Your GDPR Data Rights
WorkersFromAsia is built on a GDPR-first foundation. We collect only what is necessary, store it securely, and give you full control over your personal data. This page explains your rights and how to exercise them.
Your Six Data Rights
Right of Access (Art. 15)
You can request a complete copy of all personal data we hold about you. We will provide it in a structured format within 30 days.
Email: privacy@workersfromasia.com with subject "Data Access Request"
Right to Rectification (Art. 16)
If any data we hold about you is inaccurate or incomplete, you can request correction. Most profile data can be corrected directly in your account settings.
Update in account settings or email: privacy@workersfromasia.com
Right to Erasure (Art. 17)
You can request deletion of your personal data ("right to be forgotten"). We will delete your account and associated data within 30 days, except where retention is required by law.
Email: privacy@workersfromasia.com with subject "Account Deletion Request"
Right to Data Portability (Art. 20)
You can receive your data in a machine-readable format (JSON or CSV) to transfer to another service. This applies to data you provided to us directly.
Email: privacy@workersfromasia.com with subject "Data Export Request"
Right to Object (Art. 21)
You can object to processing of your data based on legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds.
Email: privacy@workersfromasia.com with subject "Objection to Processing"
Right to Restrict Processing (Art. 18)
In certain circumstances, you can request that we restrict the processing of your data — for example, while we verify the accuracy of disputed data.
Email: privacy@workersfromasia.com with subject "Processing Restriction Request"
How to Exercise Your Rights
To exercise any of the rights above, contact our Data Protection Officer. Please include:
- Your full name and email address registered with the platform
- Which right you are exercising (e.g., "Data Access Request")
- Any relevant details (e.g., which data you want deleted)
We will respond within 30 days as required by GDPR.
GDPR FAQs
Who is the Data Controller?
WorkersFromAsia is the Data Controller for employer and agency account data. For candidate data submitted by agencies, WorkersFromAsia acts as Data Processor on behalf of the agency (Data Controller).
Where is my data stored?
Data is stored in Supabase infrastructure. Our primary database region is EU (Frankfurt, Germany). All data at rest and in transit is encrypted.
Do you share data with third parties?
We share data only with our infrastructure providers (Supabase, Vercel) under Data Processing Agreements. We do not sell personal data to advertisers, data brokers, or any third party.
How long do you retain my data?
Active account data is retained for 3 years after account closure. Application and pipeline data is retained for 2 years. ILO compliance declarations are retained for 7 years. See our full Privacy Policy for details.
Can workers have their data deleted?
Yes. Any candidate can request full deletion of their profile data at any time. We will delete the data within 30 days. Employers and agencies will no longer be able to view their pipeline history for that candidate.
How do I file a complaint?
You have the right to lodge a complaint with your national supervisory authority. In Germany, this is the Bundesbeauftragter für den Datenschutz (BfDI). You can also contact us first at privacy@workersfromasia.com and we will work to resolve the issue directly.
See also: Privacy Policy · Terms of Service