

  • the location on content or information on Toloka Platform (e.g., providing the URL for the specific web page the content or information is found on);

  • that the request is related to the “Removal of Minor Information”; and

  • your name, street address, city, state, zip code, and e-mail address.

If we become aware that a minor has provided us personal data or otherwise used Toloka Platform in violation of the Privacy Notice, we will take steps to remove that information.

Our Policy on "Do Not Track" Signals under the California Online Protection Act

We do not support Do Not Track. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable "Do Not Track" by visiting the "Preferences" or "Settings" page of your web browser.

Third parties may collect data that relates to you. We cannot control third parties' responses to do-not-track signals or other such mechanisms. Third parties' use of data relating to you and responsiveness to do-not-track signals is governed by their respective privacy policies.

B. Privacy Information for Residents of Colorado, Utah, Virginia, and Nevada:

Unless that contradicts to the law of the state of your residence, provisions of the Chapter A "Privacy Information for California Residents" will apply to the processing of your data. Please contact us whenever you have questions related to your rights or any other questions under this Privacy Notice by either of the methods set forth in the Section 1.

16. Toloka Affiliates

TOLOKA AI AG (SWITZERLAND), registration number: CHE - 132.532.069, registered address: Werftestrasse 4, 6005 Luzern, Switzerland

TOLOKA AI INC. (USA), identification number: 5938185, registered address: 10 State street, Newburyport, MA 01950, United States

TOLOKA D.O.O. BEOGRAD (SRB), registration number: 21804126, registered address: Starine Novaka 23, Sprat 4, Belgrade (Palilula). 11000, Belgrade, Serbia
Toloka AI BV, registration number: 82041350, registered address: Schiphol Boulevard 165, 1118 BG Schiphol, The Netherlands

Previous versions of the document:

Previous versions of the document: https://toloka.ai/privacy-notice-march-20

Previous versions of the document: https://toloka.ai/privacy-notice/28082023

© 2024 Toloka AI BV