Privacy Policy

WorkersFromAsia ("we", "us", "our") operates the platform at workersfromasia.com. We are a recruitment company that sources skilled tradespeople in Asia and places them with European employers for lawful, ILO-compliant employment. For GDPR purposes, we act as the Data Controller for both employer account data and candidate personal data that we collect and process directly. Contact: info@WorkersFromAsia.com

We collect only what is necessary to provide the platform service (data minimisation principle, GDPR Article 5(1)(c)): — Employers: company name, contact name, work email address, country, optional phone number, company description, job posting details. — Candidates: full name, phone number, nationality/source country, trade skill, years of experience, biometric verification status (yes/no flag only), availability status. We do not store biometric data itself. — All users: authentication data. Candidates authenticate using their phone number via SMS one-time code; employers authenticate using their business email address. Authentication is handled by trusted processors (Supabase and Firebase).

We process personal data under the following legal bases (GDPR Article 6): — Contract performance (Art. 6(1)(b)): Processing employer and candidate account data to fulfil our recruitment service agreement. — Legitimate interests (Art. 6(1)(f)): Platform security, fraud prevention, and improving service quality. — Legal obligation (Art. 6(1)(c)): Retaining records of ILO compliance declarations required under applicable law. — Consent (Art. 6(1)(a)): Marketing communications (if opted in). You may withdraw consent at any time.

We share data only to the extent necessary: — Supabase Inc.: Our database and authentication provider (EU data residency available). Data Processing Agreement in place. — Google Firebase: SMS one-time-code delivery for candidate phone verification. Data Processing Agreement in place. — Vercel Inc.: Our hosting and deployment provider. Server-side rendering occurs within their infrastructure. — We do not sell personal data to third parties. — We do not share candidate data with employers beyond the information visible in the dashboard (name, trade, source country, experience, verification status).

Our platform infrastructure may involve international data transfers. Where transfers outside the EEA occur, we ensure adequate safeguards are in place — including Standard Contractual Clauses (SCCs) — in accordance with GDPR Chapter V. Our primary hosting region is EU (Frankfurt, Germany).

— Active account data: Retained for the duration of the account and 3 years after account closure (for contractual dispute purposes). — Application and pipeline data: Retained for 2 years after the last activity on an application. — ILO compliance declarations: Retained for 7 years (legal obligation). — Authentication logs: Retained for 90 days for security purposes. You may request earlier deletion under the right to erasure (see Section 8).

We use only strictly necessary cookies required for authentication and session management. We do not use advertising trackers, third-party analytics pixels, or behavioural profiling cookies. No cookie consent banner is required for the current cookie set. If we introduce analytics (e.g. privacy-first tools such as Plausible), we will update this policy and request consent where required.

As a data subject under GDPR, you have the following rights: — Right of access (Art. 15): Request a copy of the data we hold about you. — Right to rectification (Art. 16): Correct inaccurate data. — Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten"). — Right to portability (Art. 20): Receive your data in a structured, machine-readable format. — Right to object (Art. 21): Object to processing based on legitimate interests. — Right to withdraw consent: Where processing is based on consent, you may withdraw at any time. To exercise any right, email: info@WorkersFromAsia.com. We will respond within 30 days.

We implement appropriate technical and organisational measures to protect personal data, including: — Encryption in transit (TLS 1.2+) and at rest. — Row-level security (RLS) on all database tables. — Phone-based SMS verification for candidates; passwords for employer accounts are salted and hashed by our authentication provider and never stored in plain text. — Access controls: Users may only access data associated with their own account. — Regular review of third-party processor agreements.

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users and flagged on the platform. The date of last update is shown below. Last updated: March 2025.