At Solar Staff, we make every effort to be as open and transparent as possible. To that end, we disclose in detail how we protect your personal data. As a company incorporated under the European Union legislation, Solar Staff complies with all EU laws, including the requirements of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, or GDPR).
Why does Solar Staff need my personal information?
By having you provide your personal data, Solar Staff aims to make the service better for you. It helps run things efficiently and securely while upholding all contractual obligations. We do the due diligence on our counterparties to ensure both clients and subcontractors are trustworthy. When gathering personal information, we do not pursue any commercial goal – your data is not a commodity that we aim to sell. Rather, we view any information about you as our responsibility, approaching its protection with utmost care.
We strictly limit the collection and processing of your personal data, which are only done for an explicit and legitimate purpose. Its further processing also always remains in line with the stated purpose. To learn more about the types of personal data we process and the legal grounds, refer to our Privacy Policy.
What measures does Solar Staff take to protect my personal data?
We make every effort to ensure that your data is as secure as possible, which includes protecting it from unauthorized or unlawful processing or loss. We leverage the appropriate technical and organizational tools in the process, reviewing and adapting them as necessary and taking into account possible risks.
Thanks to the efficiency and effectiveness of our internal procedures, not a single information security violation has been recorded over the many years of Solar Staff’s operation.
The technical measures we apply ensure compliance with the personal data processing principles of Regulation (EU) 2016/679 (GDPR) and the requirements of the PCI DSS (Payment Card Industry Data Security Standard). Such measures include:
Recording and storing data electronically on our own servers or on the servers of reputable partners under relevant agreements, with periodic backups. In addition, data storage is facilitated by a logical and transparent system that allows quick access to specific files and, if necessary, content deletion.
Encrypting data and transmitting it through secure, closed private networks.
Accessing and processing personal data via a secure VPN, regularly updating passwords.
Updating and testing internal data transmission systems, undergoing the necessary certification procedures and audits, projecting threat models and developing mitigation plans.
Anonymizing your personal data wherever possible, making it untraceable.
Granting access to personal data only to authorized personnel who need it to keep the service running for your benefit. All the while, we keep track of each instance of personal data being accessed or processed.
On the organizational front, Solar Staff exercises great care in personnel selection. We train all employees to respect and observe the rights and legal interests of our users, regularly evaluating performance in this regard.
Solar Staff signs confidentiality agreements with all employees. On top of that, the personnel authorized to handle personal data regularly undergo the necessary training on how to best protect it.
Where reasonably required, your personal data may be sent to third parties for processing. These cases, such as verification and payment transfers, are listed in the Privacy Policy. We carefully select our business partners and sign the appropriate agreements with them while maintaining full accountability for all the processing.
How does Solar Staff protect my payment information?
Solar Staff adheres to the international Payment Card Industry Data Security Standard (PCI DSS) and uses the Verified by Visa and Mastercard SecureCode security systems.
To use Solar Staff and receive remuneration to a bank card, a freelancer needs to create an account by registering in the service. The email address serves as the username for logging in to the account (you shouldn’t use your email password). During the registration, the system will ask you to confirm your mobile phone number.
We recommend that our clients (both individuals and legal entities) use Google Authenticator to log in to the account – it helps keep data secure.
Your card is linked to your account via a special secure terminal. To access it, you first need to confirm linking the card with a code that is sent to your phone or generated by the Google Authenticator app.
We request the minimum card details necessary for sending remuneration to freelancers (card number, owner's first and last name, and card expiration date). Solar Staff implements card number encryption: the full set of digits is visible only to the freelancer when they link the card. After that, neither the freelancer nor Solar Staff can view the entire card number. Moreover, we never ask for the CVV, without which it is impossible to use the card for making electronic payments.
There is an alternative payment method for receiving remuneration – the WebMoney Z e-wallet, which also complies with the international banking security requirements. To link the wallet, follow the same procedure: enter the code sent to your phone or generated by Google Authenticator. This ensures funds cannot be withdrawn from your balance without your knowledge.
To further enhance security, we send email notifications on sign-in to your account, indicating the IP address and sign-in time (this can be disabled in the account under “Personal details”). Additionally, sessions initiated from an unknown device or browser are forcibly terminated.
Applicable data protection regulations
Solar Staff is obliged to comply with Regulation (EU) 2016/679 (GDPR), which regulates the processing of personal data of citizens and residents of the EU and EEA countries, regardless of their location. This means your data is safeguarded under one of the world’s most stringent and comprehensive data protection laws, which does not allow indiscriminate collection of personal data, its use outside specified, explicit and legitimate purposes, or its uncontrolled transfer to third parties. Under Regulation (EU) 2016/679 (GDPR), you are guaranteed a number of rights (e.g., accessing your personal data, in some instances – deleting such data), which we account for when designing our personal data processing practices. As regards freelancers from other jurisdictions, Solar Staff follows data protection practices in accordance with the GDPR and applicable data protection laws.
To learn more about your rights regarding the protection of personal data in the course of its processing, read our Privacy Policy or contact us directly at [email protected]. We will do our best to promptly resolve any issue you might have.